GNU Patch, a very important utility used to patch source code has gotten itself a new stable release after three years without doing so. Andreas Grünbacher has sent an email to several mailing list announcing this great news.
As new stable release, GNU Patch has received several big changes, such as:
* Support for most features of the "diff --git" format, including renames and
copies, permission changes, and symlink diffs. Binary diffs are not
supported yet; patch will complain and skip them.
* Support for double-quoted filenames: when a filename starts with a double
quote, it is interpreted as a C string literal. The escape sequences \\, \",
\a, \b, \f, \n, \r, \t, \v, and \ooo (a three-digit octal number between 0 and
255) are recognized.
* Ignore destination file names that are absolute or that contain a component
of "..". This addresses CVE-2010-4651.
* Refuse to apply a normal patch to a symlink. (Previous versions of patch
were replacing the symlink with a regular file.)
* When trying to modify a read-only file, warn about the potential problem
by default. The --read-only command line option allows to change this
behavior.
* Files to be deleted are deleted once the entire input has been processed, not
immediately. This fixes a bug with numbered backup files.
* When a timestamp specifies a time zone, honor that instead of assuming the
local time zone (--set-date) or Universal Coordinated Time (--set-utc).
* Support for nanosecond precision timestamps.
* Patch no longer gets a failed assertion for certain mangled patches.
* Many portability and bug fixes.
The source code for this new patch utility can be taken from
GNU's FTP Server.