Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]

Fix routed remote denial of service vulnerability. [SA-15:19]

Approved by: re (so blanket)

Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]

Fix routed remote denial of service vulnerability. [SA-15:19]

Approved by: re (so blanket)

- Copy stable/10@285827 to releng/10.2 in preparation for 10.2-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.2.
- Update default pkg(8) configuration to use the quarterly branch.[1]

Discussed with: re, portmgr [1]
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r276218:

patch: Bring in xstrdup and use it when appropriate.

The function savestr allows NULL return values during Plan A patching so in
case of out of memory conditions, Plan B can step in. In many cases, NULL
value is not properly handled, so use xstrdup here (it's outside Plan A/B
patching, which means that even Plan B relies on successful operations).

Clean up some whitespaces while here

Obtained from: OpenBSD

MFC r275553, r275612;

patch(1): Bring fixes from OpenBSD

Check fstat return value. Use off_t for file size and offsets.
Avoid iterating over end of string.

Introduce strtolinenum to properly check line numbers while parsing:
no signs, no spaces, just digits, 0 <= x <= LONG_MAX

Properly validate line ranges supplied in diff file to prevent overflows.
Also fixes an out of boundary memory access because the resulting values
are used as array indices.

PR: 195436
Obtained from: OpenBSD

MFC r275531, r275581, r275582;

patch(1): Small changes to sync with OpenBSD

Update OpenBSD CVS revision tag for our r255232.
Prefer setvbuf() to setlinebuf().
Small space changes, mostly to keep in sync with OpenBSD

Obtained from: OpenBSD

MFC r267490:
patch: unsign the line length to avoid overflows.

Patch(1) uses a short int for the line length, which is usually
sufficient for regular diffs, but makes no effort to signal
when there is an overflow.

Change the line length to an unsigned short int to better use
the fact that a length is never negative. The change is loosely
inspired on a related change in DragonFly, but we avoid spending
more memory than necessary.

While here adjust the messages to be clearer on what is happening.

MFC r267426, r267464:

Avoid zeroing during allocation.

This change reverts a change from OpenBSD which made use of
calloc, and therefore wasted time initializing arrays that
will later be realloc'ed.

Consistently use FreeBSD's reallocf():
- Drop some bogus casts to size_t.
- The new_p_foo variables are not needed anymore.

Also merge the changes from OpenBSD's manpage
patch.1 Rev 1.27:
"patch was moved from user portability (UP) to base in issue 7
and is no longer optional"

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fix file selection logic for the RCS/SCCS case, as was done for the simple
file case before. Bump version because of the changed behavior, which now
matches the documentation.

Reviewed by: pfg

Merge r252513 from src/gnu/usr.bin/patch into src/usr.bin/patch:

Properly handle input lines containing NUL characters such that pgets()
accurately fills the read buffer.

Callers of pgets() still mis-process the buffer contents if the read line
contains NUL characters, but this at least makes pgets() accurate.

Merge r252512 from src/gnu/usr.bin/patch into src/usr.bin/patch:

Make it so that 'patch < FUBAR' and 'patch -i FUBAR' operate the same.

The former makes a copy of stdin, but was not accurately putting the
content of stdin into a temp file. This lead to the undercounting
the number of lines in hunks containing NUL characters when reading
from stdin. Thus resulting in "unexpected end of file in patch" errors.

Fix target selection logic, which did not comply with the man page.

Instead of using the file with the least order of path name components,
shortest filename and finally the shortest basename (with the search
stopping as soon as one of these conditions is true), the first filename
checked was used as the reference, and another filename was only selected
if all of the above comparisons are in favour of the latter file.

This was wrong, because filenames with path less components were only
considered, if both of the other conditions were true as well. In fact,
the first filename to be checked had good chances to be selected in the
end, since it only needed to be better with regard to any one of the
three criteria ...

Reviewed by: delphij@freebsd.org

- Refresh code with latest OpenBSD revisions.
- Remove $DragonFly$ tags as they are using git nowadays and VCS tags will
not help merging.
- Other changes to Copyright headers to make them consistent with other
source code, we intend to fork from this point.

Reviewed by: pfg

- Add a BSD-licensed patch, ported by Pedro F. Giffuni (pfg) from
DragonflyBSD and install it as bsdpatch. WITH_BSD_PATCH makes it
default and installs GNU patch as gnupatch.

Submitted by: pfg
Obtained from: The DragonflyBSD Project