diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c20522b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/patch-2.7.1.tar.xz
diff --git a/.patch.metadata b/.patch.metadata
new file mode 100644
index 0000000..0fa1da7
--- /dev/null
+++ b/.patch.metadata
@@ -0,0 +1 @@
+433184d0ca43770f28b3de1d5e9da518a7ac7c50 SOURCES/patch-2.7.1.tar.xz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/patch-2.7.1-CVE-2018-1000156.patch b/SOURCES/patch-2.7.1-CVE-2018-1000156.patch
new file mode 100644
index 0000000..b5c28cf
--- /dev/null
+++ b/SOURCES/patch-2.7.1-CVE-2018-1000156.patch
@@ -0,0 +1,204 @@
+diff -up patch-2.7.1/src/pch.c.CVE-2018-1000156 patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.CVE-2018-1000156	2012-09-22 19:44:33.000000000 +0200
++++ patch-2.7.1/src/pch.c	2018-04-13 22:19:04.509532690 +0200
+@@ -31,6 +31,7 @@
+ #if HAVE_SETMODE_DOS
+ # include <io.h>
+ #endif
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2381,22 +2382,28 @@ do_ed_script (char const *inname, char c
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd = -1;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++       /* Write ed script to a temporary file.  This causes ed to abort on
++          invalid commands such as when line numbers or ranges exceed the
++          number of available lines.  When ed reads from a pipe, it rejects
++          invalid commands and treats the next line as a new command, which
++          can lead to arbitrary command execution.  */
++
++       tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++       if (tmpfd == -1)
++         pfatal ("Can't create temporary file %s", quotearg (tmpname));
++       tmpfp = fdopen (tmpfd, "w+b");
++       if (! tmpfp)
++         pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2407,14 +2414,14 @@ do_ed_script (char const *inname, char c
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	    if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	    if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		    if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		    if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2427,13 +2434,50 @@ do_ed_script (char const *inname, char c
+ 	    break;
+ 	}
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-	|| fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++	|| fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++       int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++       *outname_needs_removal = true;
++       if (inerrno != ENOENT)
++         {
++           *outname_needs_removal = true;
++           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++         }
++       sprintf (buf, "%s %s%s", editor_program,
++                verbosity == VERBOSE ? "" : "- ",
++                outname);
++       fflush (stdout);
++
++       pid = fork();
++       if (pid == -1)
++         pfatal ("Can't fork");
++       else if (pid == 0)
++         {
++           dup2 (tmpfd, 0);
++           execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++           _exit (2);
++         }
++       else
++         {
++           int wstatus;
++           if (waitpid (pid, &wstatus, 0) == -1
++               || ! WIFEXITED (wstatus)
++               || WEXITSTATUS (wstatus) != 0)
++             fatal ("%s FAILED", editor_program);
++         }
++    }
++
++    fclose (tmpfp);
++    unlink (tmpname);
++    free((char*) tmpname);
+ 
+     if (ofp)
+       {
+diff -up patch-2.7.1/tests/ed-style.CVE-2018-1000156 patch-2.7.1/tests/ed-style
+--- patch-2.7.1/tests/ed-style.CVE-2018-1000156	2018-04-13 22:17:57.367258994 +0200
++++ patch-2.7.1/tests/ed-style	2018-04-13 22:17:57.367258994 +0200
+@@ -0,0 +1,40 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require_cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
+diff -up patch-2.7.1/tests/Makefile.am.CVE-2018-1000156 patch-2.7.1/tests/Makefile.am
+--- patch-2.7.1/tests/Makefile.am.CVE-2018-1000156	2018-04-13 22:17:57.360258966 +0200
++++ patch-2.7.1/tests/Makefile.am	2018-04-13 22:17:57.367258994 +0200
+@@ -28,6 +28,7 @@ TESTS = \
+ 	criss-cross \
+ 	crlf-handling \
+ 	dash-o-append \
++	ed-style \
+ 	empty-files \
+ 	fifo \
+ 	file-modes \
+diff -up patch-2.7.1/tests/Makefile.in.orig patch-2.7.1/tests/Makefile.in
+--- patch-2.7.1/tests/Makefile.in.orig	2018-04-13 22:24:23.758796422 +0200
++++ patch-2.7.1/tests/Makefile.in	2018-04-13 22:26:09.860216420 +0200
+@@ -1083,6 +1083,7 @@ TESTS = \
+ 	criss-cross \
+ 	crlf-handling \
+ 	dash-o-append \
++	ed-style \
+ 	empty-files \
+ 	fifo \
+ 	file-modes \
+@@ -1310,6 +1311,8 @@ crlf-handling.log: crlf-handling
+ 	@p='crlf-handling'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ dash-o-append.log: dash-o-append
+ 	@p='dash-o-append'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
++ed-style.log: ed-style
++	@p='ed-style'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ empty-files.log: empty-files
+ 	@p='empty-files'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ fifo.log: fifo
diff --git a/SOURCES/patch-args-segfault.patch b/SOURCES/patch-args-segfault.patch
new file mode 100644
index 0000000..b2e3404
--- /dev/null
+++ b/SOURCES/patch-args-segfault.patch
@@ -0,0 +1,20 @@
+diff -up patch-2.7.1/src/patch.c.args-segfault patch-2.7.1/src/patch.c
+--- patch-2.7.1/src/patch.c.args-segfault	2013-06-12 16:48:50.617108731 +0100
++++ patch-2.7.1/src/patch.c	2013-06-12 16:49:06.790181916 +0100
+@@ -150,6 +150,8 @@ main (int argc, char **argv)
+     else if ((version_control = getenv ("VERSION_CONTROL")))
+       version_control_context = "$VERSION_CONTROL";
+ 
++    init_files_to_output ();
++
+     /* parse switches */
+     Argc = argc;
+     Argv = argv;
+@@ -164,7 +166,6 @@ main (int argc, char **argv)
+ 
+     init_backup_hash_table ();
+     init_files_to_delete ();
+-    init_files_to_output ();
+ 
+     init_output (&outstate);
+     if (outfile)
diff --git a/SOURCES/patch-args.patch b/SOURCES/patch-args.patch
new file mode 100644
index 0000000..f0e5f47
--- /dev/null
+++ b/SOURCES/patch-args.patch
@@ -0,0 +1,20 @@
+diff -up patch-2.7.1/src/patch.c.args patch-2.7.1/src/patch.c
+--- patch-2.7.1/src/patch.c.args	2013-04-11 11:30:52.644026499 +0100
++++ patch-2.7.1/src/patch.c	2013-04-11 11:31:54.990246532 +0100
+@@ -762,7 +762,7 @@ static char const *const option_help[] =
+ "",
+ "  -D NAME  --ifdef=NAME  Make merged if-then-else output using NAME.",
+ #ifdef ENABLE_MERGE
+-"  -m  --merge  Merge using conflict markers instead of creating reject files.",
++"  --merge  Merge using conflict markers instead of creating reject files.",
+ #endif
+ "  -E  --remove-empty-files  Remove output files that are empty after patching.",
+ "",
+@@ -801,6 +801,7 @@ static char const *const option_help[] =
+ "  --binary  Read and write data in binary mode.",
+ "  --read-only=BEHAVIOR  How to handle read-only input files: 'ignore' that they",
+ "                        are read-only, 'warn' (default), or 'fail'.",
++"  -x NUM  --debug=NUM  Set internal debugging flags.",
+ "",
+ "  -v  --version  Output version info.",
+ "  --help  Output this help.",
diff --git a/SOURCES/patch-remove-empty-dir.patch b/SOURCES/patch-remove-empty-dir.patch
new file mode 100644
index 0000000..b018cf2
--- /dev/null
+++ b/SOURCES/patch-remove-empty-dir.patch
@@ -0,0 +1,57 @@
+diff -up patch-2.7.1/src/patch.c.remove-empty-dir patch-2.7.1/src/patch.c
+--- patch-2.7.1/src/patch.c.remove-empty-dir	2012-10-18 17:57:41.708586721 +0100
++++ patch-2.7.1/src/patch.c	2013-03-11 11:35:54.607901400 +0000
+@@ -646,8 +646,8 @@ main (int argc, char **argv)
+     if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
+       write_fatal ();
+     output_files (NULL);
+-    delete_files ();
+     cleanup ();
++    delete_files ();
+     if (somefailed)
+       exit (1);
+     return 0;
+diff -up patch-2.7.1/tests/Makefile.am.remove-empty-dir patch-2.7.1/tests/Makefile.am
+--- patch-2.7.1/tests/Makefile.am.remove-empty-dir	2012-09-14 10:15:22.000000000 +0100
++++ patch-2.7.1/tests/Makefile.am	2013-03-11 11:35:54.619901466 +0000
+@@ -49,6 +49,7 @@ TESTS = \
+ 	reject-format \
+ 	remember-backup-files \
+ 	remember-reject-files \
++	remove-directories \
+ 	symlinks \
+ 	unmodified-files
+ 
+diff -up patch-2.7.1/tests/remove-directories.remove-empty-dir patch-2.7.1/tests/remove-directories
+--- patch-2.7.1/tests/remove-directories.remove-empty-dir	2013-03-11 11:35:54.619901466 +0000
++++ patch-2.7.1/tests/remove-directories	2013-03-11 11:35:54.619901466 +0000
+@@ -0,0 +1,29 @@
++# Copyright (C) 2013 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require_cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++# Remove empty parent diectories when removing a file
++
++mkdir dir
++echo foobar > dir/file
++cat > apatch <<EOF
++--- dir/file
+++++ /dev/null
++@@ -1 +0,0 @@
++-foobar
++EOF
++
++check 'patch -p0 -E < apatch' <<EOF
++patching file dir/file
++EOF
++
++ncheck '! test -e dir'
diff --git a/SOURCES/patch-selinux.patch b/SOURCES/patch-selinux.patch
new file mode 100644
index 0000000..0ed8bcd
--- /dev/null
+++ b/SOURCES/patch-selinux.patch
@@ -0,0 +1,318 @@
+diff -up patch-2.7.1/src/common.h.selinux patch-2.7.1/src/common.h
+--- patch-2.7.1/src/common.h.selinux	2012-09-28 15:00:04.000000000 +0100
++++ patch-2.7.1/src/common.h	2012-10-18 17:53:43.735748614 +0100
+@@ -30,6 +30,8 @@
+ #include <sys/types.h>
+ #include <time.h>
+ 
++#include <selinux/selinux.h>
++
+ #include <sys/stat.h>
+ 
+ #include <limits.h>
+@@ -80,6 +82,7 @@ XTERN char *outfile;
+ XTERN int inerrno;
+ XTERN int invc;
+ XTERN struct stat instat;
++XTERN security_context_t incontext;
+ XTERN bool dry_run;
+ XTERN bool posixly_correct;
+ 
+diff -up patch-2.7.1/src/inp.c.selinux patch-2.7.1/src/inp.c
+--- patch-2.7.1/src/inp.c.selinux	2012-09-19 02:07:31.000000000 +0100
++++ patch-2.7.1/src/inp.c	2012-10-18 17:53:43.736748619 +0100
+@@ -138,7 +138,7 @@ get_input_file (char const *filename, ch
+     char *getbuf;
+ 
+     if (inerrno == -1)
+-      inerrno = stat_file (filename, &instat);
++	inerrno = stat_file (filename, &instat, &incontext);
+ 
+     /* Perhaps look for RCS or SCCS versions.  */
+     if (S_ISREG (file_type)
+@@ -183,7 +183,7 @@ get_input_file (char const *filename, ch
+ 	    }
+ 
+ 	    if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
+-				   &instat))
++				   &instat, &incontext))
+ 	      inerrno = 0;
+ 
+ 	    free (getbuf);
+@@ -194,6 +194,7 @@ get_input_file (char const *filename, ch
+       {
+ 	instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
+ 	instat.st_size = 0;
++	incontext = NULL;
+       }
+     else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
+ 	        && (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
+diff -up patch-2.7.1/src/Makefile.am.selinux patch-2.7.1/src/Makefile.am
+--- patch-2.7.1/src/Makefile.am.selinux	2012-09-14 10:15:41.000000000 +0100
++++ patch-2.7.1/src/Makefile.am	2012-10-18 17:53:43.736748619 +0100
+@@ -34,7 +34,7 @@ patch_SOURCES = \
+ 
+ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
+ patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
+-	      $(LIB_XATTR)
++	      $(LIB_XATTR) -lselinux
+ 
+ if ENABLE_MERGE
+   patch_SOURCES += merge.c
+diff -up patch-2.7.1/src/Makefile.in.selinux patch-2.7.1/src/Makefile.in
+--- patch-2.7.1/src/Makefile.in.selinux	2012-09-28 17:41:31.000000000 +0100
++++ patch-2.7.1/src/Makefile.in	2012-10-18 17:53:43.736748619 +0100
+@@ -981,7 +981,7 @@ patch_SOURCES = bestmatch.h common.h inp
+ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
+ 	$(am__append_2)
+ patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
+-	      $(LIB_XATTR)
++	      $(LIB_XATTR) -lselinux
+ 
+ all: all-am
+ 
+diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
+--- patch-2.7.1/src/patch.c.selinux	2012-09-28 11:43:12.000000000 +0100
++++ patch-2.7.1/src/patch.c	2012-10-18 17:57:41.708586721 +0100
+@@ -256,19 +256,19 @@ main (int argc, char **argv)
+ 	  if (! strcmp (inname, outname))
+ 	    {
+ 	      if (inerrno == -1)
+-		inerrno = stat_file (inname, &instat);
++		inerrno = stat_file (inname, &instat, NULL);
+ 	      outstat = instat;
+ 	      outerrno = inerrno;
+ 	    }
+ 	  else
+-	    outerrno = stat_file (outname, &outstat);
++	    outerrno = stat_file (outname, &outstat, NULL);
+ 
+ 	  if (! outerrno)
+ 	    {
+ 	      if (has_queued_output (&outstat))
+ 		{
+ 		  output_files (&outstat);
+-		  outerrno = stat_file (outname, &outstat);
++		  outerrno = stat_file (outname, &outstat, NULL);
+ 		  inerrno = -1;
+ 		}
+ 	      if (! outerrno)
+@@ -563,7 +563,7 @@ main (int argc, char **argv)
+ 					     mode, &new_time);
+ 		      else
+ 			{
+-			  attr |= FA_IDS | FA_MODE | FA_XATTRS;
++			  attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT;
+ 			  set_file_attributes (TMPOUTNAME, attr, inname, &instat,
+ 					       mode, &new_time);
+ 			}
+@@ -623,7 +623,7 @@ main (int argc, char **argv)
+ 			struct stat oldst;
+ 			int olderrno;
+ 
+-			olderrno = stat_file (rej, &oldst);
++			olderrno = stat_file (rej, &oldst, NULL);
+ 			if (olderrno && olderrno != ENOENT)
+ 			  write_fatal ();
+ 		        if (! olderrno && lookup_file_id (&oldst) == CREATED)
+@@ -1749,7 +1749,7 @@ delete_file_later (const char *name, con
+ 
+   if (! st)
+     {
+-      if (stat_file (name, &st_tmp) != 0)
++      if (stat_file (name, &st_tmp, NULL) != 0)
+ 	pfatal ("Can't get file attributes of %s %s", "file", name);
+       st = &st_tmp;
+     }
+diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.selinux	2012-09-22 18:44:33.000000000 +0100
++++ patch-2.7.1/src/pch.c	2012-10-18 18:04:28.619008832 +0100
+@@ -1,6 +1,6 @@
+ /* reading patches */
+ 
+-/* Copyright (C) 1986, 1987, 1988 Larry Wall
++/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall
+ 
+    Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
+    Foundation, Inc.
+@@ -293,7 +293,7 @@ there_is_another_patch (bool need_header
+ 	  {
+ 	    inname = savebuf (buf, t - buf);
+ 	    inname[t - buf - 1] = 0;
+-	    inerrno = stat_file (inname, &instat);
++	    inerrno = stat_file (inname, &instat, &incontext);
+ 	    if (inerrno)
+ 	      {
+ 		perror (inname);
+@@ -468,6 +468,7 @@ intuit_diff_type (bool need_header, mode
+     bool extended_headers = false;
+     enum nametype i;
+     struct stat st[3];
++    security_context_t con[3];
+     int stat_errno[3];
+     int version_controlled[3];
+     enum diff retval;
+@@ -507,6 +508,7 @@ intuit_diff_type (bool need_header, mode
+     version_controlled[OLD] = -1;
+     version_controlled[NEW] = -1;
+     version_controlled[INDEX] = -1;
++    con[OLD] = con[NEW] = con[INDEX] = NULL;
+     p_rfc934_nesting = 0;
+     p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
+     p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
+@@ -914,7 +916,7 @@ intuit_diff_type (bool need_header, mode
+ 		}
+ 	      else
+ 		{
+-		  stat_errno[i] = stat_file (p_name[i], &st[i]);
++		  stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]);
+ 		  if (! stat_errno[i])
+ 		    {
+ 		      if (lookup_file_id (&st[i]) == DELETE_LATER)
+@@ -953,7 +955,7 @@ intuit_diff_type (bool need_header, mode
+ 			  if (cs)
+ 			    {
+ 			      if (version_get (p_name[i], cs, false, readonly,
+-					       getbuf, &st[i]))
++					       getbuf, &st[i], &con[i]))
+ 				stat_errno[i] = 0;
+ 			      else
+ 				version_controlled[i] = 0;
+@@ -1006,7 +1008,7 @@ intuit_diff_type (bool need_header, mode
+       {
+ 	if (inname)
+ 	  {
+-	    inerrno = stat_file (inname, &instat);
++	    inerrno = stat_file (inname, &instat, &incontext);
+ 	    if (inerrno || (instat.st_mode & S_IFMT) == file_type)
+ 	      maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
+ 	  }
+@@ -1019,8 +1021,14 @@ intuit_diff_type (bool need_header, mode
+ 	inerrno = stat_errno[i];
+ 	invc = version_controlled[i];
+ 	instat = st[i];
++	incontext = con[i];
++	con[i] = NULL;
+       }
+ 
++    for (i = OLD; i <= INDEX; i++)
++      if (con[i])
++	freecon (con[i]);
++
+     return retval;
+ }
+ 
+diff -up patch-2.7.1/src/util.c.selinux patch-2.7.1/src/util.c
+--- patch-2.7.1/src/util.c.selinux	2012-09-22 21:09:10.000000000 +0100
++++ patch-2.7.1/src/util.c	2012-10-18 18:23:51.358951905 +0100
+@@ -294,6 +294,19 @@ set_file_attributes (char const *to, enu
+ 		S_ISLNK (mode) ? "symbolic link" : "file",
+ 		quotearg (to));
+     }
++  if (attr & FA_SECCONTEXT)
++    {
++      security_context_t outcontext;
++      if (incontext && getfilecon (to, &outcontext) != -1 &&
++	  outcontext &&
++	  strcmp (outcontext, incontext) &&
++	  setfilecon (to, incontext) != 0)
++	{
++	  if (errno != ENOTSUP && errno != EPERM)
++	    pfatal ("Can't set security context on file %s",
++		    quotearg (to));
++	}
++    }
+ }
+ 
+ static void
+@@ -440,7 +453,7 @@ move_file (char const *from, bool *from_
+   struct stat to_st;
+   int to_errno;
+ 
+-  to_errno = stat_file (to, &to_st);
++  to_errno = stat_file (to, &to_st, NULL);
+   if (backup)
+     create_backup (to, to_errno ? NULL : &to_st, false);
+   if (! to_errno)
+@@ -810,7 +823,8 @@ version_controller (char const *filename
+    Return true if successful.  */
+ bool
+ version_get (char const *filename, char const *cs, bool exists, bool readonly,
+-	     char const *getbuf, struct stat *filestat)
++	     char const *getbuf, struct stat *filestat,
++	     security_context_t *filecontext)
+ {
+   if (patch_get < 0)
+     {
+@@ -835,6 +849,13 @@ version_get (char const *filename, char
+ 	fatal ("Can't get file %s from %s", quotearg (filename), cs);
+       if (stat (filename, filestat) != 0)
+ 	pfatal ("%s", quotearg (filename));
++      if (filecontext && getfilecon (filename, filecontext) == -1)
++	{
++	  if (errno == ENODATA || errno == ENOTSUP)
++	    *filecontext = NULL;
++	  else
++	    pfatal ("%s", quotearg (filename));
++	}
+     }
+ 
+   return 1;
+@@ -1653,10 +1674,26 @@ make_tempfile (char const **name, char l
+     }
+ }
+ 
+-int stat_file (char const *filename, struct stat *st)
++int stat_file (char const *filename, struct stat *st, security_context_t *con)
+ {
+   int (*xstat)(char const *, struct stat *) =
+     follow_symlinks ? stat : lstat;
++  int (*xgetfilecon)(char const *, security_context_t *) =
++    follow_symlinks ? getfilecon : lgetfilecon;
++
++  if (xstat (filename, st) == 0)
++    {
++      if (con)
++	{
++	  if (xgetfilecon (filename, con) != -1 ||
++	      errno == ENODATA || errno == ENOTSUP)
++	    return 0;
++
++	  *con = NULL;
++	}
++      else
++	return 0;
++    }
+ 
+-  return xstat (filename, st) == 0 ? 0 : errno;
++  return errno;
+ }
+diff -up patch-2.7.1/src/util.h.selinux patch-2.7.1/src/util.h
+--- patch-2.7.1/src/util.h.selinux	2012-09-21 21:21:16.000000000 +0100
++++ patch-2.7.1/src/util.h	2012-10-18 18:02:38.923626167 +0100
+@@ -45,7 +45,7 @@ char *parse_name (char const *, int, cha
+ char *savebuf (char const *, size_t);
+ char *savestr (char const *);
+ char const *version_controller (char const *, bool, struct stat const *, char **, char **);
+-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
++bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
+ int create_file (char const *, int, mode_t, bool);
+ int systemic (char const *);
+ char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin);
+@@ -68,13 +68,14 @@ void insert_file_id (struct stat const *
+ enum file_id_type lookup_file_id (struct stat const *);
+ void set_queued_output (struct stat const *, bool);
+ bool has_queued_output (struct stat const *);
+-int stat_file (char const *, struct stat *);
++int stat_file (char const *, struct stat *, security_context_t *);
+ 
+ enum file_attributes {
+   FA_TIMES = 1,
+   FA_IDS = 2,
+   FA_MODE = 4,
+-  FA_XATTRS = 8
++  FA_XATTRS = 8,
++  FA_SECCONTEXT = 16
+ };
+ 
+ void set_file_attributes (char const *, enum file_attributes, char const *,
diff --git a/SPECS/patch.spec b/SPECS/patch.spec
new file mode 100644
index 0000000..d08a69c
--- /dev/null
+++ b/SPECS/patch.spec
@@ -0,0 +1,346 @@
+Summary: Utility for modifying/upgrading files
+Name: patch
+Version: 2.7.1
+Release: 10%{?dist}
+License: GPLv3+
+URL: http://www.gnu.org/software/patch/patch.html
+Group: Development/Tools
+Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
+Patch1: patch-remove-empty-dir.patch
+Patch2: patch-args.patch
+Patch3: patch-args-segfault.patch
+Patch4: patch-2.7.1-CVE-2018-1000156.patch
+Patch100: patch-selinux.patch
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires: libselinux-devel
+BuildRequires: libattr-devel
+BuildRequires: ed
+BuildRequires: automake autoconf
+
+%description
+The patch program applies diff files to originals.  The diff command
+is used to compare an original to a changed file.  Diff lists the
+changes made to the file.  A person who has the original file can then
+use the patch command with the diff file to add the changes to their
+original file (patching the file).
+
+Patch should be installed because it is a common way of upgrading
+applications.
+
+%prep
+%setup -q
+
+# Upstream patch to fix removal of empty directories (bug #919489).
+%patch1 -p1 -b .remove-empty-dir
+
+# Don't document unsupported -m option; document -x option (bug #948972).
+%patch2 -p1 -b .args
+
+# Don't segfault when given bad arguments (bug #972330).
+%patch3 -p1 -b .args-segfault
+
+# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
+%patch4 -p1 -b .CVE-2018-1000156
+
+# SELinux support.
+%patch100 -p1 -b .selinux
+
+%build
+CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
+%ifarch sparcv9
+CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
+%endif
+%configure --disable-silent-rules
+make %{?_smp_mflags}
+
+%check
+make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%makeinstall
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root,-)
+%doc COPYING NEWS README
+%{_bindir}/*
+%{_mandir}/*/*
+
+%changelog
+* Fri Apr 13 2018 Than Ngo <than@redhat.com> - 2.7.1-10
+- Fixed Coverity reported issues
+
+* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.1-9
+- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.1-8
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.7.1-7
+- Mass rebuild 2013-12-27
+
+* Wed Jun 12 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-6
+- Don't segfault when given bad arguments (bug #972330).
+
+* Thu Apr 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-5
+- Don't document unsupported -m option; document -x option (bug #948972).
+
+* Mon Mar 25 2013 Ville Skyttä <ville.skytta@iki.fi> - 2.7.1-4
+- Build with xattr support.
+- Make build output more verbose.
+- Fix bogus date in %%changelog.
+
+* Mon Mar 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-3
+- Upstream patch to fix removal of empty directories (bug #919489).
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7.1-1
+- Fixed license (since 2.6 it has been GPLv3+).
+- 2.7.1.
+
+* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7-1
+- 2.7.  No longer need sigsegv, get-arg, CVE-2010-4651,
+  backup-if-mismatch or coverity-leak patches.
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Fri Nov 25 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-11
+- Fixed NULL dereference in selinux patch.
+
+* Mon May 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-10
+- Applied Jiri Popelka's fixes from Coverity scan (bug #704554):
+  - Avoid unchecked return from getfilecon() in patch-selinux.patch.
+  - Fix memory leak.
+
+* Wed Feb 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-9
+- Let --posix cause --no-backup-if-mismatch (bug #678016).
+
+* Thu Feb 10 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-8
+- Incorporate upstream fix for CVE-2010-4651 patch so that a target
+  name given on the command line is not validated (bug #667529).
+
+* Tue Feb  8 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-7
+- Applied upstream patch to fix CVE-2010-4651 so that malicious
+  patches cannot create files above the current directory
+  (bug #667529).
+
+* Tue Jan  4 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-6
+- Use smp_mflags correctly (bug #665770).
+
+* Mon Aug 16 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-5
+- Another fix for the selinux patch (bug #618215).
+
+* Fri Aug  6 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-4
+- Fixed interpretation of return value from getfilecon().
+- Fixed argument type for --get (bug #553624).
+
+* Fri Aug  6 2010 Dennis Gilmore <dennis@ausil.us>
+- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now
+
+* Tue Jul 27 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-3
+- Fixed argument type for --get (bug #553624).
+
+* Wed Mar  3 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-2
+- Added comments for all patches.
+- Ship COPYING file.
+- Removed sparc ifdefs in spec file.
+
+* Mon Jan  4 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-1
+- 2.6.1 (bug #551569).  No longer need best-name patch.
+
+* Thu Dec 24 2009 Tim Waugh <twaugh@redhat.com> 2.6-2
+- Applied upstream patch to prevent incorrect filename being chosen
+  when adding a new file (bug #549122).
+
+* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 2.6-1
+- 2.6.  No longer need stderr, suffix, stripcr, parse, allow-spaces,
+  ifdef, program_name, or posix-backup patches.
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Apr 29 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-39
+- Fixed operation when SELinux is disabled (bug #498102).  Patch from
+  Jan Kratochvil.
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-38
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 17 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-37
+- Don't set SELinux file context if it is already correct.
+
+* Mon Nov 24 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-36
+- Better summary.
+
+* Mon Jun 30 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-35
+- Don't fail if setfilecon() returns EPERM (bug #453365), although the
+  setfilecon man page suggests that ENOTSUP will be returned in this
+  case.
+
+* Mon Jun 16 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-34
+- Only write simple backups for each file once during a run
+  (bug #234822).
+
+* Thu Jun 12 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-33
+- Fix selinux patch and apply it.  Build requires libselinux-devel.
+
+* Fri Feb  8 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-32
+- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887).
+
+* Mon Dec  3 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-31
+- Convert spec file to UTF-8 (bug #226233).
+- Use _bindir macro in %%files (bug #226233).
+- Parallel make (bug #226233).
+- Better defattr declaration (bug #226233).
+
+* Thu Oct  4 2007 Tim Waugh <twaugh@redhat.com>
+- Beginnings of an SELinux patch (bug #165799); not applied yet.
+
+* Wed Aug 29 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-30
+- Added dist tag.
+- More specific license tag.
+- Fixed summary.
+- Better buildroot tag.
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.2
+- rebuild
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Thu Sep  8 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-29
+- Remove SELinux patch for now (bug #167822).
+
+* Wed Sep  7 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-27
+- Applied patch from Ulrich Drepper to fix string overread (bug #167675).
+
+* Tue Sep  6 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-26
+- Preserve SELinux file contexts (bug #165799).
+
+* Thu Aug 11 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-25
+- Fixed CRLF detection (bug #154283).
+
+* Wed May  4 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-24
+- Reverted last change (bug #154283, bug #156762).
+
+* Fri Apr 29 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-23
+- Applied patch from Toshio Kuratomi to avoid problems with DOS-format
+  newlines (bug #154283).
+
+* Wed Mar  2 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-22
+- Rebuild for new GCC.
+
+* Wed Feb  9 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-21
+- Rebuilt.
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Oct 25 2003 Tim Waugh <twaugh@redhat.com> 2.5.4-18
+- Rebuilt.
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Wed Nov 20 2002 Tim Powers <timp@redhat.com>
+- rebuilt in current collinst
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Tue Apr  9 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-12
+- Fix error reporting when given bad options (bug #62981).
+
+* Tue Mar  5 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-11
+- s/Copyright:/License:/.
+- Fix -D behaviour (bug #60688).
+
+* Tue May 29 2001 Tim Waugh <twaugh@redhat.com> 2.5.4-10
+- Merge Mandrake patch:
+  - fix possible segfault
+
+* Fri Dec  1 2000 Tim Waugh <twaugh@redhat.com>
+- Rebuild because of fileutils bug.
+
+* Thu Nov  2 2000 Tim Waugh <twaugh@redhat.com>
+- use .orig as default suffix, as per man page and previous behaviour
+  (bug #20202).
+- use better patch for this, from maintainer.
+
+* Wed Oct  4 2000 Tim Waugh <twaugh@redhat.com>
+- actually use the RPM_OPT_FLAGS
+
+* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Tue Jun 13 2000 Trond Eivind Glomsrød <teg@redhat.com>
+- Use %%makeinstall, %%{_tmppath} and %%{_mandir}
+
+* Fri May 12 2000 Trond Eivind Glomsrød <teg@redhat.com>
+- added URL
+
+* Wed Feb 16 2000 Bernhard Rosenkraenzer <bero@redhat.com>
+- 2.5.4
+- Fix up LFS support on Alpha (Bug #5732)
+
+* Mon Feb  7 2000 Bill Nottingham <notting@redhat.com>
+- handle compressed manpages
+
+* Sun Jun 06 1999 Alan Cox <alan@redhat.com>
+- Fix the case where stderr isnt flushed for ask(). Now the 'no such file'
+  appears before the skip patch question, not at the very end, Doh!
+
+* Mon Mar 22 1999 Jeff Johnson <jbj@redhat.com>
+- (ultra?) sparc was getting large file system support.
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
+- auto rebuild in the new build environment (release 7)
+
+* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
+- build against glibc 2.1
+
+* Tue Sep  1 1998 Jeff Johnson <jbj@redhat.com>
+- bump release to preserve newer than back-ported 4.2.
+
+* Tue Jun 09 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr
+
+* Tue Jun  9 1998 Jeff Johnson <jbj@redhat.com>
+- Fix for problem #682 segfault.
+
+* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr, tr
+
+* Tue Apr 07 1998 Cristian Gafton <gafton@redhat.com>
+- added buildroot
+
+* Tue Oct 21 1997 Cristian Gafton <gafton@redhat.com>
+- updated to 2.5
+
+* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
+- built against glibc