* src/util.c (filename_is_safe): New function split off from name_is_valid().
(symlink_target_is_valid): Explain why we cannot have absolute symlinks or
symlinks with ".." components for now.
(move_file): Move absolute filename check here and explain.
* tests/symlinks: Put test case with ".." symlink in comments for now.
* NEWS: Add CVE number.
When creating symlinks from git-style patches, make sure the symlinks don't
point above the current working directory. Otherwise, a subsequent patch could
use the symlink to write outside the working directory.
* src/pch.c (symlink_target_is_valid): New function to check for valid symlink
targets.
* src/util.c (move_file): Use symlink_target_is_valid() here.
* tests/symlinks: Add valid and invalid symlink test cases.
* src/patch.c (main): Preserve function names in reject files.
* tests/reject-format: Update the test case.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andreas Gruenbacher <agruen@linbit.com>
* src/patch.c: Only print the "file is not empty after patch" message when
trying to delete the output file. Say that we were trying to delete the file.
* tests/create-delete: Fix the expected messages. Add test cases for the
--remove-empty-files and --posix options.
* NEWS: Better describe this change.
Test cases based on patches from Dmitry V. Levin <ldv@altlinux.org>.
* src/patch.c (main): Only expect files to become empty if the patch says so.
* NEWS: Document this change.
* tests/create-delete: Add (more) empty vs. non-empty test cases.
* src/pch.c (another_hunk): Rather than asserting(C), issue the
"replacement text or line numbers mangled ..." diagnostic when !C.
* tests/mangled-numbers-abort: New test for the above.
* tests/Makefile.am (TESTS): Add it.
* NEWS: Mention it.
Reported by Gabriel Vlasiu via Tim Waugh.
See also http://bugzilla.redhat.com/738959
* src/pch.c (name_is_valid): New function.
(intuit_diff_type, best_name): Use name_is_valid() here.
(strip_leading_slashes): Remove name validation tests from here.
* tests/bad-filenames: Add more tests for covering more of the
file name guessing corner cases in intuit_diff_type(), update the
existing tests.
* NEWS: Update.
* src/util.c: Add a maybe_quoted parameter to fetchname.
* src/pch.c: Only recognize quited filename in the "diff --git"
format, at least for now.
* tests/quoted-filenames: Update accordingly.
* NEWS: Update accordingly.
to the --merge option to choose the output formats for conflicts.
* patch.man: Document the new optional argument of --merge.
* src/merge.c (merge_hunk): Implement diff3-style conflicts.
* src/common.h (conflict_style): This global variable determines the
output format for conflicts.
* tests/merge: Add test cases for the diff3 output format.
Patch should default to not try to get files from revision control software
unless actively asked by the user with the "-g" or "--get" command-line
switches, or the PATCH_GET environment variable.
Make the posixly correct behaviour of not using source control, the global
patch default. I.e. default to "-g0".
This is related to debian BTS bug: #200895
Please refer to that discussion for more background
information and discussion.
