[PATCH v4 0/4] "git apply" safety

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Git tracks symbolic links; e.g. you can remove files that have been
tracked in a directory "dir/file*" and then creates a symbolic link
at "dir" to point elsewhere, express such a change as a patchset and
then apply it to the original tree.  Consequently, applying a patch
to update dir/file, when you have "dir" as a symbolic link pointing
somewhere, must fail, just like a patch whose preimage does not
match what you have in tree you are trying to apply the patch to
gets rejected.  Also, we fundamentally do not like to touch a path
that contains ".git" as a path component.

This round uses cache_file_exists() in the last patch to cope with
case insensitive filesystems better.

The previous round begins here:

  http://thread.gmane.org/gmane.comp.version-control.git/263341

Junio C Hamano (4):
  apply: reject input that touches outside the working area
  apply: do not read from the filesystem under --index
  apply: do not read from beyond a symbolic link
  apply: do not touch a file beyond a symbolic link

 Documentation/git-apply.txt     |  12 +++-
 builtin/apply.c                 | 142 +++++++++++++++++++++++++++++++++++++++-
 t/t4122-apply-symlink-inside.sh | 106 ++++++++++++++++++++++++++++++
 t/t4139-apply-escape.sh         | 141 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 399 insertions(+), 2 deletions(-)
 create mode 100755 t/t4139-apply-escape.sh

-- 
2.3.0-185-g073f588

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]