(please keep myself on CC because I am not subscribed to the list) Hello,
I am testing with patch-2.7.5-1.fc21.src.rpm which seems to be close to branch master's tip and also with git master's tip: The issue is that I can't apply a patch on a file that in out of my workdir. It's a regular file, not a symlink. This is the directory structure: [fleitner@x240 a]$ find . ./fix.patch ./file_with_bug ./b Checking the types: [fleitner@x240 a]$ ls -la total 8 drwxrwxr-x. 3 fleitner fleitner 100 Apr 7 20:22 . drwxrwxrwt. 18 root root 520 Apr 7 20:22 .. drwxrwxr-x. 2 fleitner fleitner 40 Apr 7 20:21 b -rw-rw-r--. 1 fleitner fleitner 2280 Apr 7 18:25 file_with_bug -rw-rw-r--. 1 fleitner fleitner 2113 Apr 7 18:25 fix.patch Get into 'b' as workdir and apply the patch: [fleitner@x240 a]$ cd b [fleitner@x240 b]$ patch -p0 ../file_with_bug ../fix.patch Invalid file name ../file_with_bug -- skipping patch [fleitner@x240 b]$ I suspect that the following commit might have introduced the issue: commit ef609c26b22e5d6ea3c891e4c87ab1c679146f5f Author: Andreas Gruenbacher <agr...@gnu.org> Date: Sat Feb 21 20:13:04 2015 +0100 Follow directory symlinks within the working directory * src/safe.c (struct symlink): A symlink to resolve. (push_symlink, pop_symlink): New functions. (read_symlink): Create a new symlink stack entry. (traverse_next): Follow ".." components within the working directory. When hitting symlinks, "follow" them by reading and returning them. (traverse_another_path): Recursively traverse symlinks. The error comes from: +traverse_next() [...] + if (**path == '.' && *(*path + 1) == '.' && *path + 2 == p) + { + entry = dir->parent; + if (! entry) + { + /* Must not leave the working tree. */ >+ errno = EXDEV; <------------ HERE + goto out; + } + assert (dir->next == dir); + lru_list_add (dir, &lru_list); + goto skip; + } The first attempt is with the above commit applied and the second one is with the commit reverted. [fleitner@x240 b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug ../fix.patch /home/fleitner/repo/patch/src/patch: **** Can't create temporary file ../file_with_bug.osPpkQc : Invalid cross-device link [fleitner@x240 b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug ../fix.patch patching file ../file_with_bug Hunk #1 FAILED at 4669. 1 out of 1 hunk FAILED -- saving rejects to file ../file_with_bug.rej [...] I haven't looked at the CVE but I presume it should forbid symlinks outside of workdir, but what about regular files like above? Thanks fbl