* Guillem Jover <[email protected]>, 2014-04-29, 08:11:
1. Simply revert the patch, and ignore issues w/ partial upgrades (at
least for now?).
2. Revert the patch and add versioned depdendencies against the working
patch package. This might require some dist-upgrade tests, though.
3. Fix the patch to take into account the old behaviour, by checking if
either of the filenames (escaped and unescaped) are unsafe.
I guess the last one is the “safest option”.
For a quick fix, 3 is probably the best.
But I think this bug shows that validating diffs is not viable in the
long run. We need to either fix patch(1) not to traverse directory
symlinks, or implement a completely different strategy:
1) Unpack .orig.tar.
2) Delete all symlinks (and maybe also other non-regular files).
3) Apply patches.
4) Restore all the files deleted in step 2.
In another mail Javier suggested to check --dry-run output. I don't
think this is feasible. Parsing --dry-run output is probably even harder
than parsing patches, and after reading
https://savannah.gnu.org/bugs/index.php?37642 I wouldn't trust it to be
very "dry" anyway...
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
