"git apply" have been fairly careless about letting the input follow
symbolic links, especially when used without the --index/--cached
options (which was more or less deliberate to mimic what "patch"
used to do). When the input tells it to modify a/b/c, and lstat(2)
said that there is "a/b/c" that matches the preimage in the input,
we happily overwrote it, even when a/b is a symbolic link that
pointed somewhere, even outside the working tree.
This series tightens things a bit for safety.
(1) By default, we reject patches to ".git/file", "../some/where",
"./this/././that", etc., i.e. the names you cannot add to the
index. Those who use "git apply" (without --index/--cached) as
a replacement for GNU patch can use --unsafe-paths option to
override this safety. This is what patch 1/4 does.
(2) We do not allow a patch to depend on a location beyond a
symbolic link (this includes "a patch to remove a path beyond a
symbolic link"). This is patch 2/4 and 3/4.
(3) We do not allow a patch to create result on a location beyond a
symbolic link. This is patch 4/4.
There is no knob to override the latter two points, as this is not a
safety but is a correctness issue. Because Git keeps track of and
can express changes to symbolic links, a patch that expects a file
"a/b/c" to be tracked (either the patch adds it, or it modifies an
existing file tehre) implicitly expects that there is no symbolic
link "a/b", so attempting to apply such a patch to a tree with a
symbolic link at "a/b", even when the link points at some directory,
must detect that the target tree does not match what the patch's
preimage expects and fail.
The previous attempt begins at around here:
http://thread.gmane.org/gmane.linux.kernel/1874498/focus=1878385
Junio C Hamano (4):
apply: reject input that touches outside $cwd
apply: do not read from the filesystem under --index
apply: do not read from beyond a symbolic link
apply: do not touch a file beyond a symbolic link
Documentation/git-apply.txt | 14 +++-
builtin/apply.c | 139 +++++++++++++++++++++++++++++++++++++++-
t/t4122-apply-symlink-inside.sh | 89 +++++++++++++++++++++++++
t/t4139-apply-escape.sh | 137 +++++++++++++++++++++++++++++++++++++++
4 files changed, 377 insertions(+), 2 deletions(-)
create mode 100755 t/t4139-apply-escape.sh
--
2.3.0-rc2-164-g799cdce
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
