| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
eval is not some sort of magical sandbox for executing code that might cause
the shell's parser to take exception. Render the test resilient by carrying
it out within a subshell. While at it, position the redirection so that
STDERR is, in fact, muted.
Signed-off-by: Kerin Millar <kfm@plushkava.net>
Reported-by: Paolo Pedroni <paolo.pedroni@iol.it>
Closes: https://bugs.gentoo.org/738810
|
| |
|
|
|
|
| |
* tests/context-format: Add tests with a missing pattern and a missing
replacement section in a hunk. Patch should fill in the missing
sections from the existing sections.
|
| |
|
|
| |
* tests/ed-style: Require ed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous fix worked fine with single-file ed-style patches, but
would still leak temporary files in the case of multi-file ed-style
patch. Fix that case as well, and extend the test case to check for
it.
* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
the next file in a patch.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
|
| |
|
|
| |
* tests/ed-style: Remove '?' line from expected output.
|
| |
|
|
|
|
|
|
| |
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
|
| |
|
|
| |
tests/merge: In a Korn shell, shift apparently fails when $# is 0.
|
| |
|
|
|
|
|
| |
* tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
instead of echo -e / echo -n for compatibility with systems that don't
support these echo options.
* tests/merge: Minor other cleanups.
|
| |
|
|
|
|
|
|
|
|
| |
* src/patch.c (main): Create git diff files with indicated mode.
* tests/file-create-modes: New test case.
* tests/Makefile.am (TESTS): Add test case.
This fixes building current Linux 4.14.x from the signed tarball and
patch file, where the patch creates a script with the executable bit
set.
|
| |
|
|
|
|
| |
* src/patch.c (locate_hunk): Don't allow a hunk to overlap with the
previous one.
* tests/false-match: Add regression test.
|
| |
|
|
| |
* tests/git-cleanup: Don't hard-code program name.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a git-syle patch is applied, all file modifications are done to
temporary files which are put in place when the patch ends. When a
patch fails, GNU patch was trying to "roll back" to the start. A bug in
that code that lead to accidental file deletion was recently discovered
by Richard Weinberger <richard@nod.at>. Even worse though, GNU patch
should not exhibit this "rollback" behavior in the first place; that's
not what people expect. Instead, the files modified so far should be put
in place.
* src/patch.c (cleanup): Put output files processed successfully
in place instead of trying to "roll back" to the start.
(forget_output_files): Remove obsolete (and broken) function.
* tests/git-cleanup: New broken git-style patch test case that exercises
the cleanup path.
* tests/Makefile.am (TESTS): Add new test case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* src/safe.h (unsafe): New flag to allow turning off safe file
operations.
* src/safe.c (safe_xstat, safe_open, safe_rename, safe_mkdir,
safe_rmdir, safe_unlink, safe_symlink, safe_chmod, safe_lchown,
safe_lutimens, safe_readlink, safe_access): When safe file operations
are turned off, skip safe path traversal. Any symlink checks of the
last path component are still done though.
* src/patch.c (main): When the file to patch is specified on the command
line, turn off safe file operations.
* tests/inname: Fix typo in test.
|
| |
|
|
|
| |
* tests/Makefile.am (XFAIL_TESTS): Add context-format test until someone
gets to fixing it.
|
| |
|
|
|
|
| |
* tests/context-format: Add context-format test cases from
Mattias Andrée <maandree@member.fsf.org> that patch doesn't parse
correctly.
|
| |
|
|
|
|
|
| |
Patch currently makes sure that input / output files are inside the current
working directory even when the input files are explicitly specified on the
command line (see http://savannah.gnu.org/bugs/?45581).
* tests/inname: Add a test case for this bug.
|
| |
|
|
|
|
|
|
|
|
| |
Reported by Tim Waugh <twaugh@redhat.com>.
* src/pch.c (intuit_diff_type): Don't require a traditional patch header
("--- old\n+++ new/n") after a "git --diff" header; the "git --diff" header
gives us enough information for being able to process subsequent hunks. This
deals with corrupted patches more gracefully.
* tests/corrupt-patch: New test case.
* tests/Makefile.am (TESTS): Add test case.
|
| |
|
|
|
|
|
|
|
|
| |
* src/safe.c (cwd_stat_errno, cwd_stat): stat() result of ".".
(read_symlink): When a symlink is absolute, check if it leads back into the
working directory. If it does, strip off the prefix above the working
directory. If the symlink points to the working directory, return an empty
path.
(traverse_another_path): Recognize empty paths from read_symlink().
* tests/symlinks: Absolute symlink test cases.
|
| |
|
|
| |
* tests/symlinks: Add more path traversal test cases.
|
| |
|
|
|
|
|
|
|
| |
* src/safe.c (struct symlink): A symlink to resolve.
(push_symlink, pop_symlink): New functions.
(read_symlink): Create a new symlink stack entry.
(traverse_next): Follow ".." components within the working directory. When
hitting symlinks, "follow" them by reading and returning them.
(traverse_another_path): Recursively traverse symlinks.
|
| |
|
|
|
|
|
|
| |
When a file has already been renamed, make sure it is not renamed back to its
old name. Reported by Guido Draheim.
* src/patch.c (main): Make sure we never rename a file back to its previous
name. Report when a file was renamed already.
* tests/copy-rename: Add "already renamed" test cases.
|
| |
|
|
|
|
|
|
|
| |
* src/safe.c: Include util.h for say(). Define EFTYPE if it isn't defined
already.
(traverse_another_path): When openat fails, also check for EMLINK, EFTYPE, and
ENOTDIR. Change the error message to "file ... is not a directory" and only
skip the rest of the patch instead of aborting.
* tests/symlinks: Update.
|
| |
|
|
|
|
|
|
|
| |
Reported and fixed (mostly) by Christian Weisgerber <naddy@mips.inka.de>:
* tests/deep-directories: Avoid the bash >& redirection operator.
* tests/no-mode-change-git-diff: Instead of "stat -c", use "ls -l sed".
* tests/read-only-files: A redirection failure for a special built-in causes
some shells (FreeBSD sh, OpenBSD sh (pdksh), some bash --posix) to exit, and
the colon command is a special built-in. Perform the redirection in a subshell.
|
| |
|
|
|
| |
* tests/symlinks: Check the result of treating a symlink as a file with
--follow-symlinks.
|
| |
|
|
|
|
|
|
|
|
|
| |
Diffs can be indented by a variable number of spaces, tabs, or X characters.
Make sure that intuit_diff_type() only accepts context diffs where the first
and second line are indented identically, or else another_hunk() will fail.
* src/pch.c (intuit_diff_type): Remember the indentation of the last line. Only
recognize context diff hunks with the same amount of indentation on the first
and second line.
* tests/garbage: New test case.
* tests/Makefile.am (TESTS): Add test case.
|
| |
|
|
| |
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
| |
|
|
|
|
|
| |
Since the code is identical when just checking if a utility is present on
the system or not, we can factorize it.
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
| |
|
|
|
| |
* tests/symlinks: Add a test case where the patch file itself is in a path that
follows a symbolic link; we want to continue allowing that.
|
| |
|
|
|
|
| |
* src/util.c (symlink_target_is_valid): Remove.
(move_file): Remove symlink target checking.
* tests/symlinks: Update test case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add wrappers around system calls that traverse relative pathnames without
following symlinks. Written by Tim Waugh <twaugh@redhat.com> and Andreas
Gruenbacher <agruenba@redhat.com>.
* src/safe.h: Declare functions here.
* src/safe.c: Implement safe_* system call replacements that do not follow
symlinks along pathnames. Pathname components are resolved with openat().
Lookup results are cached to keep the overhead reasonably low.
* tests/deep-directories: New path traversal cache test.
* src/Makefile.am (patch_SOURCES): Add safe.[ch].
* tests/Makefile.am (TESTS): Add new test.
|
| |
|
|
|
|
|
|
|
| |
* src/util.c (filename_is_safe): New function split off from name_is_valid().
(symlink_target_is_valid): Explain why we cannot have absolute symlinks or
symlinks with ".." components for now.
(move_file): Move absolute filename check here and explain.
* tests/symlinks: Put test case with ".." symlink in comments for now.
* NEWS: Add CVE number.
|
| |
|
|
|
|
|
|
|
|
|
| |
When creating symlinks from git-style patches, make sure the symlinks don't
point above the current working directory. Otherwise, a subsequent patch could
use the symlink to write outside the working directory.
* src/pch.c (symlink_target_is_valid): New function to check for valid symlink
targets.
* src/util.c (move_file): Use symlink_target_is_valid() here.
* tests/symlinks: Add valid and invalid symlink test cases.
|
| |
|
|
|
| |
* src/patch.c: Improve error message.
* tests/create-delete: Update the test case.
|
| |
|
|
|
|
|
| |
* src/patch.c (main): Preserve function names in reject files.
* tests/reject-format: Update the test case.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andreas Gruenbacher <agruen@linbit.com>
|
| |
|
|
| |
* tests/create-directory: Add test case here.
|
| |
|
|
|
|
|
|
|
| |
Reported by Thomas Moschny <thomas.moschny@gmx.de>:
src/patch.c (main): Temporary output files are created in the same directory as
the output file. Make sure to remove them before removing empty files and
their empty ancestor directories; else the directories won't be empty.
tests/remove-directories: Add directory removal test case.
tests/Makefile.am (TESTS): Add new test case.
|
| |
|
|
|
|
|
| |
* src/patch.c (main): Initialize data structures early enough, before error
paths can access them.
* tests/bad-usage: Test bad command line usage.
* tests/Makefile.am (TESTS): Add bad-usage here.
|
| |
|
|
| |
* tests/create-delete: Skip binary diff test if printf '\0' is broken.
|
| |
|
|
| |
tests/create-delete: Repair 'backup of unmodified file' test.
|
| |
|
|
|
|
|
|
| |
* src/patch.c: Only print the "file is not empty after patch" message when
trying to delete the output file. Say that we were trying to delete the file.
* tests/create-delete: Fix the expected messages. Add test cases for the
--remove-empty-files and --posix options.
* NEWS: Better describe this change.
|
| |
|
|
|
|
|
| |
Test cases based on patches from Dmitry V. Levin <ldv@altlinux.org>.
* src/patch.c (main): Only expect files to become empty if the patch says so.
* NEWS: Document this change.
* tests/create-delete: Add (more) empty vs. non-empty test cases.
|
| |
|
|
|
|
|
|
| |
* src/patch.c (main): Say that we are checking a file and not that we are
patching it in --dry-run mode. Don't say "saving rejects to file" when we
don't create reject files.
* tests/reject-format: Add rejects with --dry-run test case.
* tests/bad-filenames, tests/fifo, tests/mixed-patch-types: Update.
|
| |
|
|
|
|
|
|
|
| |
* src/patch.c (check_line_endings): New function.
(main): When a hunk fails, report when the line endings differ between the
input file and the patch.
* src/pch.c (there_is_another_patch): When saying that we strip trailing CRs,
also say how to turn this off.
* tests/crlf-handling: Update changed messages. Add test case that fails.
|
| |
|
|
| |
* tests/crlf-handling: Add explanation.
|
| |
|
|
|
|
|
|
|
| |
* src/common.h (follow_symlinks): New variable.
* src/patch.c (longopts): Add new --follow-symlinks option.
(get_some_switches): Recognize the new option.
* src/util.c (stat_file): Follow symlinks if requested.
* patch.man: Document the new option.
* tests/symlinks: Add test case.
|
| |
|
|
|
|
|
|
| |
* src/patch.c (main): Output queued output files only when switching from a git
diff to a non-git diff. This can modify the input file, so make sure to
stat() it again.
* tests/concat-git-diff: Add test case growing a file with a git diff and then
with a non-git diff; without this fix; the result would be truncated.
|
| |
|
|
|
|
| |
* src/inp.c (get_input_file): Improve error message when patching a file of
different type.
* tests/symlinks: Update test case.
|
| |
|
|
|
| |
* tests/dash-o-append: Minor update (still expected to fail).
* tests/symlinks: Minor update.
|
| |
|
|
|
|
|
|
|
| |
* src/pch.c (cwd_is_root): New function to check if we are in the root
directory of a filename.
(name_is_valid): Allow to use potentially dangerous filenames when the current
working directory is the root directory: from there, those names are not
any more dangerous than other names.
* tests/bad-filenames: New test case.
|
| |
|
|
|
|
|
|
| |
* src/patch.c (main): Fail if a file is not empty as expected.
(output_files): In a git-style diff, make sure not to unlink the original when
making a backup of an unmodified file.
* tests/create-delete: Fix failed-file-deletion test and add
successful-file-deletion test.
|
