[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-patch] patch rejects file names starting with '../' as "invalid"
From: |
Bruno Haible |
Subject: |
[bug-patch] patch rejects file names starting with '../' as "invalid" |
Date: |
Thu, 12 Jan 2017 17:05:56 +0100 |
User-agent: |
KMail/4.8.5 (Linux/3.8.0-44-generic; KDE/4.8.5; x86_64; ; ) |
Hi,
With patch 2.7.5 I have to make contortions in order to transport a set
of hunks from one file to another:
$ git diff vacall.h.in | patch ../callback/vacall_r/vacall_r.h.in
Invalid file name ../callback/vacall_r/vacall_r.h.in -- skipping patch
$ git diff vacall.h.in | (cd .. && patch callback/vacall_r/vacall_r.h.in)
patching file callback/vacall_r/vacall_r.h.in
Hunk #1 succeeded at 367 (offset -1 lines).
Hunk #2 succeeded at 651 (offset -1 lines).
This worked with 2.7.1, hence it is a regression:
$ git diff vacall.h.in | patch ../callback/vacall_r/vacall_r.h.in
patching file ../callback/vacall_r/vacall_r.h.in
Hunk #1 succeeded at 367 (offset -1 lines).
Hunk #2 succeeded at 651 (offset -1 lines).
I fully agree that for security reasons, patch (like 'tar') should reject
file names that start with '../' when they originate from the patch file
(standard input in this case). But for file names given on the command line,
there is no security risk.
Suggestion: Make 'patch FILENAME' work again, regardless whether FILENAME
begins with '../'.
Bruno
- [bug-patch] patch rejects file names starting with '../' as "invalid",
Bruno Haible <=