| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Run "make update-copyright".
|
|
|
|
|
| |
* src/pch.c (name_is_valid): Don't warn about the same name twice.
* tests/bad-filenames (emit_patch): Exercise the new code.
|
|
|
|
|
|
|
|
|
|
| |
* src/pch.c (name_is_valid): New function.
(intuit_diff_type, best_name): Use name_is_valid() here.
(strip_leading_slashes): Remove name validation tests from here.
* tests/bad-filenames: Add more tests for covering more of the
file name guessing corner cases in intuit_diff_type(), update the
existing tests.
* NEWS: Update.
|
|
This addresses CVE-2010-4651, reported by Jakub Wilk.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4651
* src/util.c (strip_leading_slashes): Reject absolute file names
and file names containing a component of "..".
* tests/bad-filenames: New file. Test for this.
* tests/Makefile.am (TESTS): Add it.
Improvements by Andreas Gruenbacher.
|