Comment 9 for bug 317052

Thanks Tomas. The patch that I had matched the upstream c582abae pretty well. Here's the small difference:

 diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
-index 922dee9..ec73cb1 100755
+index 86a6ced..e011393 100755
 --- a/gitweb/gitweb.perl
 +++ b/gitweb/gitweb.perl
-@@ -5305,51 +5305,19 @@ sub git_search {
+@@ -5199,50 +5199,18 @@ sub git_search {
    print "<table class=\"pickaxe search\">\n";
    my $alternate = 1;
    $/ = "\n";
 - my $git_command = git_cmd_str();
 - my $searchqtext = $searchtext;
 - $searchqtext =~ s/'/'\\''/;
-- my $pickaxe_flags = $search_use_regexp ? '--pickaxe-regex' : '';
 - open my $fd, "-|", "$git_command rev-list $hash | " .
-- "$git_command diff-tree -r --stdin -S\'$searchqtext\' $pickaxe_flags";
+- "$git_command diff-tree -r --stdin -S\'$searchqtext\'";
 + open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts,
-+ '--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext",
-+ ($search_use_regexp ? '--pickaxe-regex' : ());
++ '--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext";
    undef %co;
    my @files;
    while (my $line = <$fd>) {

(also at http://tmz.fedorapeople.org/tmp/git-1.5.4.7-CVE-2008-5516-interdiff.diff in case Bugzilla mangles it. The full diff for updating git-1.5.4.7 on EL-4 is http://tmz.fedorapeople.org/tmp/git-1.5.4.7-2.diff. Unless that looks wildly wrong, I'll apply it today.)

This is much closer to the upstream patch, which hopefully will minimize the chance of introducing new bugs.

About testcases, I did get one for -5517 from Ricky yesterday. It's just -5516 that I don't have. If you run across one, let me know (gpg key 0xBEAF0CE3 if you want to send privately).