This is much closer to the upstream patch, which hopefully will minimize the chance of introducing new bugs.
About testcases, I did get one for -5517 from Ricky yesterday. It's just -5516 that I don't have. If you run across one, let me know (gpg key 0xBEAF0CE3 if you want to send privately).
Thanks Tomas. The patch that I had matched the upstream c582abae pretty well. Here's the small difference:
diff --git a/gitweb/ gitweb. perl b/gitweb/ gitweb. perl gitweb. perl gitweb. perl t\'"; format: %H', '--no-abbrev', '--raw', "-S$searchtext", format: %H', '--no-abbrev', '--raw', "-S$searchtext";
-index 922dee9..ec73cb1 100755
+index 86a6ced..e011393 100755
--- a/gitweb/
+++ b/gitweb/
-@@ -5305,51 +5305,19 @@ sub git_search {
+@@ -5199,50 +5199,18 @@ sub git_search {
print "<table class=\"pickaxe search\">\n";
my $alternate = 1;
$/ = "\n";
- my $git_command = git_cmd_str();
- my $searchqtext = $searchtext;
- $searchqtext =~ s/'/'\\''/;
-- my $pickaxe_flags = $search_use_regexp ? '--pickaxe-regex' : '';
- open my $fd, "-|", "$git_command rev-list $hash | " .
-- "$git_command diff-tree -r --stdin -S\'$searchqtext\' $pickaxe_flags";
+- "$git_command diff-tree -r --stdin -S\'$searchqtex
+ open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts,
-+ '--pretty=
-+ ($search_use_regexp ? '--pickaxe-regex' : ());
++ '--pretty=
undef %co;
my @files;
while (my $line = <$fd>) {
(also at http:// tmz.fedorapeopl e.org/tmp/ git-1.5. 4.7-CVE- 2008-5516- interdiff. diff in case Bugzilla mangles it. The full diff for updating git-1.5.4.7 on EL-4 is http:// tmz.fedorapeopl e.org/tmp/ git-1.5. 4.7-2.diff. Unless that looks wildly wrong, I'll apply it today.)
This is much closer to the upstream patch, which hopefully will minimize the chance of introducing new bugs.
About testcases, I did get one for -5517 from Ricky yesterday. It's just -5516 that I don't have. If you run across one, let me know (gpg key 0xBEAF0CE3 if you want to send privately).