From 4d19863b062ac469fe09dec014976ba3b8677fb0 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Mon, 3 Jan 2022 12:21:12 +0100
Subject: libgit2 config opts: set the search to an empty path

Otherwise this would search outside the unveiled paths and cause an unveil
violation.

Reported by Anton Lindqvist, thanks!
---
 stagit-index.c | 4 ++++
 stagit.c       | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/stagit-index.c b/stagit-index.c
index 087ae1e..7c1f76d 100644
--- a/stagit-index.c
+++ b/stagit-index.c
@@ -173,7 +173,11 @@ main(int argc, char *argv[])
 		return 1;
 	}
 
+	/* do not search outside the git repository:
+	   GIT_CONFIG_LEVEL_APP is the highest level currently */
 	git_libgit2_init();
+	for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++)
+		git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, "");
 
 #ifdef __OpenBSD__
 	if (pledge("stdio rpath", NULL) == -1)
diff --git a/stagit.c b/stagit.c
index 22fc2aa..0d53b72 100644
--- a/stagit.c
+++ b/stagit.c
@@ -1220,7 +1220,11 @@ main(int argc, char *argv[])
 	if (!realpath(repodir, repodirabs))
 		err(1, "realpath");
 
+	/* do not search outside the git repository:
+	   GIT_CONFIG_LEVEL_APP is the highest level currently */
 	git_libgit2_init();
+	for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++)
+		git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, "");
 
 #ifdef __OpenBSD__
 	if (unveil(repodir, "r") == -1)
-- 
cgit v1.2.3-54-g00ecf