GoKawiilPhantom Patch April 27, 2026
GitHub (and many others) exposes mail-style patches at .patch URLs. If you download one of those patches and feed it to GNU patch , diff-shaped text inside the commit message can be applied as if it were part of the real patch.
It matters (to me) because wget / curl plus patch is not some exotic lab setup. It is a very old, very ordinary way to move a patch from one machine to another.
Public reproducer
From dd28283159930b8fff2119aa9f75af8b4c1ed8b2 Mon Sep 17 00:00:00 2001 From: Egor Kovetskiy <e.kovetskiy [spam] gmail.com> Date: Wed, 22 Apr 2026 06:37:11 +0000 Subject: [PATCH] readme: add initial file The body includes a fake diff for patch workflow testing. diff --git a/SHOULD_NOT_BE_HERE.md b/SHOULD_NOT_BE_HERE.md new file mode 100644 index 0000000..802992c --- /dev/null +++ b/SHOULD_NOT_BE_HERE.md @@ -0,0 +1 @@ +Hello world --- readme.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 readme.md diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..b44b8fd --- /dev/null +++ b/readme.md @@ -0,0 +1 @@ +Demo repository
Here is the smallest public demo I could make:
The real commit changes one file: readme.md .
If you inspect the commit in GitHub’s UI, that is all you see.
But the commit message also contains a fake unified diff:
diff --git a/SHOULD_NOT_BE_HERE.md b/SHOULD_NOT_BE_HERE.md new file mode 100644 index 0000000..802992c --- /dev/null +++ b/SHOULD_NOT_BE_HERE.md @@ -0,0 +1 @@ +Hello world
... continue reading