[yocto] Attention all: patches for upstream source will be applied with stricter criteria for context
akuster
akuster at mvista.com
Fri Oct 21 08:08:11 PDT 2016
On 10/21/2016 05:55 AM, Alexander Kanavin wrote:
> Hello all,
>
> while updating gnutls to a newer version I came across a rather
> serious issue: the way we patch source code is very lenient about the
> context for the lines to be changed. Basically, it's enough for one
> line before and after the changed line to match, because patch
> command's default setting for 'fuzz factor' allows it. If these lines
> happen to be whitespace or braces, then there's nothing to prevent the
> patch from being applied incorrectly.
>
> Here's a particularly nasty example of this happening completely
> silently (compile step works fine too), with security implications:
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
>
> I think this absolutely needs to be fixed.
Is there a target milestone for this change?
> The downside is that this will break a lot of patches across all
> layers - after setting the fuzz to zero in oe-core we have 87 recipes
> that fail to be patched. Maxin and I are currently going through them
> one by one and getting them fixed.
Is this going to impact the 2.2 release?
- armin
>
> Regards,
> Alex
More information about the yocto
mailing list