Hello all,
while updating gnutls to a newer version I came across a rather serious
issue: the way we patch source code is very lenient about the context
for the lines to be changed. Basically, it's enough for one line before
and after the changed line to match, because patch command's default
setting for 'fuzz factor' allows it. If these lines happen to be
whitespace or braces, then there's nothing to prevent the patch from
being applied incorrectly.
Here's a particularly nasty example of this happening completely
silently (compile step works fine too), with security implications:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
I think this absolutely needs to be fixed. The downside is that this
will break a lot of patches across all layers - after setting the fuzz
to zero in oe-core we have 87 recipes that fail to be patched. Maxin and
I are currently going through them one by one and getting them fixed.
Regards,
Alex
--
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel