> On Oct 21, 2016, at 5:55 AM, Alexander Kanavin > <alexander.kana...@linux.intel.com> wrote: > > Hello all, > > while updating gnutls to a newer version I came across a rather serious > issue: the way we patch source code is very lenient about the context for the > lines to be changed. Basically, it's enough for one line before and after the > changed line to match, because patch command's default setting for 'fuzz > factor' allows it. If these lines happen to be whitespace or braces, then > there's nothing to prevent the patch from being applied incorrectly. > > Here's a particularly nasty example of this happening completely silently > (compile step works fine too), with security implications: > https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 > > I think this absolutely needs to be fixed. The downside is that this will > break a lot of patches across all layers - after setting the fuzz to zero in > oe-core we have 87 recipes that fail to be patched. Maxin and I are currently > going through them one by one and getting them fixed.
perhaps a list of the recipes, with steps to configure fuzz factor on wiki would enable other folks to fix them especially the recipe maintainers should care. > > Regards, > Alex > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto