oss-sec mailing list archives
Re: code review CVS
From: "Pierre-Yves Rofes" <py () gentoo org>
Date: Thu, 21 Feb 2008 09:37:54 +0100 (CET)
On Thu, February 21, 2008 7:24 am, Vincent Danen wrote:
* [2008-02-20 17:51:47 -0800] Kees Cook wrote:I like the patch idea, however. A "vendor patch" database of sorts would be nice (would save me from hunting from, say, ubuntu packages for a patch for something they already fixed, or looking at ubuntu for one, and SUSE for another because of version differences).I'd really like to have at least a "how to find a patch for [distro], release [version]". I have an easier time finding Debian patches, for example, since http://snapshot.debian.net/ exists. Ubuntu is a bit less patch-hunter-friendly in that regard, but we try to alway keep patches external to from the source tree, so they're easy to locate from change logs. Doing this with src.rpms follows a similar convention, but can sometimes get tricky too. Finding them can sometimes be a chore -- I always bang my head when looking for RHEL src.rpms. :)
[...]
And I'd *love* to see what the Gentoo folks will link to.. =) They have to be the biggest head-scratcher for me.
It's true that we currently don't have a centralized place for patches, maybe we should work something out. For now, I'd say that the best option is to use: http://sources.gentoo.org/viewcvs.py/gentoo-x86/<category>/<pkg>/ Then all patches should be in the "files" directory. e.g. you want the last patch for an integer overflow in tcpdump, you'll find it in: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/tcpdump/files/ But FYI, we generally use the patches from Debian :) -- Pierre-Yves Rofes Gentoo Linux Security Team
Current thread:
- code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Kees Cook (Feb 20)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Pierre-Yves Rofes (Feb 21)
- Re: code review CVS Mark J Cox (Feb 21)
- Re: code review CVS Kees Cook (Feb 21)
- Re: code review CVS Tomas Hoger (Feb 22)
- Re: code review CVS Kees Cook (Feb 22)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 21)
- Re: extracting patches from SRPMs (Was: code review CVS) (GalaxyMaster) (Feb 21)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Vincent Danen (Feb 24)