Re: [Xen-devel] Difference between patch in XSA and patch checked in

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 23.08.17 at 18:35, <george.dunlap@xxxxxxxxxx> wrote:
> Can I propose that committers should always check in the exact version
> of the patch in the publicly-released advisory?  Preferably directly
> from xsa.git, and with 'git am' (and not rebasing or modifying patches)?

As the presumably primary guilty one here, I'll try to remember to
not make such changes going forward. It is largely the adding of
CVE numbers and tags to the patch which has turned out easier to
do in a private copy of the patches (so they're ready to be applied
without having to wait for / pull updates to xsa.git, the more that
in less simple cases - which iirc XSA-218 was an example of - the
automatic propagation of tags into the patches at public disclosure
time doesn't always work [reliably]).

That's in particular how the format string differences have crept in
that have caused you grief, as the way the diff-ing works is
apparently quite different between the various possible tools to
use. I do compare patches in such cases in order to make sure I
don't commit any stale version, but the patch representation was
so different that I apparently didn't notice the mixup in format
strings.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel