Sourceware mitigating and preventing the next xz-backdoor

Tue Apr 30 11:28:54 GMT 2024

Hi Mark,

On Sun, Apr 21, 2024 at 10:40:14PM +0200, Alejandro Colomar wrote:

[...]

> Let's generate a v2 patch set, showing the range-diff against v1.  We
> need to check the commit IDs of the first set, which can be found in the
> mailing list archives, thanks to the trick we used.  The v1 range was
> 7ec952012^..892a12470.  So we just pass that range:
> 
> 	$ git format-patch -o ./patches/ master..HEAD \
> 		--range-diff=7ec952012^..892a12470 -v2 --cover-letter;
> 	./patches/v2-0000-cover-letter.patch
> 	./patches/v2-0001-share-mk-build-fonts-unifont-Build-UnifontR-from-.patch
> 	./patches/v2-0002-share-mk-build-pdf-book-Use-Unifont.patch
> 	./patches/v2-0003-share-mk-build-fonts-unifont-Specify-space-width-.patch
> 
> The v2 cover letter shows the changes introduced since v1:
> 
> 	$ tail -n20 ./patches/v2-0000-cover-letter.patch 
> 	 create mode 100644 share/mk/build/fonts/unifont/dit.mk
> 	 create mode 100644 share/mk/build/fonts/unifont/pfa.mk
> 	 create mode 100644 share/mk/configure/build-depends/fonts-unifont/unifont.otf.mk
> 
> 	Range-diff against v1:
> 	1:  7ec952012 = 1:  7ec952012 share/mk/: build-fonts-unifont: Build UnifontR from unifont.otf
> 	2:  d80376b08 = 2:  d80376b08 share/mk/: build-pdf-book: Use Unifont
> 	3:  892a12470 ! 3:  bc7fa7d92 share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
> 	    @@ Metadata
> 	     Author: Alejandro Colomar <alx@kernel.org>
> 	     
> 	      ## Commit message ##
> 	    -    share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
> 	    +    share/mk/: build-fonts-unifont: Specify space width in afmtodit(1)
> 	     
> 		 Link: <https://lore.kernel.org/linux-man/ZiQ_mTQHPq3ig723@debian/T/#t>
> 		 Suggested-by: "G. Branden Robinson" <branden@debian.org>
> 	-- 
> 	2.43.0

I've added a recommendation in the Linux man-pages contributing
documentation that patches be sent with a range diff, and also that
patches be sent in PGP-signed mail (if the user has a PGP key).  It has
specific instructions like the above (but simplified).

<https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING.d/patches?id=12aca537ce78a41bbcdaf485209691e10f8002d7#n91>

Feel free to copy any of that documentation.

I also recommended specific mutt(1) settings:

            set crypt_autosign = yes
            set crypt_protected_headers_write = yes

And git-send-email(1) configuration for using with neomutt(1):

           [sendemail]
               sendmailcmd = neomutt -C -H - && true

For all the documentation for mail and patches, see these two files:
<https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING.d/patches>
<https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING.d/mail>

Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/binutils/attachments/20240430/9709e7f2/attachment.sig>