Bug 1088281 - QUILT_PATCH_OPTS="--unified" in /etc/quilt.quiltrc breaks quilt usage with non-unified patches
QUILT_PATCH_OPTS="--unified" in /etc/quilt.quiltrc breaks quilt usage with no...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Development
Current
All openSUSE Factory
: P3 - Medium : Normal (vote)
: ---
Assigned To: Jean Delvare
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-05 11:00 UTC by Vincent Untz
Modified: 2018-05-09 07:56 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Untz 2018-04-05 11:00:10 UTC
Someone was submitting a patch to a package in a non-unified format, and when I was trying to use quilt to debug something in the patch, this failed with:

 patch: **** Only garbage was found in the patch input.

After using --trace, I found out that quilt was calling patch with "--unified", and this comes from /etc/quilt.quiltrc:

 QUILT_PATCH_OPTS="--unified"

Not being an expert of patch, but I would expect that we can depend on patch guessing the right format.
Comment 1 Jean Delvare 2018-04-06 10:05:09 UTC
I started a discussion about this topic on the quilt-dev list:

https://lists.gnu.org/archive/html/quilt-dev/2018-04/msg00001.html
Comment 2 Andreas Stieger 2018-04-06 11:04:02 UTC
Restriction to --unified may actually prevent command execution... see  bug 1088420
Comment 3 Jean Delvare 2018-04-06 11:47:58 UTC
I admit it is a nice side effect of this option in this specific situation.

However, bug #1088420 is about patch, not quilt. Just because the default quilt configuration file happens to protect quilt users from that bug, doesn't change the fact that patch itself is still vulnerable, and quilt users as well as soon as they create their own configuration file in ~/.quiltrc (doing so prevents /etc/quilt.quiltrc from being read at all.) So we still need to fix the vulnerability in patch.

And we have to fix that bug as well anyway. Quilt should be able to handle all valid patches by default, be they in unified format or not.
Comment 4 Jean Delvare 2018-04-16 08:53:11 UTC
I submitted a fix upstream:

https://lists.gnu.org/archive/html/quilt-dev/2018-04/msg00003.html
Comment 6 Swamp Workflow Management 2018-05-03 11:50:05 UTC
This is an autogenerated message for OBS integration:
This bug (1088281) was mentioned in
https://build.opensuse.org/request/show/603634 Factory / quilt
Comment 7 Jean Delvare 2018-05-09 07:56:57 UTC
Fix is in Factory now. No maintenance update for released products as it is easy enough to edit the configuration file manually to solve the problem.