From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by sourceware.org (Postfix) with ESMTPS id 2D58B3858414; Tue, 30 Apr 2024 11:29:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2D58B3858414 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=kernel.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2D58B3858414 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2604:1380:40e1:4800::1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714476545; cv=none; b=OzGY5QDXQkrUxfHpeeJT3Ayy50LmTQp2qaJvDUqVUPViI/Ss+HaPzAXBo0miKaTQ7Qu01KHhdHp3qnLptefa1Zmm7o/f2WVxNzeT/2ar8tdnb5n2mBRwMh6+Uvt/Q+iokDtLQ2ITWCAXqbg6kVlG3LmmmXd3i+86z4kzmkdFFgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714476545; c=relaxed/simple; bh=7wBbR/ghu7hPsMj3bXLjXmRu/94RccHgUic4D9UnfTI=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=jtRb5EUm8JRz4O8EDXypUAzQ1z2rlr8W0HgmiA7NpHyOtDBCtvXHhWmy58oS45QoAw9DObOjc0TfrybREAM+0p01ZvPohtA8Oku9uXALuPHpORP0joRG+HJYowSDt6EFczFrdA45gWZ5l4WPUm4oUoEiHqmBJCcx/pZD75TGejI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 9477FCE0FE2; Tue, 30 Apr 2024 11:29:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9E58BC4AF1D; Tue, 30 Apr 2024 11:28:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714476539; bh=7wBbR/ghu7hPsMj3bXLjXmRu/94RccHgUic4D9UnfTI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OFkwJ9Pl7m3m6hyFWOTO5t38CUFY8b3DlfRYE1E6gIu75AZoQ+OL39QzR4QR3WZ55 2VNKfirxlNJvQGJgfDqwx+bSfqrwUsusXACzk3e4PIMprkQNJ9cxnixR8afBVKuiLd 7lvm3qHq6n2ubHBVEnM97bz0c3YVZ2mi0vXYP25pMDstdXQedK+En3kpvCk8x4YfQN FmYSa6wP8IKVJjFmU292zDwh9bgHdxWMSjleQdQc/O2lzt8i0eiA37tJ8n5H/r+a+N 7Iv6lUfaacLD9B0DU0+h6LDc72P28cpzAT4KbbtgvLWtKUe56QO/ZrugORaNJfqBs1 NNfpKF84DuTkQ== Date: Tue, 30 Apr 2024 13:28:54 +0200 From: Alejandro Colomar To: Mark Wielaard Cc: Joel Sherrill , Florian Weimer , Guinevere Larsen via Overseers , Sandra Loosemore , Guinevere Larsen , GCC , binutils , Eli Zaretskii via Gdb , libc-alpha@sourceware.org Subject: Re: Sourceware mitigating and preventing the next xz-backdoor Message-ID: References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <077b9dd5-0df1-4384-a9d1-58e4283caf09@redhat.com> <87il0ykgw5.fsf@oldenburg.str.redhat.com> <20240421153052.GA29957@gnu.wildebeest.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="J6+jlqNkZiLBbwRI" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --J6+jlqNkZiLBbwRI Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Tue, 30 Apr 2024 13:28:54 +0200 From: Alejandro Colomar To: Mark Wielaard Cc: Joel Sherrill , Florian Weimer , Guinevere Larsen via Overseers , Sandra Loosemore , Guinevere Larsen , GCC , binutils , Eli Zaretskii via Gdb , libc-alpha@sourceware.org Subject: Re: Sourceware mitigating and preventing the next xz-backdoor Hi Mark, On Sun, Apr 21, 2024 at 10:40:14PM +0200, Alejandro Colomar wrote: [...] > Let's generate a v2 patch set, showing the range-diff against v1. We > need to check the commit IDs of the first set, which can be found in the > mailing list archives, thanks to the trick we used. The v1 range was > 7ec952012^..892a12470. So we just pass that range: >=20 > $ git format-patch -o ./patches/ master..HEAD \ > --range-diff=3D7ec952012^..892a12470 -v2 --cover-letter; > ./patches/v2-0000-cover-letter.patch > ./patches/v2-0001-share-mk-build-fonts-unifont-Build-UnifontR-from-.patch > ./patches/v2-0002-share-mk-build-pdf-book-Use-Unifont.patch > ./patches/v2-0003-share-mk-build-fonts-unifont-Specify-space-width-.patch >=20 > The v2 cover letter shows the changes introduced since v1: >=20 > $ tail -n20 ./patches/v2-0000-cover-letter.patch=20 > create mode 100644 share/mk/build/fonts/unifont/dit.mk > create mode 100644 share/mk/build/fonts/unifont/pfa.mk > create mode 100644 share/mk/configure/build-depends/fonts-unifont/unifo= nt.otf.mk >=20 > Range-diff against v1: > 1: 7ec952012 =3D 1: 7ec952012 share/mk/: build-fonts-unifont: Build Un= ifontR from unifont.otf > 2: d80376b08 =3D 2: d80376b08 share/mk/: build-pdf-book: Use Unifont > 3: 892a12470 ! 3: bc7fa7d92 share/mk/: build-fonts-unifont: Specify sp= acewidth in afmtodit(1) > @@ Metadata > Author: Alejandro Colomar > =20 > ## Commit message ## > - share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(= 1) > + share/mk/: build-fonts-unifont: Specify space width in afmtodit= (1) > =20 > Link: > Suggested-by: "G. Branden Robinson" > --=20 > 2.43.0 I've added a recommendation in the Linux man-pages contributing documentation that patches be sent with a range diff, and also that patches be sent in PGP-signed mail (if the user has a PGP key). It has specific instructions like the above (but simplified). Feel free to copy any of that documentation. I also recommended specific mutt(1) settings: set crypt_autosign =3D yes set crypt_protected_headers_write =3D yes And git-send-email(1) configuration for using with neomutt(1): [sendemail] sendmailcmd =3D neomutt -C -H - && true For all the documentation for mail and patches, see these two files: Have a lovely day! Alex --=20 --J6+jlqNkZiLBbwRI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmYw1fYACgkQnowa+77/ 2zIt6g/7B+A94mZpRhDLvPEZPgnX7nJRPXWOKrFkW2G3myo2XIS176l+4CngBBml k7cSQ42AdrBUtEPw9ptwNpq4YEluBCiMmAQR1Su3f8XDf/EMDqFGYAWomRRAFJ0B tP2Ju7jW+sEKQBOhb4g94/Fi8n3PzCCpFGF1VMnh5y9s6VqizrG/ts7IS8v+VHYt VlVbFsy7sIVc1rNE5+3NIbpBO9tvIFAR01NIRCicAv2ZL+Q9RsAwIxTTasQXdW+O g3W78PA858eQrx5iJmId1BfVZq7mFeyOBE80A1aFtEsSu8sW1ZDTy2M2uNXmHcz6 OlQC9HiVlNbrVQkl7MdX4nkeeACICsjqYLoSHS6NOt55DUJ+jdRH+mKvihuGGEMs mlQEh8vtRJs6SI3mU8Dv/z+3yxIxrRUCDGVF27tEVm3U8XgUDgFWfhVBL8bFcWvj KZhPhCPZ4nZhsGBDK9BFN1qucEtkYmakt0BmTwxMhUaMmn+bH+oTuwnmaZGMSajo xwzRymFeruYeCj3iXzBwfdrOaakuFZwQ1V1TnM6O9p78eqV9KHNvxBo91RCkN5qw oGVgw2K1CN+kEzwubzScFNTfGBLxxgWLDGDAXnuPh67mdPd5RXGSjZuvmQYafhl6 p1FnjVXQcCcU1XpjkJIVOt/tZehC5+ijYsxThYzKNj/vuR0JmiE= =cIb7 -----END PGP SIGNATURE----- --J6+jlqNkZiLBbwRI--