with sys-devel/patch-2.7.3 installed, one cannot emerge sys-kernel/git-sources anymore. (stepping back to 2.7.2 fixes this) * Applying patch-3.19-rc5.patch (-p1) ... symbolic link target '../../../../../include/dt-bindings' is invalid [ !! ] * Failed to apply patch patch-3.19-rc5.patch The same is true for git-sources-3.19-rc6 which is not in the tree, yet.
emerge --info and .config, please
Nevermind, I see the failure.
It looks like this patch might be the culprit. http://git.savannah.gnu.org/cgit/patch.git/commit/?id=41688ad8ef88bc296f3bed30b171ec73e5876b88 Base-system maintainers. Thoughts?
As I understand from that commit, then this is a bug upstream in the kernel git or how the patch is created. http://git.savannah.gnu.org/cgit/patch.git/plain/src/util.c : /* Only allow symlink targets which are relative and free of ".." components: * otherwise, the operating system may follow one of those symlinks in a * pathname component, leading to a path traversal vulnerability. * * An alternative to disallowing many kinds of symlinks would be to implement * path traversal in user space using openat() without following symlinks * altogether. */
Yes, it's a security patch for patch, so I'll take this back. For now, I'll mask this version for git and gentoo-sources.
So, this is being discussed upstream at lkml.org. This might end up being fixed via a patch to git. So an unfortunate requirement to install git-sources is <2.7.3 of patch. If this is an issue, you have the alternative of cloning the upstream kernel repo by hand.
I can build git-sources with new patch-2.7.4 Please look and unmask 2.7.4
(In reply to Maxim Britov from comment #7) > I can build git-sources with new patch-2.7.4 > Please look and unmask 2.7.4 04 Feb 2015; Mike Pagano <mpagano@gentoo.org> -git-sources-3.19_rc1.ebuild, -git-sources-3.19_rc2.ebuild, -git-sources-3.19_rc3.ebuild, -git-sources-3.19_rc4.ebuild, -git-sources-3.19_rc5.ebuild, -git-sources-3.19_rc6.ebuild, git-sources-3.19_rc7.ebuild: Fix patch version dependency. Drop old