Towards Easier Security Patch Porting

Supporting stable packages means porting patches back to older versions of the same code. Most of the time, that is not a direct and easy task. You have to find the patch (sometimes more than one), try to apply them, fail, do it by hand, compile, fail, repeat. This process is tedious, slow, and error prone.

We present a coming new tool to make security patch porting easier. The system we propose collects and applies patches from different sources and displays the results in an easy to compare way. It applies several heuristics to port the patch to the target code and adapts them to be directly importable to quilt. As a work in progress, the presentation will have a section for discussing future paths and ideas. Everybody is welcome, especially developers or contributors with some experience in patch porting.

• Video
• Slides