Gentoo service announcement: keep clear of GNU patch-2.6

Some people already know what I’m talking about but I’m pretty sure most won’t. But trust me first, and go sync or mask patch-2.6 locally and downgrade it as soon as you can.

The new version of the utility messes up when using -p0 and the fuzz factor, and that breaks the epatch function that almost every ebuild uses, one way or another. The result is that patches will silently fail to happen. For more specifics see bug #293570 which was reported already in mid-November but just didn’t cause enough uproar.

Now, I did see the bug before on the base-layout queue, but I thought it was such a minor issue that I just didn’t care enough. I came to look at it again today because I found three packages in the tinderbox failing to build because patches were skipped. At first, still no problem: that’s the task of the tinderbox, I would let the tinderbox run with it and see what also failed.

But then I could see the big problem of this: patches are dropped silently; all kinds of patches. But what I could tell was just if the patch solved a build failure. Oops! Patches failing crashers, security issues and similar will also fail silently, and those wouldn’t get patched. In the best case scenario, they would cause some QA warnings that were fixed already to reappear, and make the developers notice the missing patch. In the worst case, you’d get security fixes to not be applied any longer, which is tremendously bad.

If you want to be on the safe side, after downgrading you should rebuild everything you built with patch-2.6 installed; the following script will give you the package names (not perfect, let met tell you that already, if somebody can improve it in the comments it’d be even better):

qlop -Cl | tail -n +$(qlop -l | grep -n patch-2.6 | head -1 | cut -d: -f1) | 
    sed -e 's:.* >>> ::' | xargs -r -n1 qatom | 
    awk '{ printf "%s/%sn", $1, $2 }' | sort -u | join - <(qlist -IC | sort -u)

Update: thanks to O Andarilho for pointing out a flaw in the old script in case patch-2.6 was not merged at all, this is now fixed in the script above (by using xargs -r).
Update 2: also thanks to Nick Bowler for cleaning away the packages that aren’t currently merged. _Note: slots aren’t considered so the script is still a bit rough but should cover most issues.