Patching

The Community Security Team (CST) produces source patches that apply to the latest releases of Liferay Portal Community Edition.  The CST will not produce patches for older releases, so it is important that CE users be using the latest CE releases if they want to get easy-to-apply fixes for critical security fixes. 

Source patches

Source patches are essentially the output of git diff (which is itself related to the output of the unix diff command). 

By virtue of the CST maintaining separate branches for each fix (along with a separate cumulative branch), generating patches using github is trivial.  Each source patch can be downloaded and applied to a copy of the Liferay Portal source code from the latest released version, using either git apply (if you have a proper git clone of the Liferay source) or the unix patch command if you just have a basic Liferay Portal source tree.

If you use the patch command on Windows or Linux, be aware that the line ending differences between OS's might cause trouble (Mac OS X seems to handle it with no special procedures).  You may need to use tools to convert line endings, such as dos2unix, before the source patches can be applied.  Read below for specific instructions for your operating system.

If you use git, run:

cd $LIFERAY_SRC_HOME ; git apply name-of-downloaded-patch-file

If you don't use git, and just have a basic Liferay Portal source tree (e.g. by downloading a raw .zip file from Github), then you can use the unix patch command:

patch -p1 < name-of-downloaded-patch-file
It is recommended that you download the source from Github.  If you have downloaded the source code from SourceForge.net, be aware that SourceForge code sometimes contains Windows-style line endings, and you may need to first convert them to unix-style line endings using something like:

cd $LIFERAY_SRC_HOME; find . -type f  -exec dos2unix {} \;

The dos2unix tool may be installed by default on your Linux distribution, or you may need to install it first (using apt-get, pkg, deb, yum, etc). 

If you use git, run:

cd $LIFERAY_SRC_HOME ; git apply name-of-downloaded-patch-file

If you don't use git, and just have a basic Liferay Portal source tree (e.g. by downloading a raw .zip file from Github), then you can use the unix patch command:

patch -p1 < name-of-downloaded-patch-file

Depending on which tool(s) you are using, you can either use git apply (this is the recommended method if you are using git, some tools supply a bash-like shell tool), or consult your git tool's manual on how to apply patch files.  

If you don't use git, and just have a basic Liferay Portal source tree (e.g. by downloading a raw .zip file from Github), then you can use the GNU patch command for Windows:

patch.exe -p1 < name-of-downloaded-patch-file

Once the source patches have been applied, the Liferay Portal's source code will need to be re-compiled to generate binaries.