I second that. I usually try to get the patches from the advisories, or, e.g., from RedHat RPMS, because then they are self-contained.
Especially if you add other patches (most notably grsec) upgrading is always quite a bit of work. The best way would be to get the patches, slamm them in, adjust if they conflict with previous patches, and rebuild.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds