Bug#784214: allow manual override for the regression DLA/DSA Id
Package: security-tracker Severity: wishlist Tags: patch Hi, attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas the correct/wanted DLA id would be 120-2. The attached patch allows one to specify the DLA id to follow up on with the regression keyword. Thus, with the patch applied, I can do this: $ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418 which then will provide me with a DLA-120-2 mail template and put the prepared upload of my xorg-server package into data/DLA/list. What could be added: o check, if the manual specified override exists and is for the same package light+love, Mike -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Index: bin/gen-DSA === --- bin/gen-DSA (revision 34054) +++ bin/gen-DSA (working copy) @@ -157,8 +157,12 @@ shift TYPE=security -if [ regression = $1 ]; then +REGRESSION_DAID= +if printf '%s' $1 | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then TYPE=regression +if printf '%s' $1 | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then + REGRESSION_DAID=$(printf '%s' $1 | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/') +fi shift fi @@ -235,7 +239,11 @@ if [ -z $DAID ]; then if [ $TYPE = regression ]; then - latest_daid=$(sed -nr '/'$IDMODE'-[0-9]+-[0-9]+' $PACKAGE '/{s/^.+'$IDMODE'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list) + if [ -z $REGRESSION_DAID ]; then + latest_daid=$(sed -nr '/'$IDMODE'-[0-9]+-[0-9]+' $PACKAGE '/{s/^.+'$IDMODE'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list) + else + latest_daid=$REGRESSION_DAID + fi revision=${latest_daid#*-} daid=${latest_daid%-*} else
Bug#784214: allow manual override for the regression DLA/DSA Id
On Mon, May 04, 2015 at 09:09:04AM +0200, Mike Gabriel wrote: Package: security-tracker Severity: wishlist Tags: patch Hi, attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas the correct/wanted DLA id would be 120-2. The attached patch allows one to specify the DLA id to follow up on with the regression keyword. Thus, with the patch applied, I can do this: $ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418 which then will provide me with a DLA-120-2 mail template and put the prepared upload of my xorg-server package into data/DLA/list. You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. Cheers signature.asc Description: Digital signature
Bug#784214: allow manual override for the regression DLA/DSA Id
control: retitle -1 make sure regression updates are documented control: tags -1 - patch Hi Mike, On Montag, 4. Mai 2015, Alessandro Ghedini wrote: You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. please provide a patch for documenting this. cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#784214: allow manual override for the regression DLA/DSA Id
Hi Holger, On Mo 04 Mai 2015 10:08:58 CEST, Holger Levsen wrote: control: retitle -1 make sure regression updates are documented control: tags -1 - patch Hi Mike, On Montag, 4. Mai 2015, Alessandro Ghedini wrote: You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. please provide a patch for documenting this. cheers, Holger This must go to https://wiki.debian.org/LTS/Development (I will do that later). Anywhere else? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpm3pzs5G245.pgp Description: Digitale PGP-Signatur
Bug#784214: allow manual override for the regression DLA/DSA Id
Hi Holger, On Mo 04 Mai 2015 10:08:58 CEST, Holger Levsen wrote: please provide a patch for documenting this. Done that for the LTS team: https://wiki.debian.org/LTS/Development?action=diffrev1=84rev2=85 Anywhere else? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpZ5kVfv8UIc.pgp Description: Digitale PGP-Signatur
Bug#784214: allow manual override for the regression DLA/DSA Id
On 4 May 2015 at 09:09, Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: [...] attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 $ bin/gen-DLA usage: bin/gen-DLA [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]] 'DLA' is the DLA number, required when issuing a revision 'cve(s)' and 'bugnumber(s)' can be passed in any order but always AFTER the description If it doesn't like your bug number, prefix it with # and report $ bin/gen-DLA 120-2 xserver-xorg regression ... Perhaps that's enough? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org