Bug#784214: allow manual override for the regression DLA/DSA Id
Package: security-tracker
Severity: wishlist
Tags: patch
Hi,
attached is a patch that adds manual DLA/DSA id override support if an
upload tackles a regression already announce via an earlier DSA/DLA.
Current use case / example:
xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092
xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here)
xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of
fix for CVE-2014-8092)
At the moment: when using bin/genDLA like this:
$ bin/gen-DLA --save xorg-server regression CVE-2015-3418
the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas
the correct/wanted DLA id would be 120-2.
The attached patch allows one to specify the DLA id to follow up on with
the regression keyword. Thus, with the patch applied, I can do this:
$ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418
which then will provide me with a DLA-120-2 mail template and put
the prepared upload of my xorg-server package into data/DLA/list.
What could be added:
o check, if the manual specified override exists and is for the same package
light+love,
Mike
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Index: bin/gen-DSA
===
--- bin/gen-DSA (revision 34054)
+++ bin/gen-DSA (working copy)
@@ -157,8 +157,12 @@
shift
TYPE=security
-if [ regression = $1 ]; then
+REGRESSION_DAID=
+if printf '%s' $1 | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then
TYPE=regression
+if printf '%s' $1 | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then
+ REGRESSION_DAID=$(printf '%s' $1 | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/')
+fi
shift
fi
@@ -235,7 +239,11 @@
if [ -z $DAID ]; then
if [ $TYPE = regression ]; then
- latest_daid=$(sed -nr '/'$IDMODE'-[0-9]+-[0-9]+' $PACKAGE '/{s/^.+'$IDMODE'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)
+ if [ -z $REGRESSION_DAID ]; then
+ latest_daid=$(sed -nr '/'$IDMODE'-[0-9]+-[0-9]+' $PACKAGE '/{s/^.+'$IDMODE'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)
+ else
+ latest_daid=$REGRESSION_DAID
+ fi
revision=${latest_daid#*-}
daid=${latest_daid%-*}
else
Bug#784214: allow manual override for the regression DLA/DSA Id
On Mon, May 04, 2015 at 09:09:04AM +0200, Mike Gabriel wrote: Package: security-tracker Severity: wishlist Tags: patch Hi, attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas the correct/wanted DLA id would be 120-2. The attached patch allows one to specify the DLA id to follow up on with the regression keyword. Thus, with the patch applied, I can do this: $ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418 which then will provide me with a DLA-120-2 mail template and put the prepared upload of my xorg-server package into data/DLA/list. You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. Cheers signature.asc Description: Digital signature
Bug#784214: allow manual override for the regression DLA/DSA Id
control: retitle -1 make sure regression updates are documented control: tags -1 - patch Hi Mike, On Montag, 4. Mai 2015, Alessandro Ghedini wrote: You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. please provide a patch for documenting this. cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#784214: allow manual override for the regression DLA/DSA Id
Hi Holger, On Mo 04 Mai 2015 10:08:58 CEST, Holger Levsen wrote: control: retitle -1 make sure regression updates are documented control: tags -1 - patch Hi Mike, On Montag, 4. Mai 2015, Alessandro Ghedini wrote: You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. please provide a patch for documenting this. cheers, Holger This must go to https://wiki.debian.org/LTS/Development (I will do that later). Anywhere else? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpm3pzs5G245.pgp Description: Digitale PGP-Signatur
Bug#784214: allow manual override for the regression DLA/DSA Id
Hi Holger, On Mo 04 Mai 2015 10:08:58 CEST, Holger Levsen wrote: please provide a patch for documenting this. Done that for the LTS team: https://wiki.debian.org/LTS/Development?action=diffrev1=84rev2=85 Anywhere else? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpZ5kVfv8UIc.pgp Description: Digitale PGP-Signatur
Bug#784214: allow manual override for the regression DLA/DSA Id
On 4 May 2015 at 09:09, Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: [...] attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server ver+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server ver+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server ver+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 $ bin/gen-DLA usage: bin/gen-DLA [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]] 'DLA' is the DLA number, required when issuing a revision 'cve(s)' and 'bugnumber(s)' can be passed in any order but always AFTER the description If it doesn't like your bug number, prefix it with # and report $ bin/gen-DLA 120-2 xserver-xorg regression ... Perhaps that's enough? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
