Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
On 2018-03-03 21:52, Markus Koschany wrote: Hello, please find attached the debdiff to backport the fix for #878088 to Stretch. The first fix proposed was accepted into p-u earlier, and this update was unfortunately filed too late to make it into 9.4. Please open a new request to track adding the fix for #878088 in +deb9u2. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hello,
please find attached the debdiff to backport the fix for #878088 to Stretch.
Regards,
Markus
diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7+deb9u1/bin/reportbug
--- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/bin/reportbug2018-03-03 22:33:28.0
+0100
@@ -32,6 +32,7 @@
import optparse
import re
import locale
+import requests
import subprocess
import shlex
import email
@@ -1926,6 +1927,36 @@
listcc += ui.get_multiline(
'Enter any additional addresses this report should be sent to;
press ENTER after each address.')
+# If the bug is reported against a package with a version that possibly
+# indicates a security update add the security or LTS team to CC
+# after user confirmation
+if pkgversion and package and not self.options.offline and mode >
MODE_NOVICE and utils.is_security_update(package, pkgversion):
+if ui.yes_no('Do you want to report a regression because of a
security update? ',
+ 'Yes, please inform the LTS and security teams.',
+ 'No or I am not sure.', True):
+distnumber = re.search('[+~]deb(\d+)u\d+', pkgversion).group(1)
+support = 'none'
+email_address = 'none'
+try:
+r =
requests.get('https://security-tracker.debian.org/tracker/distributions.json',
timeout=self.options.timeout)
+data = r.json()
+for key, value in data.items():
+if distnumber == value['major-version']:
+support = value['support']
+email_address = value['contact']
+break
+
+if support != 'none' and
utils.check_email_addr(email_address):
+listcc += [email_address]
+else:
+raise
+
+except requests.exceptions.RequestException:
+ewrite('Unable to connect to
security-tracker.debian.org.\n'
+ 'Please try again later or contact the LTS or
security team via email directly.\n')
+except: # catch-all
+ewrite('No support team contact address could be
identified.\n')
+
if severity and rtype:
severity = debbugs.convert_severity(severity, rtype)
diff -Nru reportbug-7.1.7/debian/changelog
reportbug-7.1.7+deb9u1/debian/changelog
--- reportbug-7.1.7/debian/changelog2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/debian/changelog 2018-03-03 22:33:28.0
+0100
@@ -1,3 +1,13 @@
+reportbug (7.1.7+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Backport the fix for Debian bug #878088. Notify the security team or LTS
+team about a possible regression if reporting a bug against a package
+containing a security fix.
+ * python3-reportbug: Depend on python3-apt to fix #878088.
+
+ -- Markus Koschany Sat, 03 Mar 2018 22:33:28 +0100
+
reportbug (7.1.7) unstable; urgency=medium
* reportbug/utils.py
diff -Nru reportbug-7.1.7/debian/control reportbug-7.1.7+deb9u1/debian/control
--- reportbug-7.1.7/debian/control 2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/debian/control 2018-03-03 22:33:28.0
+0100
@@ -36,7 +36,7 @@
Package: python3-reportbug
Section: python
Architecture: all
-Depends: ${misc:Depends}, ${python3:Depends}, apt, python3-debian,
python3-debianbts (>= 1.13), file, python3-requests
+Depends: ${misc:Depends}, ${python3:Depends}, apt, python3-debian,
python3-debianbts (>= 1.13), file, python3-requests, python3-apt
Suggests: reportbug
Description: Python modules for interacting with bug tracking systems
reportbug is a tool designed to make the reporting of bugs in Debian
Binärdateien
/tmp/BreEiHKSHs/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-35.pyc
und
/tmp/ijRwNIQr3y/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-35.pyc
sind verschieden.
Binärdateien
/tmp/BreEiHKSHs/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-36.pyc
und
/tmp/ijRwNIQr3y/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-36.pyc
sind verschieden.
diff -Nru reportbug-7.1.7/reportbug/utils.py
reportbug-7.1.7+deb9u1/reportbug/utils.py
--- reportbug-7.1.7/reportbug/utils.py 2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/reportbug/utils.py 2018-03-03 22:33:28.0
+0100
@@ -39,6 +39,8 @@
import socket
import subprocess
import pipes
+import apt
+import gzip
from .urlutils import open_url
from string import ascii_letters, digits
@@ -1304,3 +1306,79 @@
init = 'sysvinit (via /sbin/init)'
return init
+
+def is_security_update(pkgname, pkgversion):
+"""Determine whether a given package is a security update.
+
+Detec
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Control: tags -1 + pending Hi, On Sat, 2018-03-03 at 16:27 +0100, Salvatore Bonaccorso wrote: > Hi Adam, > > On Sat, Mar 03, 2018 at 02:26:16PM +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > > > I like to propose the following little change for the upcoming > > > point > > > release to include for reportbug. The secure testing security > > > team > > > does not exists for a long time by now, and when alioth will be > > > decomissioned the secure-testing-team list will disapear. Cf. > > > #32. > > > > > > It would thus be good if reportbug stops Cc'ing the secure- > > > testing > > > team. > > > > Please go ahead. > > > > > Markus is Cc'ed as well because he worked on an update for > > > #878088, > > > which though is not included here. If he has time to propse that > > > part > > > as well and accepted by you, it would be great to have it > > > included as > > > well. > > > > We're getting quite close, so I'm ACKing the diff we have now. If > > it > > turns out that the updated diff appears quickly enough then /maybe/ > > we > > can try and get that in. > > Ack, I'm uploading the first part now, if we can have the second we > can just do it then incremently on +deb9u1. > Flagged for acceptance; thanks. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi Adam, On Sat, Mar 03, 2018 at 02:26:16PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > > I like to propose the following little change for the upcoming point > > release to include for reportbug. The secure testing security team > > does not exists for a long time by now, and when alioth will be > > decomissioned the secure-testing-team list will disapear. Cf. > > #32. > > > > It would thus be good if reportbug stops Cc'ing the secure-testing > > team. > > Please go ahead. > > > Markus is Cc'ed as well because he worked on an update for #878088, > > which though is not included here. If he has time to propse that part > > as well and accepted by you, it would be great to have it included as > > well. > > We're getting quite close, so I'm ACKing the diff we have now. If it > turns out that the updated diff appears quickly enough then /maybe/ we > can try and get that in. Ack, I'm uploading the first part now, if we can have the second we can just do it then incremently on +deb9u1. Regards, Salvatore
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Control: tags -1 + confirmed On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > I like to propose the following little change for the upcoming point > release to include for reportbug. The secure testing security team > does not exists for a long time by now, and when alioth will be > decomissioned the secure-testing-team list will disapear. Cf. > #32. > > It would thus be good if reportbug stops Cc'ing the secure-testing > team. Please go ahead. > Markus is Cc'ed as well because he worked on an update for #878088, > which though is not included here. If he has time to propse that part > as well and accepted by you, it would be great to have it included as > well. We're getting quite close, so I'm ACKing the diff we have now. If it turns out that the updated diff appears quickly enough then /maybe/ we can try and get that in. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi Markus, On Fri, Mar 02, 2018 at 06:12:30PM +0100, Markus Koschany wrote: > Hi, > > Am 02.03.2018 um 15:35 schrieb Salvatore Bonaccorso: > [...] > > Markus is Cc'ed as well because he worked on an update for #878088, > > which though is not included here. If he has time to propse that part > > as well and accepted by you, it would be great to have it included as > > well. > > I can prepare such an update for Stretch tomorrow. What about Jessie? Yes I was planning to do as well the jessie one, but since the window for uploads via the stretch point release is closing very soon I started by providing the debdiff for stretch. Regards, Salvatore
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi, Am 02.03.2018 um 15:35 schrieb Salvatore Bonaccorso: [...] > Markus is Cc'ed as well because he worked on an update for #878088, > which though is not included here. If he has time to propse that part > as well and accepted by you, it would be great to have it included as > well. I can prepare such an update for Stretch tomorrow. What about Jessie? Please note that this change requires a new dependency on python3-apt too. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi Stable release managers,
X-Debbugs-CC to Sandro, Moritz and Markus.
I like to propose the following little change for the upcoming point
release to include for reportbug. The secure testing security team
does not exists for a long time by now, and when alioth will be
decomissioned the secure-testing-team list will disapear. Cf. #32.
It would thus be good if reportbug stops Cc'ing the secure-testing
team.
Markus is Cc'ed as well because he worked on an update for #878088,
which though is not included here. If he has time to propse that part
as well and accepted by you, it would be great to have it included as
well.
Regards,
Salvatore
diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7+deb9u1/bin/reportbug
--- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/bin/reportbug2018-03-02 15:10:15.0
+0100
@@ -2083,9 +2083,8 @@
incfiles = addinfo
if bts == 'debian' and 'security' in taglist and sendto !=
't...@security.debian.org':
-ewrite('Will send a CC of this report to the Debian Security and
Testing Security Team.\n')
+ewrite('Will send a CC of this report to the Debian Security
Team.\n')
listcc += ['Debian Security Team ']
-listcc += ['Debian Testing Security Team
']
# Prepare bug report
if self.options.kudos:
diff -Nru reportbug-7.1.7/debian/changelog
reportbug-7.1.7+deb9u1/debian/changelog
--- reportbug-7.1.7/debian/changelog2017-05-29 22:00:17.0 +0200
+++ reportbug-7.1.7+deb9u1/debian/changelog 2018-03-02 15:10:15.0
+0100
@@ -1,3 +1,13 @@
+reportbug (7.1.7+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Don't CC secure-testing-t...@lists.alioth.debian.org anymore.
+The testing security team didn't exist for a long time and the
+mailinglist will disappear when Alioth will be decomissioned.
+Thanks to Moritz Muehlenhoff (Closes: #32)
+
+ -- Salvatore Bonaccorso Fri, 02 Mar 2018 15:10:15 +0100
+
reportbug (7.1.7) unstable; urgency=medium
* reportbug/utils.py
Binary files
/tmp/mjqj8S79Y5/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-35.pyc
and
/tmp/SXwYSPF77D/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-35.pyc
differ
Binary files
/tmp/mjqj8S79Y5/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-36.pyc
and
/tmp/SXwYSPF77D/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-36.pyc
differ
