Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
On 2018-03-03 21:52, Markus Koschany wrote: Hello, please find attached the debdiff to backport the fix for #878088 to Stretch. The first fix proposed was accepted into p-u earlier, and this update was unfortunately filed too late to make it into 9.4. Please open a new request to track adding the fix for #878088 in +deb9u2. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hello, please find attached the debdiff to backport the fix for #878088 to Stretch. Regards, Markus diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7+deb9u1/bin/reportbug --- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/bin/reportbug2018-03-03 22:33:28.0 +0100 @@ -32,6 +32,7 @@ import optparse import re import locale +import requests import subprocess import shlex import email @@ -1926,6 +1927,36 @@ listcc += ui.get_multiline( 'Enter any additional addresses this report should be sent to; press ENTER after each address.') +# If the bug is reported against a package with a version that possibly +# indicates a security update add the security or LTS team to CC +# after user confirmation +if pkgversion and package and not self.options.offline and mode > MODE_NOVICE and utils.is_security_update(package, pkgversion): +if ui.yes_no('Do you want to report a regression because of a security update? ', + 'Yes, please inform the LTS and security teams.', + 'No or I am not sure.', True): +distnumber = re.search('[+~]deb(\d+)u\d+', pkgversion).group(1) +support = 'none' +email_address = 'none' +try: +r = requests.get('https://security-tracker.debian.org/tracker/distributions.json', timeout=self.options.timeout) +data = r.json() +for key, value in data.items(): +if distnumber == value['major-version']: +support = value['support'] +email_address = value['contact'] +break + +if support != 'none' and utils.check_email_addr(email_address): +listcc += [email_address] +else: +raise + +except requests.exceptions.RequestException: +ewrite('Unable to connect to security-tracker.debian.org.\n' + 'Please try again later or contact the LTS or security team via email directly.\n') +except: # catch-all +ewrite('No support team contact address could be identified.\n') + if severity and rtype: severity = debbugs.convert_severity(severity, rtype) diff -Nru reportbug-7.1.7/debian/changelog reportbug-7.1.7+deb9u1/debian/changelog --- reportbug-7.1.7/debian/changelog2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/debian/changelog 2018-03-03 22:33:28.0 +0100 @@ -1,3 +1,13 @@ +reportbug (7.1.7+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Backport the fix for Debian bug #878088. Notify the security team or LTS +team about a possible regression if reporting a bug against a package +containing a security fix. + * python3-reportbug: Depend on python3-apt to fix #878088. + + -- Markus Koschany Sat, 03 Mar 2018 22:33:28 +0100 + reportbug (7.1.7) unstable; urgency=medium * reportbug/utils.py diff -Nru reportbug-7.1.7/debian/control reportbug-7.1.7+deb9u1/debian/control --- reportbug-7.1.7/debian/control 2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/debian/control 2018-03-03 22:33:28.0 +0100 @@ -36,7 +36,7 @@ Package: python3-reportbug Section: python Architecture: all -Depends: ${misc:Depends}, ${python3:Depends}, apt, python3-debian, python3-debianbts (>= 1.13), file, python3-requests +Depends: ${misc:Depends}, ${python3:Depends}, apt, python3-debian, python3-debianbts (>= 1.13), file, python3-requests, python3-apt Suggests: reportbug Description: Python modules for interacting with bug tracking systems reportbug is a tool designed to make the reporting of bugs in Debian Binärdateien /tmp/BreEiHKSHs/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-35.pyc und /tmp/ijRwNIQr3y/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-35.pyc sind verschieden. Binärdateien /tmp/BreEiHKSHs/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-36.pyc und /tmp/ijRwNIQr3y/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-36.pyc sind verschieden. diff -Nru reportbug-7.1.7/reportbug/utils.py reportbug-7.1.7+deb9u1/reportbug/utils.py --- reportbug-7.1.7/reportbug/utils.py 2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/reportbug/utils.py 2018-03-03 22:33:28.0 +0100 @@ -39,6 +39,8 @@ import socket import subprocess import pipes +import apt +import gzip from .urlutils import open_url from string import ascii_letters, digits @@ -1304,3 +1306,79 @@ init = 'sysvinit (via /sbin/init)' return init + +def is_security_update(pkgname, pkgversion): +"""Determine whether a given package is a security update. + +Detec
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Control: tags -1 + pending Hi, On Sat, 2018-03-03 at 16:27 +0100, Salvatore Bonaccorso wrote: > Hi Adam, > > On Sat, Mar 03, 2018 at 02:26:16PM +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > > > I like to propose the following little change for the upcoming > > > point > > > release to include for reportbug. The secure testing security > > > team > > > does not exists for a long time by now, and when alioth will be > > > decomissioned the secure-testing-team list will disapear. Cf. > > > #32. > > > > > > It would thus be good if reportbug stops Cc'ing the secure- > > > testing > > > team. > > > > Please go ahead. > > > > > Markus is Cc'ed as well because he worked on an update for > > > #878088, > > > which though is not included here. If he has time to propse that > > > part > > > as well and accepted by you, it would be great to have it > > > included as > > > well. > > > > We're getting quite close, so I'm ACKing the diff we have now. If > > it > > turns out that the updated diff appears quickly enough then /maybe/ > > we > > can try and get that in. > > Ack, I'm uploading the first part now, if we can have the second we > can just do it then incremently on +deb9u1. > Flagged for acceptance; thanks. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi Adam, On Sat, Mar 03, 2018 at 02:26:16PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > > I like to propose the following little change for the upcoming point > > release to include for reportbug. The secure testing security team > > does not exists for a long time by now, and when alioth will be > > decomissioned the secure-testing-team list will disapear. Cf. > > #32. > > > > It would thus be good if reportbug stops Cc'ing the secure-testing > > team. > > Please go ahead. > > > Markus is Cc'ed as well because he worked on an update for #878088, > > which though is not included here. If he has time to propse that part > > as well and accepted by you, it would be great to have it included as > > well. > > We're getting quite close, so I'm ACKing the diff we have now. If it > turns out that the updated diff appears quickly enough then /maybe/ we > can try and get that in. Ack, I'm uploading the first part now, if we can have the second we can just do it then incremently on +deb9u1. Regards, Salvatore
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Control: tags -1 + confirmed On Fri, 2018-03-02 at 15:35 +0100, Salvatore Bonaccorso wrote: > I like to propose the following little change for the upcoming point > release to include for reportbug. The secure testing security team > does not exists for a long time by now, and when alioth will be > decomissioned the secure-testing-team list will disapear. Cf. > #32. > > It would thus be good if reportbug stops Cc'ing the secure-testing > team. Please go ahead. > Markus is Cc'ed as well because he worked on an update for #878088, > which though is not included here. If he has time to propse that part > as well and accepted by you, it would be great to have it included as > well. We're getting quite close, so I'm ACKing the diff we have now. If it turns out that the updated diff appears quickly enough then /maybe/ we can try and get that in. Regards, Adam
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi Markus, On Fri, Mar 02, 2018 at 06:12:30PM +0100, Markus Koschany wrote: > Hi, > > Am 02.03.2018 um 15:35 schrieb Salvatore Bonaccorso: > [...] > > Markus is Cc'ed as well because he worked on an update for #878088, > > which though is not included here. If he has time to propse that part > > as well and accepted by you, it would be great to have it included as > > well. > > I can prepare such an update for Stretch tomorrow. What about Jessie? Yes I was planning to do as well the jessie one, but since the window for uploads via the stretch point release is closing very soon I started by providing the debdiff for stretch. Regards, Salvatore
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Hi, Am 02.03.2018 um 15:35 schrieb Salvatore Bonaccorso: [...] > Markus is Cc'ed as well because he worked on an update for #878088, > which though is not included here. If he has time to propse that part > as well and accepted by you, it would be great to have it included as > well. I can prepare such an update for Stretch tomorrow. What about Jessie? Please note that this change requires a new dependency on python3-apt too. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#891918: stretch-pu: package reportbug/7.1.7+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi Stable release managers, X-Debbugs-CC to Sandro, Moritz and Markus. I like to propose the following little change for the upcoming point release to include for reportbug. The secure testing security team does not exists for a long time by now, and when alioth will be decomissioned the secure-testing-team list will disapear. Cf. #32. It would thus be good if reportbug stops Cc'ing the secure-testing team. Markus is Cc'ed as well because he worked on an update for #878088, which though is not included here. If he has time to propse that part as well and accepted by you, it would be great to have it included as well. Regards, Salvatore diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7+deb9u1/bin/reportbug --- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/bin/reportbug2018-03-02 15:10:15.0 +0100 @@ -2083,9 +2083,8 @@ incfiles = addinfo if bts == 'debian' and 'security' in taglist and sendto != 't...@security.debian.org': -ewrite('Will send a CC of this report to the Debian Security and Testing Security Team.\n') +ewrite('Will send a CC of this report to the Debian Security Team.\n') listcc += ['Debian Security Team '] -listcc += ['Debian Testing Security Team '] # Prepare bug report if self.options.kudos: diff -Nru reportbug-7.1.7/debian/changelog reportbug-7.1.7+deb9u1/debian/changelog --- reportbug-7.1.7/debian/changelog2017-05-29 22:00:17.0 +0200 +++ reportbug-7.1.7+deb9u1/debian/changelog 2018-03-02 15:10:15.0 +0100 @@ -1,3 +1,13 @@ +reportbug (7.1.7+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Don't CC secure-testing-t...@lists.alioth.debian.org anymore. +The testing security team didn't exist for a long time and the +mailinglist will disappear when Alioth will be decomissioned. +Thanks to Moritz Muehlenhoff (Closes: #32) + + -- Salvatore Bonaccorso Fri, 02 Mar 2018 15:10:15 +0100 + reportbug (7.1.7) unstable; urgency=medium * reportbug/utils.py Binary files /tmp/mjqj8S79Y5/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-35.pyc and /tmp/SXwYSPF77D/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-35.pyc differ Binary files /tmp/mjqj8S79Y5/reportbug-7.1.7/reportbug/__pycache__/__init__.cpython-36.pyc and /tmp/SXwYSPF77D/reportbug-7.1.7+deb9u1/reportbug/__pycache__/__init__.cpython-36.pyc differ