Bug#784214: allow manual override for the regression DLA/DSA Id

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#784214: allow manual override for the regression DLA/DSA Id
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Mon, 04 May 2015 09:09:04 +0200
Message-id: <[🔎] 20150504070904.31824.87508.reportbug@minobo.das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 784214@bugs.debian.org

Package: security-tracker
Severity: wishlist
Tags: patch

Hi,

attached is a patch that adds manual DLA/DSA id override support if an
upload tackles a regression already announce via an earlier DSA/DLA.

Current use case / example:

  xorg-server <ver>+deb6u1 (DLA-120-1) fixed CVE-2014-8092
  xorg-server <ver>+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here)
  xorg-server <ver>+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of
                           fix for CVE-2014-8092)

At the moment: when using bin/genDLA like this:

  $ bin/gen-DLA  --save xorg-server regression CVE-2015-3418

.... the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas
the correct/wanted DLA id would be 120-2.

The attached patch allows one to specify the DLA id to follow up on with
the "regression" keyword. Thus, with the patch applied, I can do this:

  $ bin/gen-DLA  --save xorg-server regression:120-1 CVE-2015-3418

.... which then will provide me with a DLA-120-2 mail template and put
the prepared upload of my xorg-server package into data/DLA/list.

What could be added:

  o check, if the manual specified override exists and is for the same package

light+love,
Mike


-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Index: bin/gen-DSA
===================================================================
--- bin/gen-DSA	(revision 34054)
+++ bin/gen-DSA	(working copy)
@@ -157,8 +157,12 @@
 shift
 
 TYPE=security
-if [ regression = "$1" ]; then
+REGRESSION_DAID=
+if printf '%s' "$1" | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then
     TYPE=regression
+    if printf '%s' "$1" | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then
+	REGRESSION_DAID=$(printf '%s' "$1" | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/')
+    fi
     shift
 fi
 
@@ -235,7 +239,11 @@
 
 if [ -z "$DAID" ]; then
     if [ "$TYPE" = regression ]; then
-	latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+	if [ -z "$REGRESSION_DAID" ]; then
+		latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+	else
+		latest_daid="$REGRESSION_DAID"
+	fi
 	revision=${latest_daid#*-}
 	daid=${latest_daid%-*}
     else

Reply to:

Prev by Date: Re: Updating dpkg in squeeze-lts
Next by Date: Re: php5 packages for testing
Previous by thread: Re: squeeze update of commons-httpclient
Next by thread: Re: php5 packages for testing
Index(es):
- Date
- Thread