[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#784214: allow manual override for the regression DLA/DSA Id

Package: security-tracker
Severity: wishlist
Tags: patch


attached is a patch that adds manual DLA/DSA id override support if an
upload tackles a regression already announce via an earlier DSA/DLA.

Current use case / example:

  xorg-server <ver>+deb6u1 (DLA-120-1) fixed CVE-2014-8092
  xorg-server <ver>+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here)
  xorg-server <ver>+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of
                           fix for CVE-2014-8092)

At the moment: when using bin/genDLA like this:

  $ bin/gen-DLA  --save xorg-server regression CVE-2015-3418

.... the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas
the correct/wanted DLA id would be 120-2.

The attached patch allows one to specify the DLA id to follow up on with
the "regression" keyword. Thus, with the patch applied, I can do this:

  $ bin/gen-DLA  --save xorg-server regression:120-1 CVE-2015-3418

.... which then will provide me with a DLA-120-2 mail template and put
the prepared upload of my xorg-server package into data/DLA/list.

What could be added:

  o check, if the manual specified override exists and is for the same package


-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Index: bin/gen-DSA
--- bin/gen-DSA	(revision 34054)
+++ bin/gen-DSA	(working copy)
@@ -157,8 +157,12 @@
-if [ regression = "$1" ]; then
+if printf '%s' "$1" | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then
+    if printf '%s' "$1" | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then
+	REGRESSION_DAID=$(printf '%s' "$1" | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/')
+    fi
@@ -235,7 +239,11 @@
 if [ -z "$DAID" ]; then
     if [ "$TYPE" = regression ]; then
-	latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+	if [ -z "$REGRESSION_DAID" ]; then
+		latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+	else
+		latest_daid="$REGRESSION_DAID"
+	fi

Reply to: