Re: tre package ready for testing

To: Emilio Pozuelo Monfort <pochu@debian.org>, Santiago Vila <sanvila@unex.es>
Cc: Chris Lamb <lamby@debian.org>, tre@packages.debian.org, debian-lts@lists.debian.org
Subject: Re: tre package ready for testing
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Thu, 27 Oct 2016 15:05:21 -0400
Message-id: <[🔎] 87r3717gum.fsf@angela.anarc.at>
In-reply-to: <[🔎] 0f7af61b-ca7e-6bf5-bae5-e984bd65a181@debian.org>
References: <[🔎] 1476971652.2154329.762017489.1B90F21A@webmail.messagingengine.com> <[🔎] 20161020135953.wsdhsylztgl4gu3o@cantor.unex.es> <[🔎] 87pomobf7u.fsf@angela.anarc.at> <[🔎] 20161025155637.irsglral43k7p5pm@cantor.unex.es> <[🔎] 87eg34bdw2.fsf@angela.anarc.at> <[🔎] 87h97z9fbv.fsf@angela.anarc.at> <[🔎] 0f7af61b-ca7e-6bf5-bae5-e984bd65a181@debian.org>

On 2016-10-27 06:45:37, Emilio Pozuelo Monfort wrote:
> Hi Antoine,
>
> On 26/10/16 19:43, Antoine Beaupré wrote:
>> Hi Santiago (and others),
>> 
>> I have prepared a wheezy LTS security upload for tre here:
>> 
>> https://people.debian.org/~anarcat/debian/wheezy-lts/
>> 
>> The debdiff is attached to this message. I have also sent the ported
>> patch to the following bug report:
>
> +tre (0.8.0-3+deb7u1) UNRELEASED; urgency=high
> +
> +  * Non-maintainer upload by the Security Team.
> +  * new patch to fix CVE-2016-8859
> +
> + -- Antoine Beaupré <anarcat@debian.org>  Wed, 26 Oct 2016 13:04:31 -0400
>
> Probably s/Security/LTS/.

Good catch, I had that fixed correctly after sending the debdiff, sorry
for the confusion.

>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842169
>> 
>> I am not sure how to perform tests against tre, unfortunately, so I am
>> not in a good position to test that package.
>
> I don't know if there is a test case for this overflow,

I haven't seen one, unfortunately.

> but at the very least,
> you could do some basic testing on tre-agrep, which seems like a grep clone, and
> make sure the basics still work?

Yeah, I just did that and basics seem to work:

root@angela:/var/cache/archive/wheezy# tre-agrep linux /etc/motd 
root@angela:/var/cache/archive/wheezy# tre-agrep Linux /etc/motd 
The programs included with the Debian GNU/Linux system are free software;
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
root@angela:/var/cache/archive/wheezy# tre-agrep -i -2 Linux /etc/motd 
The programs included with the Debian GNU/Linux system are free software;
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
root@angela:/var/cache/archive/wheezy# tre-agrep -i -2 unix /etc/motd 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

Not sure what "unix" is matching in that second line, but it's not a
regression. Fun little program, I didn't know about it. :)

I ended up enabling the test suite in the package, as discussed in the
other part of the thread.

I have uploaded the result. Thanks for the feedback!

A.

-- 
Choose a job you love and you will never have to work a day in your
life.
                         - Confucius

Reply to:

References:
- Wheezy update of tre?
  - From: Chris Lamb <lamby@debian.org>
- Re: Wheezy update of tre?
  - From: Santiago Vila <sanvila@unex.es>
- Re: Wheezy update of tre?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Wheezy update of tre?
  - From: Santiago Vila <sanvila@unex.es>
- Re: Wheezy update of tre?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- tre package ready for testing
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: tre package ready for testing
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: tre package ready for testing
Next by Date: Re: Bug#840691: ghostscript and evince/libspectre problem
Previous by thread: Re: tre package ready for testing
Next by thread: Call for advice and testing of nss (and nspr) and intention to upload correction
Index(es):
- Date
- Thread