Your message dated Mon, 4 May 2015 14:49:27 +0200 with message-id <201505041449.43255.holger@layer-acht.org> and subject line Re: Bug#784214: allow manual override for the regression DLA/DSA Id has caused the Debian Bug report #784214, regarding make sure regression updates are documented to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 784214: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784214 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: allow manual override for the regression DLA/DSA Id
- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Date: Mon, 04 May 2015 09:09:04 +0200
- Message-id: <[🔎] 20150504070904.31824.87508.reportbug@minobo.das-netzwerkteam.de>
Package: security-tracker Severity: wishlist Tags: patch Hi, attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case / example: xorg-server <ver>+deb6u1 (DLA-120-1) fixed CVE-2014-8092 xorg-server <ver>+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) xorg-server <ver>+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of fix for CVE-2014-8092) At the moment: when using bin/genDLA like this: $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 .... the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas the correct/wanted DLA id would be 120-2. The attached patch allows one to specify the DLA id to follow up on with the "regression" keyword. Thus, with the patch applied, I can do this: $ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418 .... which then will provide me with a DLA-120-2 mail template and put the prepared upload of my xorg-server package into data/DLA/list. What could be added: o check, if the manual specified override exists and is for the same package light+love, Mike -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)Index: bin/gen-DSA =================================================================== --- bin/gen-DSA (revision 34054) +++ bin/gen-DSA (working copy) @@ -157,8 +157,12 @@ shift TYPE=security -if [ regression = "$1" ]; then +REGRESSION_DAID= +if printf '%s' "$1" | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then TYPE=regression + if printf '%s' "$1" | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then + REGRESSION_DAID=$(printf '%s' "$1" | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/') + fi shift fi @@ -235,7 +239,11 @@ if [ -z "$DAID" ]; then if [ "$TYPE" = regression ]; then - latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)" + if [ -z "$REGRESSION_DAID" ]; then + latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)" + else + latest_daid="$REGRESSION_DAID" + fi revision=${latest_daid#*-} daid=${latest_daid%-*} else
--- End Message ---
--- Begin Message ---
- To: 784214-done@bugs.debian.org
- Subject: Re: Bug#784214: allow manual override for the regression DLA/DSA Id
- From: Holger Levsen <holger@layer-acht.org>
- Date: Mon, 4 May 2015 14:49:27 +0200
- Message-id: <201505041449.43255.holger@layer-acht.org>
- In-reply-to: <[🔎] 20150504122336.Horde.yPa0ZY6hoGB-hJosOTKLeg1@mail.das-netzwerkteam.de>
- References: <[🔎] 20150504070904.31824.87508.reportbug@minobo.das-netzwerkteam.de> <[🔎] 201505041009.06027.holger@layer-acht.org> <[🔎] 20150504122336.Horde.yPa0ZY6hoGB-hJosOTKLeg1@mail.das-netzwerkteam.de>
Hi Mike, On Montag, 4. Mai 2015, Mike Gabriel wrote: > Done that for the LTS team: > https://wiki.debian.org/LTS/Development?action=diff&rev1=84&rev2=85 Thanks. > Anywhere else? I don't think so, this is rather clear: $ ./bin/gen-DLA usage: ./bin/gen-DLA [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]] 'DLA' is the DLA number, required when issuing a revision (same for gen-DSA) Thus closing, thanks. cheers, HolgerAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---