Package: security-tracker
Severity: wishlist
Tags: patch
Hi,
attached is a patch that adds manual DLA/DSA id override support if an
upload tackles a regression already announce via an earlier DSA/DLA.
Current use case / example:
xorg-server <ver>+deb6u1 (DLA-120-1) fixed CVE-2014-8092
xorg-server <ver>+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here)
xorg-server <ver>+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of
fix for CVE-2014-8092)
At the moment: when using bin/genDLA like this:
$ bin/gen-DLA --save xorg-server regression CVE-2015-3418
.... the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas
the correct/wanted DLA id would be 120-2.
The attached patch allows one to specify the DLA id to follow up on with
the "regression" keyword. Thus, with the patch applied, I can do this:
$ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418
.... which then will provide me with a DLA-120-2 mail template and put
the prepared upload of my xorg-server package into data/DLA/list.
What could be added:
o check, if the manual specified override exists and is for the same package
light+love,
Mike
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Index: bin/gen-DSA
===================================================================
--- bin/gen-DSA (revision 34054)
+++ bin/gen-DSA (working copy)
@@ -157,8 +157,12 @@
shift
TYPE=security
-if [ regression = "$1" ]; then
+REGRESSION_DAID=
+if printf '%s' "$1" | grep -Eq '^regression(|:[0-9]+(-[0-9]+|))$'; then
TYPE=regression
+ if printf '%s' "$1" | grep -Eq '^regression:([0-9]+(-[0-9]+|))$'; then
+ REGRESSION_DAID=$(printf '%s' "$1" | sed -r 's/^regression:([0-9]+(-[0-9]+|))/\1/')
+ fi
shift
fi
@@ -235,7 +239,11 @@
if [ -z "$DAID" ]; then
if [ "$TYPE" = regression ]; then
- latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+ if [ -z "$REGRESSION_DAID" ]; then
+ latest_daid="$(sed -nr '/'"$IDMODE"'-[0-9]+-[0-9]+'" $PACKAGE "'/{s/^.+'"$IDMODE"'-[0]*([0-9-]+).*$/\1/;p;q}' data/$IDMODE/list)"
+ else
+ latest_daid="$REGRESSION_DAID"
+ fi
revision=${latest_daid#*-}
daid=${latest_daid%-*}
else
