summaryrefslogtreecommitdiffstats
path: root/bin/gen-DSA
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'distro-config' into 'master'Salvatore Bonaccorso2020-06-041-10/+20
|\ | | | | | | | | Distro config reunification See merge request security-tracker-team/security-tracker!48
| * gen-DSA: get distro info from config.jsonEmilio Pozuelo Monfort2020-02-261-10/+20
| |
* | Don't warn about potential duplicate work when issuing a regression update; ↵Chris Lamb2020-03-191-1/+1
|/ | | | we will likely not be modifying dla-needed.txt.
* Revert "gen-DLA: reminder for package short description / context"Sylvain Beucler2019-10-031-1/+1
| | | | | | This reverts commit c878209005bc1bb46345eb3f5cb6357135841131. This affects gen-* and carnil expressed it was unnecessary. I'll try to find another way to remember to add a short package description in security announcements.
* gen-DLA: reminder for package short description / contextSylvain Beucler2019-10-031-1/+1
|
* Allow again removal of package/{old,}stable entries from *-needed listSalvatore Bonaccorso2019-09-281-1/+1
| | | | | | | | | | | | | | Since the regular expression was tightened to fix a bug and not remove e.g. spice ans spice-gtk from a *-needed.list removal of specific entries of packages/stable or packages/oldstable got broken (wich is used by the Debian security team to mark entries which only need an update in one of the supported suites). Retain the desired fixed behaviour but try to allow to properly remove package/{old,}stable entries again. Fixes: b3070631dfbb ("bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages starting with the same string as the to be removed package.") Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* gen-{DSA,DLA}: Update mappings release and codenamesSalvatore Bonaccorso2019-07-061-4/+4
|
* also parse CVE's enclosed in square bracketsThijs Kinkhorst2019-03-231-1/+1
|
* bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages ↵Mike Gabriel2018-08-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | starting with the same string as the to be removed package. Before this patch (spice was to be removed, spice-gtk got removed, too). ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..a8e6526c01 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,12 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- -spice-gtk (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- suricata (Thorsten Alteholz) -- symfony (Thorsten Alteholz) ``` With this patch (only spice gets removed, spice-gtk stays): ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..c7a975a471 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,9 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- spice-gtk (Mike Gabriel) NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) -- ```
* Revert "bin/gen-DSA: Fix package removal from the needed_file. Don't remove ↵Mike Gabriel2018-08-311-1/+1
| | | | | | packages starting with the same string as the to be removed package." This reverts commit 774eb447f4302c83e57978af5a429b9cbe306ab3. Because the commit message was incomplete.
* bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages ↵Mike Gabriel2018-08-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | starting with the same string as the to be removed package. Before this patch (spice was to be removed, spice-gtk got removed, too). ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..a8e6526c01 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,12 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- -spice-gtk (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- suricata (Thorsten Alteholz) -- symfony (Thorsten Alteholz) ``` With this patch (only spice gets removed, spice-gtk stays): ```
* bin/gen-DSA: Try and avoid duplicated work when generating DLAs and ELAs due ↵Chris Lamb2018-08-201-0/+3
| | | | to lack of co-ordination in the -needed.txt files.
* bin/gen-DSA: Use $needed_file.Chris Lamb2018-08-201-2/+2
|
* bin/gen-DSA: Support ELA for pushing to the repository.Chris Lamb2018-06-261-2/+2
|
* gen-DSA: allow other gen-* linksEmilio Pozuelo Monfort2018-06-081-6/+2
|
* In DLA mode: if git checkout found ask to push changesSalvatore Bonaccorso2017-12-291-6/+8
| | | | | | | | Mention as well that a push is needed, not only a commit. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@59018 e39458fd-73e7-0310-bf30-c45bca0a0e42
* gen-DSA: Accept more punctuation characters around CVE IDs in changes fileBen Hutchings2017-06-201-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@52721 e39458fd-73e7-0310-bf30-c45bca0a0e42
* gen-{DSA,DLA}: Update mappings release and codenamesSalvatore Bonaccorso2017-06-171-4/+4
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@52641 e39458fd-73e7-0310-bf30-c45bca0a0e42
* gen-DSA, gen-DLA: Read details from .changesBalint Reczey2017-03-021-2/+30
| | | | | | | Package name, version, bug(s) and cve(s) are filled from .changes file. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49361 e39458fd-73e7-0310-bf30-c45bca0a0e42
* bin/gen-DSA: Fix wrapping of CVE ID list longer than 8 IDsBen Hutchings2017-01-031-1/+1
| | | | | | | Global replacement doesn't work very well when matching .+ each time. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47703 e39458fd-73e7-0310-bf30-c45bca0a0e42
* bin/gen-DSA: Fix sorting of CVE IDs with last part >= 10000Ben Hutchings2017-01-031-2/+2
| | | | | | | Use sort -V, which seems to do the right thing. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47702 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Use right_space to generate the CVE ids spacingRaphael Geissert2016-12-011-4/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@46693 e39458fd-73e7-0310-bf30-c45bca0a0e42
* https for links to the GNU license list.Paul Wise2016-03-011-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@40100 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Make bin/gen-DLA a bit more foolproofRaphaël Hertzog2015-07-061-0/+15
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35336 e39458fd-73e7-0310-bf30-c45bca0a0e42
* revert local changes to bin/gen-DSA that sneaked via previous commit (r34572)Mike Gabriel2015-05-291-10/+2
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@34573 e39458fd-73e7-0310-bf30-c45bca0a0e42
* take libxml2, fuseMike Gabriel2015-05-291-2/+10
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@34572 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Merge branch 'jessie-release'Salvatore Bonaccorso2015-04-251-5/+7
| | | | | | Prepare template text after jessie is new stable git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@33823 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Refactor some bitsRaphael Geissert2014-09-051-5/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28618 e39458fd-73e7-0310-bf30-c45bca0a0e42
* uppate gen-DLA as lts-needed.txt has been renamed to dla-needed.txt to match ↵Holger Levsen2014-09-041-1/+1
| | | | | | dsa-needed.txt git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28602 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Set LC_ALL, not just LANGRaphael Geissert2014-08-241-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28458 e39458fd-73e7-0310-bf30-c45bca0a0e42
* merge bin/gen-D{L,S}A, yayRaphael Geissert2014-08-241-47/+65
| | | | | | | From Portland, with love git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28457 e39458fd-73e7-0310-bf30-c45bca0a0e42
* make gen-DSA obtain the DSA id for regression updatesRaphael Geissert2014-08-101-5/+17
| | | | | | | | | | | | E.g. $ bin/gen-DSA acpi-support regression [...] Subject: [DSA 2984-2] acpi-support regression update git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28199 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Revert the use of https in the bannerRaphael Geissert2014-07-311-2/+2
| | | | | | | mails won't go through otherwise git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28022 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Link to www.d.o over https in DSA texts, and adjust gen-DSA accordinglyRaphael Geissert2014-07-311-2/+2
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28016 e39458fd-73e7-0310-bf30-c45bca0a0e42
* handle those useless 0s in front of the DLA idsRaphael Geissert2014-07-221-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27895 e39458fd-73e7-0310-bf30-c45bca0a0e42
* no longer set a fake description when unembargoingRaphael Geissert2014-06-031-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27122 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Drop the "vulnerability" fieldRaphael Geissert2014-03-121-77/+11
| | | | | | | | | A regression can still be signaled by passing it as the argument after the package name. E.g. bin/gen-DSA foo regression git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26088 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Drop "problem type" and "debian-specific" fieldsRaphael Geissert2014-02-081-2/+0
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25606 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Allow the DSA text and entries to be generated for embargoed issuesRaphael Geissert2013-12-021-1/+39
| | | | | | | | | | | | | | Usage: bin/gen-DSA [--save] --embargo package description cve Then when about to release you svn *up* and: bin/gen-DSA --unembargo package An id will then be assigned and the dates corrected if needed git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24532 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Some code refactoringRaphael Geissert2013-12-021-14/+35
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24531 e39458fd-73e7-0310-bf30-c45bca0a0e42
* *Do* get rid of some separatorsRaphael Geissert2013-09-191-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@23740 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Automagically remove the dsa-needed entry when --save'ing a DSARaphael Geissert2013-09-111-0/+2
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@23620 e39458fd-73e7-0310-bf30-c45bca0a0e42
* squeeze=oldstable, wheezy=stable, jessie=testingThijs Kinkhorst2013-05-051-3/+3
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@22168 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Oh and bump copyright yearsRaphael Geissert2013-03-101-1/+1
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@21569 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Drop leading blank space in CVE and bug numbers listRaphael Geissert2013-03-101-1/+3
| | | | | | | | | Additionally, "support" multiple bug numbers by correctly formatting and generating a list of them. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@21568 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Allow CVE ids and bug numbers to be passed in any orderRaphael Geissert2013-03-101-4/+24
| | | | | | | No need of passing them as a list in a single argument. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@21567 e39458fd-73e7-0310-bf30-c45bca0a0e42
* When passing multiple CVE ids, generate a list of themRaphael Geissert2013-02-191-0/+16
| | | | | | | | | | The generated CVE listing is more or less already followed by almost everybody except fw, who's style is slightly different (no empty line after the id and tabs instead of blanks.) git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@21342 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Update the script usage informationRaphael Geissert2012-11-011-4/+4
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20430 e39458fd-73e7-0310-bf30-c45bca0a0e42
* check and automagically cleanup the vulnerability summaryRaphael Geissert2012-11-011-1/+52
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20429 e39458fd-73e7-0310-bf30-c45bca0a0e42
* Adjust "this problem has" to "these problems have" when fixing >1 issuesRaphael Geissert2012-09-151-0/+6
| | | | git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20168 e39458fd-73e7-0310-bf30-c45bca0a0e42

© 2014-2024 Faster IT GmbH | imprint | privacy policy