| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
...if the file config key doesn't exist, otherwise git commit
will fail.
|
|
|
|
| |
In case we're processing a dist that uses an ExtendFile.
|
|
|
|
| |
Rather than have every user have to do it.
|
|
|
|
|
|
|
|
| |
The # prefixed bugnumber format was prefered to pass to the script,
still we have the alternative of the digits only. Just bump the allowed
digits by one now that we reached the 100000's bug.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
|
|
|
| |
When calling gen-DSA without --save, there's no version/release
information, so skip the call there to avoid a crash. In those
situations, gen-DSA will be called once more when the DSA is
ready with the --save argument, and we'll then remove the
appropriate CVE tags.
Closes #9
|
|
|
|
|
|
|
|
|
|
| |
The recent addition of the remove-cve-dist-tags hook in gen-D[SL]A
script removes entries from data/CVE/list when they had a no-dsa (or
it's substates) which are handled in the update.
When gen-DSA script is invoked in DLA mode though, there is a mechanism
to automatically commit the changes (and option to push) but that did
not take into account the changes in data/CVE/list.
|
|
|
|
|
|
|
|
|
| |
And do it after we've asked for all the versions. Calling the script
after asking for each version and before asking for the next is
annoying as the script takes some time due to the size of CVE/list.
This way not only do we avoid that wait between user inputs, but we
also avoid calling the script and thus parsing CVE/list multiple times.
|
|
|
|
|
| |
This will remove 'obsolete' tags for a CVE for a given release
and package if it is being fixed in a security update.
|
|
|
|
|
|
|
| |
As debianutils 5.3-1 deprecates the use of which and will be removed in
a future update, switch to the command shell builtin.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
misspelled (or conflated) source package name.
|
| |
|
|\
| |
| |
| |
| | |
Distro config reunification
See merge request security-tracker-team/security-tracker!48
|
| | |
|
|/
|
|
| |
we will likely not be modifying dla-needed.txt.
|
|
|
|
|
|
| |
This reverts commit c878209005bc1bb46345eb3f5cb6357135841131.
This affects gen-* and carnil expressed it was unnecessary.
I'll try to find another way to remember to add a short package description in security announcements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the regular expression was tightened to fix a bug and not remove
e.g. spice ans spice-gtk from a *-needed.list removal of specific
entries of packages/stable or packages/oldstable got broken (wich is
used by the Debian security team to mark entries which only need an
update in one of the supported suites).
Retain the desired fixed behaviour but try to allow to properly remove
package/{old,}stable entries again.
Fixes: b3070631dfbb ("bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages starting with the same string as the to be removed package.")
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
starting with the same string as the to be removed package.
Before this patch (spice was to be removed, spice-gtk got removed, too).
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..a8e6526c01 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,12 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
-spice-gtk (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
suricata (Thorsten Alteholz)
--
symfony (Thorsten Alteholz)
```
With this patch (only spice gets removed, spice-gtk stays):
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..c7a975a471 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,9 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
spice-gtk (Mike Gabriel)
NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
--
```
|
|
|
|
|
|
| |
packages starting with the same string as the to be removed package."
This reverts commit 774eb447f4302c83e57978af5a429b9cbe306ab3. Because the commit message was incomplete.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
starting with the same string as the to be removed package.
Before this patch (spice was to be removed, spice-gtk got removed, too).
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..a8e6526c01 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,12 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
-spice-gtk (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
suricata (Thorsten Alteholz)
--
symfony (Thorsten Alteholz)
```
With this patch (only spice gets removed, spice-gtk stays):
```
|
|
|
|
| |
to lack of co-ordination in the -needed.txt files.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Mention as well that a push is needed, not only a commit.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@59018 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@52721 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@52641 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Package name, version, bug(s) and cve(s) are filled from .changes
file.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49361 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Global replacement doesn't work very well when matching .+ each time.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47703 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Use sort -V, which seems to do the right thing.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47702 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@46693 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@40100 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35336 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@34573 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@34572 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
Prepare template text after jessie is new stable
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@33823 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28618 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
dsa-needed.txt
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28602 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28458 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
From Portland, with love
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28457 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
| |
E.g.
$ bin/gen-DSA acpi-support regression
[...]
Subject: [DSA 2984-2] acpi-support regression update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28199 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
mails won't go through otherwise
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28022 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28016 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27895 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27122 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
| |
A regression can still be signaled by passing it as the argument after
the package name. E.g. bin/gen-DSA foo regression
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26088 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25606 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usage: bin/gen-DSA [--save] --embargo package description cve
Then when about to release you svn *up* and:
bin/gen-DSA --unembargo package
An id will then be assigned and the dates corrected if needed
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24532 e39458fd-73e7-0310-bf30-c45bca0a0e42
|