lp:~rodrigo-zaiden/ubuntu-cve-tracker

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-05-03 12:16:38 UTC

meta_lists/kernel_paths_overrides.json: add more subsystems

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-03-26 15:31:47 UTC

scripts/check-cves: do not use allitems.xml by default

 if we set allitems.xml from MITRE by default, it is always loading
 that XML no matter if we have configured another path in
 .ubuntu-cve-tracker.conf file or not. instead, we should use that URL
 as a fallback if anything is set in the configuration file.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-02-05 21:51:05 UTC

multiple CVEs: mark lunar as EOL

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-01-16 22:20:45 UTC

scripts/kernel-sru-check: move script from UQT to UCT

 replacing the script kernel-sru-check from lp:ubuntu-qa-tools to
 lp:ubuntu-cve-tracker, in the new repository, it should be placed in
 the scripts/ directory.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-01-11 18:01:11 UTC

scripts/kernel_lib and kernel-abi-check: move get cycle method

 move the new get_kernel_sru_cycle method from kernel-abi-check to
 kernel_lib.py.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-10-25 21:58:31 UTC

scripts/sis-generate-usn: check ignored cves from argument when parsing changelog

 when generating USN, we first parse CVEs from changelog before updating
 the CVE set (removing the CVE(s)) with the ignored CVEs from the argument
 '--ignore-cves'. So, if there is a CVE that will fail when parsing the
 changelog, we cannot use the '--ignore-cves' argument because it fails
 before reaching the CVE set update for ignored cves from command.

 verifying if the parsed CVE is listed to be ignored gives us the chance
 to skip that check and won't add the CVE to the USN.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-08-10 17:17:48 UTC

multiple CVEs: bulk EOS to EOL change

 after commit 3d321a2d:
  "scripts/check-syntax: pkgs not supported should be marked as EOL"
 it is needed to update all CVEs that are not with the correct status.
 when a release is ESM and the package is not supported (that is, it is
 not in the supported txt file) it should be marked as EOL instead of
 EOS, as the esm entry won't exist

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-05-17 19:22:27 UTC

scripts/prepare-kernel-usn.py: add esm-ppa argument

 with '--esm-ppa' argument, we add the capability to create USNs for
 active and ESM kernel releases in the same execution. It simply checks
 if the new argument is present and if the release is ESM, if so, it add
 the necessary arguments for 'sis-changes' to download ESM kernel change
 files.

 before this commit, if we wanted to publish an ESM and active kernel
 release in the same USN we had to merge the changes manually after
 running the commands for EMS and active kernel releases separately.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-04-05 14:00:18 UTC

prepare-kernel-usn.py and sis-generate-usn: change argument and add fix

 argument name `--filter-cves' got updated to
 '--ignore-released-cves-in-changelog' to make clear what is the option
 doing. also fixed a condition to look for other packages if they
 exists in the CVE file. It fixes the case where we pass out multiple
 kernels in the same command line.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-03-06 13:19:17 UTC

sis-generate-usn: add regex to remove comment lines in grep

 when grepping for placeholders, we shouldn't look the lines
 that are comments, that is, starting with '#'

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2023-01-26 22:14:31 UTC

add pre-push hook and install with make dev_setup

 the pre-push hook will prevent the usage of --force when
 pushing a commit.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-09-29 13:02:18 UTC

scripts/check-syntax-fixup: handle removed pkgs in devel

 When a package is removed from devel release, instead of deleting
 the line, we should add DNE instead, to keep devel_<pkg> in the file

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-09-13 22:53:54 UTC

scripts/kernel-security-signoff.py: add option to update assignee

 when running kernel signoffs with argument -a it is now possible
 to update the task assignee with the current lp user running the
 script

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-09-13 18:27:06 UTC

kernel-pending-cves.py: using cve_lib.py calls

 the releases can be retrieved with a call to get_active_releases()
 in cve_lib and esm release names can be retrieved with
 get_esm_name()

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-07-27 15:04:37 UTC

add linux-azure-5.15/focal kernel

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-07-22 17:32:03 UTC

process_cves: add simplest locale in missing_redhat

Author: Rodrigo Figueiredo Zaiden
Author Date: 2022-05-17 20:09:34 UTC

kernel: update CVE retriage

Author: Rodrigo Figueiredo Zaiden
Author Date: 2021-10-22 14:34:16 UTC

    CVE-2021-30535: icu: triage update

    code that caused the issue was added from 66.1
    bionic/xenial/trusty is not affected.
    adding more info the notes

Author: Rodrigo Figueiredo Zaiden
Author Date: 2021-10-11 12:32:24 UTC

CVE-2020-21913/CVE-2021-30535: icu: change assignee