Last commit made on 2022-04-19
Get this branch:
git clone -b checks_for_mismatch_destination_release https://git.launchpad.net/ubuntu-security-tools
Members of Ubuntu Security Team can upload to this branch. Log in for directions.

Branch information


Recent commits

e77fabc... by "Leonidas S. Barbosa" <leo.barbosa@canonical>

Improving a bit the comment txt

e168e7f... by "Leonidas S. Barbosa" <leo.barbosa@canonical>

Adding a check for mismatch in destination release versus changelog

There are cases where one pass the destination:<release> while doing a umt upload.
For cases where one miss type the release, by e.g: esm-infra:focal, where the package to be updated

was in fact a xenial one it can cause a bit of disaster.

This patch fix it adding a check for theses cases.

cdf3e15... by Alex Murray

umt qrt: Ensure apt supports the arguments we pass to it

apt only supports some arguments on newer Ubuntu releases so conditionally
add arguments when we know they are supported.

Signed-off-by: Alex Murray <email address hidden>

85d3c58... by Alex Murray

umt qrt: Be smarter about how we tell apt to install binary packages

Use --only-upgrade so that apt won't install every single binary package
which we specify, only those which are already installed (and since we run
./install-packages ./test-xxxx.py beforehand the QRT test script should
have ensured we already have the required packages installed for the
test). Hence remove the --exclude-binaries option from umt qrt as this
shouldn't be needed anymore as --only-upgrade should DTRT to avoid
installing say incompatible binary packages from the same source package

Signed-off-by: Alex Murray <email address hidden>

277603d... by Spyros Seimenis

Remove "quilt patches applied" check from umt

It seems that this check is no longer needed
since dpkg-buildpackage handles the case where
patches are already applied even for quilt 1.0
by performing a pop -a.

Tested with a package which uses quilt 1.0.

b354e55... by Steve Beattie

audit-code.sh: add posix_spawn() as something to search for

Signed-off-by: Steve Beattie <email address hidden>

7afacca... by Steve Beattie

umt: add note for working with ghostscript

Signed-off-by: Steve Beattie <email address hidden>
MR: https://code.launchpad.net/~iconstantin/ubuntu-security-tools/+git/ubuntu-security-tools/+merge/417637

669c677... by Ian Constantin

Added a special warning for ghostscript on trusty/xenial/bionic that vendors openjpeg, to check that openjpeg patches are for files that compile when ghostscript builds.

05054be... by Alex Murray

umt check: Use a regex to parse LP bug URLs (thanks sarnold)

Signed-off-by: Alex Murray <email address hidden>

a6a0de6... by Alex Murray

umt check: Warn on missing LP bugs from referenced CVE file

Warn if the changelog references a CVE that contains a LP bug number which
is also not mentioned in the changelog.

Signed-off-by: Alex Murray <email address hidden>