Ubuntu CVE Tracker

Merge ~zhsj/ubuntu-cve-tracker:golang-boilerplates into ubuntu-cve-tracker:master

  1. Git
  2. lp:~zhsj/ubuntu-cve-tracker
  3. golang-boilerplates
  4. Merge into master
Proposed by Shengjing Zhu
Status: Rejected
Rejected by: David Fernandez Gonzalez
Proposed branch: ~zhsj/ubuntu-cve-tracker:golang-boilerplates
Merge into: ubuntu-cve-tracker:master
Diff against target: 235 lines (+73/-24)
2 files modified
boilerplates/golang (+71/-22)
scripts/active_edit (+2/-2)
Reviewer Review Type Date Requested Status
David Fernandez Gonzalez Needs Fixing
Review via email: mp+440849@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Shengjing Zhu (zhsj) wrote :

@alexmurray actually I'm not aware this boilerplate :/
I'm just using ./scripts/active_edit. This script's output looks more update to date.

Revision history for this message
Alex Murray (alexmurray) wrote :

Hmm so we clearly have some inconsistencies in the output of active_edit compared to the current boilerplate contents - I have tried to leave comments where I think things should be changed in your MP but I think we also need to update active_edit to be more sane here as well.

~zhsj/ubuntu-cve-tracker:golang-boilerplates updated
0be416c... by Shengjing Zhu

scripts/active_edit: add esm to releases which want DNE

Signed-off-by: Shengjing Zhu <email address hidden>

463fd2f... by Shengjing Zhu

scripts/active_edit: not override DNE to ignored

Signed-off-by: Shengjing Zhu <email address hidden>

a0d6d6f... by Shengjing Zhu

Update golang boilerplate with scripts/active_edit output

Taken output from ./scripts/active_edit -c CVE-2023-24538 `seq -s ' ' --format \-p\ golang-1.%.0f 6 20`

Signed-off-by: Shengjing Zhu <email address hidden>

Revision history for this message
Shengjing Zhu (zhsj) wrote :

@alexmurray I tried to fix the scripts/active_edit, PTAL

Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Thanks for the triage!

After discussing with the team the changes proposed to the active_edit script:

* 463fd2fd02111d919ec9e465338044c7f288ea10 is needed.
* 0be416c0e6ec0c3a63fd33c0f34d296bf9c3cbca: creating ESM entries for packages that were originally DNE in the release will be too noisy since most cases with DNE will be DNE too for the ESM release. There are some corner cases where a package could be added to the ESM later on but, for those cases, it's better to add the missing entries manually, rather than adding ESM DNE entries for all cases.

review: Needs Fixing
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Included in commits: 9fa90934db8d0a7ce4381b9d49fbac9c6cbec09f and 2be94d370a89e0d84a25856e48a21a6e248e1269.

Unmerged commits

a0d6d6f... by Shengjing Zhu

Update golang boilerplate with scripts/active_edit output

Taken output from ./scripts/active_edit -c CVE-2023-24538 `seq -s ' ' --format \-p\ golang-1.%.0f 6 20`

Signed-off-by: Shengjing Zhu <email address hidden>

Succeeded
[SUCCEEDED] unit-tests:0 (build)
[SUCCEEDED] check-cves:0 (build)
12 of 2 results FirstPreviousNextLast
463fd2f... by Shengjing Zhu

scripts/active_edit: not override DNE to ignored

Signed-off-by: Shengjing Zhu <email address hidden>

0be416c... by Shengjing Zhu

scripts/active_edit: add esm to releases which want DNE

Signed-off-by: Shengjing Zhu <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/boilerplates/golang b/boilerplates/golang
2index f74a87f..8035ad9 100644
3--- a/boilerplates/golang
4+++ b/boilerplates/golang
5@@ -20,9 +20,14 @@ upstream_golang: needs-triage
6 trusty_golang: ignored (out of standard support)
7 trusty/esm_golang: DNE
8 xenial_golang: DNE
9+esm-apps/xenial_golang: DNE
10+esm-infra/xenial_golang: DNE
11 bionic_golang: DNE
12+esm-apps/bionic_golang: DNE
13 focal_golang: DNE
14+esm-apps/focal_golang: DNE
15 jammy_golang: DNE
16+esm-apps/jammy_golang: DNE
17 kinetic_golang: DNE
18 devel_golang: DNE
19
20@@ -30,11 +35,15 @@ Patches_golang-1.6:
21 upstream_golang-1.6: needs-triage
22 trusty_golang-1.6: ignored (out of standard support)
23 trusty/esm_golang-1.6: DNE
24-xenial_golang-1.6: ignored (end of standard support)
25+xenial_golang-1.6: ignored (out of standard support)
26+esm-apps/xenial_golang-1.6: DNE
27 esm-infra/xenial_golang-1.6: needs-triage
28 bionic_golang-1.6: DNE
29+esm-apps/bionic_golang-1.6: DNE
30 focal_golang-1.6: DNE
31+esm-apps/focal_golang-1.6: DNE
32 jammy_golang-1.6: DNE
33+esm-apps/jammy_golang-1.6: DNE
34 kinetic_golang-1.6: DNE
35 devel_golang-1.6: DNE
36
37@@ -43,9 +52,14 @@ upstream_golang-1.8: needs-triage
38 trusty_golang-1.8: DNE
39 trusty/esm_golang-1.8: DNE
40 xenial_golang-1.8: DNE
41+esm-apps/xenial_golang-1.8: DNE
42+esm-infra/xenial_golang-1.8: DNE
43 bionic_golang-1.8: needs-triage
44+esm-apps/bionic_golang-1.8: needs-triage
45 focal_golang-1.8: DNE
46+esm-apps/focal_golang-1.8: DNE
47 jammy_golang-1.8: DNE
48+esm-apps/jammy_golang-1.8: DNE
49 kinetic_golang-1.8: DNE
50 devel_golang-1.8: DNE
51
52@@ -54,9 +68,14 @@ upstream_golang-1.9: needs-triage
53 trusty_golang-1.9: DNE
54 trusty/esm_golang-1.9: DNE
55 xenial_golang-1.9: DNE
56+esm-apps/xenial_golang-1.9: DNE
57+esm-infra/xenial_golang-1.9: DNE
58 bionic_golang-1.9: needs-triage
59+esm-apps/bionic_golang-1.9: needs-triage
60 focal_golang-1.9: DNE
61+esm-apps/focal_golang-1.9: DNE
62 jammy_golang-1.9: DNE
63+esm-apps/jammy_golang-1.9: DNE
64 kinetic_golang-1.9: DNE
65 devel_golang-1.9: DNE
66
67@@ -64,11 +83,15 @@ Patches_golang-1.10:
68 upstream_golang-1.10: needs-triage
69 trusty_golang-1.10: ignored (out of standard support)
70 trusty/esm_golang-1.10: needs-triage
71-xenial_golang-1.10: ignored (end of standard support)
72+xenial_golang-1.10: ignored (out of standard support)
73+esm-apps/xenial_golang-1.10: DNE
74 esm-infra/xenial_golang-1.10: needs-triage
75 bionic_golang-1.10: needs-triage
76+esm-apps/bionic_golang-1.10: DNE
77 focal_golang-1.10: DNE
78+esm-apps/focal_golang-1.10: DNE
79 jammy_golang-1.10: DNE
80+esm-apps/jammy_golang-1.10: DNE
81 kinetic_golang-1.10: DNE
82 devel_golang-1.10: DNE
83
84@@ -76,10 +99,15 @@ Patches_golang-1.13:
85 upstream_golang-1.13: needs-triage
86 trusty_golang-1.13: DNE
87 trusty/esm_golang-1.13: DNE
88-xenial_golang-1.13: ignored (end of standard support)
89+xenial_golang-1.13: ignored (out of standard support)
90+esm-apps/xenial_golang-1.13: needs-triage
91+esm-infra/xenial_golang-1.13: DNE
92 bionic_golang-1.13: needs-triage
93+esm-apps/bionic_golang-1.13: needs-triage
94 focal_golang-1.13: needs-triage
95+esm-apps/focal_golang-1.13: DNE
96 jammy_golang-1.13: needs-triage
97+esm-apps/jammy_golang-1.13: needs-triage
98 kinetic_golang-1.13: needs-triage
99 devel_golang-1.13: DNE
100
101@@ -88,72 +116,93 @@ upstream_golang-1.14: needs-triage
102 trusty_golang-1.14: DNE
103 trusty/esm_golang-1.14: DNE
104 xenial_golang-1.14: DNE
105+esm-apps/xenial_golang-1.14: DNE
106+esm-infra/xenial_golang-1.14: DNE
107 bionic_golang-1.14: DNE
108+esm-apps/bionic_golang-1.14: DNE
109 focal_golang-1.14: needs-triage
110+esm-apps/focal_golang-1.14: DNE
111 jammy_golang-1.14: DNE
112+esm-apps/jammy_golang-1.14: DNE
113 kinetic_golang-1.14: DNE
114 devel_golang-1.14: DNE
115
116-Patches_golang-1.15:
117-upstream_golang-1.15: needs-triage
118-trusty_golang-1.15: DNE
119-trusty/esm_golang-1.15: DNE
120-xenial_golang-1.15: DNE
121-bionic_golang-1.15: DNE
122-focal_golang-1.15: DNE
123-
124 Patches_golang-1.16:
125 upstream_golang-1.16: needs-triage
126-trusty_golang-1.16: ignored (out of standard support)
127+trusty_golang-1.16: DNE
128 trusty/esm_golang-1.16: DNE
129-xenial_golang-1.16: ignored (out of standard support)
130+xenial_golang-1.16: DNE
131+esm-apps/xenial_golang-1.16: DNE
132+esm-infra/xenial_golang-1.16: DNE
133 bionic_golang-1.16: needs-triage
134+esm-apps/bionic_golang-1.16: DNE
135 focal_golang-1.16: needs-triage
136+esm-apps/focal_golang-1.16: needs-triage
137 jammy_golang-1.16: DNE
138+esm-apps/jammy_golang-1.16: DNE
139 kinetic_golang-1.16: DNE
140 devel_golang-1.16: DNE
141
142 Patches_golang-1.17:
143 upstream_golang-1.17: needs-triage
144-trusty_golang-1.17: ignored (out of standard support)
145+trusty_golang-1.17: DNE
146 trusty/esm_golang-1.17: DNE
147-xenial_golang-1.17: ignored (out of standard support)
148+xenial_golang-1.17: DNE
149+esm-apps/xenial_golang-1.17: DNE
150+esm-infra/xenial_golang-1.17: DNE
151 bionic_golang-1.17: DNE
152+esm-apps/bionic_golang-1.17: DNE
153 focal_golang-1.17: DNE
154+esm-apps/focal_golang-1.17: DNE
155 jammy_golang-1.17: needs-triage
156+esm-apps/jammy_golang-1.17: DNE
157 kinetic_golang-1.17: DNE
158 devel_golang-1.17: DNE
159
160 Patches_golang-1.18:
161 upstream_golang-1.18: needs-triage
162-trusty_golang-1.18: ignored (out of standard support)
163+trusty_golang-1.18: DNE
164 trusty/esm_golang-1.18: DNE
165-xenial_golang-1.18: ignored (out of standard support)
166+xenial_golang-1.18: DNE
167+esm-apps/xenial_golang-1.18: DNE
168+esm-infra/xenial_golang-1.18: DNE
169 bionic_golang-1.18: needs-triage
170+esm-apps/bionic_golang-1.18: DNE
171 focal_golang-1.18: needs-triage
172+esm-apps/focal_golang-1.18: DNE
173 jammy_golang-1.18: needs-triage
174+esm-apps/jammy_golang-1.18: DNE
175 kinetic_golang-1.18: DNE
176 devel_golang-1.18: DNE
177
178 Patches_golang-1.19:
179 upstream_golang-1.19: needs-triage
180-trusty_golang-1.19: ignored (out of standard support)
181+trusty_golang-1.19: DNE
182 trusty/esm_golang-1.19: DNE
183-xenial_golang-1.19: ignored (out of standard support)
184+xenial_golang-1.19: DNE
185+esm-apps/xenial_golang-1.19: DNE
186+esm-infra/xenial_golang-1.19: DNE
187 bionic_golang-1.19: DNE
188+esm-apps/bionic_golang-1.19: DNE
189 focal_golang-1.19: DNE
190+esm-apps/focal_golang-1.19: DNE
191 jammy_golang-1.19: DNE
192+esm-apps/jammy_golang-1.19: DNE
193 kinetic_golang-1.19: needs-triage
194 devel_golang-1.19: needs-triage
195
196 Patches_golang-1.20:
197 upstream_golang-1.20: needs-triage
198-trusty_golang-1.20: ignored (out of standard support)
199+trusty_golang-1.20: DNE
200 trusty/esm_golang-1.20: DNE
201-xenial_golang-1.20: ignored (out of standard support)
202+xenial_golang-1.20: DNE
203+esm-apps/xenial_golang-1.20: DNE
204+esm-infra/xenial_golang-1.20: DNE
205 bionic_golang-1.20: DNE
206+esm-apps/bionic_golang-1.20: DNE
207 focal_golang-1.20: DNE
208+esm-apps/focal_golang-1.20: DNE
209 jammy_golang-1.20: DNE
210+esm-apps/jammy_golang-1.20: DNE
211 kinetic_golang-1.20: DNE
212 devel_golang-1.20: needs-triage
213-
214diff --git a/scripts/active_edit b/scripts/active_edit
215index 43a3804..9e98f27 100755
216--- a/scripts/active_edit
217+++ b/scripts/active_edit
218@@ -68,7 +68,7 @@ def release_wants_dne(release):
219 '''Return true if the release wants to have DNE entries in CVE files.'''
220 # for now only UBUNTU products should have DNE entries
221 _, product, _, _ = cve_lib.get_subproject_details(release)
222- return product != None and product == cve_lib.PRODUCT_UBUNTU
223+ return product != None and product in (cve_lib.PRODUCT_UBUNTU, 'esm', 'esm-apps', 'esm-infra')
224
225 def _add_pkg(p, fp, fixed, parent, embargoed):
226 print('', file=fp)
227@@ -108,7 +108,7 @@ def _add_pkg(p, fp, fixed, parent, embargoed):
228 continue
229 elif rel in cve_lib.eol_releases and not cve_lib.is_active_esm_release(rel):
230 continue
231- elif cve_lib.is_active_esm_release(rel):
232+ elif state != "DNE" and cve_lib.is_active_esm_release(rel):
233 state = "ignored (out of standard support)"
234 elif rel == 'upstream' and fixed_in is not None:
235 state = "released (%s)" % fixed_in

Subscribers

People subscribed via source and target branches