Ubuntu CVE Tracker

Merge ~zhsj/ubuntu-cve-tracker:golang-boilerplates into ubuntu-cve-tracker:master

  1. Git
  2. lp:~zhsj/ubuntu-cve-tracker
  3. golang-boilerplates
  4. Merge into master
Proposed by Shengjing Zhu
Status: Rejected
Rejected by: David Fernandez Gonzalez
Proposed branch: ~zhsj/ubuntu-cve-tracker:golang-boilerplates
Merge into: ubuntu-cve-tracker:master
Diff against target: 235 lines (+73/-24)
2 files modified
boilerplates/golang (+71/-22)
scripts/active_edit (+2/-2)
Reviewer Review Type Date Requested Status
David Fernandez Gonzalez Needs Fixing
Review via email: mp+440849@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Shengjing Zhu (zhsj) wrote :

@alexmurray actually I'm not aware this boilerplate :/
I'm just using ./scripts/active_edit. This script's output looks more update to date.

Revision history for this message
Alex Murray (alexmurray) wrote :

Hmm so we clearly have some inconsistencies in the output of active_edit compared to the current boilerplate contents - I have tried to leave comments where I think things should be changed in your MP but I think we also need to update active_edit to be more sane here as well.

~zhsj/ubuntu-cve-tracker:golang-boilerplates updated
0be416c... by Shengjing Zhu

scripts/active_edit: add esm to releases which want DNE

Signed-off-by: Shengjing Zhu <email address hidden>

463fd2f... by Shengjing Zhu

scripts/active_edit: not override DNE to ignored

Signed-off-by: Shengjing Zhu <email address hidden>

a0d6d6f... by Shengjing Zhu

Update golang boilerplate with scripts/active_edit output

Taken output from ./scripts/active_edit -c CVE-2023-24538 `seq -s ' ' --format \-p\ golang-1.%.0f 6 20`

Signed-off-by: Shengjing Zhu <email address hidden>

Revision history for this message
Shengjing Zhu (zhsj) wrote :

@alexmurray I tried to fix the scripts/active_edit, PTAL

Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Thanks for the triage!

After discussing with the team the changes proposed to the active_edit script:

* 463fd2fd02111d919ec9e465338044c7f288ea10 is needed.
* 0be416c0e6ec0c3a63fd33c0f34d296bf9c3cbca: creating ESM entries for packages that were originally DNE in the release will be too noisy since most cases with DNE will be DNE too for the ESM release. There are some corner cases where a package could be added to the ESM later on but, for those cases, it's better to add the missing entries manually, rather than adding ESM DNE entries for all cases.

review: Needs Fixing
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Included in commits: 9fa90934db8d0a7ce4381b9d49fbac9c6cbec09f and 2be94d370a89e0d84a25856e48a21a6e248e1269.

Unmerged commits

a0d6d6f... by Shengjing Zhu

Update golang boilerplate with scripts/active_edit output

Taken output from ./scripts/active_edit -c CVE-2023-24538 `seq -s ' ' --format \-p\ golang-1.%.0f 6 20`

Signed-off-by: Shengjing Zhu <email address hidden>

Succeeded
[SUCCEEDED] unit-tests:0 (build)
[SUCCEEDED] check-cves:0 (build)
12 of 2 results FirstPreviousNextLast
463fd2f... by Shengjing Zhu

scripts/active_edit: not override DNE to ignored

Signed-off-by: Shengjing Zhu <email address hidden>

0be416c... by Shengjing Zhu

scripts/active_edit: add esm to releases which want DNE

Signed-off-by: Shengjing Zhu <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/boilerplates/golang b/boilerplates/golang
index f74a87f..8035ad9 100644
--- a/boilerplates/golang
+++ b/boilerplates/golang
@@ -20,9 +20,14 @@ upstream_golang: needs-triage
20trusty_golang: ignored (out of standard support)20trusty_golang: ignored (out of standard support)
21trusty/esm_golang: DNE21trusty/esm_golang: DNE
22xenial_golang: DNE22xenial_golang: DNE
23esm-apps/xenial_golang: DNE
24esm-infra/xenial_golang: DNE
23bionic_golang: DNE25bionic_golang: DNE
26esm-apps/bionic_golang: DNE
24focal_golang: DNE27focal_golang: DNE
28esm-apps/focal_golang: DNE
25jammy_golang: DNE29jammy_golang: DNE
30esm-apps/jammy_golang: DNE
26kinetic_golang: DNE31kinetic_golang: DNE
27devel_golang: DNE32devel_golang: DNE
2833
@@ -30,11 +35,15 @@ Patches_golang-1.6:
30upstream_golang-1.6: needs-triage35upstream_golang-1.6: needs-triage
31trusty_golang-1.6: ignored (out of standard support)36trusty_golang-1.6: ignored (out of standard support)
32trusty/esm_golang-1.6: DNE37trusty/esm_golang-1.6: DNE
33xenial_golang-1.6: ignored (end of standard support)38xenial_golang-1.6: ignored (out of standard support)
39esm-apps/xenial_golang-1.6: DNE
34esm-infra/xenial_golang-1.6: needs-triage40esm-infra/xenial_golang-1.6: needs-triage
35bionic_golang-1.6: DNE41bionic_golang-1.6: DNE
42esm-apps/bionic_golang-1.6: DNE
36focal_golang-1.6: DNE43focal_golang-1.6: DNE
44esm-apps/focal_golang-1.6: DNE
37jammy_golang-1.6: DNE45jammy_golang-1.6: DNE
46esm-apps/jammy_golang-1.6: DNE
38kinetic_golang-1.6: DNE47kinetic_golang-1.6: DNE
39devel_golang-1.6: DNE48devel_golang-1.6: DNE
4049
@@ -43,9 +52,14 @@ upstream_golang-1.8: needs-triage
43trusty_golang-1.8: DNE52trusty_golang-1.8: DNE
44trusty/esm_golang-1.8: DNE53trusty/esm_golang-1.8: DNE
45xenial_golang-1.8: DNE54xenial_golang-1.8: DNE
55esm-apps/xenial_golang-1.8: DNE
56esm-infra/xenial_golang-1.8: DNE
46bionic_golang-1.8: needs-triage57bionic_golang-1.8: needs-triage
58esm-apps/bionic_golang-1.8: needs-triage
47focal_golang-1.8: DNE59focal_golang-1.8: DNE
60esm-apps/focal_golang-1.8: DNE
48jammy_golang-1.8: DNE61jammy_golang-1.8: DNE
62esm-apps/jammy_golang-1.8: DNE
49kinetic_golang-1.8: DNE63kinetic_golang-1.8: DNE
50devel_golang-1.8: DNE64devel_golang-1.8: DNE
5165
@@ -54,9 +68,14 @@ upstream_golang-1.9: needs-triage
54trusty_golang-1.9: DNE68trusty_golang-1.9: DNE
55trusty/esm_golang-1.9: DNE69trusty/esm_golang-1.9: DNE
56xenial_golang-1.9: DNE70xenial_golang-1.9: DNE
71esm-apps/xenial_golang-1.9: DNE
72esm-infra/xenial_golang-1.9: DNE
57bionic_golang-1.9: needs-triage73bionic_golang-1.9: needs-triage
74esm-apps/bionic_golang-1.9: needs-triage
58focal_golang-1.9: DNE75focal_golang-1.9: DNE
76esm-apps/focal_golang-1.9: DNE
59jammy_golang-1.9: DNE77jammy_golang-1.9: DNE
78esm-apps/jammy_golang-1.9: DNE
60kinetic_golang-1.9: DNE79kinetic_golang-1.9: DNE
61devel_golang-1.9: DNE80devel_golang-1.9: DNE
6281
@@ -64,11 +83,15 @@ Patches_golang-1.10:
64upstream_golang-1.10: needs-triage83upstream_golang-1.10: needs-triage
65trusty_golang-1.10: ignored (out of standard support)84trusty_golang-1.10: ignored (out of standard support)
66trusty/esm_golang-1.10: needs-triage85trusty/esm_golang-1.10: needs-triage
67xenial_golang-1.10: ignored (end of standard support)86xenial_golang-1.10: ignored (out of standard support)
87esm-apps/xenial_golang-1.10: DNE
68esm-infra/xenial_golang-1.10: needs-triage88esm-infra/xenial_golang-1.10: needs-triage
69bionic_golang-1.10: needs-triage89bionic_golang-1.10: needs-triage
90esm-apps/bionic_golang-1.10: DNE
70focal_golang-1.10: DNE91focal_golang-1.10: DNE
92esm-apps/focal_golang-1.10: DNE
71jammy_golang-1.10: DNE93jammy_golang-1.10: DNE
94esm-apps/jammy_golang-1.10: DNE
72kinetic_golang-1.10: DNE95kinetic_golang-1.10: DNE
73devel_golang-1.10: DNE96devel_golang-1.10: DNE
7497
@@ -76,10 +99,15 @@ Patches_golang-1.13:
76upstream_golang-1.13: needs-triage99upstream_golang-1.13: needs-triage
77trusty_golang-1.13: DNE100trusty_golang-1.13: DNE
78trusty/esm_golang-1.13: DNE101trusty/esm_golang-1.13: DNE
79xenial_golang-1.13: ignored (end of standard support)102xenial_golang-1.13: ignored (out of standard support)
103esm-apps/xenial_golang-1.13: needs-triage
104esm-infra/xenial_golang-1.13: DNE
80bionic_golang-1.13: needs-triage105bionic_golang-1.13: needs-triage
106esm-apps/bionic_golang-1.13: needs-triage
81focal_golang-1.13: needs-triage107focal_golang-1.13: needs-triage
108esm-apps/focal_golang-1.13: DNE
82jammy_golang-1.13: needs-triage109jammy_golang-1.13: needs-triage
110esm-apps/jammy_golang-1.13: needs-triage
83kinetic_golang-1.13: needs-triage111kinetic_golang-1.13: needs-triage
84devel_golang-1.13: DNE112devel_golang-1.13: DNE
85113
@@ -88,72 +116,93 @@ upstream_golang-1.14: needs-triage
88trusty_golang-1.14: DNE116trusty_golang-1.14: DNE
89trusty/esm_golang-1.14: DNE117trusty/esm_golang-1.14: DNE
90xenial_golang-1.14: DNE118xenial_golang-1.14: DNE
119esm-apps/xenial_golang-1.14: DNE
120esm-infra/xenial_golang-1.14: DNE
91bionic_golang-1.14: DNE121bionic_golang-1.14: DNE
122esm-apps/bionic_golang-1.14: DNE
92focal_golang-1.14: needs-triage123focal_golang-1.14: needs-triage
124esm-apps/focal_golang-1.14: DNE
93jammy_golang-1.14: DNE125jammy_golang-1.14: DNE
126esm-apps/jammy_golang-1.14: DNE
94kinetic_golang-1.14: DNE127kinetic_golang-1.14: DNE
95devel_golang-1.14: DNE128devel_golang-1.14: DNE
96129
97Patches_golang-1.15:
98upstream_golang-1.15: needs-triage
99trusty_golang-1.15: DNE
100trusty/esm_golang-1.15: DNE
101xenial_golang-1.15: DNE
102bionic_golang-1.15: DNE
103focal_golang-1.15: DNE
104
105Patches_golang-1.16:130Patches_golang-1.16:
106upstream_golang-1.16: needs-triage131upstream_golang-1.16: needs-triage
107trusty_golang-1.16: ignored (out of standard support)132trusty_golang-1.16: DNE
108trusty/esm_golang-1.16: DNE133trusty/esm_golang-1.16: DNE
109xenial_golang-1.16: ignored (out of standard support)134xenial_golang-1.16: DNE
135esm-apps/xenial_golang-1.16: DNE
136esm-infra/xenial_golang-1.16: DNE
110bionic_golang-1.16: needs-triage137bionic_golang-1.16: needs-triage
138esm-apps/bionic_golang-1.16: DNE
111focal_golang-1.16: needs-triage139focal_golang-1.16: needs-triage
140esm-apps/focal_golang-1.16: needs-triage
112jammy_golang-1.16: DNE141jammy_golang-1.16: DNE
142esm-apps/jammy_golang-1.16: DNE
113kinetic_golang-1.16: DNE143kinetic_golang-1.16: DNE
114devel_golang-1.16: DNE144devel_golang-1.16: DNE
115145
116Patches_golang-1.17:146Patches_golang-1.17:
117upstream_golang-1.17: needs-triage147upstream_golang-1.17: needs-triage
118trusty_golang-1.17: ignored (out of standard support)148trusty_golang-1.17: DNE
119trusty/esm_golang-1.17: DNE149trusty/esm_golang-1.17: DNE
120xenial_golang-1.17: ignored (out of standard support)150xenial_golang-1.17: DNE
151esm-apps/xenial_golang-1.17: DNE
152esm-infra/xenial_golang-1.17: DNE
121bionic_golang-1.17: DNE153bionic_golang-1.17: DNE
154esm-apps/bionic_golang-1.17: DNE
122focal_golang-1.17: DNE155focal_golang-1.17: DNE
156esm-apps/focal_golang-1.17: DNE
123jammy_golang-1.17: needs-triage157jammy_golang-1.17: needs-triage
158esm-apps/jammy_golang-1.17: DNE
124kinetic_golang-1.17: DNE159kinetic_golang-1.17: DNE
125devel_golang-1.17: DNE160devel_golang-1.17: DNE
126161
127Patches_golang-1.18:162Patches_golang-1.18:
128upstream_golang-1.18: needs-triage163upstream_golang-1.18: needs-triage
129trusty_golang-1.18: ignored (out of standard support)164trusty_golang-1.18: DNE
130trusty/esm_golang-1.18: DNE165trusty/esm_golang-1.18: DNE
131xenial_golang-1.18: ignored (out of standard support)166xenial_golang-1.18: DNE
167esm-apps/xenial_golang-1.18: DNE
168esm-infra/xenial_golang-1.18: DNE
132bionic_golang-1.18: needs-triage169bionic_golang-1.18: needs-triage
170esm-apps/bionic_golang-1.18: DNE
133focal_golang-1.18: needs-triage171focal_golang-1.18: needs-triage
172esm-apps/focal_golang-1.18: DNE
134jammy_golang-1.18: needs-triage173jammy_golang-1.18: needs-triage
174esm-apps/jammy_golang-1.18: DNE
135kinetic_golang-1.18: DNE175kinetic_golang-1.18: DNE
136devel_golang-1.18: DNE176devel_golang-1.18: DNE
137177
138Patches_golang-1.19:178Patches_golang-1.19:
139upstream_golang-1.19: needs-triage179upstream_golang-1.19: needs-triage
140trusty_golang-1.19: ignored (out of standard support)180trusty_golang-1.19: DNE
141trusty/esm_golang-1.19: DNE181trusty/esm_golang-1.19: DNE
142xenial_golang-1.19: ignored (out of standard support)182xenial_golang-1.19: DNE
183esm-apps/xenial_golang-1.19: DNE
184esm-infra/xenial_golang-1.19: DNE
143bionic_golang-1.19: DNE185bionic_golang-1.19: DNE
186esm-apps/bionic_golang-1.19: DNE
144focal_golang-1.19: DNE187focal_golang-1.19: DNE
188esm-apps/focal_golang-1.19: DNE
145jammy_golang-1.19: DNE189jammy_golang-1.19: DNE
190esm-apps/jammy_golang-1.19: DNE
146kinetic_golang-1.19: needs-triage191kinetic_golang-1.19: needs-triage
147devel_golang-1.19: needs-triage192devel_golang-1.19: needs-triage
148193
149Patches_golang-1.20:194Patches_golang-1.20:
150upstream_golang-1.20: needs-triage195upstream_golang-1.20: needs-triage
151trusty_golang-1.20: ignored (out of standard support)196trusty_golang-1.20: DNE
152trusty/esm_golang-1.20: DNE197trusty/esm_golang-1.20: DNE
153xenial_golang-1.20: ignored (out of standard support)198xenial_golang-1.20: DNE
199esm-apps/xenial_golang-1.20: DNE
200esm-infra/xenial_golang-1.20: DNE
154bionic_golang-1.20: DNE201bionic_golang-1.20: DNE
202esm-apps/bionic_golang-1.20: DNE
155focal_golang-1.20: DNE203focal_golang-1.20: DNE
204esm-apps/focal_golang-1.20: DNE
156jammy_golang-1.20: DNE205jammy_golang-1.20: DNE
206esm-apps/jammy_golang-1.20: DNE
157kinetic_golang-1.20: DNE207kinetic_golang-1.20: DNE
158devel_golang-1.20: needs-triage208devel_golang-1.20: needs-triage
159
diff --git a/scripts/active_edit b/scripts/active_edit
index 43a3804..9e98f27 100755
--- a/scripts/active_edit
+++ b/scripts/active_edit
@@ -68,7 +68,7 @@ def release_wants_dne(release):
68 '''Return true if the release wants to have DNE entries in CVE files.'''68 '''Return true if the release wants to have DNE entries in CVE files.'''
69 # for now only UBUNTU products should have DNE entries69 # for now only UBUNTU products should have DNE entries
70 _, product, _, _ = cve_lib.get_subproject_details(release)70 _, product, _, _ = cve_lib.get_subproject_details(release)
71 return product != None and product == cve_lib.PRODUCT_UBUNTU71 return product != None and product in (cve_lib.PRODUCT_UBUNTU, 'esm', 'esm-apps', 'esm-infra')
7272
73def _add_pkg(p, fp, fixed, parent, embargoed):73def _add_pkg(p, fp, fixed, parent, embargoed):
74 print('', file=fp)74 print('', file=fp)
@@ -108,7 +108,7 @@ def _add_pkg(p, fp, fixed, parent, embargoed):
108 continue108 continue
109 elif rel in cve_lib.eol_releases and not cve_lib.is_active_esm_release(rel):109 elif rel in cve_lib.eol_releases and not cve_lib.is_active_esm_release(rel):
110 continue110 continue
111 elif cve_lib.is_active_esm_release(rel):111 elif state != "DNE" and cve_lib.is_active_esm_release(rel):
112 state = "ignored (out of standard support)"112 state = "ignored (out of standard support)"
113 elif rel == 'upstream' and fixed_in is not None:113 elif rel == 'upstream' and fixed_in is not None:
114 state = "released (%s)" % fixed_in114 state = "released (%s)" % fixed_in

Subscribers

People subscribed via source and target branches