|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] preparations for 4.8.2
Quick info/update: > XSA-222: line 51 in the log shows a real difference: this is a known bug > in the tool where the diff file chunks are in a different order This is now fixed in the last version of the scripts and the script correctly handles this case Lars On 18/07/2017, 18:43, "Lars Kurth" <lars.kurth@xxxxxxxxxx> wrote: >Hi all, > >@Jan: you may want to check the note on XSA-218 and XSA-224 > >I removed Text::Diff module, which should fix the dependency problem. > >I also fixed the script such that it will fetch patches from >http://xenbits.xenproject.org/xsa if the xsa.git has not been checked out >in the location in > >The script still depends on: Getopt, Cwd, File packages, which I hope are >standard. > >Crude check >=========== >I first ran the scripts using > >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --getlogs >--html > xsamatch.html > >Which checks name signatures only. >Note that >https://xenproject.org/downloads/xen-archives/xen-project-48-series/xen-48 >1 >.html tells us that XSA 212 was applied last. > >The output shows that XSA-215 has not been applied. Not a problem, because >XSA-215 applies to 64-bit Xen versions of 4.6 and earlier only. > >All the other ones have patches with matching names that have been >applied. > >Detailed check >============== >I then ran using > > >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --html >--smart > xsamatchsmart.html > > >which requires that xsa.git is checked out, which has restricted access >(security team members only). > >The output shows some problems, for which I used > >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --html >--smart --debug > xsamatchsmartdebug.html > > >This then tells me that there are a few real differences between 4.8.2 and >the XSA database > >XSA-218: line 32 in the log shows a real difference: see XSA-218-32.png >XSA-224: line 72 in the log shows a real difference: see XSA-224-72a.png & >XSA-224-72b.png > > >XSA-222: line 51 in the log shows a real difference: this is a known bug >in the tool where the diff file chunks are in a different order > >Script Improvements >=================== >I can't use --xsadir https://xenbits.xenproject.org/xsa as I can't read >files from a website. I can, fetch the file from >https://xenbits.xenproject.org/xsa via the LWP:Simple package, which I >don't think is installed on Linux distros by default. Alternatively I >could use wget, which may be better. > > >I will play with this and see whether I can add it. > >Cheers >Lars > > >On 18/07/2017, 14:53, "Wei Liu" <wei.liu2@xxxxxxxxxx> wrote: > >>On Tue, Jul 18, 2017 at 12:21:42PM +0100, Lars Kurth wrote: >>> Wei, >>> I attached the list output from xsa-list-send starting from 206 >>> If you look at >>> >>>https://xenproject.org/downloads/xen-archives/xen-project-48-series/xen- >>>4 >>>81 >>> .html, you may want to start using from 213+ >> >>[$]> ./match-xsa --version 4 --major 8 --since 2 --getlogs --xsa xsa-225 >>Can't locate Text/Diff.pm in @INC (you may need to install the >>Text::Diff module) (@INC contains: /etc/perl >>/usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 >>/usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 >>/usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 >>/usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at >>./match-xsa line 14. >>BEGIN failed--compilation aborted at ./match-xsa line 14. >> >>Would be useful to give a list of perl modules required. > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |