firefox security patches attached
Alexander Sack
asac at debian.org
Fri Sep 23 13:10:54 UTC 2005
Hi,
I attached a tarball that contains sorted and distinct patches for
firefox issues. I have not yet added CANs to the documentation, since I
just have a few. The patches are OK and final so it's time to test
them. As soon as I have the CANs I will finalize the documentation too.
Directories in the tarball [1]:
+ ffox.1.0.6-1.0.7-1/ - all security patches covered by mfsas
+ ffox.1.0.6-1.0.7-1.norel/ - all not-related patches for us (e.g. installer)
+ ffox.1.0.6-1.0.7-1.nosec/ - no security bugs. You can decide if
you want them or not.
All directories contain so called .cinfo with an associated
.cinfo.patch file that contains the patch extracted from
cvs. Further all kind of meta info is included in the cinfo file
(e.g. checkin comment, bugs addressed, maintainer comments like: not
documented bug or regression for somme security bug etc.)
The .cinfo files are just included for documentation purpose and to
allow security teams to perform effective QA. The important
documentation files are aggregated by mfsa. They break down mfsas
by issue and document the patches needed for those issues. The mfsa
documentation files are named:
1. mfsa_*_msecreport.txt - the detailed report for each single mfsa
2. mfsa_*_msecreport_short.txt - a prepared short version for
inclusion in the debian changelog. (Draft, please provide
suggestions - read below)
For now I took care that all patches documented are included in this
patchset. Since the patches are named in a sortable way you can safely
apply all .patch files in the ffox.1.0.6-1.0.7-1/ directory. Only the
patches sorted to ffox.1.0.6-1.0.7-1.nosec/ are documented, but not
included. I can either remove the documentation of their bugs the mfsa
or you just apply those too.
For thunderbird, I use a dpatch script[2] that applies patches that are
documented in the mfsa_*_msecreport.txt report. In order to get the
patches documented, I use the msec_lspatches.sh[3] script I attached to this mail.
So what to do: Please give me feedback on the mfsa_*_short.txt files.
They are thought to be included in the changelog Any suggestions on
the content and layout of such changelog entries is welcome.
[1] - attached: ffox_1.0.6-1.0.7-1.tar.gz
[2] - attached: 05_mfsas.dpatch
[3] - attached: msec_lspatches.sh
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac at debian.org | `. `' Operating System
http://www.asoftsite.org | `- http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ffox_1.0.6-1.0.7-1.tar.gz
Type: application/octet-stream
Size: 22222 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20050923/c29fdd39/ffox_1.0.6-1.0.7-1.tar-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msec_lspatches.sh
Type: application/x-sh
Size: 146 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20050923/c29fdd39/msec_lspatches-0001.sh
-------------- next part --------------
#!/bin/sh -e
PATCH_DIR=debian/patches/tbird_1.0.6-1.0.7-1/
PATCHES=$(for i in ${PATCH_DIR}/mfsa_*_msecreport.txt; do sh debian/msec_lspatches.sh ${i}; done | sort)
RPATCHES=$(for i in ${PATCH_DIR}/mfsa_*_msecreport.txt; do sh debian/msec_lspatches.sh ${i}; done | sort -r)
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
case "$1" in
-patch)
for patch in $PATCHES; do
echo applying patch: ${PATCH_DIR}/${patch}
patch $patch_opts -p1 < ${PATCH_DIR}/${patch}
done
;;
-unpatch)
for patch in $RPATCHES;do
echo unapplying patch ${PATCH_DIR}/${patch}
patch $patch_opts -p1 -R < ${PATCH_DIR}/${patch}
done
;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1;;
esac
exit 0
@DPATCH@
More information about the pkg-mozilla-maintainers
mailing list