[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] preparations for 4.8.2

Jan,
it’s been a while. Did you want to pick this up at some point again? I guess 
the check we have done so far is by now out-of-date. Not sure whether anyone 
tagged anything
It would also be a good opportunity for you guys to test run my script (Wei ran 
it and it worked fine, but he didn’t comb through any results)
Lars

On 27/07/2017, 19:34, "Lars Kurth" <lars.kurth@xxxxxxxxxx> wrote:

    Quick info/update:
    
    > XSA-222: line 51 in the log shows a real difference: this is a known bug
    > in the tool where the diff file chunks are in a different order
    
    This is now fixed in the last version of the scripts and the script
    correctly handles this case
    
    Lars
    
    On 18/07/2017, 18:43, "Lars Kurth" <lars.kurth@xxxxxxxxxx> wrote:
    
    >Hi all,
    >
    >@Jan: you may want to check the note on XSA-218 and XSA-224
    >
    >I removed Text::Diff module, which should fix the dependency problem.
    >
    >I also fixed the script such that it will fetch patches from
    >http://xenbits.xenproject.org/xsa if the xsa.git has not been checked out
    >in the location in
    >
    >The script still depends on: Getopt, Cwd, File packages, which I hope are
    >standard.
    >
    >Crude check
    >===========
    >I first ran the scripts using
    >
    >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --getlogs
    >--html > xsamatch.html
    >
    >Which checks name signatures only.
    >Note that 
    >https://xenproject.org/downloads/xen-archives/xen-project-48-series/xen-48
    >1
    >.html tells us that XSA 212 was applied last.
    >
    >The output shows that XSA-215 has not been applied. Not a problem, because
    >XSA-215 applies to 64-bit Xen versions of 4.6 and earlier only.
    >
    >All the other ones have patches with matching names that have been
    >applied.
    >
    >Detailed check
    >==============
    >I then ran using
    >
    >
    >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --html
    >--smart > xsamatchsmart.html
    >
    >
    >which requires that xsa.git is checked out, which has restricted access
    >(security team members only).
    >
    >The output shows some problems, for which I used
    >
    >./match-xsa --version 4 --major 8 --since 1 --xsa xsa-213-225 --html
    >--smart --debug > xsamatchsmartdebug.html
    >
    >
    >This then tells me that there are a few real differences between 4.8.2 and
    >the XSA database
    >
    >XSA-218: line 32 in the log shows a real difference: see XSA-218-32.png
    >XSA-224: line 72 in the log shows a real difference: see XSA-224-72a.png &
    >XSA-224-72b.png
    >
    >
    >XSA-222: line 51 in the log shows a real difference: this is a known bug
    >in the tool where the diff file chunks are in a different order
    >
    >Script Improvements
    >===================
    >I can't use --xsadir https://xenbits.xenproject.org/xsa as I can't read
    >files from a website. I can, fetch the file from
    >https://xenbits.xenproject.org/xsa via the LWP:Simple package, which I
    >don't think is installed on Linux distros by default. Alternatively I
    >could use wget, which may be better.
    >
    >
    >I will play with this and see whether I can add it.
    >
    >Cheers
    >Lars
    >
    >
    >On 18/07/2017, 14:53, "Wei Liu" <wei.liu2@xxxxxxxxxx> wrote:
    >
    >>On Tue, Jul 18, 2017 at 12:21:42PM +0100, Lars Kurth wrote:
    >>> Wei,
    >>> I attached the list output from xsa-list-send starting from 206
    >>> If you look at 
    >>> 
    >>>https://xenproject.org/downloads/xen-archives/xen-project-48-series/xen-
    >>>4
    >>>81
    >>> .html, you may want to start using from 213+
    >>
    >>[$]> ./match-xsa --version 4 --major 8 --since 2 --getlogs --xsa xsa-225
    >>Can't locate Text/Diff.pm in @INC (you may need to install the
    >>Text::Diff module) (@INC contains: /etc/perl
    >>/usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1
    >>/usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5
    >>/usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24
    >>/usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at
    >>./match-xsa line 14.
    >>BEGIN failed--compilation aborted at ./match-xsa line 14.
    >>
    >>Would be useful to give a list of perl modules required.
    >
    
    

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.