From Mageia wiki
Jump to: navigation, search
Line 1: Line 1:
 
Install advisories tool:
 
Install advisories tool:
<nowiki>[tmb@laptop advisories]# urpmi mga-advisories
+
<pre>
 +
[tmb@laptop advisories]# urpmi mga-advisories
 
   - installs mgaadv
 
   - installs mgaadv
</nowiki>
+
</pre>
  
 
Do initial config
 
Do initial config

Revision as of 08:41, 23 March 2014

Install advisories tool:

[tmb@laptop advisories]# urpmi mga-advisories
  - installs mgaadv

Do initial config [tmb@laptop advisories]$ mgaadv initqaconf

 - initializes config file (it opens text editor to show config)
 - initial download of advisories

Check that you have latest advisories: [tmb@laptop advisories]$ cd ~/mageia-advisories/advisories [tmb@laptop advisories]$ svn up

Check at end of http://mageia.madb.org/tools/updates for advisories ready to be pushed

Pushing updates (using samba update (bug 12999) as an example)

Assing advisory id [tmb@laptop advisories]$ mgaadv publish 12999 Assigned ID MGASA-2014-0138 to advisory 12999

Check if there is potential problems (for perl advisory parser) $ file 12999.adv 12999.adv: ASCII text (this is ok)

Check the contents of the advisory looks ok: $ cat 12999.adv type: security subject: Updated samba packages fix security vulnerability CVE:

- CVE-2013-4496

src:

 3:
  core:
    - samba-3.6.15-1.4.mga3
 4:
  core:
    - samba-3.6.23-1.mga4

description: |

 In Samba before 3.6.23, the SAMR server neglects to ensure that attempted
 password changes will update the bad password count, and does not set the
 lockout flags.  This would allow a user unlimited attempts against the
 password by simply calling ChangePasswordUser2 repeatedly.  This is
 available without any other authentication (CVE-2013-4496)

references:

- https://bugs.mageia.org/show_bug.cgi?id=12999
- http://www.samba.org/samba/security/CVE-2013-4496

ID: MGASA-2014-0138


Open up a ssh to valstar $ ssh -A root@valstar.mageia.org

Use Screen to make avoid breakages during package move if you loose network connection)

  1. screen

Push srpm(s) according to advisory (verify that the srpm matches the advisory, if not, check the bugreport if something has changed and update advisory accordingly or ask QA people for clarification), format is mga-send-update-nosync <distro> <media> <srpm>:

  1. ./mga-send-update-nosync 3 core samba
This SRPM (and matching binarys) will be moved from updates_testing to updates:

samba-3.6.15-1.4.mga3.src.rpm

Are you sure ? y

moving binary and source rpms:

i586: libnetapi0-3.6.15-1.4.mga3.i586.rpm libnetapi-devel-3.6.15-1.4.mga3.i586.rpm libsmbclient0-3.6.15-1.4.mga3.i586.rpm libsmbclient0-devel-3.6.15-1.4.mga3.i586.rpm libsmbclient0-static-devel-3.6.15-1.4.mga3.i586.rpm libsmbsharemodes0-3.6.15-1.4.mga3.i586.rpm libsmbsharemodes-devel-3.6.15-1.4.mga3.i586.rpm libwbclient0-3.6.15-1.4.mga3.i586.rpm libwbclient-devel-3.6.15-1.4.mga3.i586.rpm nss_wins-3.6.15-1.4.mga3.i586.rpm samba-client-3.6.15-1.4.mga3.i586.rpm samba-common-3.6.15-1.4.mga3.i586.rpm samba-doc-3.6.15-1.4.mga3.noarch.rpm samba-domainjoin-gui-3.6.15-1.4.mga3.i586.rpm samba-server-3.6.15-1.4.mga3.i586.rpm samba-swat-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-clamav-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-fsecure-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-sophos-3.6.15-1.4.mga3.i586.rpm samba-winbind-3.6.15-1.4.mga3.i586.rpm samba-debuginfo-3.6.15-1.4.mga3.i586.rpm

x86_64: lib64netapi0-3.6.15-1.4.mga3.x86_64.rpm lib64netapi-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-static-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbsharemodes0-3.6.15-1.4.mga3.x86_64.rpm lib64smbsharemodes-devel-3.6.15-1.4.mga3.x86_64.rpm lib64wbclient0-3.6.15-1.4.mga3.x86_64.rpm lib64wbclient-devel-3.6.15-1.4.mga3.x86_64.rpm nss_wins-3.6.15-1.4.mga3.x86_64.rpm samba-client-3.6.15-1.4.mga3.x86_64.rpm samba-common-3.6.15-1.4.mga3.x86_64.rpm samba-doc-3.6.15-1.4.mga3.noarch.rpm samba-domainjoin-gui-3.6.15-1.4.mga3.x86_64.rpm samba-server-3.6.15-1.4.mga3.x86_64.rpm samba-swat-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-clamav-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-fsecure-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-sophos-3.6.15-1.4.mga3.x86_64.rpm samba-winbind-3.6.15-1.4.mga3.x86_64.rpm samba-debuginfo-3.6.15-1.4.mga3.x86_64.rpm

SRPMS: samba-3.6.15-1.4.mga3.src.rpm


  1. ./mga-send-update-nosync 4 core samba
This SRPM (and matching binarys) will be moved from updates_testing to updates:

samba-3.6.23-1.mga4.src.rpm

Are you sure ? y

moving binary and source rpms:

i586: libnetapi0-3.6.23-1.mga4.i586.rpm libnetapi-devel-3.6.23-1.mga4.i586.rpm libsmbclient0-3.6.23-1.mga4.i586.rpm libsmbclient0-devel-3.6.23-1.mga4.i586.rpm libsmbclient0-static-devel-3.6.23-1.mga4.i586.rpm libsmbsharemodes0-3.6.23-1.mga4.i586.rpm libsmbsharemodes-devel-3.6.23-1.mga4.i586.rpm libwbclient0-3.6.23-1.mga4.i586.rpm libwbclient-devel-3.6.23-1.mga4.i586.rpm nss_wins-3.6.23-1.mga4.i586.rpm samba-client-3.6.23-1.mga4.i586.rpm samba-common-3.6.23-1.mga4.i586.rpm samba-doc-3.6.23-1.mga4.noarch.rpm samba-domainjoin-gui-3.6.23-1.mga4.i586.rpm samba-server-3.6.23-1.mga4.i586.rpm samba-swat-3.6.23-1.mga4.i586.rpm samba-virusfilter-clamav-3.6.23-1.mga4.i586.rpm samba-virusfilter-fsecure-3.6.23-1.mga4.i586.rpm samba-virusfilter-sophos-3.6.23-1.mga4.i586.rpm samba-winbind-3.6.23-1.mga4.i586.rpm samba-debuginfo-3.6.23-1.mga4.i586.rpm

x86_64: lib64netapi0-3.6.23-1.mga4.x86_64.rpm lib64netapi-devel-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-devel-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-static-devel-3.6.23-1.mga4.x86_64.rpm lib64smbsharemodes0-3.6.23-1.mga4.x86_64.rpm lib64smbsharemodes-devel-3.6.23-1.mga4.x86_64.rpm lib64wbclient0-3.6.23-1.mga4.x86_64.rpm lib64wbclient-devel-3.6.23-1.mga4.x86_64.rpm nss_wins-3.6.23-1.mga4.x86_64.rpm samba-client-3.6.23-1.mga4.x86_64.rpm samba-common-3.6.23-1.mga4.x86_64.rpm samba-doc-3.6.23-1.mga4.noarch.rpm samba-domainjoin-gui-3.6.23-1.mga4.x86_64.rpm samba-server-3.6.23-1.mga4.x86_64.rpm samba-swat-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-clamav-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-fsecure-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-sophos-3.6.23-1.mga4.x86_64.rpm samba-winbind-3.6.23-1.mga4.x86_64.rpm samba-debuginfo-3.6.23-1.mga4.x86_64.rpm

SRPMS: samba-3.6.23-1.mga4.src.rpm


Commit the advisory to svn (add advisory id and srpm in message for easy svn browsing): [tmb@laptop advisories]$ svn commit -m "MGASA-2014-0138: samba-3.6.15-1.4.mga3, samba-3.6.23-1.mga4" 12999.adv