Skip to content

Git_Security

Jump to bottom Edit New page
Michal Čihař edited this page May 16, 2016 · 4 revisions

Warning

This information is valid only for developers who have been granted access to this repository.

About

The git security repository is for collaboration among developers for not yet disclosed security issues. The repository is quite special:

  1. It is not publicly accessible.
  2. It will often rebase.

Cloning

The repository is located at github as a private repository, you need to add it as another remote repository to your existing phpmyadmin clone.

Open terminal window, cd to your repository and add the remote one:

cd ...../phpmyadmin git remote add security git@github.com:phpmyadmin/phpmyadmin-security.git git remote update security

Preparing security patches

First you need to choose where you will base your patches, this should be latest stable release and we will later merge changes to QA and master branches.

For example we will work on MAINT_3_3_5 and the security patches will be in MAINT_3_3_5-security branch.

First check whether MAINT_3_3_5-security branch already exists:

git branch MAINT_3_3_5-security security/MAINT_3_3_5-security

If this fails, we should create it:

git branch MAINT_3_3_5-security origin/MAINT_3_3_5

And checkout it to work on it:

git checkout MAINT_3_3_5-security

Getting updates from security repo

To get latest updates of security branch, do following:

git checkout MAINT_3_3_5-security git pull security MAINT_3_3_5-security

Publishing patches to security repo

Once you have done some changes, you can push it to the security repo:

git push security MAINT_3_3_5-security

Merging changes back

Once the patches are ready, you need to merge changes to main git repository.

git remote update security # update patches from security repo git checkout MAINT_3_3_5 # change working copy to maintenance branch git merge security/MAINT_3_3_5-security # merge security branch

Now you can publish it as usual, but most likely you will want to merge changes to other branches as well:

git checkout QA_3_3 # checkout QA branch git merge MAINT_3_3_5 # merge changes git checkout master # checkout master branch git merge QA_3_3 # merge changes

Once the changes are merged, you should delete the corresponding branch in the security repository to avoid confusion when other security issues arise:

git push security :MAINT_3_3_5-security

Preparing advisories

The advisories are prepared as draft in the website administration. Once they are ready to publish, just remove the draft flag and they will appear on the website.

G G

Add a custom footer

Popular destinations:

User resources:

Clone this wiki locally