<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Salvatore Bonaccorso pushed to branch master
at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f3228e1ae5ce34c63115b1a3a67019276fc74b">d2f3228e</a></strong>
<div>
<span>by Sylvain Beucler</span>
<i>at 2021-02-12T17:09:54+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tracker_service: display CVE entries using natural sort order [#76]
to avoid annoying confusions with the default incorrect sort due to
e.g. CVE-2021-3392 considered higher than CVE-2021-20203
Approach:
- use 'COLLATE natorder' [1]; however, we'd have to leave the bug
unfixed for a few years, until this feature is merged and packaged
in stable sqlite3
[1] https://sqlite.org/forum/forumpost/e4dc6f3331
- sort at the Python level; AFAICS this breaks the current code global
logic that delegates the sort to the database, so we'd need to
revamp the Python code or introduce ad-hoc logic
- use a size-bounded sort at the SQL level (current patch) using a
reasonable max size (10 digits / 32-bits), until 1) is available.
(variable-length is feasible but impacts readability and performance)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72d124e15df4d654960854613ae06d46eecdba6">f72d124e</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2021-02-27T16:14:00+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'beuc/security-tracker-natsort'
tracker_service: display CVE entries using natural sort order
See merge request security-tracker-team/security-tracker!76
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#1afe78cddbd4c33ecec6e9d977f6a99c9d0fb4ff">
lib/python/security_db.py
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="1afe78cddbd4c33ecec6e9d977f6a99c9d0fb4ff">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b46bca4dc6f2fe204db071906e5c462b7171c9ae...f72d124e15df4d654960854613ae06d46eecdba6#1afe78cddbd4c33ecec6e9d977f6a99c9d0fb4ff"><strong>lib/python/security_db.py</strong></a>
<hr>
<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">
<tr class="line_holder match" id="" style="line-height: 1.6;">
<td class="diff-line-num unfold js-unfold old_line" data-linenumber="138" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="diff-line-num unfold js-unfold new_line" data-linenumber="138" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -138,7 +138,14 @@ BugsForSourcePackage_query = \</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="138" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
138
</td>
<td class="new_line diff-line-num" data-linenumber="138" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
138
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC138" class="line" lang="python"><span class="s" style="color: #d14;"> JOIN source_packages sp ON (st.package = sp.rowid)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="139" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
139
</td>
<td class="new_line diff-line-num" data-linenumber="139" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
139
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC139" class="line" lang="python"><span class="s" style="color: #d14;"> WHERE sp.name = ?</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="140" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
140
</td>
<td class="new_line diff-line-num" data-linenumber="140" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
140
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC140" class="line" lang="python"><span class="s" style="color: #d14;"> AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%')</span></span>
</pre>
</td>
</tr>
<tr class="line_holder old" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num old" data-linenumber="141" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
141
</td>
<td class="new_line diff-line-num old" data-linenumber="141" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">
<pre style="margin: 0;">-<span id="LC141" class="line" lang="python"><span class="s" style="color: #d14;"> ORDER BY bugs.name DESC, sp.release"""</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="141" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
141
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC141" class="line" lang="python"><span class="s" style="color: #d14;"> ORDER BY</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
142
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC142" class="line" lang="python"><span class="s" style="color: #d14;"> -- 'COLLATE natorder' emulation, using 0-padding (MR#76)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="143" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
143
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC143" class="line" lang="python"><span class="s" style="color: #d14;"> -- e.g. CVE-2016-1000393 -> CVE-2016-0001000393</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="144" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
144
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC144" class="line" lang="python"><span class="s" style="color: #d14;"> CASE substr(bugs.name,1,3)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="145" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
145
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC145" class="line" lang="python"><span class="s" style="color: #d14;"> WHEN 'CVE' THEN</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="146" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
146
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC146" class="line" lang="python"><span class="s" style="color: #d14;"> substr(bugs.name,1,9) || substr("0000000000"||substr(bugs.name, 10, 10), -10)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="147" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
147
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC147" class="line" lang="python"><span class="s" style="color: #d14;"> ELSE bugs.name</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="148" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
148
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC148" class="line" lang="python"><span class="s" style="color: #d14;"> END DESC, sp.release"""</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="142" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
142
</td>
<td class="new_line diff-line-num" data-linenumber="149" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
149
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC149" class="line" lang="python"><span class="c1" style="color: #998; font-style: italic;"># Sort order is important for the groupby operation below.</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="143" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
143
</td>
<td class="new_line diff-line-num" data-linenumber="150" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
150
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC150" class="line" lang="python"></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="144" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
144
</td>
<td class="new_line diff-line-num" data-linenumber="151" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
151
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC151" class="line" lang="python"><span class="k" style="font-weight: 600;">def</span> <span class="nf" style="color: #900; font-weight: 600;">getBugsForSourcePackage</span><span class="p">(</span><span class="n" style="color: #333;">cursor</span><span class="p">,</span> <span class="n" style="color: #333;">pkg</span><span class="p">):</span></span>
</pre>
</td>
</tr>
</table>
<br>
</li>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b46bca4dc6f2fe204db071906e5c462b7171c9ae...f72d124e15df4d654960854613ae06d46eecdba6">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>