[Secure-testing-commits] r16589 - bin

Florian Weimer fw at alioth.debian.org
Sun Apr 24 18:09:51 UTC 2011 

Author: fw
Date: 2011-04-24 18:09:43 +0000 (Sun, 24 Apr 2011)
New Revision: 16589

Modified:
   bin/gen-DSA.py
Log:
bin/gen_DSA.py: fill in version information for unstable (and, rarely, testing)


Modified: bin/gen-DSA.py
===================================================================
--- bin/gen-DSA.py	2011-04-24 17:52:21 UTC (rev 16588)
+++ bin/gen-DSA.py	2011-04-24 18:09:43 UTC (rev 16589)
@@ -187,6 +187,42 @@
                       format(package, codename))
     return missing
 
+def searchlist_bugs(cve):
+    """Returns a list of bug objects pertinent to CVE."""
+    result = []
+    for bug in bugs.CVEFile(debian_support.findresource(
+            *"data CVE list".split())):
+        if bug.name in cve:
+            result.append(bug)
+    for bug in bugs.DTSAFile(debian_support.findresource(
+            *"data DTSA list".split())):
+        found = False
+        for xref in bug.xref:
+            if xref in cve:
+                found = True
+        if found:
+            result.append(bug)
+    return result
+
+def searchlist(buglist, package, codename):
+    "Returns the highest matching version number from BUGLIST."
+    relcode = debian_support.releasecodename
+    codename = relcode(codename)
+    versions = []
+    vzero = debian_support.Version("0") # filter out <not-affected> etc.
+    for bug in buglist:
+        for ann in bug.notes:
+            rel = relcode(ann.release or "sid")
+            if isinstance(ann, bugs.PackageNoteParsed) \
+                    and ann.fixed_version is not None \
+                    and ann.fixed_version != vzero \
+                    and ann.package == package and rel == codename:
+                versions.append(ann.fixed_version)
+    if versions:
+        versions.sort()
+        return str(versions[-1])
+    return "<missing>"
+
 parsecommand()
 checklist()
 checkfile()
@@ -194,9 +230,13 @@
 queue = secmaster.listqueue()
 stable_version = search_queue(queue, opt_package, "stable")
 oldstable_version = search_queue(queue, opt_package, "oldstable", "<missing>")
-testing_version = search_queue(queue, opt_package, "testing", "<missing>")
-unstable_version = search_queue(queue, opt_package, "unstable", "<missing>")
+testing_version = search_queue(queue, opt_package, "testing", False)
 
+buglist = searchlist_bugs(opt_cve)
+if testing_version is False:
+    testing_version = searchlist(buglist, opt_package, "testing")
+unstable_version = searchlist(buglist, opt_package, "unstable")
+
 template = filledtemplate({
         "DEBFULLNAME" : gecos(),
         "DEBEMAIL" : debemail(),

More information about the Secure-testing-commits mailing list