[Secure-testing-commits] r29228 - bin lib/python
Holger Levsen
holger at moszumanska.debian.org
Fri Oct 3 07:36:36 UTC 2014
Author: holger
Date: 2014-10-03 07:36:36 +0000 (Fri, 03 Oct 2014)
New Revision: 29228
Modified:
bin/tracker_service.py
lib/python/bugs.py
lib/python/debian_support.py
lib/python/security_db.py
Log:
WIP: improve backports support. (this is really WIP: see debian_support.py)
Modified: bin/tracker_service.py
===================================================================
--- bin/tracker_service.py 2014-10-03 07:36:34 UTC (rev 29227)
+++ bin/tracker_service.py 2014-10-03 07:36:36 UTC (rev 29228)
@@ -376,12 +376,12 @@
self.make_debian_bug_list(url, debian_bugs))
if not bug.not_for_us:
- for (release, status, reason) in bug.getStatus(cursor):
+ for (release, subrelease, status, reason) in bug.getStatus(cursor):
if status == 'undetermined':
reason = self.make_purple(reason)
elif status <> 'fixed':
reason = self.make_red(reason)
- yield B('Debian/%s' % release), reason
+ yield B('Debian/%s %s' % (release, subrelease)), reason
page.append(make_table(gen_header()))
Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py 2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/bugs.py 2014-10-03 07:36:36 UTC (rev 29228)
@@ -374,10 +374,10 @@
def getStatus(self, cursor):
"""Calculate bug status.
- Returns list of tuples (RELEASE, STATUS, REASON)."""
+ Returns list of tuples (RELEASE, SUBRELEASE, STATUS, REASON)."""
return list(cursor.execute(
- """SELECT release, status, reason
+ """SELECT release, subrelease, status, reason
FROM bug_status WHERE bug_name = ?""",
(self.name,)))
Modified: lib/python/debian_support.py
===================================================================
--- lib/python/debian_support.py 2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/debian_support.py 2014-10-03 07:36:36 UTC (rev 29228)
@@ -71,7 +71,7 @@
# This regular expression is used to strip ~bpo1 and ~volatile1 from
# version numbers before they are compared.
-_version_normalize_regexp = re.compile(r"~(?:bpo|volatile)[0-9.+]+$")
+_version_normalize_regexp = re.compile(r"~(?:xxxxxxxxxxxxxxxx|yyyyyyyyyyyyyyyy)[0-9.+]+$")
class Version:
"""Version class which uses the original APT comparison algorithm.
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/security_db.py 2014-10-03 07:36:36 UTC (rev 29228)
@@ -271,11 +271,12 @@
cursor.execute("""CREATE TABLE bug_status
(bug_name TEXT NOT NULL,
release TEXT NOT NULL,
+ subrelease TEXT NOT NULL,
status TEXT NOT NULL
CHECK (status IN ('vulnerable', 'fixed', 'unknown', 'undetermined',
'partially-fixed', 'todo')),
reason TEXT NOT NULL,
- PRIMARY KEY (bug_name, release))""")
+ PRIMARY KEY (bug_name, release, subrelease))""")
cursor.execute("""CREATE TABLE source_package_status
(bug_name TEXT NOT NULL,
@@ -1174,24 +1175,24 @@
pkgs += ("packages %s may be vulnerable but need to be checked."
% ', '.join(undetermined_packages))
cursor.execute("""INSERT INTO bug_status
- (bug_name, release, status, reason)
- VALUES (?, 'unstable', ?, ?)""", (bug_name, status, pkgs))
+ (bug_name, release, subrelease, status, reason)
+ VALUES (?, 'unstable', '', ?, ?)""", (bug_name, status, pkgs))
elif unimportant_packages:
if len(unimportant_packages) == 1:
pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimportant_packages[0]
else:
pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimportant_packages))
cursor.execute("""INSERT INTO bug_status
- (bug_name, release, status, reason)
- VALUES (?, 'unstable', 'fixed', ?)""", (bug_name, pkgs))
+ (bug_name, release, subrelease, status, reason)
+ VALUES (?, 'unstable', '', 'fixed', ?)""", (bug_name, pkgs))
else:
if have_something:
status = "not vulnerable."
else:
status = "not known to be vulnerable."
cursor.execute("""INSERT INTO bug_status
- (bug_name, release, status, reason)
- VALUES (?, 'unstable', 'fixed', ?)""",
+ (bug_name, release, subrelease, status, reason)
+ VALUES (?, 'unstable', '', 'fixed', ?)""",
(bug_name, status))
def _calcTesting(self, cursor, bug_name, suite, nickname):
@@ -1201,85 +1202,85 @@
# note/release/subrelease triple, but we should check that
# here.
- status = {'' : {}, 'security' : {}, 'lts' : {}, 'backports' : {}}
+ status = {'' : {}, 'security' : {}, 'lts' : {}, 'backports' : {}}
for (package, note, subrelease, vulnerable, urgency) in cursor.execute(
"""SELECT DISTINCT sp.name, n.id, sp.subrelease,
st.vulnerable, n.urgency
FROM source_package_status AS st,
source_packages AS sp, package_notes AS n
WHERE st.bug_name = ? AND sp.rowid = st.package
- AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts', 'backports')
+ AND sp.release = ?
AND n.bug_name = st.bug_name AND n.package = sp.name
ORDER BY sp.name""",
(bug_name, nickname)):
status[subrelease][(package, note)] = (vulnerable,urgency)
+ if package == "bind9":
+ print package, note, subrelease, vulnerable, urgency
- # Check if any packages in plain testing are vulnerable, and
- # if all of those have been fixed in the security archive.
- fixed_in_security = True
- unfixed_pkgs = {}
- undet_pkgs = {}
- unimp_pkgs = {}
- for ((package, note), (vulnerable, urgency)) in status[''].items():
+ # Check if any packages in plain testing are vulnerable, and
+ # if all of those have been fixed in the security archive.
+ fixed_in_security = False
+ fixed_in_lts = False
+ unfixed_pkgs = {}
+ undet_pkgs = {}
+ unimp_pkgs = {}
if vulnerable == 1:
if urgency == 'unimportant':
unimp_pkgs[package] = True
else:
unfixed_pkgs[package] = True
if status['security'].get((package, note), True):
- fixed_in_security = False
+ fixed_in_security = True
elif status['lts'].get((package, note), True):
- fixed_in_security = False
- elif status['backports'].get((package, note), True):
- fixed_in_security = False
+ fixed_in_lts = True
elif vulnerable == 2:
undet_pkgs[package] = True
- unfixed_pkgs = unfixed_pkgs.keys()
- unfixed_pkgs.sort()
- undet_pkgs = undet_pkgs.keys()
- undet_pkgs.sort()
- unimp_pkgs = unimp_pkgs.keys()
- unimp_pkgs.sort()
+ unfixed_pkgs = unfixed_pkgs.keys()
+ unfixed_pkgs.sort()
+ undet_pkgs = undet_pkgs.keys()
+ undet_pkgs.sort()
+ unimp_pkgs = unimp_pkgs.keys()
+ unimp_pkgs.sort()
- pkgs = ""
- result = "undetermined"
- if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0:
- if len(status[''].keys()) == 0:
- pkgs += "not known to be vulnerable."
- else:
- pkgs += "not vulnerable."
- result = "fixed"
- if len(unfixed_pkgs) > 0:
- if len(unfixed_pkgs) == 1:
- pkgs += "package " + unfixed_pkgs[0] + " is "
- else:
- pkgs += "packages " + ", ".join(unfixed_pkgs) + " are "
- if fixed_in_security:
- pkgs = "%sfixed in %s-security. " % (pkgs, suite)
- if suite == "stable":
+ pkgs = ""
+ result = "undetermined"
+ if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0:
+ if len(status[subrelease].keys()) == 0:
+ pkgs += "not known to be vulnerable."
+ else:
+ pkgs += "not vulnerable."
+ result = "fixed"
+ if len(unfixed_pkgs) > 0:
+ if len(unfixed_pkgs) == 1:
+ pkgs += "package " + unfixed_pkgs[0] + " is "
+ else:
+ pkgs += "packages " + ", ".join(unfixed_pkgs) + " are "
+ if fixed_in_security:
+ pkgs = "%sfixed in %s-security. " % (pkgs, suite)
result = "fixed"
+ elif fixed_in_lts:
+ pkgs = "%sfixed in %s-lts. " % (pkgs, suite)
+ result = "fixed"
else:
- result = "partially-fixed"
- else:
- pkgs += "vulnerable. "
- result = "vulnerable"
- if len(undet_pkgs) > 0:
- if len(undet_pkgs) == 1:
- pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked."
- else:
- pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked."
- if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0:
- result = "fixed"
- if len(unimp_pkgs) == 1:
- pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0]
- else:
- pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs))
+ pkgs += "vulnerable. "
+ result = "vulnerable"
+ if len(undet_pkgs) > 0:
+ if len(undet_pkgs) == 1:
+ pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked."
+ else:
+ pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked."
+ if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0:
+ result = "fixed"
+ if len(unimp_pkgs) == 1:
+ pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0]
+ else:
+ pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs))
- cursor.execute("""INSERT INTO bug_status
- (bug_name, release, status, reason)
- VALUES (?, ?, ?, ?)""",
- (bug_name, suite, result, pkgs))
+ cursor.execute("""INSERT INTO bug_status
+ (bug_name, release, subrelease, status, reason)
+ VALUES (?, ?, ?, ?, ?)""",
+ (bug_name, suite, '', result, pkgs))
def calculateDebsecan0(self, release):
"""Create data for the debsecan tool (VERSION 0 format)."""
More information about the Secure-testing-commits
mailing list