[Secure-testing-commits] r29228 - bin lib/python

Holger Levsen holger at moszumanska.debian.org
Fri Oct 3 07:36:36 UTC 2014


Author: holger
Date: 2014-10-03 07:36:36 +0000 (Fri, 03 Oct 2014)
New Revision: 29228

Modified:
   bin/tracker_service.py
   lib/python/bugs.py
   lib/python/debian_support.py
   lib/python/security_db.py
Log:
WIP: improve backports support. (this is really WIP: see debian_support.py)

Modified: bin/tracker_service.py
===================================================================
--- bin/tracker_service.py	2014-10-03 07:36:34 UTC (rev 29227)
+++ bin/tracker_service.py	2014-10-03 07:36:36 UTC (rev 29228)
@@ -376,12 +376,12 @@
                        self.make_debian_bug_list(url, debian_bugs))
 
             if not bug.not_for_us:
-                for (release, status, reason) in bug.getStatus(cursor):
+                for (release, subrelease, status, reason) in bug.getStatus(cursor):
                     if status == 'undetermined':
                         reason = self.make_purple(reason)
                     elif status <> 'fixed':
                         reason = self.make_red(reason)
-                    yield B('Debian/%s' % release), reason
+                    yield B('Debian/%s %s' % (release, subrelease)), reason
 
         page.append(make_table(gen_header()))
 

Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py	2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/bugs.py	2014-10-03 07:36:36 UTC (rev 29228)
@@ -374,10 +374,10 @@
     def getStatus(self, cursor):
         """Calculate bug status.
 
-        Returns list of tuples (RELEASE, STATUS, REASON)."""
+        Returns list of tuples (RELEASE, SUBRELEASE, STATUS, REASON)."""
         
         return list(cursor.execute(
-            """SELECT release, status, reason
+            """SELECT release, subrelease, status, reason
             FROM bug_status WHERE bug_name = ?""",
             (self.name,)))
 

Modified: lib/python/debian_support.py
===================================================================
--- lib/python/debian_support.py	2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/debian_support.py	2014-10-03 07:36:36 UTC (rev 29228)
@@ -71,7 +71,7 @@
 
 # This regular expression is used to strip ~bpo1 and ~volatile1 from
 # version numbers before they are compared.
-_version_normalize_regexp = re.compile(r"~(?:bpo|volatile)[0-9.+]+$")
+_version_normalize_regexp = re.compile(r"~(?:xxxxxxxxxxxxxxxx|yyyyyyyyyyyyyyyy)[0-9.+]+$")
 
 class Version:
     """Version class which uses the original APT comparison algorithm.

Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py	2014-10-03 07:36:34 UTC (rev 29227)
+++ lib/python/security_db.py	2014-10-03 07:36:36 UTC (rev 29228)
@@ -271,11 +271,12 @@
         cursor.execute("""CREATE TABLE bug_status
         (bug_name TEXT NOT NULL,
          release TEXT NOT NULL,
+         subrelease TEXT NOT NULL,
          status TEXT NOT NULL
              CHECK (status IN ('vulnerable', 'fixed', 'unknown', 'undetermined',
                                'partially-fixed', 'todo')),
          reason TEXT NOT NULL,
-         PRIMARY KEY (bug_name, release))""")
+         PRIMARY KEY (bug_name, release, subrelease))""")
 
         cursor.execute("""CREATE TABLE source_package_status
         (bug_name TEXT NOT NULL,
@@ -1174,24 +1175,24 @@
                     pkgs += ("packages %s may be vulnerable but need to be checked."
                              % ', '.join(undetermined_packages))
             cursor.execute("""INSERT INTO bug_status
-                (bug_name, release, status, reason)
-                VALUES (?, 'unstable', ?, ?)""", (bug_name, status, pkgs))
+                (bug_name, release, subrelease, status, reason)
+                VALUES (?, 'unstable', '', ?, ?)""", (bug_name, status, pkgs))
         elif unimportant_packages:
             if len(unimportant_packages) == 1:
                 pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimportant_packages[0]
             else:
                 pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimportant_packages))
             cursor.execute("""INSERT INTO bug_status
-                (bug_name, release, status, reason)
-                VALUES (?, 'unstable', 'fixed', ?)""", (bug_name, pkgs))
+                (bug_name, release, subrelease, status, reason)
+                VALUES (?, 'unstable', '', 'fixed', ?)""", (bug_name, pkgs))
         else:
             if have_something:
                 status = "not vulnerable."
             else:
                 status = "not known to be vulnerable."
             cursor.execute("""INSERT INTO bug_status
-                (bug_name, release, status, reason)
-                VALUES (?, 'unstable', 'fixed', ?)""",
+                (bug_name, release, subrelease, status, reason)
+                VALUES (?, 'unstable', '', 'fixed', ?)""",
                       (bug_name, status))
 
     def _calcTesting(self, cursor, bug_name, suite, nickname):
@@ -1201,85 +1202,85 @@
         # note/release/subrelease triple, but we should check that
         # here.
 
-        status = {'' : {}, 'security' : {}, 'lts' :	{}, 'backports' : {}}
+        status = {'' : {}, 'security' : {}, 'lts' :    {}, 'backports' : {}}
         for (package, note, subrelease, vulnerable, urgency) in cursor.execute(
             """SELECT DISTINCT sp.name, n.id, sp.subrelease,
             st.vulnerable, n.urgency
             FROM source_package_status AS st,
             source_packages AS sp, package_notes AS n
             WHERE st.bug_name = ? AND sp.rowid = st.package
-            AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts', 'backports')
+            AND sp.release = ?
             AND n.bug_name = st.bug_name AND n.package = sp.name
             ORDER BY sp.name""",
             (bug_name, nickname)):
             status[subrelease][(package, note)] = (vulnerable,urgency)
+	    if package == "bind9":
+		print package, note, subrelease, vulnerable, urgency
 
-        # Check if any packages in plain testing are vulnerable, and
-        # if all of those have been fixed in the security archive.
-        fixed_in_security = True
-        unfixed_pkgs = {}
-        undet_pkgs = {}
-        unimp_pkgs = {}
-        for ((package, note), (vulnerable, urgency)) in status[''].items():
+            # Check if any packages in plain testing are vulnerable, and
+            # if all of those have been fixed in the security archive.
+            fixed_in_security = False
+            fixed_in_lts = False
+            unfixed_pkgs = {}
+            undet_pkgs = {}
+            unimp_pkgs = {}
             if vulnerable == 1:
                 if urgency == 'unimportant':
                     unimp_pkgs[package] = True
                 else:
                     unfixed_pkgs[package] = True
                 if status['security'].get((package, note), True):
-                    fixed_in_security = False
+                    fixed_in_security = True
                 elif status['lts'].get((package, note), True):
-                    fixed_in_security = False
-                elif status['backports'].get((package, note), True):
-                    fixed_in_security = False
+                    fixed_in_lts = True
             elif vulnerable == 2:
                 undet_pkgs[package] = True
 
-        unfixed_pkgs = unfixed_pkgs.keys()
-        unfixed_pkgs.sort()
-        undet_pkgs = undet_pkgs.keys()
-        undet_pkgs.sort()
-        unimp_pkgs = unimp_pkgs.keys()
-        unimp_pkgs.sort()
+            unfixed_pkgs = unfixed_pkgs.keys()
+            unfixed_pkgs.sort()
+            undet_pkgs = undet_pkgs.keys()
+            undet_pkgs.sort()
+            unimp_pkgs = unimp_pkgs.keys()
+            unimp_pkgs.sort()
 
-        pkgs = ""
-        result = "undetermined"
-        if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0:
-            if len(status[''].keys()) == 0:
-                pkgs += "not known to be vulnerable."
-            else:
-                pkgs += "not vulnerable."
-            result = "fixed"
-        if len(unfixed_pkgs) > 0:
-            if len(unfixed_pkgs) == 1:
-                pkgs += "package " + unfixed_pkgs[0] + " is "
-            else:
-                pkgs += "packages " + ", ".join(unfixed_pkgs) + " are "
-            if fixed_in_security:
-                pkgs = "%sfixed in %s-security. " % (pkgs, suite)
-                if suite == "stable":
+            pkgs = ""
+            result = "undetermined"
+            if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0:
+                if len(status[subrelease].keys()) == 0:
+                    pkgs += "not known to be vulnerable."
+                else:
+                    pkgs += "not vulnerable."
+                result = "fixed"
+            if len(unfixed_pkgs) > 0:
+                if len(unfixed_pkgs) == 1:
+                    pkgs += "package " + unfixed_pkgs[0] + " is "
+                else:
+                    pkgs += "packages " + ", ".join(unfixed_pkgs) + " are "
+                if fixed_in_security:
+                    pkgs = "%sfixed in %s-security. " % (pkgs, suite)
                     result = "fixed"
+                elif fixed_in_lts:
+                    pkgs = "%sfixed in %s-lts. " % (pkgs, suite)
+                    result = "fixed"
                 else:
-                    result = "partially-fixed"
-            else:
-                pkgs += "vulnerable. "
-                result = "vulnerable"
-        if len(undet_pkgs) > 0:
-            if len(undet_pkgs) == 1:
-                pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked."
-            else:
-                pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked."
-        if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0:
-            result = "fixed"
-            if len(unimp_pkgs) == 1:
-                pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0]
-            else:
-                pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs))
+                    pkgs += "vulnerable. "
+                    result = "vulnerable"
+            if len(undet_pkgs) > 0:
+                if len(undet_pkgs) == 1:
+                    pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked."
+                else:
+                    pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked."
+            if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0:
+                result = "fixed"
+                if len(unimp_pkgs) == 1:
+                    pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0]
+                else:
+                    pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs))
 
-        cursor.execute("""INSERT INTO bug_status
-        (bug_name, release, status, reason)
-        VALUES (?, ?, ?, ?)""",
-              (bug_name, suite, result, pkgs))
+            cursor.execute("""INSERT INTO bug_status
+            (bug_name, release, subrelease, status, reason)
+            VALUES (?, ?, ?, ?, ?)""",
+                  (bug_name, suite, '', result, pkgs))
 
     def calculateDebsecan0(self, release):
         """Create data for the debsecan tool (VERSION 0 format)."""




More information about the Secure-testing-commits mailing list