[Secure-testing-commits] r39374 - bin
Guido Guenther
agx at moszumanska.debian.org
Sun Jan 31 09:47:53 UTC 2016
Author: agx
Date: 2016-01-31 09:47:53 +0000 (Sun, 31 Jan 2016)
New Revision: 39374
Added:
bin/lts-needs-forward-port.py
Modified:
bin/tracker_data.py
Log:
Add lts-needs-forward-port
This looks for issues fixed in LTS but yet unfixed in lts_next taking
into account next-oldstable-point-update.txt.
Added: bin/lts-needs-forward-port.py
===================================================================
--- bin/lts-needs-forward-port.py (rev 0)
+++ bin/lts-needs-forward-port.py 2016-01-31 09:47:53 UTC (rev 39374)
@@ -0,0 +1,99 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copyright 2016 Guido Günther <agx at sigxcpu.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <https://www.gnu.org/licenses/>.
+
+import argparse
+import collections
+import sys
+
+from tracker_data import TrackerData, RELEASES
+
+# lts is currently squeeze, next_lts wheezy
+LIST_NAMES = (
+ ('needs_fix_in_next_lts',
+ ('Issues that are unfixed in {next_lts} but fixed in {lts}'
+ ).format(**RELEASES)),
+ ('needs_review_in_next_lts',
+ ('Issues that are no-dsa in {next_lts} but fixed in {lts}'
+ ).format(**RELEASES)),
+ ('fixed_via_pu_in_oldstable',
+ ('Issues that will be fixed via p-u in {oldstable}'
+ ).format(**RELEASES)),
+)
+
+
+def main():
+ def add_to_list(key, pkg, issue):
+ assert key in [l[0] for l in LIST_NAMES]
+ lists[key][pkg].append(issue)
+
+ parser = argparse.ArgumentParser(
+ description='Find discrepancies between suites')
+ parser.add_argument('--skip-cache-update', action='store_true',
+ help='Skip updating the tracker data cache')
+ parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
+ help='Filter out specified lists')
+
+ args = parser.parse_args()
+
+ lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
+ tracker = TrackerData(update_cache=not args.skip_cache_update)
+
+ for pkg in tracker.iterate_packages():
+ for issue in tracker.iterate_pkg_issues(pkg):
+ status_in_lts = issue.get_status('lts')
+ status_in_next_lts = issue.get_status('next_lts')
+
+ if status_in_lts.status in ('not-affected', 'open'):
+ continue
+
+ if status_in_lts.status == 'resolved':
+ # Package will be updated via the next oldstable
+ # point release
+ if (issue.name in tracker.oldstable_point_update and
+ pkg in tracker.oldstable_point_update[issue.name]):
+ add_to_list('fixed_via_pu_in_oldstable', pkg, issue)
+ continue
+
+ # The security tracker marks "not-affected" as
+ # "resolved in version 0" (#812410)
+ if status_in_lts.reason == 'fixed in 0':
+ continue
+
+ if status_in_next_lts.status == 'open':
+ add_to_list('needs_fix_in_next_lts', pkg, issue)
+ continue
+
+ if status_in_next_lts.status == 'ignored':
+ add_to_list('needs_review_in_next_lts', pkg, issue)
+ continue
+
+ for key, desc in LIST_NAMES:
+ if args.exclude is not None and key in args.exclude:
+ continue
+ if not len(lists[key]):
+ continue
+ print('{}:'.format(desc))
+ for pkg in sorted(lists[key].keys()):
+ cve_list = ' '.join(
+ [i.name for i in sorted(lists[key][pkg],
+ key=lambda i: i.name)])
+ print('* {:20s} -> {}'.format(pkg, cve_list))
+ print('')
+
+if __name__ == '__main__':
+ sys.exit(main())
Property changes on: bin/lts-needs-forward-port.py
___________________________________________________________________
Added: svn:executable
+ *
Modified: bin/tracker_data.py
===================================================================
--- bin/tracker_data.py 2016-01-31 09:46:03 UTC (rev 39373)
+++ bin/tracker_data.py 2016-01-31 09:47:53 UTC (rev 39374)
@@ -103,6 +103,7 @@
with open(self.cached_data_path, 'r') as f:
self.data = json.load(f)
self.load_dsa_dla_needed()
+ self.load_point_updates()
@classmethod
def parse_needed_file(self, inputfile):
@@ -137,6 +138,27 @@
with open(os.path.join(self.DATA_DIR, 'dla-needed.txt'), 'r') as f:
self.dla_needed = self.parse_needed_file(f)
+ @classmethod
+ def parse_point_update_file(self, inputfile):
+ CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4}'
+ result = {}
+ for line in inputfile:
+ res = re.match(CVE_RE, line)
+ if res:
+ cve = res.group(0)
+ result[cve] = {}
+ continue
+ elif line.startswith('\t['):
+ dist, _, pkg, ver = line.split()
+ result[cve][pkg] = ver
+ return result
+
+ def load_point_updates(self):
+ with open(os.path.join(self.DATA_DIR, 'next-oldstable-point-update.txt'), 'r') as f:
+ self.oldstable_point_update = self.parse_point_update_file(f)
+ with open(os.path.join(self.DATA_DIR, 'next-point-update.txt'), 'r') as f:
+ self.stable_point_update = self.parse_point_update_file(f)
+
def iterate_packages(self):
"""Iterate over known packages"""
for pkg in self.data:
More information about the Secure-testing-commits
mailing list