[Git][security-tracker-team/security-tracker][master] 2 commits: lts-missing-uploads: don't hardcode lts release

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Aug 18 14:55:21 BST 2022 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0fc6ed2 by Emilio Pozuelo Monfort at 2022-08-18T14:25:33+02:00
lts-missing-uploads: don't hardcode lts release

- - - - -
999e4cdf by Emilio Pozuelo Monfort at 2022-08-18T15:50:57+02:00
lts-missing-uploads: ignore DLAs for older releases

Otherwise we'll check the version in the old DLA against the current
LTS's Sources.

- - - - -


1 changed file:

- bin/lts-missing-uploads


Changes:

=====================================
bin/lts-missing-uploads
=====================================
@@ -26,9 +26,19 @@ import dateutil.relativedelta
 from debian.deb822 import Sources
 from debian.debian_support import Version
 
+import setup_paths  # noqa # pylint: disable=unused-import
+import config
+
+lts = config.get_supported_releases()[0]
+
+
+class DLAForAnotherRelease(Exception):
+    pass
+
+
 class LTSMissingUploads(object):
     MONTHS = 6
-    SOURCES = ['http://security.debian.org/dists/buster/updates/{}/source/Sources.gz'.format(component)
+    SOURCES = ['http://security.debian.org/dists/{}/updates/{}/source/Sources.gz'.format(lts, component)
                for component in ('main', 'contrib', 'non-free')]
 
     re_line = re.compile(
@@ -46,8 +56,11 @@ class LTSMissingUploads(object):
         dlas = {}
         def download(x):
             self.info("{source}: parsing announcement from {url} ...", **x)
-            x.update(self.get_dla(x['url'])[0])
-            dlas[x['source']] = x
+            try:
+                x.update(self.get_dla(x['url'])[0])
+                dlas[x['source']] = x
+            except DLAForAnotherRelease:
+                pass
 
         for idx in range(self.MONTHS):
             dt = datetime.datetime.utcnow().replace(day=1) - \
@@ -112,7 +125,7 @@ class LTSMissingUploads(object):
         return result
 
     def get_dla(self, url):
-        return self.parse(url, self.re_version)
+        return self.parse(url, self.re_version, is_dla=True)
 
     def get_sources(self):
         pkgver = {}
@@ -129,9 +142,14 @@ class LTSMissingUploads(object):
 
         return pkgver
 
-    def parse(self, url, pattern):
+    def parse(self, url, pattern, is_dla=False):
         result = []
 
+        # if parsing a specific DLA (as opposed to the DLAs list), check
+        # if the DLA is for the current LTS release, and ignore if not
+        if is_dla and lts not in self.session.get(url).content.decode('utf-8'):
+            raise DLAForAnotherRelease
+
         for x in self.session.get(url).content.splitlines():
             m = pattern.search(x.decode('utf8'))
 



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6917b6e7dd13538889d89bd6fc854a1a297024b8...999e4cdf0d970523f250e3fe4b1a3da949237f6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6917b6e7dd13538889d89bd6fc854a1a297024b8...999e4cdf0d970523f250e3fe4b1a3da949237f6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/da65ea70/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list