[Git][security-tracker-team/security-tracker][master] 3 commits: remove-cve-dist-tags: remove empty CVE entries
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Tue Feb 1 15:18:07 GMT 2022
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8106732 by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00
remove-cve-dist-tags: remove empty CVE entries
This can happen in ExtendFiles if they only contain dist tags
that are being removed.
- - - - -
47e07c9c by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00
gen-DSA: sanitize DISTS var after calculating it
Rather than have every user have to do it.
- - - - -
63516a0c by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00
gen-DSA: diff and commit changes to extracvefile
In case we're processing a dist that uses an ExtendFile.
- - - - -
2 changed files:
- bin/gen-DSA
- bin/remove-cve-dist-tags
Changes:
=====================================
bin/gen-DSA
=====================================
@@ -372,8 +372,10 @@ for dist in $CODENAMES; do
[ -z "$version" ] || DISTS="${DISTS},${dist}"
done
+DISTS="${DISTS#,}"
+
if [ -n "${DISTS}" ]; then
- bin/remove-cve-dist-tags "${DISTS#,}" "${PACKAGE}" ${CVE}
+ bin/remove-cve-dist-tags "${DISTS}" "${PACKAGE}" ${CVE}
fi
if ! $save; then
@@ -412,9 +414,12 @@ EOF
echo "$IDMODE text written to ./$IDMODE-$DAID"
if [ "$IDMODE" = "DLA" ] || [ "$IDMODE" = "ELA" ]; then
idmode=$(echo "$IDMODE" | tr A-Z a-z)
+ if [ -n "${DISTS}" ]; then
+ extracvefile=`jq -r ".distributions.${DISTS}.maincvefile" data/config.json`
+ fi
if [ -d .git ]; then
echo "Made the following changes:"
- git diff -- data/$IDMODE/list data/CVE/list $needed_file
+ git diff -- data/$IDMODE/list data/CVE/list $extracvefile $needed_file
if ! git diff-index --name-only HEAD -- $needed_file | grep -qs . && [ $TYPE = security ]; then
warn "did not make any changes to $needed_file - this may indicate duplicate work or misspelled package name"
fi
@@ -424,7 +429,7 @@ EOF
echo -n "Do you want to commit and push them now ? [Yn] "
read reply
if [ "$reply" = "Y" ] || [ "$reply" = "" ] || [ "$reply" = "y" ]; then
- git add data/$IDMODE/list data/CVE/list $needed_file
+ git add data/$IDMODE/list data/CVE/list $extracvefile $needed_file
git commit -m "Reserve $IDMODE-$DAID for $PACKAGE"
git push origin master
fi
=====================================
bin/remove-cve-dist-tags
=====================================
@@ -56,6 +56,12 @@ for cve in data:
if keep_annotation(cve, annotation)
)
cve = cve._replace(annotations=annotations)
+ if not cve.annotations:
+ # this shouldn't happen on a normal CVE file as we're only removing
+ # the dist specific tags, but it may happen in an ExtendFile, in
+ # which case we don't want to keep an empty CVE entry
+ continue
+
new_data.append(cve)
with open(main_list, 'w') as f:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d18f65e690cc218bcda4fc715d57a61082664af7...63516a0cf95e2d6a5b43cfceb44e48c0e0572825
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d18f65e690cc218bcda4fc715d57a61082664af7...63516a0cf95e2d6a5b43cfceb44e48c0e0572825
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220201/2cf70e76/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list