[Git][security-tracker-team/security-tracker][master] 2 commits: Detect issues fixed in buster and bookworm but not in bullseye
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon Jul 14 17:28:13 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2174380 by Francois Lesueur at 2025-07-14T16:28:08+00:00
Detect issues fixed in buster and bookworm but not in bullseye
- - - - -
1a7d17be by Sylvain Beucler at 2025-07-14T16:28:08+00:00
Merge branch 'issue-11' into 'master'
Detect issues fixed in buster and bookworm but not in bullseye
See merge request security-tracker-team/security-tracker!222
- - - - -
2 changed files:
- bin/lts-cve-triage.py
- bin/tracker_data.py
Changes:
=====================================
bin/lts-cve-triage.py
=====================================
@@ -28,10 +28,12 @@ from debian_support import PointUpdateParser
import config
-RELEASES = {
- 'lts': config.get_supported_releases()[0],
- 'next_lts': config.get_supported_releases()[1],
-}
+supported_releases = config.get_supported_releases()
+all_releases = config.get_all_releases()
+RELEASES = {}
+RELEASES['lts'] = supported_releases[0]
+RELEASES['next_lts'] = supported_releases[1]
+RELEASES['prev_lts'] = all_releases[all_releases.index(RELEASES['lts'])-1]
def colored(x, *args, **kwargs):
return x
@@ -49,7 +51,7 @@ except ImportError:
file=sys.stderr)
-TRACKER_URL = 'https://security-tracker.debian.org/tracker/'
+TRACKER_URL = 'https://deb.freexian.com/extended-lts/tracker/'
LIST_NAMES = (
('triage_end_of_life',
@@ -83,6 +85,8 @@ LIST_NAMES = (
('Undetermined issues in {lts}').format(**RELEASES)),
('to_forward',
('Issues fixed in {lts} but not in {next_lts}').format(**RELEASES)),
+ ('from_elts',
+ ('Issues fixed in {prev_lts} and {next_lts} but not in {lts}').format(**RELEASES)),
)
lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
@@ -183,6 +187,24 @@ for pkg in tracker.iterate_packages():
add_to_list('undetermined', pkg, issue)
+tracker_elts = TrackerData(update_cache=not args.skip_cache_update,
+ data_url="https://deb.freexian.com/extended-lts/tracker/data/json",
+ git_url="https://salsa.debian.org/freexian-team/extended-lts/security-tracker.git",
+ id="elts_tracker")
+
+for pkg in tracker_elts.iterate_packages():
+ for issue in tracker_elts.iterate_pkg_issues(pkg):
+ status_in_lts = issue.get_status(RELEASES['lts'])
+ status_in_next_lts = issue.get_status(RELEASES['next_lts'])
+ status_in_elts = issue.get_status(RELEASES['prev_lts'])
+
+ if (status_in_elts.status == 'resolved' and status_in_elts.reason != 'fixed in 0'
+ and status_in_next_lts.status == 'resolved'
+ and status_in_lts.status not in ('resolved', 'not-affected')
+ and status_in_lts.urgency != 'unimportant'):
+ add_to_list('from_elts', pkg, issue)
+
+
for key, desc in LIST_NAMES:
if args.filter is not None and key not in args.filter:
continue
@@ -214,5 +236,4 @@ for key, desc in LIST_NAMES:
x.data['releases'][RELEASES['lts']]['nodsa_reason']
or '')),
)
-
print('')
=====================================
bin/tracker_data.py
=====================================
@@ -13,6 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
+import functools
import json
import os.path
import re
@@ -26,36 +27,33 @@ from debian_support import PointUpdateParser
class TrackerData(object):
- DATA_URL = "https://security-tracker.debian.org/tracker/data/json"
- GIT_URL = "https://salsa.debian.org/security-tracker-team/security-tracker.git"
CACHED_DATA_DIR = "~/.cache"
- CACHED_DATA_PATH = "~/.cache/debian_security_tracker.json"
- CACHED_REVISION_PATH = "~/.cache/debian_security_tracker.rev"
- GET_REVISION_COMMAND = \
- "LC_ALL=C git ls-remote %s HEAD | cut -f1" % GIT_URL
+ CACHED_DATA_PATH_FMT = "~/.cache/{}.json"
+ CACHED_REVISION_PATH_FMT = "~/.cache/{}.rev"
DATA_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'data')
- def __init__(self, update_cache=True):
- self._latest_revision = None
+ def __init__(self, update_cache=True,
+ data_url="https://security-tracker.debian.org/tracker/data/json",
+ git_url="https://salsa.debian.org/security-tracker-team/security-tracker.git",
+ id="debian_security_tracker"):
+ self.data_url = data_url
+ self.git_url = git_url
+ self.id = id
self.cached_data_dir = os.path.expanduser(self.CACHED_DATA_DIR)
- self.cached_data_path = os.path.expanduser(self.CACHED_DATA_PATH)
+ self.cached_data_path = os.path.expanduser(self.CACHED_DATA_PATH_FMT.format(id))
self.cached_revision_path = os.path.expanduser(
- self.CACHED_REVISION_PATH)
+ self.CACHED_REVISION_PATH_FMT.format(id))
if update_cache:
self.update_cache()
self.load()
- @property
+ @functools.cached_property
def latest_revision(self):
"""Return the current revision of the Git repository"""
- # Return cached value if available
- if self._latest_revision is not None:
- return self._latest_revision
- # Otherwise call out to git to get the latest revision
- output = subprocess.check_output(self.GET_REVISION_COMMAND,
- shell=True)
- self._latest_revision = output.strip()
- return self._latest_revision
+ output = subprocess.check_output(["git", "ls-remote", self.git_url, "HEAD"],
+ env={"LC_ALL": "C"},
+ shell=False)
+ return output.split()[0]
def _cache_must_be_updated(self):
"""Verify if the cache is out of date"""
@@ -75,9 +73,9 @@ class TrackerData(object):
if not self._cache_must_be_updated():
return
- print("Updating {} from {} ...".format(self.CACHED_DATA_PATH,
- self.DATA_URL))
- response = requests.get(self.DATA_URL, allow_redirects=True)
+ print("Updating {} from {} ...".format(self.CACHED_DATA_PATH_FMT.format(self.id),
+ self.data_url))
+ response = requests.get(self.data_url, allow_redirects=True)
response.raise_for_status()
# if ~/.cache does not exist, then open() will fail
if not os.path.exists(self.cached_data_dir):
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4625bd246f147d00f089ae32a7ddbbcf22d37b0a...1a7d17be8342ecb7f0fc0171f5ff35fce64673ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4625bd246f147d00f089ae32a7ddbbcf22d37b0a...1a7d17be8342ecb7f0fc0171f5ff35fce64673ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/7acd70a5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list