[Git][security-tracker-team/security-tracker][master] 2 commits: lts-cve-triage.py: allow setting the target dists
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Thu Jun 4 08:11:35 BST 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e2e73fa by Sylvain Beucler at 2026-06-04T09:11:30+02:00
lts-cve-triage.py: allow setting the target dists
During the short bullseye&bookworm-lts period, we'll be able to run e.g.
prev_lts lts next_lts
$ bin/lts-cve-triage.py --releases buster bullseye trixie
$ bin/lts-cve-triage.py --releases buster bookworm trixie
- - - - -
7ccc9569 by Sylvain Beucler at 2026-06-04T09:11:30+02:00
lts-cve-triage.py: allow filtering dla_needed.txt dist
This is needed for the temporary bullseye+bookworm-lts period.
This could be reverted on September 1st.
- - - - -
2 changed files:
- bin/lts-cve-triage.py
- bin/tracker_data.py
Changes:
=====================================
bin/lts-cve-triage.py
=====================================
@@ -4,7 +4,7 @@
# Copyright (C) 2015, 2017 Guido Günther <agx at sigxcpu.org>
# Copyright (C) 2016, 2017, 2019, 2021 Chris Lamb <lamby at debian.org>
# Copyright (C) 2016 Mike Gabriel <sunweaver at debian.org>
-# Copyright (C) 2019, 2022, 2024, 2025 Sylvain Beucler <beuc at beuc.net>
+# Copyright (C) 2019, 2022, 2024, 2025, 2026 Sylvain Beucler <beuc at beuc.net>
# Copyright (C) 2019, 2020, 2023 Emilio Pozuelo Monfort <pochu at debian.org>
# Copyright (C) 2025 François Lesueur <flesueur at alwaysdata.com>
#
@@ -42,9 +42,6 @@ import config
supported_releases = config.get_supported_releases()
all_releases = config.get_all_releases()
RELEASES = {}
-RELEASES['lts'] = supported_releases[0]
-RELEASES['next_lts'] = supported_releases[1]
-RELEASES['prev_lts'] = all_releases[all_releases.index(RELEASES['lts'])-1]
def colored(x, *args, **kwargs):
return x
@@ -71,36 +68,30 @@ TRACKER_LINK_URL = 'https://deb.freexian.com/extended-lts/tracker/'
# > consistency checks
LIST_NAMES = (
('triage_possible_easy_fixes',
- ('Issues not yet triaged for {lts}, but already fixed in {next_lts}')
- .format(**RELEASES)),
+ ('Issues not yet triaged for {lts}, but already fixed in {next_lts}')),
('triage_already_in_dsa_needed',
- ('Issues to triage for {lts} that are already in dsa-needed')
- .format(**RELEASES)),
+ ('Issues to triage for {lts} that are already in dsa-needed')),
('triage_other',
'Unclassified issues to triage (likely LTS-specific)'),
('triage_likely_nodsa',
- ('Issues to triage for {lts} that are no-dsa in {next_lts}')
- .format(**RELEASES)),
+ ('Issues to triage for {lts} that are no-dsa in {next_lts}')),
('triage_limited_support',
'Issues on packages with limited support (review support rules)'),
('triage_end_of_life',
- 'Issues to mark as <end-of-life> for {lts}'.format(**RELEASES)),
+ 'Issues to mark as <end-of-life> for {lts}'),
('triage_other_not_triaged_in_next_lts',
- ('Other issues to triage for {lts} (not yet triaged for {next_lts})')
- .format(**RELEASES)),
+ ('Other issues to triage for {lts} (not yet triaged for {next_lts})')),
('from_next_lts',
- ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (low priority)')
- .format(**RELEASES)),
+ ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (low priority)')),
('unexpected_nodsa',
- ('Issues tagged no-dsa in {lts} that are open in {next_lts}')
- .format(**RELEASES)),
+ ('Issues tagged no-dsa in {lts} that are open in {next_lts}')),
('to_forward',
('Issues fixed in {lts} but not in {next_lts} (low priority) [caution: new report]'
- + '\ncf. https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?label_name%5B%5D=%28O%29SPU ').format(**RELEASES)),
+ + '\ncf. https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?label_name%5B%5D=%28O%29SPU ')),
('from_elts',
- ('Issues fixed in {prev_lts} and {next_lts} but not in {lts} [caution: new report]').format(**RELEASES)),
+ ('Issues fixed in {prev_lts} and {next_lts} but not in {lts} [caution: new report]')),
('undetermined',
- ('Undetermined issues in {lts}').format(**RELEASES)),
+ ('Undetermined issues in {lts}')),
)
lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
@@ -113,9 +104,21 @@ parser.add_argument('--filter', nargs='+', choices=[x[0] for x in LIST_NAMES],
help='Only report on specified lists')
parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
help='Do not report on the specified lists')
+parser.add_argument('--releases', action='store', nargs=3,
+ metavar=('prev_ls','lts','next_lts'),
+ default=[
+ all_releases[all_releases.index(supported_releases[0])-1],
+ supported_releases[0],
+ supported_releases[1]
+ ], help='Override target releases')
args = parser.parse_args()
-tracker = TrackerData(update_cache=not args.skip_cache_update)
+(RELEASES['prev_lts'],RELEASES['lts'],RELEASES['next_lts'],) = args.releases
+# Expand dist names in descriptions
+LIST_NAMES = [(title,desc.format(**RELEASES)) for title,desc in LIST_NAMES]
+
+tracker = TrackerData(update_cache=not args.skip_cache_update,
+ dla_dist_filter=RELEASES['lts'])
unsupported = UnsupportedPackages(codename=RELEASES['lts'],
update_cache=not args.skip_cache_update)
limited = LimitedSupportPackages(codename=RELEASES['lts'],
=====================================
bin/tracker_data.py
=====================================
@@ -47,7 +47,8 @@ class TrackerData(object):
def __init__(self, update_cache=True,
data_url="https://security-tracker.debian.org/tracker/data/json",
git_url="https://salsa.debian.org/security-tracker-team/security-tracker.git",
- id="debian_security_tracker"):
+ id="debian_security_tracker",
+ dla_dist_filter=None):
self.data_url = data_url
self.git_url = git_url
self.id = id
@@ -57,7 +58,7 @@ class TrackerData(object):
self.CACHED_REVISION_PATH_FMT.format(id))
if update_cache:
self.update_cache()
- self.load()
+ self.load(dla_dist_filter)
@functools.cached_property
def latest_revision(self):
@@ -97,15 +98,15 @@ class TrackerData(object):
with open(self.cached_revision_path, 'wb') as rev_file:
rev_file.write(self.latest_revision)
- def load(self):
+ def load(self, dla_dist_filter=None):
with open(self.cached_data_path, 'r') as f:
self.data = json.load(f)
- self.load_dsa_dla_needed()
+ self.load_dsa_dla_needed(dla_dist_filter)
self.load_point_updates()
@classmethod
- def parse_needed_file(self, inputfile):
- PKG_RE = r'^([a-z0-9.+-]+)(?:/[a-z]+)?(?:\s+\((.*)\))?$'
+ def parse_needed_file(self, inputfile, dist_filter=None):
+ PKG_RE = r'^([a-z0-9.+-]+)(?:/([a-z]+))?(?:\s+\((.*)\))?$'
SEP_RE = r'^--$'
state = 'LOOK_FOR_SEP'
result = {}
@@ -124,19 +125,25 @@ class TrackerData(object):
elif state == 'LOOK_FOR_PKG':
res = re.match(PKG_RE, line)
if res:
- package = res.group(1)
- result[package] = {
- 'taken_by': res.group(2),
- 'more': '',
- }
+ dist = res.group(2)
+ if (dist is None or
+ (dist_filter is not None and dist == dist_filter)):
+ package = res.group(1)
+ else:
+ package = None
+ if package:
+ result[package] = {
+ 'taken_by': res.group(3),
+ 'more': '',
+ }
state = 'LOOK_FOR_SEP'
return result
- def load_dsa_dla_needed(self):
+ def load_dsa_dla_needed(self, dla_dist_filter=None):
with open(os.path.join(self.DATA_DIR, 'dsa-needed.txt'), 'r') as f:
self.dsa_needed = self.parse_needed_file(f)
with open(os.path.join(self.DATA_DIR, 'dla-needed.txt'), 'r') as f:
- self.dla_needed = self.parse_needed_file(f)
+ self.dla_needed = self.parse_needed_file(f, dla_dist_filter)
def load_point_updates(self):
self.oldstable_point_update = PointUpdateParser.parseNextOldstablePointUpdate()
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/041e012c118f3971fbf3ba07c153684f27949990...7ccc95698a115d064007e9783101421b48fa42eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/041e012c118f3971fbf3ba07c153684f27949990...7ccc95698a115d064007e9783101421b48fa42eb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/f6cfa524/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list