| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9092 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9091 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9090 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8951 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8909 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8857 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this change, an update from the CVE database may result
in failed consistency checks, which is not desirable.
In a later commit, the web front end will be extended to list
such CVE entries. This will provide interested parties with
a means to perform cleanups.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7720 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7719 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
This means that we can simplify bugs.BugBase.cveStatus a bit.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7718 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following methods are removed:
bugs.PackageNote.affects
bugs.PackageNote.affectsKernel
bugs.PackageNote.fixedVersion
bugs.PackageNote.sourceStatus
bugs.BugBase.hasTODO
bugs.BugBase.isKernelOnly
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7715 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
| |
These days, we need the APT algorithm, not the one described in
policy. Requiring python-apt leads to a clear error message up front,
instead of an obscure one much later in the process.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6994 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Make runnable as a script, for testing purposes.
(Parser.characters): Keep whole node string, not just the last part.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6061 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
Losen type checks for string arguments, to support Unicode strings.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5989 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
Store pickled data as blob in the SQLite database.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5988 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
Support Unicode strings by converting them to UTF-8.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5987 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
| |
Add destructor to close the SQLite database object explicitly.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5986 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5861 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Field names are not necessarily separated by a space from the
field content.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5785 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
| |
packages which are no longer present in the archive.
* lib/python/security_db.py
(DB.readBugs.do_parse): Ignore duplicate packages.
(DB.readBugs): Treat removed-packages as yet another input file.
(DB.readRemovedPackages): Resurrect method.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5668 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
No longer create version 0 debsecan data for woody.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5665 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Adjust SQL for the testing_status view to what's actually
in the database.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5639 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
A manual schema migration is required here.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5637 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5635 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entries for etch, and new ones for lenny. Our previous automatic
tagging of all entries as etch does not work anymore. Hence,
we make the release indicator explicit.
* lib/python/bugs.py (DTSAFile.finishBug):
Verify that a release has been specified. No longer default to
"etch".
* data/DTSA/list
Mark all entries as etch.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5632 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to track firefox issues again.
* lib/python/bugs.py (FileBase):
Keep track of removed packages.
* lib/python/security_db.py
(DB.readBugs): Populate removed_packages table using <removed> entries.
(DB.readRemovedPackages): Remove method.
* bin/update-db:
Do not call readRemovedPackages anymore.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5470 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
(Yeah, less than stellar engineering that this isn't concentrated
in a single place.)
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5103 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
DB.getBugsForSourcePackage):
Ignore bugs in woody.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5101 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
| |
lib/python/security_db.py (DB._initViews):
Add no_dsa column to the testing_status table.
bin/tracker_service.py (TrackerService.page_status_release_testing):
Use it to implement the filter in the same way as for "stable".
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5100 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Yet another fix for ~ versions.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4782 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Relax regexp for source versions, to support the new ~ syntax.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4773 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
The archive currently violates this constraint.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4738 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
| |
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4534 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
| |
(Version): Implement using apt_pkg if APT is available.
(version_compare): Add.
* lib/python/security_db.py
(DB._initFunctions): Directly invoke debian_support.version_compare.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4236 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Fix name generation for bugs involving <no-dsa> notes.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4110 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
| |
Add hide_check parameter.
* bin/tracker_service.py (TrackerService.page_status_todo):
Use it.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4005 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
preliminary.
lib/python/bugs.py (PackageNoteNoDSA):
New class.
(BugBase.__init__):
Losen assert to include PackageNoteNoDSA.
(FileBase.__iter__):
Create PackageNoteNoDSA objects.
lib/python/security_db.py (DB):
Bump schema version to 21. Add package_notes_nodsa table.
Add schema migration code.
(DB.readBugs):
Clear package_notes_nodsa table.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3858 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Fix.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3857 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
| |
New method.
(URLFactory.updateParams):
Implement using updateParamsDict.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3856 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
New function.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3593 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Handle <no-dsa>, by treating it as <unfixed> for now.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3228 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
| |
Record versions of source packages from binary packages, too,
to include versions from binary-only NMUs. This is expected
to fix Debian bug #345158, reported against debsecan.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3179 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
| |
Only include CVE-* and FAKE-* vulnerabilities in version 1 data.
(The other data is redundant anyway, and no unstable vulnerability
status information is available.)
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3147 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Existence of a release-specific fix means that sid was vulnerable at
some point (this is central to our tracking model).
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3145 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Non-unstable versions needs ">=", too.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3135 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Yet another fix for urgency calculation. Blecch.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3133 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Optimize vulnerability list. Further tweaks to urgency handling:
'unimportant' does not trump 'unknown'.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3132 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Rework maximum urgency calculation. "unknown" no longer
overrides other urgencies.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3131 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
| |
Even an equal version provides a fix.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3130 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add index on package_notes(package) (no schema version bump needed).
(DB.calculateDebsecan0):
Renamed from DB.calculateDebsecan.
(DB.calculateDebsecan1):
New method which generates version 1 format (with pinning support
wtc.).
(DB.calculateDebsecan):
Invokes both the version 0 and version 1 methods.
bin/update-db:
Adjust accordingly.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3129 e39458fd-73e7-0310-bf30-c45bca0a0e42
|
|
|
|
|
|
|
|
| |
Check that a fixed package is actually available in sid, and do not
trust the list files.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3122 e39458fd-73e7-0310-bf30-c45bca0a0e42
|