diff options
author | Guido Günther <agx@sigxcpu.org> | 2016-01-31 09:47:53 +0000 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2016-01-31 09:47:53 +0000 |
commit | c3f21ce0bd2ca3718ceb6903f922da3c1ba64720 (patch) | |
tree | ade74329e9b8aea01baa3a245d35b87ca3cc2ca6 | |
parent | 7fc82dc339f3f9179876827d99427369d84f8a4b (diff) |
Add lts-needs-forward-port
This looks for issues fixed in LTS but yet unfixed in lts_next taking
into account next-oldstable-point-update.txt.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@39374 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rwxr-xr-x | bin/lts-needs-forward-port.py | 99 | ||||
-rw-r--r-- | bin/tracker_data.py | 22 |
2 files changed, 121 insertions, 0 deletions
diff --git a/bin/lts-needs-forward-port.py b/bin/lts-needs-forward-port.py new file mode 100755 index 0000000000..fbf859da98 --- /dev/null +++ b/bin/lts-needs-forward-port.py @@ -0,0 +1,99 @@ +#!/usr/bin/python +# vim: set fileencoding=utf-8 : +# +# Copyright 2016 Guido Günther <agx@sigxcpu.org> +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see <https://www.gnu.org/licenses/>. + +import argparse +import collections +import sys + +from tracker_data import TrackerData, RELEASES + +# lts is currently squeeze, next_lts wheezy +LIST_NAMES = ( + ('needs_fix_in_next_lts', + ('Issues that are unfixed in {next_lts} but fixed in {lts}' + ).format(**RELEASES)), + ('needs_review_in_next_lts', + ('Issues that are no-dsa in {next_lts} but fixed in {lts}' + ).format(**RELEASES)), + ('fixed_via_pu_in_oldstable', + ('Issues that will be fixed via p-u in {oldstable}' + ).format(**RELEASES)), +) + + +def main(): + def add_to_list(key, pkg, issue): + assert key in [l[0] for l in LIST_NAMES] + lists[key][pkg].append(issue) + + parser = argparse.ArgumentParser( + description='Find discrepancies between suites') + parser.add_argument('--skip-cache-update', action='store_true', + help='Skip updating the tracker data cache') + parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES], + help='Filter out specified lists') + + args = parser.parse_args() + + lists = collections.defaultdict(lambda: collections.defaultdict(lambda: [])) + tracker = TrackerData(update_cache=not args.skip_cache_update) + + for pkg in tracker.iterate_packages(): + for issue in tracker.iterate_pkg_issues(pkg): + status_in_lts = issue.get_status('lts') + status_in_next_lts = issue.get_status('next_lts') + + if status_in_lts.status in ('not-affected', 'open'): + continue + + if status_in_lts.status == 'resolved': + # Package will be updated via the next oldstable + # point release + if (issue.name in tracker.oldstable_point_update and + pkg in tracker.oldstable_point_update[issue.name]): + add_to_list('fixed_via_pu_in_oldstable', pkg, issue) + continue + + # The security tracker marks "not-affected" as + # "resolved in version 0" (#812410) + if status_in_lts.reason == 'fixed in 0': + continue + + if status_in_next_lts.status == 'open': + add_to_list('needs_fix_in_next_lts', pkg, issue) + continue + + if status_in_next_lts.status == 'ignored': + add_to_list('needs_review_in_next_lts', pkg, issue) + continue + + for key, desc in LIST_NAMES: + if args.exclude is not None and key in args.exclude: + continue + if not len(lists[key]): + continue + print('{}:'.format(desc)) + for pkg in sorted(lists[key].keys()): + cve_list = ' '.join( + [i.name for i in sorted(lists[key][pkg], + key=lambda i: i.name)]) + print('* {:20s} -> {}'.format(pkg, cve_list)) + print('') + +if __name__ == '__main__': + sys.exit(main()) diff --git a/bin/tracker_data.py b/bin/tracker_data.py index 28f8a7f17a..e1b97ae4f6 100644 --- a/bin/tracker_data.py +++ b/bin/tracker_data.py @@ -103,6 +103,7 @@ class TrackerData(object): with open(self.cached_data_path, 'r') as f: self.data = json.load(f) self.load_dsa_dla_needed() + self.load_point_updates() @classmethod def parse_needed_file(self, inputfile): @@ -137,6 +138,27 @@ class TrackerData(object): with open(os.path.join(self.DATA_DIR, 'dla-needed.txt'), 'r') as f: self.dla_needed = self.parse_needed_file(f) + @classmethod + def parse_point_update_file(self, inputfile): + CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4}' + result = {} + for line in inputfile: + res = re.match(CVE_RE, line) + if res: + cve = res.group(0) + result[cve] = {} + continue + elif line.startswith('\t['): + dist, _, pkg, ver = line.split() + result[cve][pkg] = ver + return result + + def load_point_updates(self): + with open(os.path.join(self.DATA_DIR, 'next-oldstable-point-update.txt'), 'r') as f: + self.oldstable_point_update = self.parse_point_update_file(f) + with open(os.path.join(self.DATA_DIR, 'next-point-update.txt'), 'r') as f: + self.stable_point_update = self.parse_point_update_file(f) + def iterate_packages(self): """Iterate over known packages""" for pkg in self.data: |