Add lts-needs-forward-port

This looks for issues fixed in LTS but yet unfixed in lts_next taking
into account next-oldstable-point-update.txt.

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@39374 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 121 insertions, 0 deletions

diff --git a/bin/lts-needs-forward-port.py b/bin/lts-needs-forward-port.py
new file mode 100755
index 0000000000..fbf859da98
--- /dev/null
+++ b/bin/lts-needs-forward-port.py
@@ -0,0 +1,99 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copyright 2016 Guido Günther <agx@sigxcpu.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <https://www.gnu.org/licenses/>.
+
+import argparse
+import collections
+import sys
+
+from tracker_data import TrackerData, RELEASES
+
+# lts is currently squeeze, next_lts wheezy
+LIST_NAMES = (
+    ('needs_fix_in_next_lts',
+     ('Issues that are unfixed in {next_lts} but fixed in {lts}'
+      ).format(**RELEASES)),
+    ('needs_review_in_next_lts',
+     ('Issues that are no-dsa in {next_lts} but fixed in {lts}'
+      ).format(**RELEASES)),
+    ('fixed_via_pu_in_oldstable',
+     ('Issues that will be fixed via p-u in {oldstable}'
+      ).format(**RELEASES)),
+)
+
+
+def main():
+    def add_to_list(key, pkg, issue):
+        assert key in [l[0] for l in LIST_NAMES]
+        lists[key][pkg].append(issue)
+
+    parser = argparse.ArgumentParser(
+        description='Find discrepancies between suites')
+    parser.add_argument('--skip-cache-update', action='store_true',
+                        help='Skip updating the tracker data cache')
+    parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
+                        help='Filter out specified lists')
+
+    args = parser.parse_args()
+
+    lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
+    tracker = TrackerData(update_cache=not args.skip_cache_update)
+
+    for pkg in tracker.iterate_packages():
+        for issue in tracker.iterate_pkg_issues(pkg):
+            status_in_lts = issue.get_status('lts')
+            status_in_next_lts = issue.get_status('next_lts')
+
+            if status_in_lts.status in ('not-affected', 'open'):
+                continue
+
+            if status_in_lts.status == 'resolved':
+                #  Package will be updated via the next oldstable
+                #  point release
+                if (issue.name in tracker.oldstable_point_update and
+                    pkg in tracker.oldstable_point_update[issue.name]):
+                    add_to_list('fixed_via_pu_in_oldstable', pkg, issue)
+                    continue
+
+                #  The security tracker marks "not-affected" as
+                #  "resolved in version 0" (#812410)
+                if status_in_lts.reason == 'fixed in 0':
+                    continue
+
+                if status_in_next_lts.status == 'open':
+                    add_to_list('needs_fix_in_next_lts', pkg, issue)
+                    continue
+
+                if status_in_next_lts.status == 'ignored':
+                    add_to_list('needs_review_in_next_lts', pkg, issue)
+                    continue
+
+    for key, desc in LIST_NAMES:
+        if args.exclude is not None and key in args.exclude:
+            continue
+        if not len(lists[key]):
+            continue
+        print('{}:'.format(desc))
+        for pkg in sorted(lists[key].keys()):
+            cve_list = ' '.join(
+                [i.name for i in sorted(lists[key][pkg],
+                                        key=lambda i: i.name)])
+            print('* {:20s} -> {}'.format(pkg, cve_list))
+        print('')
+
+if __name__ == '__main__':
+    sys.exit(main())
diff --git a/bin/tracker_data.py b/bin/tracker_data.py
index 28f8a7f17a..e1b97ae4f6 100644
--- a/bin/tracker_data.py
+++ b/bin/tracker_data.py
@@ -103,6 +103,7 @@ class TrackerData(object):
         with open(self.cached_data_path, 'r') as f:
             self.data = json.load(f)
         self.load_dsa_dla_needed()
+        self.load_point_updates()
 
     @classmethod
     def parse_needed_file(self, inputfile):
@@ -137,6 +138,27 @@ class TrackerData(object):
         with open(os.path.join(self.DATA_DIR, 'dla-needed.txt'), 'r') as f:
             self.dla_needed = self.parse_needed_file(f)
 
+    @classmethod
+    def parse_point_update_file(self, inputfile):
+        CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4}'
+        result = {}
+        for line in inputfile:
+            res = re.match(CVE_RE, line)
+            if res:
+                cve = res.group(0)
+                result[cve] = {}
+                continue
+            elif line.startswith('\t['):
+                dist, _, pkg, ver = line.split()
+                result[cve][pkg] = ver
+        return result
+
+    def load_point_updates(self):
+        with open(os.path.join(self.DATA_DIR, 'next-oldstable-point-update.txt'), 'r') as f:
+            self.oldstable_point_update = self.parse_point_update_file(f)
+        with open(os.path.join(self.DATA_DIR, 'next-point-update.txt'), 'r') as f:
+            self.stable_point_update = self.parse_point_update_file(f)
+
     def iterate_packages(self):
         """Iterate over known packages"""
         for pkg in self.data: