From 1efd83d53a64db67e071e0a4aa54536405d2cb39 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 3 Feb 2021 12:53:03 +0100
Subject: merge-cve-files: support replacing main (sid) annotations

---
 bin/merge-cve-files | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'bin')

diff --git a/bin/merge-cve-files b/bin/merge-cve-files
index a36e4c7b6b..b980cfbdbc 100755
--- a/bin/merge-cve-files
+++ b/bin/merge-cve-files
@@ -12,30 +12,37 @@ import setup_paths  # noqa
 from debian_support import internRelease
 from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
 
-def merge_annotations(old_annotations, new_annotation):
+def merge_annotations(annotations, new_annotation):
     if not isinstance(new_annotation, PackageAnnotation):
         raise NotImplementedError(f"unsupported annotation of type {type(annotation)}")
 
-    # filter out the current annotation, if any
-    annotations = [ann for ann in old_annotations
-                   if not isinstance(ann, PackageAnnotation)
-                   or ann.package != new_annotation.package
-                   or ann.release != new_annotation.release]
+    annotations = list(annotations)
 
-    # append the new one at the right place
+    # append/substitute the new one at the right place
     for idx, annotation in enumerate(annotations):
         if not isinstance(annotation, PackageAnnotation) \
           or annotation.package != new_annotation.package:
             continue
 
+        # if the annotation is for the same package/release, replace it
+        if annotation.package == new_annotation.package \
+          and annotation.release == new_annotation.release:
+            annotations[idx] = new_annotation
+            break
+
+        # if the next annotation's release is the same, we continue to replace
+        # it in the next iteration. otherwise if we found the right place, we
+        # insert the new annotation
         next_annotation = annotations[idx + 1] if len(annotations) > (idx + 1) else None
         if next_annotation and isinstance(next_annotation, PackageAnnotation) \
           and next_annotation.package == new_annotation.package \
-          and internRelease(new_annotation.release) < internRelease(next_annotation.release):
+          and internRelease(new_annotation.release) <= internRelease(next_annotation.release):
             continue
 
         annotations.insert(idx + 1, new_annotation)
-        return annotations
+        break
+
+    return annotations
 
 def parse_list(path):
     data, messages = cvelist(path)
-- 
cgit v1.2.3