diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2014-09-01 05:06:14 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2014-09-01 05:06:14 +0000 |
| commit | 37744cbec4698973c688a4596612c21a5599cff8 (patch) | |
| tree | ad48435a1009ba04fac4c4380aaaae98ccb0c5bd | |
| parent | 5cbb858955fe552fd59eed209037647777c1a69d (diff) | |
Revert "add support for squeeze-lts (Closes: #759727 once Florian has applied this to soler.d.o)"
This reverts commit 6357e7f64b5cdab2f194dc5a1ae0ff309bb625f6.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28536 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | Makefile | 23 | ||||
| -rwxr-xr-x | bin/check-syntax | 6 | ||||
| -rw-r--r-- | bin/tracker_service.py | 2 | ||||
| -rwxr-xr-x | bin/update | 2 | ||||
| -rwxr-xr-x | bin/updatelist | 2 | ||||
| -rw-r--r-- | lib/python/bugs.py | 47 | ||||
| -rw-r--r-- | lib/python/sectracker/parsers.py | 17 | ||||
| -rw-r--r-- | lib/python/sectracker_test/test_analyzers.py | 1 | ||||
| -rw-r--r-- | lib/python/sectracker_test/test_parsers.py | 5 | ||||
| -rw-r--r-- | lib/python/security_db.py | 35 |
10 files changed, 19 insertions, 121 deletions
@@ -7,7 +7,6 @@ BUG_LISTS = $(wildcard data/*/list) MIRROR = http://cdn.debian.net/debian/ squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64 -squeeze_LTS_ARCHS = amd64 i386 wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x kfreebsd-i386 kfreebsd-amd64 sid_ARCHS = amd64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc @@ -28,7 +27,7 @@ clean: test check: check-syntax check-syntax: stamps/CVE-syntax \ - stamps/DSA-syntax stamps/DTSA-syntax stamps/DLA-syntax + stamps/DSA-syntax stamps/DTSA-syntax stamps/CVE-syntax: data/CVE/list bin/check-syntax $(PYTHON_MODULES) $(PYTHON) bin/check-syntax CVE data/CVE/list @@ -42,10 +41,6 @@ stamps/DTSA-syntax: data/DTSA/list bin/check-syntax $(PYTHON_MODULES) $(PYTHON) bin/check-syntax DTSA data/DTSA/list touch $@ -stamps/DLA-syntax: data/DLA/list bin/check-syntax $(PYTHON_MODULES) - $(PYTHON) bin/check-syntax DLA data/DLA/list - touch $@ - .PHONY: serve serve: @bash bin/test-web-server @@ -141,7 +136,7 @@ update-security: update-old-security done ; \ done -update-old-security: update-lts +update-old-security: for archive in $(OLDSTABLE); do \ for section in main contrib non-free ; do \ $(PYTHON) bin/apt-update-file \ @@ -155,20 +150,6 @@ update-old-security: update-lts done ; \ done -LTS_MIRROR = http://ftp.de.debian.org/debian/dists -update-lts: update-lts-$(OLDSTABLE) - -update-lts-$(OLDSTABLE): - set -e && archive=$(shell echo $@ | cut -d- -f3) ; \ - for arch in $($(shell echo $@ | cut -d- -f3)_LTS_ARCHS) ; do \ - $(PYTHON) bin/apt-update-file \ - $(LTS_MIRROR)/$${archive}-lts/main/binary-$$arch/Packages \ - data/packages/$${archive}-lts__main_$${arch}_Packages ; \ - done ; \ - $(PYTHON) bin/apt-update-file \ - $(LTS_MIRROR)/$${archive}-lts/main/source/Sources \ - data/packages/$${archive}-lts__main_Sources ; \ - BACKPORTS_MIRROR = http://ftp.de.debian.org/debian-backports/dists update-backports: update-backports-$(STABLE) update-backports-$(OLDSTABLE) diff --git a/bin/check-syntax b/bin/check-syntax index ee23752068..688ea39503 100755 --- a/bin/check-syntax +++ b/bin/check-syntax @@ -65,13 +65,9 @@ def parse_DSA(name): def parse_DTSA(name): do_parse(construct(bugs.DTSAFile, name)) -def parse_DLA(name): - do_parse(construct(bugs.DLAFile, name)) - file_types = {'CVE' : parse_CVE, 'DSA' : parse_DSA, - 'DTSA' : parse_DTSA, - 'DLA' : parse_DLA} + 'DTSA' : parse_DTSA} if len(sys.argv) <> 3 or not file_types.has_key(sys.argv[1]): l = file_types.keys() diff --git a/bin/tracker_service.py b/bin/tracker_service.py index 9be7bd5cee..0f0dbc9363 100644 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -342,8 +342,6 @@ data source.""")], source_xref = self.make_dsa_ref(url, bug.name, 'Debian') elif source == 'DTSA': source_xref = 'Debian Testing Security Team' - elif source == 'DLA': - source_xref = 'Debian LTS Team' elif source == 'TEMP': source_xref = ( 'Automatically generated temporary name. Not for external reference.') diff --git a/bin/update b/bin/update index 79520153b7..22d50def14 100755 --- a/bin/update +++ b/bin/update @@ -10,5 +10,5 @@ cd CVE rm -f allitems.html wget --quiet https://cve.mitre.org/data/downloads/allitems.html.gz gunzip allitems.html.gz -../../bin/updatelist allitems.html ../DSA/list ../DTSA/list ../DLA/list list > list.new +../../bin/updatelist allitems.html ../DSA/list ../DTSA/list list > list.new mv -f list.new list diff --git a/bin/updatelist b/bin/updatelist index e32b370f48..b103d8b872 100755 --- a/bin/updatelist +++ b/bin/updatelist @@ -2,7 +2,6 @@ my $html=shift; my $dsa_list=shift; my $dtsa_list=shift; -my $dla_list=shift; my $our_list=shift; my %cves; @@ -29,7 +28,6 @@ sub read_dsa { } read_dsa($dsa_list); read_dsa($dtsa_list); -read_dsa($dla_list); my %listedcves; diff --git a/lib/python/bugs.py b/lib/python/bugs.py index 70108ffb43..49ccf04ab4 100644 --- a/lib/python/bugs.py +++ b/lib/python/bugs.py @@ -418,9 +418,9 @@ class FileBase(debian_support.PackageFile): re_whitespace = re.compile(r'\s+') re_xref_entry = re.compile('^(?:CVE-\d{4}-\d{4,}' + r'|VU#\d{6}' - + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$') + + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$') re_xref_entry_own = re.compile( - '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$') + '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$') re_package_required = re.compile(r'^(?:\[.*\]\s*)?-') re_package_version = re.compile( @@ -808,48 +808,7 @@ class DSAFile(FileBase): # Merge identical package notes, for historical reasons. bug.mergeNotes() return bug - -class DLAFile(FileBase): - """A DLA file. - - Similar to a CVE file, only that it contains DLAs as its main - reference point, and release dates. - """ - - re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] ' - + r'(DLA-\d+(?:-\d+)?)\s+' - + r'(.*?)\s*$') - - month_names = {'Jan': 1, - 'Feb': 2, - 'Mar': 3, - 'Apr': 4, - 'May': 5, - 'Jun': 6, - 'Jul': 7, - 'Aug': 8, - 'Sep': 9, - 'Oct': 10, - 'Nov': 11, - 'Dec': 12} - - def matchHeader(self, line): - match = self.re_dsa.match(line) - if not match: - self.raiseSyntaxError("expected DLA record, got: %s" % `line`) - (record_name, description) = match.groups() - (day, month, year, name, desc) = match.groups() - try: - month = self.month_names[month] - except KeyError: - self.raiseSyntaxError("invalid month name %s" % `month`) - return ("%s-%02d-%s" % (year, month, day), name, desc) - - def finishBug(self, bug): - # Merge identical package notes, for historical reasons. - bug.mergeNotes() - return bug - + class DTSAFile(FileBase): """A DTSA file. diff --git a/lib/python/sectracker/parsers.py b/lib/python/sectracker/parsers.py index 518b6039a4..6354dcccb6 100644 --- a/lib/python/sectracker/parsers.py +++ b/lib/python/sectracker/parsers.py @@ -313,20 +313,3 @@ def dtsalist(path, f): _checkrelease(anns, diag, "DTSA") return Bug(path, Header(headerlineno, name, None), tuple(anns)) return _parselist(path, f, parseheader, finish) - -@_xpickle.loader("DLA" + FORMAT) -def dlalist(path, f): - re_header = re.compile( - r'^\[([A-Z][a-z]{2,}) (\d\d?)(?:st|nd|rd|th), (\d{4})\] ' - + r'(DLA-\d+-\d+)\s+' - + r'(.*?)\s*$') - def parseheader(line): - match = re_header.match(line) - if match is None: - return None - return match.groups() - def finish(header, headerlineno, anns, diag): - d, m, y, name, desc = header - _checkrelease(anns, diag, "DLA") - return Bug(path, Header(headerlineno, name, None), tuple(anns)) - return _parselist(path, f, parseheader, finish) diff --git a/lib/python/sectracker_test/test_analyzers.py b/lib/python/sectracker_test/test_analyzers.py index 133c9386dd..880e58ad02 100644 --- a/lib/python/sectracker_test/test_analyzers.py +++ b/lib/python/sectracker_test/test_analyzers.py @@ -26,7 +26,6 @@ from sectracker.repo import Config diag = Diagnostics() bugdb = mergelists((p.cvelist("../../data/CVE/list"), p.dsalist("../../data/DSA/list"), - p.dlalist("../../data/DLA/list"), p.dtsalist("../../data/DTSA/list")), diag) assert "CVE-1999-0001" in bugdb assert "DSA-135" in bugdb diff --git a/lib/python/sectracker_test/test_parsers.py b/lib/python/sectracker_test/test_parsers.py index 436b2f027c..20a5f29712 100644 --- a/lib/python/sectracker_test/test_parsers.py +++ b/lib/python/sectracker_test/test_parsers.py @@ -40,11 +40,6 @@ o = dtsalist("../../data/DTSA/list") for err in o.messages: print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) -safeunlink("../../data/DLA/list" + EXTENSION) -o = dlalist("../../data/DLA/list") -for err in o.messages: - print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) - Message = sectracker.diagnostics.Message for (line, res, xmsgs) in [ (' - foo <unfixed>', diff --git a/lib/python/security_db.py b/lib/python/security_db.py index 2d362d239c..f7e86fd9ca 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -385,7 +385,7 @@ class DB: AND NOT COALESCE((SELECT NOT vulnerable FROM source_packages AS secp, source_package_status AS secst WHERE secp.name = sp.name - AND secp.release = '%s' AND ( secp.subrelease = 'security' OR secp.subrelease = 'lts' ) + AND secp.release = '%s' AND secp.subrelease = 'security' AND secp.archive = sp.archive AND secst.bug_name = st.bug_name AND secst.package = secp.rowid), 0) @@ -555,9 +555,6 @@ class DB: if unchanged: continue - if release == 'squeeze-lts': - release = 'squeeze' - subrelease = 'lts' cursor.execute( """DELETE FROM source_packages WHERE release = ? AND subrelease = ? AND archive = ?""", @@ -618,9 +615,6 @@ class DB: raise ValueError, "invalid file name: " + `filename` (release, subrelease, archive, architecture) = match.groups() - if release == 'squeeze-lts': - release = 'squeeze' - subrelease = 'lts' (unch, parsed) = self._parseFile(cursor, filename) unchanged = unchanged and unch for name in parsed.keys(): @@ -732,7 +726,6 @@ class DB: sources = ((bugs.CVEFile, '/CVE/list'), (bugs.DSAFile, '/DSA/list'), (bugs.DTSAFile, '/DTSA/list'), - (bugs.DLAFile, '/DLA/list'), (None, source_removed_packages)) unchanged = True @@ -780,12 +773,12 @@ class DB: if self.verbose: print " copy notes" - # Copy notes from DSA/DTSA/DLA to CVE. + # Copy notes from DSA/DTSA to CVE. old_source = '' for source, target in list(cursor.execute( """SELECT source, target FROM bugs_xref - WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%') + WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%') AND target LIKE 'CVE-%'""")): if source <> old_source: source_bug = bugs.BugFromDB(cursor, source) @@ -1146,14 +1139,14 @@ class DB: # note/release/subrelease triple, but we should check that # here. - status = {'' : {}, 'security' : {}, 'lts' : {}} + status = {'' : {}, 'security' : {}} for (package, note, subrelease, vulnerable, urgency) in cursor.execute( """SELECT DISTINCT sp.name, n.id, sp.subrelease, st.vulnerable, n.urgency FROM source_package_status AS st, source_packages AS sp, package_notes AS n WHERE st.bug_name = ? AND sp.rowid = st.package - AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts') + AND sp.release = ? AND sp.subrelease IN ('', 'security') AND n.bug_name = st.bug_name AND n.package = sp.name ORDER BY sp.name""", (bug_name, nickname)): @@ -1173,8 +1166,6 @@ class DB: unfixed_pkgs[package] = True if status['security'].get((package, note), True): fixed_in_security = False - elif status['lts'].get((package, note), True): - fixed_in_security = False elif vulnerable == 2: undet_pkgs[package] = True @@ -1286,7 +1277,7 @@ class DB: FROM source_packages AS p, source_package_status AS st WHERE p.name = ? AND p.release = ? - AND p.subrelease IN ('', 'security', 'lts') + AND p.subrelease IN ('', 'security') AND st.bug_name = ? AND st.package = p.rowid ORDER BY p.version COLLATE version DESC""" @@ -1447,10 +1438,10 @@ class DB: # covers binary-only NMUs. for (v,) in c.execute("""SELECT version FROM source_packages WHERE name = ?1 - AND release = ?2 AND subrelease IN ('', 'security', 'lts') + AND release = ?2 AND subrelease IN ('', 'security') UNION ALL SELECT source_version FROM binary_packages WHERE source = ?1 - AND release = ?2 AND subrelease IN ('', 'security', 'lts')""", + AND release = ?2 AND subrelease IN ('', 'security')""", (package, release)): if debian_support.Version(v) >= v_ref: other_versions[v] = True @@ -1669,17 +1660,17 @@ class DB: AND COALESCE((SELECT st2.vulnerable FROM source_packages AS sp2, source_package_status AS st2 WHERE sp2.name = sp.name AND sp2.release = sp.release - AND ( sp2.subrelease = 'security' OR sp2.subrelease = 'lts' ) AND sp2.archive = sp.archive + AND sp2.subrelease = 'security' AND sp2.archive = sp.archive AND st2.package = sp2.rowid AND st2.bug_name = st.bug_name ORDER BY st2.vulnerable DESC), 1)) AS vulnerable, st.urgency = 'unimportant' OR NOT vulnerable AS unimportant FROM source_packages AS sp, source_package_status AS st, bugs WHERE sp.name = ? AND sp.release IN ('squeeze', 'wheezy', 'jessie', 'sid') - AND sp.subrelease <> 'security' AND sp.subrelease <> 'lts' + AND sp.subrelease <> 'security' AND st.package = sp.rowid AND bugs.name = st.bug_name - AND bugs.name LIKE 'CVE-%' + AND bugs.name NOT LIKE 'DSA-%' GROUP BY bugs.name, bugs.description, sp.name) WHERE vulnerable = ? AND unimportant = ? ORDER BY name""", (pkg, vulnerable, unimportant)) @@ -1689,10 +1680,9 @@ class DB: """SELECT bugs.name, bugs.description FROM bugs, package_notes as p WHERE p.bug_name = bugs.name - AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%') + AND bugs.name LIKE 'DSA-%' AND p.package = ?""", (package,)) - def getTODOs(self, cursor=None, hide_check=False): """Returns a list of pairs (BUG-NAME, DESCRIPTION).""" if cursor is None: @@ -1938,7 +1928,6 @@ def test(): assert not b.not_for_us assert 'DSA-800-1' in b.xref, b.xref assert 'DTSA-10-1' in b.xref, b.xref - assert 'DLA-23-1' in b.xref, b.xref assert tuple(b.comments) == (('NOTE', 'gnumeric/goffice includes one as well; according to upstream not exploitable in gnumeric,'), ('NOTE', 'new copy will be included any way')),\ b.comments |