diff options
author | Holger Levsen <holger@debian.org> | 2014-10-03 07:39:01 +0000 |
---|---|---|
committer | Holger Levsen <holger@debian.org> | 2014-10-03 07:39:01 +0000 |
commit | d044945d43d3dd52e7054f21aebe56429b6a5fd7 (patch) | |
tree | e6ca598dfac2619d0857615867a77457f492c423 /lib | |
parent | 3503e4854b10df0f2fac9cb5ad5d5b514b8aea40 (diff) |
Revert "WIP: improve backports support. (this is really WIP: see debian_support.py)"
This reverts commit a47339bf5db9ec1be2709e1e687c2b5d5df313e7.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@29229 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/bugs.py | 4 | ||||
-rw-r--r-- | lib/python/debian_support.py | 2 | ||||
-rw-r--r-- | lib/python/security_db.py | 127 |
3 files changed, 66 insertions, 67 deletions
diff --git a/lib/python/bugs.py b/lib/python/bugs.py index 92470857f4..7258be720e 100644 --- a/lib/python/bugs.py +++ b/lib/python/bugs.py @@ -374,10 +374,10 @@ class BugFromDB(Bug): def getStatus(self, cursor): """Calculate bug status. - Returns list of tuples (RELEASE, SUBRELEASE, STATUS, REASON).""" + Returns list of tuples (RELEASE, STATUS, REASON).""" return list(cursor.execute( - """SELECT release, subrelease, status, reason + """SELECT release, status, reason FROM bug_status WHERE bug_name = ?""", (self.name,))) diff --git a/lib/python/debian_support.py b/lib/python/debian_support.py index 6f3a1a9480..2c76f2d44d 100644 --- a/lib/python/debian_support.py +++ b/lib/python/debian_support.py @@ -71,7 +71,7 @@ class ParseError(Exception): # This regular expression is used to strip ~bpo1 and ~volatile1 from # version numbers before they are compared. -_version_normalize_regexp = re.compile(r"~(?:xxxxxxxxxxxxxxxx|yyyyyyyyyyyyyyyy)[0-9.+]+$") +_version_normalize_regexp = re.compile(r"~(?:bpo|volatile)[0-9.+]+$") class Version: """Version class which uses the original APT comparison algorithm. diff --git a/lib/python/security_db.py b/lib/python/security_db.py index ddaa8b6a91..5a4f857eb1 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -271,12 +271,11 @@ class DB: cursor.execute("""CREATE TABLE bug_status (bug_name TEXT NOT NULL, release TEXT NOT NULL, - subrelease TEXT NOT NULL, status TEXT NOT NULL CHECK (status IN ('vulnerable', 'fixed', 'unknown', 'undetermined', 'partially-fixed', 'todo')), reason TEXT NOT NULL, - PRIMARY KEY (bug_name, release, subrelease))""") + PRIMARY KEY (bug_name, release))""") cursor.execute("""CREATE TABLE source_package_status (bug_name TEXT NOT NULL, @@ -1175,24 +1174,24 @@ class DB: pkgs += ("packages %s may be vulnerable but need to be checked." % ', '.join(undetermined_packages)) cursor.execute("""INSERT INTO bug_status - (bug_name, release, subrelease, status, reason) - VALUES (?, 'unstable', '', ?, ?)""", (bug_name, status, pkgs)) + (bug_name, release, status, reason) + VALUES (?, 'unstable', ?, ?)""", (bug_name, status, pkgs)) elif unimportant_packages: if len(unimportant_packages) == 1: pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimportant_packages[0] else: pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimportant_packages)) cursor.execute("""INSERT INTO bug_status - (bug_name, release, subrelease, status, reason) - VALUES (?, 'unstable', '', 'fixed', ?)""", (bug_name, pkgs)) + (bug_name, release, status, reason) + VALUES (?, 'unstable', 'fixed', ?)""", (bug_name, pkgs)) else: if have_something: status = "not vulnerable." else: status = "not known to be vulnerable." cursor.execute("""INSERT INTO bug_status - (bug_name, release, subrelease, status, reason) - VALUES (?, 'unstable', '', 'fixed', ?)""", + (bug_name, release, status, reason) + VALUES (?, 'unstable', 'fixed', ?)""", (bug_name, status)) def _calcTesting(self, cursor, bug_name, suite, nickname): @@ -1202,85 +1201,85 @@ class DB: # note/release/subrelease triple, but we should check that # here. - status = {'' : {}, 'security' : {}, 'lts' : {}, 'backports' : {}} + status = {'' : {}, 'security' : {}, 'lts' : {}, 'backports' : {}} for (package, note, subrelease, vulnerable, urgency) in cursor.execute( """SELECT DISTINCT sp.name, n.id, sp.subrelease, st.vulnerable, n.urgency FROM source_package_status AS st, source_packages AS sp, package_notes AS n WHERE st.bug_name = ? AND sp.rowid = st.package - AND sp.release = ? + AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts', 'backports') AND n.bug_name = st.bug_name AND n.package = sp.name ORDER BY sp.name""", (bug_name, nickname)): status[subrelease][(package, note)] = (vulnerable,urgency) - if package == "bind9": - print package, note, subrelease, vulnerable, urgency - - # Check if any packages in plain testing are vulnerable, and - # if all of those have been fixed in the security archive. - fixed_in_security = False - fixed_in_lts = False - unfixed_pkgs = {} - undet_pkgs = {} - unimp_pkgs = {} + + # Check if any packages in plain testing are vulnerable, and + # if all of those have been fixed in the security archive. + fixed_in_security = True + unfixed_pkgs = {} + undet_pkgs = {} + unimp_pkgs = {} + for ((package, note), (vulnerable, urgency)) in status[''].items(): if vulnerable == 1: if urgency == 'unimportant': unimp_pkgs[package] = True else: unfixed_pkgs[package] = True if status['security'].get((package, note), True): - fixed_in_security = True + fixed_in_security = False elif status['lts'].get((package, note), True): - fixed_in_lts = True + fixed_in_security = False + elif status['backports'].get((package, note), True): + fixed_in_security = False elif vulnerable == 2: undet_pkgs[package] = True - unfixed_pkgs = unfixed_pkgs.keys() - unfixed_pkgs.sort() - undet_pkgs = undet_pkgs.keys() - undet_pkgs.sort() - unimp_pkgs = unimp_pkgs.keys() - unimp_pkgs.sort() - - pkgs = "" - result = "undetermined" - if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0: - if len(status[subrelease].keys()) == 0: - pkgs += "not known to be vulnerable." - else: - pkgs += "not vulnerable." - result = "fixed" - if len(unfixed_pkgs) > 0: - if len(unfixed_pkgs) == 1: - pkgs += "package " + unfixed_pkgs[0] + " is " - else: - pkgs += "packages " + ", ".join(unfixed_pkgs) + " are " - if fixed_in_security: - pkgs = "%sfixed in %s-security. " % (pkgs, suite) - result = "fixed" - elif fixed_in_lts: - pkgs = "%sfixed in %s-lts. " % (pkgs, suite) + unfixed_pkgs = unfixed_pkgs.keys() + unfixed_pkgs.sort() + undet_pkgs = undet_pkgs.keys() + undet_pkgs.sort() + unimp_pkgs = unimp_pkgs.keys() + unimp_pkgs.sort() + + pkgs = "" + result = "undetermined" + if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0: + if len(status[''].keys()) == 0: + pkgs += "not known to be vulnerable." + else: + pkgs += "not vulnerable." + result = "fixed" + if len(unfixed_pkgs) > 0: + if len(unfixed_pkgs) == 1: + pkgs += "package " + unfixed_pkgs[0] + " is " + else: + pkgs += "packages " + ", ".join(unfixed_pkgs) + " are " + if fixed_in_security: + pkgs = "%sfixed in %s-security. " % (pkgs, suite) + if suite == "stable": result = "fixed" else: - pkgs += "vulnerable. " - result = "vulnerable" - if len(undet_pkgs) > 0: - if len(undet_pkgs) == 1: - pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked." - else: - pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked." - if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0: - result = "fixed" - if len(unimp_pkgs) == 1: - pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0] - else: - pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs)) + result = "partially-fixed" + else: + pkgs += "vulnerable. " + result = "vulnerable" + if len(undet_pkgs) > 0: + if len(undet_pkgs) == 1: + pkgs += "package " + undet_pkgs[0] + " may be vulnerable but needs to be checked." + else: + pkgs += "packages " + ", ".join(undet_pkgs) + " may be vulnerable but need to be checked." + if len(unimp_pkgs) > 0 and len(undet_pkgs) == 0 and len(unfixed_pkgs) == 0: + result = "fixed" + if len(unimp_pkgs) == 1: + pkgs = "package %s is vulnerable; however, the security impact is unimportant." % unimp_pkgs[0] + else: + pkgs = "packages %s are vulnerable; however, the security impact is unimportant." % (', '.join(unimp_pkgs)) - cursor.execute("""INSERT INTO bug_status - (bug_name, release, subrelease, status, reason) - VALUES (?, ?, ?, ?, ?)""", - (bug_name, suite, '', result, pkgs)) + cursor.execute("""INSERT INTO bug_status + (bug_name, release, status, reason) + VALUES (?, ?, ?, ?)""", + (bug_name, suite, result, pkgs)) def calculateDebsecan0(self, release): """Create data for the debsecan tool (VERSION 0 format).""" |