add support for squeeze-lts (Closes: #759727 once Florian has applied this to soler.d.o)

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28525 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 90 insertions, 15 deletions

diff --git a/lib/python/bugs.py b/lib/python/bugs.py
index 49ccf04ab4..70108ffb43 100644
--- a/lib/python/bugs.py
+++ b/lib/python/bugs.py
@@ -418,9 +418,9 @@ class FileBase(debian_support.PackageFile):
     re_whitespace = re.compile(r'\s+')
     re_xref_entry = re.compile('^(?:CVE-\d{4}-\d{4,}'
                                + r'|VU#\d{6}'
-                               + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$')
+                               + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$')
     re_xref_entry_own = re.compile(
-        '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$')
+        '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$')
 
     re_package_required = re.compile(r'^(?:\[.*\]\s*)?-')
     re_package_version = re.compile(
@@ -808,7 +808,48 @@ class DSAFile(FileBase):
         # Merge identical package notes, for historical reasons.
         bug.mergeNotes()
         return bug
-        
+
+class DLAFile(FileBase):
+    """A DLA file.
+
+    Similar to a CVE file, only that it contains DLAs as its main
+    reference point, and release dates.
+    """
+
+    re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] '
+                        + r'(DLA-\d+(?:-\d+)?)\s+'
+                        + r'(.*?)\s*$')
+
+    month_names = {'Jan': 1,
+                   'Feb': 2,
+                   'Mar': 3,
+                   'Apr': 4,
+                   'May': 5,
+                   'Jun': 6,
+                   'Jul': 7,
+                   'Aug': 8,
+                   'Sep': 9,
+                   'Oct': 10,
+                   'Nov': 11,
+                   'Dec': 12}
+
+    def matchHeader(self, line):
+        match = self.re_dsa.match(line)
+        if not match:
+            self.raiseSyntaxError("expected DLA record, got: %s" % `line`)
+            (record_name, description) = match.groups()
+        (day, month, year, name, desc) = match.groups()
+        try:
+            month = self.month_names[month]
+        except KeyError:
+            self.raiseSyntaxError("invalid month name %s" % `month`)
+        return ("%s-%02d-%s" % (year, month, day), name, desc)
+
+    def finishBug(self, bug):
+        # Merge identical package notes, for historical reasons.
+        bug.mergeNotes()
+        return bug
+         
 class DTSAFile(FileBase):
     """A DTSA file.
 
diff --git a/lib/python/sectracker/parsers.py b/lib/python/sectracker/parsers.py
index 6354dcccb6..518b6039a4 100644
--- a/lib/python/sectracker/parsers.py
+++ b/lib/python/sectracker/parsers.py
@@ -313,3 +313,20 @@ def dtsalist(path, f):
         _checkrelease(anns, diag, "DTSA")
         return Bug(path, Header(headerlineno, name, None), tuple(anns))
     return _parselist(path, f, parseheader, finish)
+
+@_xpickle.loader("DLA" + FORMAT)
+def dlalist(path, f):
+    re_header = re.compile(
+        r'^\[([A-Z][a-z]{2,}) (\d\d?)(?:st|nd|rd|th), (\d{4})\] '
+        + r'(DLA-\d+-\d+)\s+'
+        + r'(.*?)\s*$')
+    def parseheader(line):
+        match = re_header.match(line)
+        if match is None:
+            return None
+        return match.groups()
+    def finish(header, headerlineno, anns, diag):
+        d, m, y, name, desc = header
+        _checkrelease(anns, diag, "DLA")
+        return Bug(path, Header(headerlineno, name, None), tuple(anns))
+    return _parselist(path, f, parseheader, finish)
diff --git a/lib/python/sectracker_test/test_analyzers.py b/lib/python/sectracker_test/test_analyzers.py
index 880e58ad02..133c9386dd 100644
--- a/lib/python/sectracker_test/test_analyzers.py
+++ b/lib/python/sectracker_test/test_analyzers.py
@@ -26,6 +26,7 @@ from sectracker.repo import Config
 diag = Diagnostics()
 bugdb = mergelists((p.cvelist("../../data/CVE/list"),
                     p.dsalist("../../data/DSA/list"),
+                    p.dlalist("../../data/DLA/list"),
                     p.dtsalist("../../data/DTSA/list")), diag)
 assert "CVE-1999-0001" in bugdb
 assert "DSA-135" in bugdb
diff --git a/lib/python/sectracker_test/test_parsers.py b/lib/python/sectracker_test/test_parsers.py
index 20a5f29712..436b2f027c 100644
--- a/lib/python/sectracker_test/test_parsers.py
+++ b/lib/python/sectracker_test/test_parsers.py
@@ -40,6 +40,11 @@ o = dtsalist("../../data/DTSA/list")
 for err in o.messages:
     print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message)
 
+safeunlink("../../data/DLA/list" + EXTENSION)
+o = dlalist("../../data/DLA/list")
+for err in o.messages:
+    print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message)
+
 Message = sectracker.diagnostics.Message
 for (line, res, xmsgs) in [
         (' - foo <unfixed>',
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index f7e86fd9ca..2d362d239c 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -385,7 +385,7 @@ class DB:
                 AND NOT COALESCE((SELECT NOT vulnerable
                 FROM source_packages AS secp, source_package_status AS secst
                 WHERE secp.name = sp.name
-                AND secp.release = '%s' AND secp.subrelease = 'security'
+                AND secp.release = '%s' AND ( secp.subrelease = 'security' OR secp.subrelease = 'lts' )
                 AND secp.archive = sp.archive
                 AND secst.bug_name = st.bug_name
                 AND secst.package = secp.rowid), 0)
@@ -555,6 +555,9 @@ class DB:
             if unchanged:
                 continue
 
+            if release == 'squeeze-lts':
+                release = 'squeeze'
+                subrelease = 'lts'
             cursor.execute(
                 """DELETE FROM source_packages
                 WHERE release = ? AND subrelease = ? AND archive = ?""",
@@ -615,6 +618,9 @@ class DB:
                 raise ValueError, "invalid file name: " + `filename`
 
             (release, subrelease, archive, architecture) = match.groups()
+            if release == 'squeeze-lts':
+                release = 'squeeze'
+                subrelease = 'lts'
             (unch, parsed) = self._parseFile(cursor, filename)
             unchanged = unchanged and unch
             for name in parsed.keys():
@@ -726,6 +732,7 @@ class DB:
         sources = ((bugs.CVEFile, '/CVE/list'),
                    (bugs.DSAFile, '/DSA/list'),
                    (bugs.DTSAFile, '/DTSA/list'),
+                   (bugs.DLAFile, '/DLA/list'),
                    (None, source_removed_packages))
 
         unchanged = True
@@ -773,12 +780,12 @@ class DB:
         if self.verbose:
             print "  copy notes"
 
-        # Copy notes from DSA/DTSA to CVE.
+        # Copy notes from DSA/DTSA/DLA to CVE.
 
         old_source = ''
         for source, target in list(cursor.execute(
             """SELECT source, target FROM bugs_xref
-            WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%')
+            WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%')
             AND target LIKE 'CVE-%'""")):
             if source <> old_source:
                 source_bug = bugs.BugFromDB(cursor, source)
@@ -1139,14 +1146,14 @@ class DB:
         # note/release/subrelease triple, but we should check that
         # here.
 
-        status = {'' : {}, 'security' : {}}
+        status = {'' : {}, 'security' : {}, 'lts' :	{}}
         for (package, note, subrelease, vulnerable, urgency) in cursor.execute(
             """SELECT DISTINCT sp.name, n.id, sp.subrelease,
             st.vulnerable, n.urgency
             FROM source_package_status AS st,
             source_packages AS sp, package_notes AS n
             WHERE st.bug_name = ? AND sp.rowid = st.package
-            AND sp.release = ? AND sp.subrelease IN ('', 'security')
+            AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts')
             AND n.bug_name = st.bug_name AND n.package = sp.name
             ORDER BY sp.name""",
             (bug_name, nickname)):
@@ -1166,6 +1173,8 @@ class DB:
                     unfixed_pkgs[package] = True
                 if status['security'].get((package, note), True):
                     fixed_in_security = False
+                elif status['lts'].get((package, note), True):
+                    fixed_in_security = False
             elif vulnerable == 2:
                 undet_pkgs[package] = True
 
@@ -1277,7 +1286,7 @@ class DB:
                     FROM source_packages AS p, source_package_status AS st
                     WHERE p.name = ?
                     AND p.release = ?
-                    AND p.subrelease IN ('', 'security')
+                    AND p.subrelease IN ('', 'security', 'lts')
                     AND st.bug_name = ?
                     AND st.package = p.rowid
                     ORDER BY p.version COLLATE version DESC"""
@@ -1438,10 +1447,10 @@ class DB:
                         # covers binary-only NMUs.
                         for (v,) in c.execute("""SELECT version
                         FROM source_packages WHERE name = ?1
-                        AND release = ?2 AND subrelease IN ('', 'security')
+                        AND release = ?2 AND subrelease IN ('', 'security', 'lts')
                         UNION ALL SELECT source_version
                         FROM binary_packages WHERE source = ?1
-                        AND release = ?2 AND subrelease IN ('', 'security')""",
+                        AND release = ?2 AND subrelease IN ('', 'security', 'lts')""",
                                               (package, release)):
                             if debian_support.Version(v) >= v_ref:
                                 other_versions[v] = True
@@ -1660,17 +1669,17 @@ class DB:
             AND COALESCE((SELECT st2.vulnerable FROM source_packages AS sp2,
             source_package_status AS st2
             WHERE sp2.name = sp.name AND sp2.release = sp.release
-            AND sp2.subrelease = 'security' AND sp2.archive = sp.archive
+            AND ( sp2.subrelease = 'security' OR sp2.subrelease = 'lts' ) AND sp2.archive = sp.archive
             AND st2.package = sp2.rowid AND st2.bug_name = st.bug_name
             ORDER BY st2.vulnerable DESC), 1)) AS vulnerable,
             st.urgency = 'unimportant' OR NOT vulnerable AS unimportant
             FROM source_packages AS sp, source_package_status AS st, bugs
             WHERE sp.name = ?
 	    AND sp.release IN ('squeeze', 'wheezy', 'jessie', 'sid')
-	    AND sp.subrelease <> 'security'
+	    AND sp.subrelease <> 'security' AND sp.subrelease <> 'lts'
             AND st.package = sp.rowid
             AND bugs.name = st.bug_name
-            AND bugs.name NOT LIKE 'DSA-%'
+            AND bugs.name LIKE 'CVE-%'
             GROUP BY bugs.name, bugs.description, sp.name)
             WHERE vulnerable = ? AND unimportant = ?
             ORDER BY name""", (pkg, vulnerable, unimportant))
@@ -1680,9 +1689,10 @@ class DB:
             """SELECT bugs.name, bugs.description
             FROM bugs, package_notes as p
             WHERE p.bug_name = bugs.name
-            AND bugs.name LIKE 'DSA-%'
+            AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%')
             AND p.package = ?""", (package,))
 
+
     def getTODOs(self, cursor=None, hide_check=False):
         """Returns a list of pairs (BUG-NAME, DESCRIPTION)."""
         if cursor is None:
@@ -1928,6 +1938,7 @@ def test():
     assert not b.not_for_us
     assert 'DSA-800-1' in b.xref, b.xref
     assert 'DTSA-10-1' in b.xref, b.xref
+    assert 'DLA-23-1' in b.xref, b.xref
     assert tuple(b.comments) == (('NOTE', 'gnumeric/goffice includes one as well; according to upstream not exploitable in gnumeric,'),
                                  ('NOTE', 'new copy will be included any way')),\
                                  b.comments