diff options
author | Holger Levsen <holger@debian.org> | 2014-08-31 20:47:02 +0000 |
---|---|---|
committer | Holger Levsen <holger@debian.org> | 2014-08-31 20:47:02 +0000 |
commit | 5ee1f07abdd4637ade4cf0085eba330ca18a9e0e (patch) | |
tree | 0b39e966e7e58d93ef4f7b5c715304d27a6dcb48 /lib | |
parent | fe8407e4d2144e6ddc3ad1779bb9627886f52284 (diff) |
add support for squeeze-lts (Closes: #759727 once Florian has applied this to soler.d.o)
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28525 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/bugs.py | 47 | ||||
-rw-r--r-- | lib/python/sectracker/parsers.py | 17 | ||||
-rw-r--r-- | lib/python/sectracker_test/test_analyzers.py | 1 | ||||
-rw-r--r-- | lib/python/sectracker_test/test_parsers.py | 5 | ||||
-rw-r--r-- | lib/python/security_db.py | 35 |
5 files changed, 90 insertions, 15 deletions
diff --git a/lib/python/bugs.py b/lib/python/bugs.py index 49ccf04ab4..70108ffb43 100644 --- a/lib/python/bugs.py +++ b/lib/python/bugs.py @@ -418,9 +418,9 @@ class FileBase(debian_support.PackageFile): re_whitespace = re.compile(r'\s+') re_xref_entry = re.compile('^(?:CVE-\d{4}-\d{4,}' + r'|VU#\d{6}' - + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$') + + r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$') re_xref_entry_own = re.compile( - '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$') + '^(?:CVE-\d{4}-\d{4,}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+|DLA-\d+-\d+)$') re_package_required = re.compile(r'^(?:\[.*\]\s*)?-') re_package_version = re.compile( @@ -808,7 +808,48 @@ class DSAFile(FileBase): # Merge identical package notes, for historical reasons. bug.mergeNotes() return bug - + +class DLAFile(FileBase): + """A DLA file. + + Similar to a CVE file, only that it contains DLAs as its main + reference point, and release dates. + """ + + re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] ' + + r'(DLA-\d+(?:-\d+)?)\s+' + + r'(.*?)\s*$') + + month_names = {'Jan': 1, + 'Feb': 2, + 'Mar': 3, + 'Apr': 4, + 'May': 5, + 'Jun': 6, + 'Jul': 7, + 'Aug': 8, + 'Sep': 9, + 'Oct': 10, + 'Nov': 11, + 'Dec': 12} + + def matchHeader(self, line): + match = self.re_dsa.match(line) + if not match: + self.raiseSyntaxError("expected DLA record, got: %s" % `line`) + (record_name, description) = match.groups() + (day, month, year, name, desc) = match.groups() + try: + month = self.month_names[month] + except KeyError: + self.raiseSyntaxError("invalid month name %s" % `month`) + return ("%s-%02d-%s" % (year, month, day), name, desc) + + def finishBug(self, bug): + # Merge identical package notes, for historical reasons. + bug.mergeNotes() + return bug + class DTSAFile(FileBase): """A DTSA file. diff --git a/lib/python/sectracker/parsers.py b/lib/python/sectracker/parsers.py index 6354dcccb6..518b6039a4 100644 --- a/lib/python/sectracker/parsers.py +++ b/lib/python/sectracker/parsers.py @@ -313,3 +313,20 @@ def dtsalist(path, f): _checkrelease(anns, diag, "DTSA") return Bug(path, Header(headerlineno, name, None), tuple(anns)) return _parselist(path, f, parseheader, finish) + +@_xpickle.loader("DLA" + FORMAT) +def dlalist(path, f): + re_header = re.compile( + r'^\[([A-Z][a-z]{2,}) (\d\d?)(?:st|nd|rd|th), (\d{4})\] ' + + r'(DLA-\d+-\d+)\s+' + + r'(.*?)\s*$') + def parseheader(line): + match = re_header.match(line) + if match is None: + return None + return match.groups() + def finish(header, headerlineno, anns, diag): + d, m, y, name, desc = header + _checkrelease(anns, diag, "DLA") + return Bug(path, Header(headerlineno, name, None), tuple(anns)) + return _parselist(path, f, parseheader, finish) diff --git a/lib/python/sectracker_test/test_analyzers.py b/lib/python/sectracker_test/test_analyzers.py index 880e58ad02..133c9386dd 100644 --- a/lib/python/sectracker_test/test_analyzers.py +++ b/lib/python/sectracker_test/test_analyzers.py @@ -26,6 +26,7 @@ from sectracker.repo import Config diag = Diagnostics() bugdb = mergelists((p.cvelist("../../data/CVE/list"), p.dsalist("../../data/DSA/list"), + p.dlalist("../../data/DLA/list"), p.dtsalist("../../data/DTSA/list")), diag) assert "CVE-1999-0001" in bugdb assert "DSA-135" in bugdb diff --git a/lib/python/sectracker_test/test_parsers.py b/lib/python/sectracker_test/test_parsers.py index 20a5f29712..436b2f027c 100644 --- a/lib/python/sectracker_test/test_parsers.py +++ b/lib/python/sectracker_test/test_parsers.py @@ -40,6 +40,11 @@ o = dtsalist("../../data/DTSA/list") for err in o.messages: print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) +safeunlink("../../data/DLA/list" + EXTENSION) +o = dlalist("../../data/DLA/list") +for err in o.messages: + print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) + Message = sectracker.diagnostics.Message for (line, res, xmsgs) in [ (' - foo <unfixed>', diff --git a/lib/python/security_db.py b/lib/python/security_db.py index f7e86fd9ca..2d362d239c 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -385,7 +385,7 @@ class DB: AND NOT COALESCE((SELECT NOT vulnerable FROM source_packages AS secp, source_package_status AS secst WHERE secp.name = sp.name - AND secp.release = '%s' AND secp.subrelease = 'security' + AND secp.release = '%s' AND ( secp.subrelease = 'security' OR secp.subrelease = 'lts' ) AND secp.archive = sp.archive AND secst.bug_name = st.bug_name AND secst.package = secp.rowid), 0) @@ -555,6 +555,9 @@ class DB: if unchanged: continue + if release == 'squeeze-lts': + release = 'squeeze' + subrelease = 'lts' cursor.execute( """DELETE FROM source_packages WHERE release = ? AND subrelease = ? AND archive = ?""", @@ -615,6 +618,9 @@ class DB: raise ValueError, "invalid file name: " + `filename` (release, subrelease, archive, architecture) = match.groups() + if release == 'squeeze-lts': + release = 'squeeze' + subrelease = 'lts' (unch, parsed) = self._parseFile(cursor, filename) unchanged = unchanged and unch for name in parsed.keys(): @@ -726,6 +732,7 @@ class DB: sources = ((bugs.CVEFile, '/CVE/list'), (bugs.DSAFile, '/DSA/list'), (bugs.DTSAFile, '/DTSA/list'), + (bugs.DLAFile, '/DLA/list'), (None, source_removed_packages)) unchanged = True @@ -773,12 +780,12 @@ class DB: if self.verbose: print " copy notes" - # Copy notes from DSA/DTSA to CVE. + # Copy notes from DSA/DTSA/DLA to CVE. old_source = '' for source, target in list(cursor.execute( """SELECT source, target FROM bugs_xref - WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%') + WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%') AND target LIKE 'CVE-%'""")): if source <> old_source: source_bug = bugs.BugFromDB(cursor, source) @@ -1139,14 +1146,14 @@ class DB: # note/release/subrelease triple, but we should check that # here. - status = {'' : {}, 'security' : {}} + status = {'' : {}, 'security' : {}, 'lts' : {}} for (package, note, subrelease, vulnerable, urgency) in cursor.execute( """SELECT DISTINCT sp.name, n.id, sp.subrelease, st.vulnerable, n.urgency FROM source_package_status AS st, source_packages AS sp, package_notes AS n WHERE st.bug_name = ? AND sp.rowid = st.package - AND sp.release = ? AND sp.subrelease IN ('', 'security') + AND sp.release = ? AND sp.subrelease IN ('', 'security', 'lts') AND n.bug_name = st.bug_name AND n.package = sp.name ORDER BY sp.name""", (bug_name, nickname)): @@ -1166,6 +1173,8 @@ class DB: unfixed_pkgs[package] = True if status['security'].get((package, note), True): fixed_in_security = False + elif status['lts'].get((package, note), True): + fixed_in_security = False elif vulnerable == 2: undet_pkgs[package] = True @@ -1277,7 +1286,7 @@ class DB: FROM source_packages AS p, source_package_status AS st WHERE p.name = ? AND p.release = ? - AND p.subrelease IN ('', 'security') + AND p.subrelease IN ('', 'security', 'lts') AND st.bug_name = ? AND st.package = p.rowid ORDER BY p.version COLLATE version DESC""" @@ -1438,10 +1447,10 @@ class DB: # covers binary-only NMUs. for (v,) in c.execute("""SELECT version FROM source_packages WHERE name = ?1 - AND release = ?2 AND subrelease IN ('', 'security') + AND release = ?2 AND subrelease IN ('', 'security', 'lts') UNION ALL SELECT source_version FROM binary_packages WHERE source = ?1 - AND release = ?2 AND subrelease IN ('', 'security')""", + AND release = ?2 AND subrelease IN ('', 'security', 'lts')""", (package, release)): if debian_support.Version(v) >= v_ref: other_versions[v] = True @@ -1660,17 +1669,17 @@ class DB: AND COALESCE((SELECT st2.vulnerable FROM source_packages AS sp2, source_package_status AS st2 WHERE sp2.name = sp.name AND sp2.release = sp.release - AND sp2.subrelease = 'security' AND sp2.archive = sp.archive + AND ( sp2.subrelease = 'security' OR sp2.subrelease = 'lts' ) AND sp2.archive = sp.archive AND st2.package = sp2.rowid AND st2.bug_name = st.bug_name ORDER BY st2.vulnerable DESC), 1)) AS vulnerable, st.urgency = 'unimportant' OR NOT vulnerable AS unimportant FROM source_packages AS sp, source_package_status AS st, bugs WHERE sp.name = ? AND sp.release IN ('squeeze', 'wheezy', 'jessie', 'sid') - AND sp.subrelease <> 'security' + AND sp.subrelease <> 'security' AND sp.subrelease <> 'lts' AND st.package = sp.rowid AND bugs.name = st.bug_name - AND bugs.name NOT LIKE 'DSA-%' + AND bugs.name LIKE 'CVE-%' GROUP BY bugs.name, bugs.description, sp.name) WHERE vulnerable = ? AND unimportant = ? ORDER BY name""", (pkg, vulnerable, unimportant)) @@ -1680,9 +1689,10 @@ class DB: """SELECT bugs.name, bugs.description FROM bugs, package_notes as p WHERE p.bug_name = bugs.name - AND bugs.name LIKE 'DSA-%' + AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%') AND p.package = ?""", (package,)) + def getTODOs(self, cursor=None, hide_check=False): """Returns a list of pairs (BUG-NAME, DESCRIPTION).""" if cursor is None: @@ -1928,6 +1938,7 @@ def test(): assert not b.not_for_us assert 'DSA-800-1' in b.xref, b.xref assert 'DTSA-10-1' in b.xref, b.xref + assert 'DLA-23-1' in b.xref, b.xref assert tuple(b.comments) == (('NOTE', 'gnumeric/goffice includes one as well; according to upstream not exploitable in gnumeric,'), ('NOTE', 'new copy will be included any way')),\ b.comments |