diff options
author | Sebastien Delafond <seb@debian.org> | 2017-08-10 21:06:58 +0000 |
---|---|---|
committer | Sebastien Delafond <seb@debian.org> | 2017-08-10 21:06:58 +0000 |
commit | d12acbc0e905448ecb0a030790debffaae4213d5 (patch) | |
tree | 6cbcb427c5c8db5303e78b198db223b34b985bc4 /lib | |
parent | 0a45501922bbc39e1079bfca406ad4501d944cc3 (diff) |
Introduce new "ignored" & "postponed" sub-states for no-dsa
They will be stored in the "reason" field from package_notes_nodsa
table, that was unused so far.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54580 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/bugs.py | 9 | ||||
-rw-r--r-- | lib/python/security_db.py | 11 |
2 files changed, 13 insertions, 7 deletions
diff --git a/lib/python/bugs.py b/lib/python/bugs.py index 7258be720e..b876647da9 100644 --- a/lib/python/bugs.py +++ b/lib/python/bugs.py @@ -588,7 +588,7 @@ class FileBase(debian_support.PackageFile): if r[-1] == '\n': r = r[:-1] comments.append(('NOTE', r)) - elif v == 'no-dsa': + elif v in ('no-dsa','ignored','postponed'): if not release: self.raiseSyntaxError( "no-dsa note needs release specification", @@ -597,10 +597,15 @@ class FileBase(debian_support.PackageFile): self.raiseSyntaxError( "no-dsa note needs comment", lineno) + if v in ('ignored','postponed'): + reason = v + else: + reason = None pkg_notes.append(PackageNoteNoDSA( release=release, package=p, - comment=d)) + comment=d, + reason=reason)) if d: # Not exactly ideal, but we have to # record the free-form text in some diff --git a/lib/python/security_db.py b/lib/python/security_db.py index 21134bc78c..f36ee49657 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -118,6 +118,7 @@ BugForSourcePackage = namedtuple( # come from the source_packages table. vulnerable comes from # source_package_status. state is open/no-dsa/resolved/unimportant # and inferred from vulnerable and package_notes_nodsa. +# The reason field holds no-dsa substates, which can be ignored/postponed BugForSourcePackageRelease = namedtuple( "BugForSourcePackageRelease", "release subrelease version vulnerable state reason") @@ -149,10 +150,10 @@ def getBugsForSourcePackage(cursor, pkg): key = debian_support.internRelease)) # dict from (bug_name, release) to the no-dsa reason/comment string. no_dsas = {} - for bug_name, release, reason in cursor.execute( - """SELECT bug_name, release, comment FROM package_notes_nodsa + for bug_name, release, reason, comment in cursor.execute( + """SELECT bug_name, release, reason, comment FROM package_notes_nodsa WHERE package = ?""", (pkg,)): - no_dsas[(bug_name, release)] = reason + no_dsas[(bug_name, release)] = [reason, comment] all_bugs = [] # Group by bug name. @@ -184,8 +185,8 @@ def getBugsForSourcePackage(cursor, pkg): unimportant_seen = True else: open_seen = True - reason = no_dsas.get((bug_name, best_row.release), None) - if reason is not None: + reason, comment = no_dsas.get((bug_name, best_row.release), [None, None]) + if comment is not None: state = 'no-dsa' else: state = 'open' |