From e6096cac40dac2bebac3ea900ef7c5d84a1c8a8b Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 5 May 2018 10:55:13 +0200 Subject: partclone no-dsa on wheezy --- lib/python/bugs.py | 42 +++++++++++++++++++++++++++++++++++++++++- lib/python/security_db.py | 6 ++++-- 2 files changed, 45 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/python/bugs.py b/lib/python/bugs.py index b876647da9..4f1464834f 100644 --- a/lib/python/bugs.py +++ b/lib/python/bugs.py @@ -299,6 +299,28 @@ class Bug(BugBase): nts.append(notes[key]) self.notes = nts +class BugExtend(Bug): + def writeDB(self, cursor): + """Writes the record to an SQLite3 database.""" + + for (typ, c) in self.comments: + cursor.execute("""INSERT INTO bugs_notes + (bug_name, typ, comment) VALUES (?, ?, ?)""", + (self.name, typ, c)) + + for n in self.notes: + n.writeDB(cursor, self.name) + + import apsw + for x in self.xref: + try: + cursor.execute("""INSERT INTO bugs_xref + (source, target) VALUES (?, ?)""", + (self.name, x)) + except apsw.ConstraintError: + raise ValueError, \ + "cross reference to %s appears multiple times" % x + class BugFromDB(Bug): def __init__(self, cursor, name): assert type(name) in types.StringTypes @@ -440,6 +462,9 @@ class FileBase(debian_support.PackageFile): debian_support.PackageFile.__init__(self, name, fileObj) self.removed_packages = {} + def isExtend(self, name): + return False + def isUniqueName(self, name): """Returns True if the name is a real, unique name.""" return True @@ -728,7 +753,11 @@ class FileBase(debian_support.PackageFile): if first_bug: break record_name = temp_bug_name(first_bug, description) - yield self.finishBug(Bug(self.file.name, first_lineno, date, + if self.isExtend(record_name): + cls = BugExtend + else: + cls = Bug + yield self.finishBug(cls(self.file.name, first_lineno, date, record_name, description, comments, notes=pkg_notes, xref=xref)) @@ -773,6 +802,12 @@ class CVEFile(FileBase): bug.mergeNotes() return bug +class CVECUSTOMERFile(CVEFile): + re_cve = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+)\s+(.*?)\s*$') + + def isExtend(self, name): + return True + class DSAFile(FileBase): """A DSA file. @@ -814,6 +849,11 @@ class DSAFile(FileBase): bug.mergeNotes() return bug +class CUSTOMERFile(DSAFile): + re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] ' + + r'(CUSTOMER-\d+(?:-\d+)?)\s+' + + r'(.*?)\s*$') + class DLAFile(FileBase): """A DLA file. diff --git a/lib/python/security_db.py b/lib/python/security_db.py index 9208532fba..a5135fc007 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -914,9 +914,11 @@ class DB: source_removed_packages = '/packages/removed-packages' sources = ((bugs.CVEFile, '/CVE/list'), + (bugs.CVECUSTOMERFile, '/CVE-CUSTOMER/list'), (bugs.DSAFile, '/DSA/list'), (bugs.DTSAFile, '/DTSA/list'), (bugs.DLAFile, '/DLA/list'), + (bugs.CUSTOMERFile, '/CUSTOMER/list'), (None, source_removed_packages)) unchanged = True @@ -969,7 +971,7 @@ class DB: old_source = '' for source, target in list(cursor.execute( """SELECT source, target FROM bugs_xref - WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%') + WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%' OR source LIKE 'CUSTOMER-%') AND target LIKE 'CVE-%'""")): if source <> old_source: source_bug = bugs.BugFromDB(cursor, source) @@ -1852,7 +1854,7 @@ class DB: """SELECT bugs.name, bugs.description FROM bugs, package_notes as p WHERE p.bug_name = bugs.name - AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%') + AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%' OR bugs.name LIKE 'CUSTOMER-%' ) AND p.package = ? ORDER BY bugs.release_date DESC""", (package,)): yield DSAsForSourcePackage(*row) -- cgit v1.2.3