1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/usr/bin/python
# vim: set fileencoding=utf-8 :
#
# Copyright 2016 Guido Günther <agx@sigxcpu.org>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
import argparse
import collections
import os
import sys
from tracker_data import TrackerData
def setup_path():
dirname = os.path.dirname
base = dirname(dirname(os.path.realpath(sys.argv[0])))
sys.path.insert(0, os.path.join(base, "lib", "python"))
setup_path()
import config
lts = config.get_supported_releases()[0]
next_lts = config.get_supported_releases()[1]
oldstable = config.get_release_codename('oldstable')
LIST_NAMES = (
('needs_fix_in_next_lts',
('Issues that are unfixed in {} but fixed in {}'
).format(next_lts, lts)),
('needs_review_in_next_lts',
('Issues that are no-dsa in {} but fixed in {}'
).format(next_lts, lts)),
('fixed_via_pu_in_oldstable',
('Issues that will be fixed via p-u in {}'
).format(oldstable)),
)
def main():
def add_to_list(key, pkg, issue):
assert key in [l[0] for l in LIST_NAMES]
lists[key][pkg].append(issue)
parser = argparse.ArgumentParser(
description='Find discrepancies between suites')
parser.add_argument('--skip-cache-update', action='store_true',
help='Skip updating the tracker data cache')
parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
help='Filter out specified lists')
args = parser.parse_args()
lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
tracker = TrackerData(update_cache=not args.skip_cache_update)
for pkg in tracker.iterate_packages():
for issue in tracker.iterate_pkg_issues(pkg):
status_in_lts = issue.get_status(lts)
status_in_next_lts = issue.get_status(next_lts)
if status_in_lts.status in ('not-affected', 'open'):
continue
if status_in_lts.status == 'resolved':
# Package will be updated via the next oldstable
# point release
# FIXME: when lts == oldstable, this should look at the stable pu list
if (issue.name in tracker.oldstable_point_update and
pkg in tracker.oldstable_point_update[issue.name]):
add_to_list('fixed_via_pu_in_oldstable', pkg, issue)
continue
# The security tracker marks "not-affected" as
# "resolved in version 0" (#812410)
if status_in_lts.reason == 'fixed in 0':
continue
if status_in_next_lts.status == 'open':
add_to_list('needs_fix_in_next_lts', pkg, issue)
continue
if status_in_next_lts.status == 'ignored':
add_to_list('needs_review_in_next_lts', pkg, issue)
continue
for key, desc in LIST_NAMES:
if args.exclude is not None and key in args.exclude:
continue
if not len(lists[key]):
continue
print('{}:'.format(desc))
for pkg in sorted(lists[key].keys()):
cve_list = ' '.join(
[i.name for i in sorted(lists[key][pkg],
key=lambda i: i.name)])
print('* {:20s} -> {}'.format(pkg, cve_list))
print('')
if __name__ == '__main__':
sys.exit(main())
|
