[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Extended Long Term Support for Wheezy

On Tue, Feb 27, 2018 at 10:55:25AM +0100, Raphael Hertzog wrote:
> On Mon, 26 Feb 2018, Bastian Blank wrote:
> > On Sun, Feb 25, 2018 at 09:54:27PM +0100, Raphael Hertzog wrote:
> > > Are you suggesting that it should be possible to store our own data
> > > in another git repository and that the tracker should be easily able to
> > > merge the data coming from two distincts repositories ?
> > I've got patches somewhere that do exactly this.
> Nice! Can you try to dig them out? We could then try to merge them
> in the official tracker and write some documentatin on how to do this.

I attached the patch that we used to integrate information about the
super-lts we did for a customer.

/CVE-CUSTOMER/list would get information about ignored CVE and is merged
into the information read from /CVE/list.

/CVE/list was a symlink to the Debian security tracker svn.

/CUSTOMER/list we used for information about security updates and EOL
markers.

Bastian

-- 
Ahead warp factor one, Mr. Sulu.

commit cfc7675b9dac2034cf5fc671653792e8b48dd4db
Author: Bastian Blank <bastian.blank@credativ.de>
Date:   Wed Mar 23 10:51:02 2016 +0100

    Add support for CUSTOMER bugs and CVE extends

diff --git a/lib/python/bugs.py b/lib/python/bugs.py
index 7258be7..d4d8a0d 100644
--- a/lib/python/bugs.py
+++ b/lib/python/bugs.py
@@ -299,6 +299,28 @@ class Bug(BugBase):
             nts.append(notes[key])
         self.notes = nts
 
+class BugExtend(Bug):
+    def writeDB(self, cursor):
+        """Writes the record to an SQLite3 database."""
+
+        for (typ, c) in self.comments:
+            cursor.execute("""INSERT INTO bugs_notes
+            (bug_name, typ, comment) VALUES (?, ?, ?)""",
+                           (self.name, typ, c))
+
+        for n in self.notes:
+            n.writeDB(cursor, self.name)
+
+        import apsw
+        for x in self.xref:
+            try:
+                cursor.execute("""INSERT INTO bugs_xref
+                (source, target) VALUES (?, ?)""",
+                               (self.name, x))
+            except apsw.ConstraintError:
+                raise ValueError, \
+                      "cross reference to %s appears multiple times" % x
+
 class BugFromDB(Bug):
     def __init__(self, cursor, name):
         assert type(name) in types.StringTypes
@@ -440,6 +462,9 @@ class FileBase(debian_support.PackageFile):
         debian_support.PackageFile.__init__(self, name, fileObj)
         self.removed_packages = {}
 
+    def isExtend(self, name):
+        return False
+
     def isUniqueName(self, name):
         """Returns True if the name is a real, unique name."""
         return True
@@ -723,7 +748,11 @@ class FileBase(debian_support.PackageFile):
                         if first_bug:
                             break
                     record_name = temp_bug_name(first_bug, description)
-                yield self.finishBug(Bug(self.file.name, first_lineno, date,
+                if self.isExtend(record_name):
+                    cls = BugExtend
+                else:
+                    cls = Bug
+                yield self.finishBug(cls(self.file.name, first_lineno, date,
                                          record_name, description,
                                          comments, notes=pkg_notes, xref=xref))
 
@@ -768,6 +797,12 @@ class CVEFile(FileBase):
         bug.mergeNotes()
         return bug
 
+class CVECUSTOMERFile(CVEFile):
+    re_cve = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+)\s+(.*?)\s*$')
+
+    def isExtend(self, name):
+        return True
+
 class DSAFile(FileBase):
     """A DSA file.
 
@@ -809,6 +844,11 @@ class DSAFile(FileBase):
         bug.mergeNotes()
         return bug
 
+class CUSTOMERFile(DSAFile):
+    re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] '
+                        + r'(CUSTOMER-\d+(?:-\d+)?)\s+'
+                        + r'(.*?)\s*$')
+
 class DLAFile(FileBase):
     """A DLA file.
 
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index e018fff..66032aa 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -908,9 +908,11 @@ class DB:
 
         source_removed_packages = '/packages/removed-packages'
         sources = ((bugs.CVEFile, '/CVE/list'),
+                   (bugs.CVECUSTOMERFile, '/CVE-CUSTOMER/list'),
                    (bugs.DSAFile, '/DSA/list'),
                    (bugs.DTSAFile, '/DTSA/list'),
                    (bugs.DLAFile, '/DLA/list'),
+                   (bugs.CUSTOMERFile, '/CUSTOMER/list'),
                    (None, source_removed_packages))
 
         unchanged = True
@@ -963,7 +965,7 @@ class DB:
         old_source = ''
         for source, target in list(cursor.execute(
             """SELECT source, target FROM bugs_xref
-            WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%')
+            WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%' OR source LIKE 'CUSTOMER-%')
             AND target LIKE 'CVE-%'""")):
             if source <> old_source:
                 source_bug = bugs.BugFromDB(cursor, source)
@@ -1846,7 +1848,7 @@ class DB:
             """SELECT bugs.name, bugs.description
             FROM bugs, package_notes as p
             WHERE p.bug_name = bugs.name
-            AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%')
+            AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%' OR bugs.name LIKE 'CUSTOMER-%' )
             AND p.package = ?
             ORDER BY bugs.release_date DESC""", (package,)):
             yield DSAsForSourcePackage(*row)
Reply to: