Looking for issues affecting wheezy but fixed in squeeze
Hi,
now that Wheezy LTS is approaching I wondered what would be the best
places to help out fixing issues in Wheezy so that upgrading from
Squeeze to Wheezy would not introduce new security issues.
Therefore I added bin/lts-needs-forward-port.py (based on
lts-cve-triage.py) that lists issues fixed in Squeeze that are unfixed
or marked no-dsa in wheezy. O.k. to apply?
Cheers,
-- Guido
>From 39900d40b7f6a8383c8b217aa7796a3290a66e71 Mon Sep 17 00:00:00 2001
Message-Id: <39900d40b7f6a8383c8b217aa7796a3290a66e71.1453555183.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Sat, 23 Jan 2016 13:49:02 +0100
Subject: [PATCH] Add lts-needs-forward-port
To: debian-lts@lists.debian.org
This looks for issues fixed in LTS but yet unfixed in lts_next.
---
bin/lts-needs-forward-port.py | 84 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 84 insertions(+)
create mode 100755 bin/lts-needs-forward-port.py
diff --git a/bin/lts-needs-forward-port.py b/bin/lts-needs-forward-port.py
new file mode 100755
index 0000000..f5fe89a
--- /dev/null
+++ b/bin/lts-needs-forward-port.py
@@ -0,0 +1,84 @@
+#!/usr/bin/python
+
+# Copyright 2015 Raphael Hertzog <hertzog@debian.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <https://www.gnu.org/licenses/>.
+
+import argparse
+import collections
+import sys
+
+from tracker_data import TrackerData, RELEASES
+
+# lts is currently squeeze, next_lts wheezy
+LIST_NAMES = (
+ ('needs_fix_in_next_lts',
+ ('Issues that are unfixed in {next_lts} but fixed in {lts}'
+ ).format(**RELEASES)),
+ ('needs_review_in_next_lts',
+ ('Issues that are no-dsa in {next_lts} but fixed in {lts}'
+ ).format(**RELEASES)),
+)
+
+lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
+
+parser = argparse.ArgumentParser(
+ description='Find discrepancies between suites')
+parser.add_argument('--skip-cache-update', action='store_true',
+ help='Skip updating the tracker data cache')
+args = parser.parse_args()
+tracker = TrackerData(update_cache=not args.skip_cache_update)
+
+
+def add_to_list(key, pkg, issue):
+ assert key in [l[0] for l in LIST_NAMES]
+ lists[key][pkg].append(issue)
+
+
+def main():
+ for pkg in tracker.iterate_packages():
+ for issue in tracker.iterate_pkg_issues(pkg):
+ status_in_lts = issue.get_status('lts')
+ status_in_next_lts = issue.get_status('next_lts')
+
+ if status_in_lts.status in ('not-affected', 'open'):
+ continue
+
+ if status_in_lts.status == 'resolved':
+ if status_in_lts.reason == 'fixed in 0':
+ # The security tracker marks "not-affected" as
+ # "resolved in version 0" (#812410)
+ continue
+
+ if status_in_next_lts.status == 'open':
+ add_to_list('needs_fix_in_next_lts', pkg, issue)
+ continue
+
+ if status_in_next_lts.status == 'ignored':
+ add_to_list('needs_review_in_next_lts', pkg, issue)
+ continue
+
+ for key, desc in LIST_NAMES:
+ if not len(lists[key]):
+ continue
+ print('{}:'.format(desc))
+ for pkg in sorted(lists[key].keys()):
+ cve_list = ' '.join(
+ [i.name for i in sorted(lists[key][pkg],
+ key=lambda i: i.name)])
+ print('* {:20s} -> {}'.format(pkg, cve_list))
+ print('')
+
+if __name__ == '__main__':
+ sys.exit(main())
--
2.7.0.rc3
Reply to: