Hi, now that Wheezy LTS is approaching I wondered what would be the best places to help out fixing issues in Wheezy so that upgrading from Squeeze to Wheezy would not introduce new security issues.
Therefore I added bin/lts-needs-forward-port.py (based on lts-cve-triage.py) that lists issues fixed in Squeeze that are unfixed or marked no-dsa in wheezy. O.k. to apply? Cheers, -- Guido
>From 39900d40b7f6a8383c8b217aa7796a3290a66e71 Mon Sep 17 00:00:00 2001 Message-Id: <39900d40b7f6a8383c8b217aa7796a3290a66e71.1453555183.git....@sigxcpu.org> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org> Date: Sat, 23 Jan 2016 13:49:02 +0100 Subject: [PATCH] Add lts-needs-forward-port To: debian-lts@lists.debian.org This looks for issues fixed in LTS but yet unfixed in lts_next. --- bin/lts-needs-forward-port.py | 84 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100755 bin/lts-needs-forward-port.py diff --git a/bin/lts-needs-forward-port.py b/bin/lts-needs-forward-port.py new file mode 100755 index 0000000..f5fe89a --- /dev/null +++ b/bin/lts-needs-forward-port.py @@ -0,0 +1,84 @@ +#!/usr/bin/python + +# Copyright 2015 Raphael Hertzog <hert...@debian.org> +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see <https://www.gnu.org/licenses/>. + +import argparse +import collections +import sys + +from tracker_data import TrackerData, RELEASES + +# lts is currently squeeze, next_lts wheezy +LIST_NAMES = ( + ('needs_fix_in_next_lts', + ('Issues that are unfixed in {next_lts} but fixed in {lts}' + ).format(**RELEASES)), + ('needs_review_in_next_lts', + ('Issues that are no-dsa in {next_lts} but fixed in {lts}' + ).format(**RELEASES)), +) + +lists = collections.defaultdict(lambda: collections.defaultdict(lambda: [])) + +parser = argparse.ArgumentParser( + description='Find discrepancies between suites') +parser.add_argument('--skip-cache-update', action='store_true', + help='Skip updating the tracker data cache') +args = parser.parse_args() +tracker = TrackerData(update_cache=not args.skip_cache_update) + + +def add_to_list(key, pkg, issue): + assert key in [l[0] for l in LIST_NAMES] + lists[key][pkg].append(issue) + + +def main(): + for pkg in tracker.iterate_packages(): + for issue in tracker.iterate_pkg_issues(pkg): + status_in_lts = issue.get_status('lts') + status_in_next_lts = issue.get_status('next_lts') + + if status_in_lts.status in ('not-affected', 'open'): + continue + + if status_in_lts.status == 'resolved': + if status_in_lts.reason == 'fixed in 0': + # The security tracker marks "not-affected" as + # "resolved in version 0" (#812410) + continue + + if status_in_next_lts.status == 'open': + add_to_list('needs_fix_in_next_lts', pkg, issue) + continue + + if status_in_next_lts.status == 'ignored': + add_to_list('needs_review_in_next_lts', pkg, issue) + continue + + for key, desc in LIST_NAMES: + if not len(lists[key]): + continue + print('{}:'.format(desc)) + for pkg in sorted(lists[key].keys()): + cve_list = ' '.join( + [i.name for i in sorted(lists[key][pkg], + key=lambda i: i.name)]) + print('* {:20s} -> {}'.format(pkg, cve_list)) + print('') + +if __name__ == '__main__': + sys.exit(main()) -- 2.7.0.rc3
