Parent Directory | Revision Log
|Links to HEAD:||(view) (download) (as text) (annotate)|
Raise a proper exception instead of failing an assertion fw: why is there a reason field? it doesn't seem to be used at all. In fact, it pretty much looks like 'comment' is redundant and 'reason' should be the one getting a value assigned.
lib/python/bugs.py: switch to hash-based temporary names Thanks to Stefan Fritsch for the suggestion.
use nvd urgencies and add finer control for per-release pages
per-release page refactoring
adding support for <undetermined> in the tracker service. feedback and comments are very welcome.
Let's just go ahead and commit to see if it works. If anything breaks, I'll revert. Unfortunately I don't have a test setup for the Security Tracker and I don't know how to setup one.
lib/python/bug.spy (FileBase.__iter__): use kludge for <no-dsa>, too
lib/python/bugs.py: Replace integer type asserts to with int conversion The reason is that even in Python 2.5, numeric objects fluctuate between int and long types.
Rejected CVEs with package notes are no longer an error Without this change, an update from the CVE database may result in failed consistency checks, which is not desirable. In a later commit, the web front end will be extended to list such CVE entries. This will provide interested parties with a means to perform cleanups.
Fix typo in error message
CVE no longer uses separate names for candidates This means that we can simplify bugs.BugBase.cveStatus a bit.
Remove unused methods The following methods are removed: bugs.PackageNote.affects bugs.PackageNote.affectsKernel bugs.PackageNote.fixedVersion bugs.PackageNote.sourceStatus bugs.BugBase.hasTODO bugs.BugBase.isKernelOnly
* lib/python/bugs.py (PackageNote, BugBase, Bug): Losen type checks for string arguments, to support Unicode strings.
make tracker accept May as a month name for DTSAs
After the release of etch, the DTSA file will contain historic entries for etch, and new ones for lenny. Our previous automatic tagging of all entries as etch does not work anymore. Hence, we make the release indicator explicit. * lib/python/bugs.py (DTSAFile.finishBug): Verify that a release has been specified. No longer default to "etch". * data/DTSA/list Mark all entries as etch.
Treat packages marked as <removed> as source packages. This allows us to track firefox issues again. * lib/python/bugs.py (FileBase): Keep track of removed packages. * lib/python/security_db.py (DB.readBugs): Populate removed_packages table using <removed> entries. (DB.readRemovedPackages): Remove method. * bin/update-db: Do not call readRemovedPackages anymore.
Various changes to switch from FAKE- to TEMP- prefixes (Yeah, less than stellar engineering that this isn't concentrated in a single place.)
* lib/python/bugs.py (FileBase.re_package_version) Yet another fix for ~ versions.
* lib/python/bugs.py (FileBase.__iter__): Fix name generation for bugs involving <no-dsa> notes.
Add support for no-dsa handling to the database. This is still preliminary. lib/python/bugs.py (PackageNoteNoDSA): New class. (BugBase.__init__): Losen assert to include PackageNoteNoDSA. (FileBase.__iter__): Create PackageNoteNoDSA objects. lib/python/security_db.py (DB): Bump schema version to 21. Add package_notes_nodsa table. Add schema migration code. (DB.readBugs): Clear package_notes_nodsa table.
lib/python/bugs.py (FileBase.__iter__): Handle <no-dsa>, by treating it as <unfixed> for now.
lib/python/bugs.py (FileBase): Tolerate more kinds of whitespace in some places.
lib/python/bugs.py (FileBase.__iter__): Include NOT-FOR-US: reason in comment.
Remove support for FIXES: and FIXED-BY:. Instead, automatically copy notes from DTSA to CVE if there is a cross-reference. The copying code is updated so that it can handle conflicting annotations. If there is a conflict, the later version wins. lib/python/bugs.py (BugBase, Bug): Remove xref_fixes and xref_fixedby members. (FileBase): Remove FIXES:/FIXED-BY: regexps and corresponding code. lib/python/security_db.py (DB): Bump schema version. (DB.initSchema): Remove normalized_target and copy_notes field from the bugs_xref table. (DB.readBugs): No need to maintain the normalized_target column anymore. Update the code which copies the notes. The code is much simpler now because we do not handle recursive copies. (DB.getBugXrefs): Use target instead of normalized_target.
r611@deneb: fw | 2005-10-13 22:01:11 +0200 lib/python/bugs.py (BugFromDB.__init__): Fix bogus result for DSA lookup.
r262@deneb: fw | 2005-09-29 21:08:13 +0200 lib/python/bugs.py (Bugs.mergeNotes): Deal with "None" releases in the sorting code.
First round of updates for the CAN -> CVE transition. lib/python/bugs.py (CANFile): Remove, merge with CVEFile. (BugBase.re_cve_name, BugBase.__init__, FileBase.re_*, FileBase.__iter__): Remove CAN-specific parts. (test): Update. lib/python/security_db.py (DB.readBugs): Do not read CAN/list. No longer normalize cross-references (test): Update.
Treat "unfixed" like "removed".
lib/python/bugs.py (FileBase): Make package note regexps more strict. (FileBase.rawRecords): Patch in the new-format "NOT-FOR-US:" entries for old entries.
Implement "REJECTED" and "RESERVED".
Implement NOT-FOR-US:, <unfixed>, <not-affected> and <itp>. lib/python/bugs.py (PackageNote.writeDB): Store package_kind attribute in the database, so that we can detect notes for ITPs. (PackageNoteParsed.__init__): 'unfixed' is no longer a valid tag. (FileBase): Update regular expressions. (FileBase.__iter__): Parse new "- PACKAGE <TAG>" annotations. Implement NOT-FOR-US:. Caclulate the Debian bug number for a FAKE name when it is needed. lib/python/security_db.py (DB.calculateVulnerabilities): Do not overrite "itp" values in the package_kind column of package_notes. Check that ITPed packages are not present in the archive. (DB.getITPs): New method.
lib/python/bugs.py (FileBase.__iter__): Assign "unimportant" urgency to not-affected packages. lib/python/security_db.py (DB.getBugsForSourcePackage, DB.getBugsForBinaryPackage): Filter out unimportant bugs. (DB.getNonBugsForBinaryPackage): New.
lib/python/bugs.py (PackageNoteParsed.__iter__): Permit "bug filed" in package notes. data/README: Document it.
lib/python/bugs.py (FileBase.__iter__): Accept "- PACKAGE not-affected" (i.e. without comment).
Add "FIXES:" and "FIXED-BY:" directives. lib/python/bugs.py (PackageNote): New attribute "bug_origin". (PackageNote.writeDB): No longer skipr writing when self.id has been set (so that writeDB can be used for cloning notes). Write the bug_origin attribute. (PackageNoteFromDB): Read the bug_origin attribute. (BugBase): Initialize the xref_fixes and xref_fixedby attributes. (BugBase.writeDB): Write them. (Bug): Pass through xref_fixes and xref_fixedby in constructor. (BugFroMDB): Load them. (FileBase): New regexps re_xref_fixes_required, re_xref_fixes, re_xref_fixedby_required, re_xref_fixedby. (FileBase.__iter__): Record FIXES: and FIXED-BY:. lib/python/security_db.py (DB): Bump schema version. (DB.initSchema): Add bug_origin column to the packages_notes table. Add copy_notes column to bugs_xref. (DB.readBugs): Remove incremental reading. Add new code that copies package notes, as requested by the FIXES: and FIXED-BY: directives.
Make (bug_name, package, release) unique in the package_notes table. This is necessary because otherwise, the version tracking code does not work right. We do not lose any data by doing this; package status was already tracked by bug and not by package note. lib/python/bugs.py (PackageNote.merge, Bug.mergeNotes): New. (CANFile.finishBugs, CVEFile.finishBugs, DSAFile.finishBugs): New. Merge package notes for CAN, CVE and DSA files. lib/python/security_db.py (DB): Bump schema version. (DB.initSchema): Add the UNIQUE index mentioned above. lib/python/debian_support.py (mergeAsSets): New. (test): Test cases for mergeAsSets.
lib/python/bugs.py (FileBase.finishBug): New method to apply last-minute checks to bug objects. (FileBase.__iter__): Use it. (DSAFile.finishBug): Override, to enforce the "etch" tag.
data/security.db (BugFromDB): Load the bug even when an alias name is used (CAN vs. CVE, DSA without revision number).
lib/python/bugs.py (BugFromDB.getDebianBugs): Optimize SELECT statement. (BugFromDB.getSourcePackages, BugFromDB.getBinaryPackages): Move to security_db.DB. lib/python/security_db.py (DB._initFunctions): Register user-defined SQLite functions. (DB.getSourcePackages, DB.getBinaryPackages): Renamed from bugs.BugFromDB. Implement aggregation.
CAN-2002-1767: Fix spelling. lib/python/bugs.py (FileBase.re_not_for_us_required): Catch more typos.
lib/python/security_db.py (DB): Update schema versioning code. Replace table bugs_status with bug_status. Add bug_name and release columns to source_package_status and binary_package_status. (DB.calculateVulnerabilities): First attempt at bug status calculation. It's rather broken, unfortunately. lib/python/bugs.py (BugFromDB.getStatus): New method, to get the results of the bug status calculation.
lib/python/bugs.py (BugFromDB.getSourcePackages): Add. Needs more work. (BugFromDB.getBinaryPackages): Sort by version (and package name). This makes the output somewhat more tolerable.
lib/python/security_db.py (DB): Add source_version_id column to binary_packages table. (DB._updateVersions): Update source_version_id, too. (DB.calculateVulnerabilities): Add code to determine vulnerable binary packages, based on their source packages. lib/python/bugs.py (BugFromDB.getBinaryPackages): New method. Needs more work. (test): Fix.
Keep track of advisory release dates so that we can generate links to Debian advisories. lib/python/security_db.py (DB): Change database schema: Add release_date column to bugs table. lib/python/security_db.py (BugBase, BugFromDB): Add date attribute.
Record whether a package note refers to a source or binary package. lib/python/security_db.py (DB): Upgrade schema. Add package_kind column to package_notes. (DB.calculateVulnerabilities): Update and use package_kind. lib/python/bugs.py (PackageNote, PackageNoteFromDB, BugFromDB): Add package_kind attribute.
Implement bin/update-db, to update the database with a single command. Most processing is skipped if no input files have been modified. lib/python/security_db.py (SchemaMismatch): New exception. (DB): Handle schema versioning. (DB.initSchema): Add subrelease column to source_packages and binary_packages. Set user_version. Remove stray commit. (DB._parseFile): Return information to the caller if the file is unchanged. (DB.readPackages): Move deletion code to callees. (DB._readSourcePackages, DB._readBinaryPackages): Implement incremental updates. Add subrelease. Need to invoke _clearVersions if any changes are made. (DB.deleteBugs, DB.finishBugs): Moved into readBugs. (DB.insertBugs): Rename ... (DB.readBugs): ... to this one. Implement incremental updates. Invoke _clearVersions if necessary. (DB._clearVersions): Add. (DB._updateVersions): Skip processing if _clearVersions has not been invoked. (DB.getVersion, DB.releaseContainsPackage, DB._synthesizeReleases): Obsolete, remove. (test): Update. lib/python/bugs.py (CANFile, CVEFile): Split into two classes, which handle the differences between the two files. bin/check-syntax: Update accordingly. bin/update-db: New database update script. Implements incremental updates. Makefile: Remove references to bin/update-packages. Simplify drastically.
This change groups binary packages for different architectures, as long as they have the same version. Synthesis of testing/stable/oldstable has been disabled (and will be replaced with new code). lib/python/security_db.py (mergeLists): New helper functions to deal with architecture lists. (DB.initSchema): Add parsed column to inodeprints table. Update source_packages and binary_packages table. Split package_status into source_package_status and binary_package_status. (DB.updateSources, DB.updatePackages): Remove and replace with ... (DB.readPackages): ... new method. (DB.availableReleases, DB._updateVersions): Adjust to new schema. (DB.calculateVulnerabilities): Disable synthesis of testing etc. Adjust to new schema. Fix bug in large INSERT INTO statements: Need t.release = p.release instead of t.release = n.release. Add return to disable bug-specific rating code. (test): Update. lib/python/bugs.py (PackageNote.releaseStatus): Rename ... (PackageNote.sourceStatus): ... and make it specific to source packages. (BugFromDB.getDebianBugs): New method to get a list of Debian bug numbers. bin/update-packages (import): Automatically reads the correct directory. Makefile (stamps/packages-imported): Update accordingly.
Ongoing work to implement version tracking. The current approach does not scale with the number of architectures, though. lib/python/security_db.py (DB): Add nicknames member. (DB.initSchema): Add nicknames and package_status tables. Add index package_notes_bug. (DB._synthesizeReleases): New method to build testing etc. distributions. (DB.calculateVulnerabilities): Update to use new tables. Return list of problems detected. lib/python/bugs.py (PackageNote.releaseStatus): New method to check for affected releases. bin/update-vulnerabilities: Print list of detected problems.
Add a crude check to discover kernel-only bug reports. (I found a better way to deal with this situation, though.) lib/python/bugs.py (PackageNote.affectsKernel, BugBase.isKernelOnly): Add.
Add support for release annotations of the form "[woody] - PACKAGE VERSION". (Currently not used in any input file.) lib/python/bugs.py (PackageNote.writeDB): Convert release objects to strings. (PackageNoteParsed): Pass in release information. Do not extract it from the package-specific notes. (FileBase.re_package_required, FileBase.re_package): Detect release annotations. (FileBase.__iter__): Extract them. (DSAFile): Moved "!" hack to base class.
First step towards calculating sets of vulnerable packages. This is currently directed towards testing (but does not yet process the secure-testing archive). A new table is added, so "make clean" is required. The remaining problem (besides potential bugs in the code) is how to deal with kernel updates, IOW how to detect them and ignore them. bin/update-vulnerabilities: New script, updates the bugs_status table. lib/python/bugs.py (PackageNote.affects): Fix all kinds of errors. The code never ran before, it seems. 8-/ (PackageNote.fixedVersion): Add. (BugBase.hasTODO): Add. (BugReservedCVE, BugRejectedCVE): Mark as not-for-us. (FileBase.rawRecords): Mark all un-annotated bugs after STOP: field as not-for-us. lib/python/security_db.py (DB.initSchema): Add table bugs_status. (DB.finishBugs): Run to completion even if there are conflicting CAN/CVE entries. (DB.getVersion, calculateVulnerabilities): New methods. (test): Update. lib/python/debian_support.py (Version): Add a type check. Makefile: Add stamps/calc-vulns target. bin/update-packages: Fix typo in comment.
lib/python/bugs.py (CVEFile.matchHeader): Remove matching parenthesis and brackets.
lib/python/debian_support.py (ParseError): Add class. lib/python/debian_support.py (PackageFile.raiseSyntaxError):o Raise ParseError instead of SyntaxError. bin/check-syntax, bin/update-bug-list-db: Handle the ParseError exception gracefully. lib/python/bugs.py (CVEFile.matchHeader): Check parentheses/brackets. data/CAN/list: Fix uncovered syntax errors.
Add list parser written in Python. "make check" runs a syntax check (no SQLite required). "make all" updates the SQLite database, and performs cross-list consistency checks. There is some support for loading Debian Package/Sources files, but this information is currently not used by the checks.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
|Powered by ViewVC 1.1.5|