Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:restore-release-stamps-and-sort-instead-by-release-version into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. restore-release-stamps-and-sort-instead-by-release-version
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 0ac376a38675ad0addf59403120770b5391ed150
Proposed branch: ~alexmurray/ubuntu-cve-tracker:restore-release-stamps-and-sort-instead-by-release-version
Merge into: ubuntu-cve-tracker:master
Diff against target: 442 lines (+77/-13)
2 files modified
scripts/cve_lib.py (+75/-10)
scripts/test_cve_lib.py (+2/-3)
Reviewer Review Type Date Requested Status
Emilia Torino Approve
Steve Beattie Pending
Ubuntu Security Team Pending
Review via email: mp+440074@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

Failing CI is unrelated to these changes - the unit tests all passed before it failed on check-syntax issues in various CVE files.

Revision history for this message
Alex Murray (alexmurray) wrote :

Ignore the change in cve-mode.el shown in the diff below - that was unintentional and has been removed from this MP but seems LP has not updated the inline diff to match.

Revision history for this message
Steve Beattie (sbeattie) wrote :

This LGTM, though I'm not sure about the impact on the KPIs, so would like Emi's feedback.

The only minor minor thing that gives me pause is using a float value for the version.

Revision history for this message
Emilia Torino (emitorino) wrote :

Thanks for considering this!

I have a question before moving fw, should trusty/esm (which its stamp is 04/2019) be consider before or after xenial (04/2016)?

With this code, trusty/esm is ordered before xenial:

>>> r = ["jammy", "focal", "trusty/esm", "esm-apps/bionic", "trusty", "xenial", "bionic", "esm-apps/jammy"]
>>> import cve_lib
>>> cve_lib.release_sort(r)
['trusty', 'trusty/esm', 'xenial', 'bionic', 'esm-apps/bionic', 'focal', 'jammy', 'esm-apps/jammy']

Maybe this is ok for the uses cases under consideration.

Revision history for this message
Emilia Torino (emitorino) :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Personally I would like trusty/esm to appear after trusty and before xenial when listed in CVE files.

Revision history for this message
Emilia Torino (emitorino) wrote :

> Personally I would like trusty/esm to appear after trusty and before xenial
> when listed in CVE files.

+1 to this as well.

Revision history for this message
Emilia Torino (emitorino) wrote :

LGTM BTW

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
2index 0429f71..f118f93 100755
3--- a/scripts/cve_lib.py
4+++ b/scripts/cve_lib.py
5@@ -107,6 +107,7 @@ subprojects = {
6 "ppa": "ubuntu-esm/esm/ubuntu",
7 "parent": "ubuntu/precise",
8 "description": "Available with UA Infra or UA Desktop: https://ubuntu.com/advantage",
9+ "stamp": 1493521200,
10 },
11 "esm/trusty": {
12 "eol": False,
13@@ -118,6 +119,7 @@ subprojects = {
14 "ppa": "ubuntu-esm/esm-infra-security/ubuntu",
15 "parent": "ubuntu/trusty",
16 "description": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
17+ "stamp": 1556593200,
18 },
19 "esm-infra/xenial": {
20 "eol": False,
21@@ -129,6 +131,7 @@ subprojects = {
22 "ppa": "ubuntu-esm/esm-infra-security/ubuntu",
23 "parent": "ubuntu/xenial",
24 "description": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
25+ "stamp": 1618963200,
26 },
27 "esm-apps/xenial": {
28 "eol": False,
29@@ -140,6 +143,7 @@ subprojects = {
30 "ppa": "ubuntu-esm/esm-apps-security/ubuntu",
31 "parent": "esm-infra/xenial",
32 "description": "Available with Ubuntu Pro: https://ubuntu.com/pro",
33+ "stamp": 1618963200,
34 },
35 "esm-apps/bionic": {
36 "eol": False,
37@@ -151,6 +155,7 @@ subprojects = {
38 "ppa": "ubuntu-esm/esm-apps-security/ubuntu",
39 "parent": "ubuntu/bionic",
40 "description": "Available with Ubuntu Pro: https://ubuntu.com/pro",
41+ "stamp": 1524870000,
42 },
43 "esm-apps/focal": {
44 "eol": False,
45@@ -162,6 +167,7 @@ subprojects = {
46 "ppa": "ubuntu-esm/esm-apps-security/ubuntu",
47 "parent": "ubuntu/focal",
48 "description": "Available with Ubuntu Pro: https://ubuntu.com/pro",
49+ "stamp": 1587567600,
50 },
51 "esm-apps/jammy": {
52 "eol": False,
53@@ -173,6 +179,7 @@ subprojects = {
54 "ppa": "ubuntu-esm/esm-apps-security/ubuntu",
55 "parent": "ubuntu/jammy",
56 "description": "Available with Ubuntu Pro: https://ubuntu.com/pro",
57+ "stamp": 1650693600,
58 },
59 "fips/xenial": {
60 "eol": False,
61@@ -260,6 +267,7 @@ subprojects = {
62 "eol": True,
63 "components": ["main", "restricted", "universe", "multiverse", "partner"],
64 "name": "Ubuntu 4.10",
65+ "version": 4.10,
66 "codename": "Warty Warthog",
67 "alias": "warty",
68 "description": "Interim Release",
69@@ -269,6 +277,7 @@ subprojects = {
70 "eol": True,
71 "components": ["main", "restricted", "universe", "multiverse", "partner"],
72 "name": "Ubuntu 5.04",
73+ "version": 5.04,
74 "codename": "Hoary Hedgehog",
75 "alias": "hoary",
76 "description": "Interim Release",
77@@ -278,6 +287,7 @@ subprojects = {
78 "eol": True,
79 "components": ["main", "restricted", "universe", "multiverse", "partner"],
80 "name": "Ubuntu 5.10",
81+ "version": 5.10,
82 "codename": "Breezy Badger",
83 "alias": "breezy",
84 "description": "Interim Release",
85@@ -287,6 +297,7 @@ subprojects = {
86 "eol": True,
87 "components": ["main", "restricted", "universe", "multiverse", "partner"],
88 "name": "Ubuntu 6.06 LTS",
89+ "version": 6.06,
90 "codename": "Dapper Drake",
91 "alias": "dapper",
92 "description": "Long Term Support",
93@@ -296,6 +307,7 @@ subprojects = {
94 "eol": True,
95 "components": ["main", "restricted", "universe", "multiverse", "partner"],
96 "name": "Ubuntu 6.10",
97+ "version": 6.10,
98 "codename": "Edgy Eft",
99 "alias": "edgy",
100 "description": "Interim Release",
101@@ -305,6 +317,7 @@ subprojects = {
102 "eol": True,
103 "components": ["main", "restricted", "universe", "multiverse", "partner"],
104 "name": "Ubuntu 7.04",
105+ "version": 7.04,
106 "codename": "Feisty Fawn",
107 "alias": "feisty",
108 "description": "Interim Release",
109@@ -314,6 +327,7 @@ subprojects = {
110 "eol": True,
111 "components": ["main", "restricted", "universe", "multiverse", "partner"],
112 "name": "Ubuntu 7.10",
113+ "version": 7.10,
114 "codename": "Gutsy Gibbon",
115 "alias": "gutsy",
116 "description": "Interim Release",
117@@ -323,6 +337,7 @@ subprojects = {
118 "eol": True,
119 "components": ["main", "restricted", "universe", "multiverse", "partner"],
120 "name": "Ubuntu 8.04 LTS",
121+ "version": 8.04,
122 "codename": "Hardy Heron",
123 "alias": "hardy",
124 "description": "Long Term Support",
125@@ -332,6 +347,7 @@ subprojects = {
126 "eol": True,
127 "components": ["main", "restricted", "universe", "multiverse", "partner"],
128 "name": "Ubuntu 8.10",
129+ "version": 8.10,
130 "codename": "Intrepid Ibex",
131 "alias": "intrepid",
132 "description": "Interim Release",
133@@ -341,6 +357,7 @@ subprojects = {
134 "eol": True,
135 "components": ["main", "restricted", "universe", "multiverse", "partner"],
136 "name": "Ubuntu 9.04",
137+ "version": 9.04,
138 "codename": "Jaunty Jackalope",
139 "alias": "jaunty",
140 "description": "Interim Release",
141@@ -350,6 +367,7 @@ subprojects = {
142 "eol": True,
143 "components": ["main", "restricted", "universe", "multiverse", "partner"],
144 "name": "Ubuntu 9.10",
145+ "version": 9.10,
146 "codename": "Karmic Koala",
147 "alias": "karmic",
148 "description": "Interim Release",
149@@ -359,6 +377,7 @@ subprojects = {
150 "eol": True,
151 "components": ["main", "restricted", "universe", "multiverse", "partner"],
152 "name": "Ubuntu 10.04 LTS",
153+ "version": 10.04,
154 "codename": "Lucid Lynx",
155 "alias": "lucid",
156 "description": "Long Term Support",
157@@ -368,6 +387,7 @@ subprojects = {
158 "eol": True,
159 "components": ["main", "restricted", "universe", "multiverse", "partner"],
160 "name": "Ubuntu 10.10",
161+ "version": 10.10,
162 "codename": "Maverick Meerkat",
163 "alias": "maverick",
164 "description": "Interim Release",
165@@ -377,6 +397,7 @@ subprojects = {
166 "eol": True,
167 "components": ["main", "restricted", "universe", "multiverse", "partner"],
168 "name": "Ubuntu 11.04",
169+ "version": 11.04,
170 "codename": "Natty Narwhal",
171 "alias": "natty",
172 "description": "Interim Release",
173@@ -386,6 +407,7 @@ subprojects = {
174 "eol": True,
175 "components": ["main", "restricted", "universe", "multiverse", "partner"],
176 "name": "Ubuntu 11.10",
177+ "version": 11.10,
178 "codename": "Oneiric Ocelot",
179 "alias": "oneiric",
180 "description": "Interim Release",
181@@ -395,6 +417,7 @@ subprojects = {
182 "eol": True,
183 "components": ["main", "restricted", "universe", "multiverse", "partner"],
184 "name": "Ubuntu 12.04 LTS",
185+ "version": 12.04,
186 "codename": "Precise Pangolin",
187 "alias": "precise",
188 "description": "Long Term Support",
189@@ -404,6 +427,7 @@ subprojects = {
190 "eol": True,
191 "components": ["main", "restricted", "universe", "multiverse", "partner"],
192 "name": "Ubuntu 12.10",
193+ "version": 12.10,
194 "codename": "Quantal Quetzal",
195 "alias": "quantal",
196 "description": "Interim Release",
197@@ -413,6 +437,7 @@ subprojects = {
198 "eol": True,
199 "components": ["main", "restricted", "universe", "multiverse", "partner"],
200 "name": "Ubuntu 13.04",
201+ "version": 13.04,
202 "codename": "Raring Ringtail",
203 "alias": "raring",
204 "description": "Interim Release",
205@@ -422,6 +447,7 @@ subprojects = {
206 "eol": True,
207 "components": ["main", "restricted", "universe", "multiverse", "partner"],
208 "name": "Ubuntu 13.10",
209+ "version": 13.10,
210 "codename": "Saucy Salamander",
211 "alias": "saucy",
212 "description": "Interim Release",
213@@ -431,6 +457,7 @@ subprojects = {
214 "eol": True,
215 "components": ["main", "restricted", "universe", "multiverse", "partner"],
216 "name": "Ubuntu 14.04 LTS",
217+ "version": 14.04,
218 "codename": "Trusty Tahr",
219 "alias": "trusty",
220 "description": "Long Term Support",
221@@ -440,6 +467,7 @@ subprojects = {
222 "eol": True,
223 "components": ["main", "restricted", "universe", "multiverse", "partner"],
224 "name": "Ubuntu 14.10",
225+ "version": 14.10,
226 "codename": "Utopic Unicorn",
227 "alias": "utopic",
228 "description": "Interim Release",
229@@ -449,6 +477,7 @@ subprojects = {
230 "eol": True,
231 "components": ["main", "restricted", "universe", "multiverse", "partner"],
232 "name": "Ubuntu 15.04",
233+ "version": 15.04,
234 "codename": "Vivid Vervet",
235 "alias": "vivid",
236 "description": "Interim Release",
237@@ -458,6 +487,7 @@ subprojects = {
238 "eol": True,
239 "components": ["main", "restricted", "universe", "multiverse", "partner"],
240 "name": "Ubuntu 15.10",
241+ "version": 15.10,
242 "codename": "Wily Werewolf",
243 "alias": "wily",
244 "description": "Interim Release",
245@@ -467,6 +497,7 @@ subprojects = {
246 "eol": True,
247 "components": ["main", "restricted", "universe", "multiverse", "partner"],
248 "name": "Ubuntu 16.04 LTS",
249+ "version": 16.04,
250 "codename": "Xenial Xerus",
251 "alias": "xenial",
252 "description": "Long Term Support",
253@@ -476,6 +507,7 @@ subprojects = {
254 "eol": True,
255 "components": ["main", "restricted", "universe", "multiverse", "partner"],
256 "name": "Ubuntu 16.10",
257+ "version": 16.10,
258 "codename": "Yakkety Yak",
259 "alias": "yakkety",
260 "description": "Interim Release",
261@@ -485,6 +517,7 @@ subprojects = {
262 "eol": True,
263 "components": ["main", "restricted", "universe", "multiverse", "partner"],
264 "name": "Ubuntu 17.04",
265+ "version": 17.04,
266 "codename": "Zesty Zapus",
267 "alias": "zesty",
268 "description": "Interim Release",
269@@ -494,6 +527,7 @@ subprojects = {
270 "eol": True,
271 "components": ["main", "restricted", "universe", "multiverse", "partner"],
272 "name": "Ubuntu 17.10",
273+ "version": 17.10,
274 "codename": "Artful Aardvark",
275 "alias": "artful",
276 "description": "Interim Release",
277@@ -504,6 +538,7 @@ subprojects = {
278 "oval": True,
279 "components": ["main", "restricted", "universe", "multiverse", "partner"],
280 "name": "Ubuntu 18.04 LTS",
281+ "version": 18.04,
282 "codename": "Bionic Beaver",
283 "alias": "bionic",
284 "description": "Long Term Support",
285@@ -513,6 +548,7 @@ subprojects = {
286 "eol": True,
287 "components": ["main", "restricted", "universe", "multiverse", "partner"],
288 "name": "Ubuntu 18.10",
289+ "version": 18.10,
290 "codename": "Cosmic Cuttlefish",
291 "alias": "cosmic",
292 "description": "Interim Release",
293@@ -522,6 +558,7 @@ subprojects = {
294 "eol": True,
295 "components": ["main", "restricted", "universe", "multiverse", "partner"],
296 "name": "Ubuntu 19.04",
297+ "version": 19.04,
298 "codename": "Disco Dingo",
299 "alias": "disco",
300 "description": "Interim Release",
301@@ -531,6 +568,7 @@ subprojects = {
302 "eol": True,
303 "components": ["main", "restricted", "universe", "multiverse", "partner"],
304 "name": "Ubuntu 19.10",
305+ "version": 19.10,
306 "codename": "Eoan Ermine",
307 "alias": "eoan",
308 "description": "Interim Release",
309@@ -541,6 +579,7 @@ subprojects = {
310 "oval": True,
311 "components": ["main", "restricted", "universe", "multiverse", "partner"],
312 "name": "Ubuntu 20.04 LTS",
313+ "version": 20.04,
314 "codename": "Focal Fossa",
315 "alias": "focal",
316 "description": "Long Term Support",
317@@ -550,6 +589,7 @@ subprojects = {
318 "eol": True,
319 "components": ["main", "restricted", "universe", "multiverse", "partner"],
320 "name": "Ubuntu 20.10",
321+ "version": 20.10,
322 "codename": "Groovy Gorilla",
323 "alias": "groovy",
324 "description": "Interim Release",
325@@ -559,6 +599,7 @@ subprojects = {
326 "eol": True,
327 "components": ["main", "restricted", "universe", "multiverse", "partner"],
328 "name": "Ubuntu 21.04",
329+ "version": 21.04,
330 "codename": "Hirsute Hippo",
331 "alias": "hirsute",
332 "description": "Interim Release",
333@@ -568,6 +609,7 @@ subprojects = {
334 "eol": True,
335 "components": ["main", "restricted", "universe", "multiverse", "partner"],
336 "name": "Ubuntu 21.10",
337+ "version": 21.10,
338 "codename": "Impish Indri",
339 "alias": "impish",
340 "description": "Interim Release",
341@@ -578,6 +620,7 @@ subprojects = {
342 "oval": True,
343 "components": ["main", "restricted", "universe", "multiverse", "partner"],
344 "name": "Ubuntu 22.04 LTS",
345+ "version": 22.04,
346 "codename": "Jammy Jellyfish",
347 "alias": "jammy",
348 "description": "Long Term Support",
349@@ -588,6 +631,7 @@ subprojects = {
350 "oval": True,
351 "components": ["main", "restricted", "universe", "multiverse"],
352 "name": "Ubuntu 22.10",
353+ "version": 22.10,
354 "codename": "Kinetic Kudu",
355 "alias": "kinetic",
356 "devel": False,
357@@ -599,6 +643,7 @@ subprojects = {
358 "oval": True,
359 "components": ["main", "restricted", "universe", "multiverse"],
360 "name": "Ubuntu 23.04",
361+ "version": 23.04,
362 "codename": "Lunar Lobster",
363 "alias": "lunar",
364 "devel": True, # there can be only one ⚔
365@@ -717,7 +762,7 @@ def release_progenitor(rel):
366 return parent
367
368 def release_stamp(rel):
369- """Return the time stamp for rel."""
370+ """Return the time stamp for rel or its parent if it doesn't define one."""
371 stamp = -1
372 _, _, _, details = get_subproject_details(rel)
373 if details:
374@@ -733,6 +778,20 @@ def release_stamp(rel):
375 stamp = details["stamp"]
376 return stamp
377
378+def release_version(rel):
379+ """Return the version for rel or its parent if it doesn't have one."""
380+ version = 0.0
381+ _, _, _, details = get_subproject_details(rel)
382+ if details:
383+ try:
384+ version = details["version"]
385+ except KeyError:
386+ rel = release_progenitor(rel)
387+ _, _, _, details = get_subproject_details(rel)
388+ if details:
389+ version = details["version"]
390+ return version
391+
392 def release_ppa(rel):
393 """Return the ppa for a given subproject."""
394 ppa = None
395@@ -889,15 +948,21 @@ for release in subprojects:
396
397
398 def release_sort(release_list):
399- '''takes a list of release names and sorts them in release order'''
400-
401- # turn list into a tuples of (name, release stamp)
402- rels = [(x, release_stamp(x)) for x in release_list]
403- # sort list by release stamp (formatted to 20 places so we don't have to
404- # worry about the number of digits in the stamp) but also prepend the
405- # release name so releases that have the same stamp sort in alphabetical
406- # order by name, then pull out just the names
407- return [x[0] for x in sorted(rels, key=lambda x: ("%020d" % x[1]) + x[0])]
408+ '''takes a list of release names and sorts them in release order
409+
410+ This is not a strict ordering based on when the release was made but a logic
411+ ordering used for human consumption.
412+ '''
413+
414+ # turn list into a tuples of (name, version) - we want sub-releases to sort
415+ # later than their parent, so introduce a hack to add one month to their
416+ # release version so they sort after their parent
417+ rels = [(x, release_version(x) + 0.01 if "/" in x else release_version(x))
418+ for x in release_list]
419+ # sort by release version but also append the release name so releases that
420+ # have the same stamp sort in alphabetical order by name, then pull out just
421+ # the names
422+ return [x[0] for x in sorted(rels, key=lambda x: ("%02.2f" % x[1]) + x[0])]
423
424
425 def release_is_older_than(release_a, release_b):
426diff --git a/scripts/test_cve_lib.py b/scripts/test_cve_lib.py
427index 8d9792c..c5130dc 100755
428--- a/scripts/test_cve_lib.py
429+++ b/scripts/test_cve_lib.py
430@@ -71,10 +71,9 @@ class TestPackageOverrideTests:
431
432 class TestReleaseSort:
433 def test_release_sort(self):
434- print(cve_lib.all_releases)
435 assert cve_lib.release_sort(
436- ["jammy", "focal", "xenial", "bionic", "esm-apps/jammy"]) == \
437- ["xenial", "bionic", "focal", "esm-apps/jammy", "jammy"]
438+ ["jammy", "focal", "esm-apps/bionic", "xenial", "bionic", "esm-apps/jammy"]) == \
439+ ["xenial", "bionic", "esm-apps/bionic", "focal", "jammy", "esm-apps/jammy"]
440
441 # check all release lists in cve_lib are sorted OOTB
442 @pytest.mark.parametrize("releases",

Subscribers

People subscribed via source and target branches