Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:check-syntax-support-for-kernel-patches into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. check-syntax-support-for-kernel-patches
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 09d9db546cb44ac19c999a34cf41e2a1b2f5a8cc
Proposed branch: ~alexmurray/ubuntu-cve-tracker:check-syntax-support-for-kernel-patches
Merge into: ubuntu-cve-tracker:master
Diff against target: 456 lines (+162/-97) (has conflicts)
15 files modified
active/CVE-2021-46904 (+1/-0)
active/CVE-2021-46905 (+1/-0)
active/CVE-2022-48626 (+1/-0)
active/CVE-2023-52469 (+1/-0)
active/CVE-2024-26602 (+4/-0)
ignored/CVE-2019-12379 (+1/-0)
ignored/CVE-2019-12454 (+1/-0)
ignored/CVE-2022-3642 (+1/-0)
ignored/CVE-2023-35825 (+1/-0)
retired/CVE-2008-1375 (+1/-0)
retired/CVE-2019-12455 (+2/-1)
retired/CVE-2021-3542 (+1/-0)
scripts/active_edit (+2/-96)
scripts/check-syntax (+32/-0)
scripts/cve_lib.py (+112/-0)
Conflict in active/CVE-2024-26602
Reviewer Review Type Date Requested Status
Marc Deslauriers Approve
Review via email: mp+461311@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Seth Arnold (seth-arnold) wrote :

A few random comments throughout; I realize some are against the previous version, but it's better late than never...

Revision history for this message
Alex Murray (alexmurray) wrote :

This will likely be easier to review by looking at the individual commits.

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks Seth - I've added some extra changes for the regex precompilation etc, and tried to address your other comments too.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

The commits look good! Now that I think about it, I agree that putting it in check-syntax and only applying it if there is no break-fix is the right approach.

The only thing that may need changing in the future is:

+ assert commit_hash is not None
+

I'd probably just "return []" there so that a bad upstream patch for some reason wouldn't break our triage, but I think that's unlikely to ever happen.

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks Marc - good point, I made it print an error as well in that case.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/active/CVE-2021-46904 b/active/CVE-2021-46904
index f19d00f..72c1b40 100644
--- a/active/CVE-2021-46904
+++ b/active/CVE-2021-46904
@@ -15,6 +15,7 @@ Assigned-to:
15CVSS:15CVSS:
1616
17Patches_linux:17Patches_linux:
18 break-fix: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 8a12f8836145ffe37e9c8733dce18c22fb668b66
18upstream_linux: needs-triage19upstream_linux: needs-triage
19trusty_linux: ignored (end of standard support)20trusty_linux: ignored (end of standard support)
20trusty/esm_linux: needs-triage21trusty/esm_linux: needs-triage
diff --git a/active/CVE-2021-46905 b/active/CVE-2021-46905
index c1b64e9..c422718 100644
--- a/active/CVE-2021-46905
+++ b/active/CVE-2021-46905
@@ -15,6 +15,7 @@ Assigned-to:
15CVSS:15CVSS:
1616
17Patches_linux:17Patches_linux:
18 break-fix: 8a12f8836145ffe37e9c8733dce18c22fb668b66 2ad5692db72874f02b9ad551d26345437ea4f7f3
18upstream_linux: not-affected (debian: No Debian released version vulnerable)19upstream_linux: not-affected (debian: No Debian released version vulnerable)
19trusty_linux: ignored (end of standard support)20trusty_linux: ignored (end of standard support)
20trusty/esm_linux: needs-triage21trusty/esm_linux: needs-triage
diff --git a/active/CVE-2022-48626 b/active/CVE-2022-48626
index dc2d16c..76d45c6 100644
--- a/active/CVE-2022-48626
+++ b/active/CVE-2022-48626
@@ -15,6 +15,7 @@ Assigned-to:
15CVSS:15CVSS:
1616
17Patches_linux:17Patches_linux:
18 break-fix: - bd2db32e7c3e35bd4d9b8bbff689434a50893546
18upstream_linux: needs-triage19upstream_linux: needs-triage
19trusty_linux: ignored (end of standard support)20trusty_linux: ignored (end of standard support)
20trusty/esm_linux: needs-triage21trusty/esm_linux: needs-triage
diff --git a/active/CVE-2023-52469 b/active/CVE-2023-52469
index 5d4154b..f4d8a33 100644
--- a/active/CVE-2023-52469
+++ b/active/CVE-2023-52469
@@ -17,6 +17,7 @@ Assigned-to:
17CVSS:17CVSS:
1818
19Patches_linux:19Patches_linux:
20 break-fix: a2e73f56fa6282481927ec43aa9362c03c2e2104 28dd788382c43b330480f57cd34cde0840896743
20upstream_linux: needs-triage21upstream_linux: needs-triage
21trusty_linux: ignored (end of standard support)22trusty_linux: ignored (end of standard support)
22trusty/esm_linux: needs-triage23trusty/esm_linux: needs-triage
diff --git a/active/CVE-2024-26602 b/active/CVE-2024-26602
index b7e01d9..630af59 100644
--- a/active/CVE-2024-26602
+++ b/active/CVE-2024-26602
@@ -15,6 +15,10 @@ Assigned-to:
15CVSS:15CVSS:
1616
17Patches_linux:17Patches_linux:
18<<<<<<< active/CVE-2024-26602
19=======
20 break-fix: 22e4ebb975822833b083533035233d128b30e98f 944d5fe50f3f03daacfea16300e656a1691c4a23
21>>>>>>> active/CVE-2024-26602
18 break-fix: c5f58bd58f432be5d92df33c5458e0bcbee3aadf 944d5fe50f3f03daacfea16300e656a1691c4a2322 break-fix: c5f58bd58f432be5d92df33c5458e0bcbee3aadf 944d5fe50f3f03daacfea16300e656a1691c4a23
19upstream_linux: needs-triage23upstream_linux: needs-triage
20trusty_linux: ignored (end of standard support)24trusty_linux: ignored (end of standard support)
diff --git a/ignored/CVE-2019-12379 b/ignored/CVE-2019-12379
index a4f7043..8dd5d99 100644
--- a/ignored/CVE-2019-12379
+++ b/ignored/CVE-2019-12379
@@ -21,6 +21,7 @@ CVSS:
21 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]21 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]
2222
23Patches_linux:23Patches_linux:
24 break-fix: - 84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac
24upstream_linux: ignored (not an issue)25upstream_linux: ignored (not an issue)
25precise/esm_linux: ignored (end of life, was needs-triage)26precise/esm_linux: ignored (end of life, was needs-triage)
26trusty_linux: ignored (end of standard support)27trusty_linux: ignored (end of standard support)
diff --git a/ignored/CVE-2019-12454 b/ignored/CVE-2019-12454
index b77df14..ec5441e 100644
--- a/ignored/CVE-2019-12454
+++ b/ignored/CVE-2019-12454
@@ -24,6 +24,7 @@ CVSS:
24 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]24 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]
2525
26Patches_linux:26Patches_linux:
27 break-fix: - a54988113985ca22e414e132054f234fc8a92604
27upstream_linux: not-affected (debian: Vulnerable code not present, introduced in 5.1-rc1)28upstream_linux: not-affected (debian: Vulnerable code not present, introduced in 5.1-rc1)
28precise/esm_linux: ignored (end of life, was needs-triage)29precise/esm_linux: ignored (end of life, was needs-triage)
29trusty_linux: ignored (end of standard support)30trusty_linux: ignored (end of standard support)
diff --git a/ignored/CVE-2022-3642 b/ignored/CVE-2022-3642
index 5d2904a..f3cf007 100644
--- a/ignored/CVE-2022-3642
+++ b/ignored/CVE-2022-3642
@@ -19,6 +19,7 @@ CVSS:
19 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]19 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]
2020
21Patches_linux:21Patches_linux:
22 break-fix: c888183b21f36a247bb166ca9365705611bea847 80e5acb6dd72b25a6e6527443b9e9c1c3a7bcef6
22upstream_linux: not-affected (debian: only wireless-next)23upstream_linux: not-affected (debian: only wireless-next)
23esm-infra/xenial_linux: needs-triage24esm-infra/xenial_linux: needs-triage
24trusty_linux: ignored (end of standard support)25trusty_linux: ignored (end of standard support)
diff --git a/ignored/CVE-2023-35825 b/ignored/CVE-2023-35825
index ff67bb5..6e42c4e 100644
--- a/ignored/CVE-2023-35825
+++ b/ignored/CVE-2023-35825
@@ -23,6 +23,7 @@ Assigned-to:
23CVSS:23CVSS:
2424
25Patches_linux:25Patches_linux:
26 break-fix: - 63264422785021704c39b38f65a78ab9e4a186d7
26upstream_linux: released (6.3.7-1)27upstream_linux: released (6.3.7-1)
27trusty_linux: ignored (end of standard support)28trusty_linux: ignored (end of standard support)
28trusty/esm_linux: needs-triage29trusty/esm_linux: needs-triage
diff --git a/retired/CVE-2008-1375 b/retired/CVE-2008-1375
index cfacb91..87c677d 100644
--- a/retired/CVE-2008-1375
+++ b/retired/CVE-2008-1375
@@ -46,6 +46,7 @@ hardy_linux-source-2.6.22: DNE
46devel_linux-source-2.6.22: DNE46devel_linux-source-2.6.22: DNE
4747
48Patches_linux:48Patches_linux:
49 break-fix: - 214b7049a7929f03bbd2786aaef04b8b79db34e2
49upstream_linux: pending (2.6.26-rc1)50upstream_linux: pending (2.6.26-rc1)
50dapper_linux: DNE51dapper_linux: DNE
51feisty_linux: DNE52feisty_linux: DNE
diff --git a/retired/CVE-2019-12455 b/retired/CVE-2019-12455
index 61a8e7e..397354f 100644
--- a/retired/CVE-2019-12455
+++ b/retired/CVE-2019-12455
@@ -2,7 +2,7 @@ Candidate: CVE-2019-12455
2PublicDate: 2019-05-30 04:29:00 UTC2PublicDate: 2019-05-30 04:29:00 UTC
3References:3References:
4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-124554 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12455
5 https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c13305 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcdf445ff42f036d22178b49cf64e92d527c1330
6 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2010240.html6 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2010240.html
7Description:7Description:
8 ** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in8 ** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in
@@ -28,6 +28,7 @@ CVSS:
28 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]28 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]
2929
30Patches_linux:30Patches_linux:
31 break-fix: - fcdf445ff42f036d22178b49cf64e92d527c1330
31upstream_linux: needed32upstream_linux: needed
32precise/esm_linux: ignored (end of life, was needs-triage)33precise/esm_linux: ignored (end of life, was needs-triage)
33trusty_linux: ignored (end of standard support)34trusty_linux: ignored (end of standard support)
diff --git a/retired/CVE-2021-3542 b/retired/CVE-2021-3542
index d24b901..f916d9b 100644
--- a/retired/CVE-2021-3542
+++ b/retired/CVE-2021-3542
@@ -23,6 +23,7 @@ Assigned-to:
23CVSS:23CVSS:
2424
25Patches_linux:25Patches_linux:
26 break-fix: - 35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
26upstream_linux: not-affected27upstream_linux: not-affected
27trusty_linux: ignored (end of standard support)28trusty_linux: ignored (end of standard support)
28trusty/esm_linux: not-affected29trusty/esm_linux: not-affected
diff --git a/scripts/active_edit b/scripts/active_edit
index dadaf35..d71f0b3 100755
--- a/scripts/active_edit
+++ b/scripts/active_edit
@@ -14,7 +14,6 @@ import os
14import pathlib14import pathlib
15import re15import re
16import sys16import sys
17import urllib.request
1817
19import cve_lib18import cve_lib
20import source_map19import source_map
@@ -72,99 +71,6 @@ def release_wants_dne(release):
72 _, product, _, _ = cve_lib.get_subproject_details(release)71 _, product, _, _ = cve_lib.get_subproject_details(release)
73 return product != None and product == cve_lib.PRODUCT_UBUNTU72 return product != None and product == cve_lib.PRODUCT_UBUNTU
7473
75def fetch_kernel_fixes(url):
76 '''Downloads a kernel commit and returns a list of break-fixes'''
77 commit_hash = None
78 fixes = []
79
80 # Strip off comment at the end
81 if ' ' in url:
82 url = url.split(' ')[0]
83
84 # Short URL, turn it into long one
85 if url.startswith('https://git.kernel.org/linus/'):
86 url = url.replace('https://git.kernel.org/linus/',
87 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=')
88 if url.startswith('https://git.kernel.org/stable/c/'):
89 url = url.replace('https://git.kernel.org/stable/c/',
90 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=')
91
92 # Get the raw patch
93 url = url.replace('/commit/', '/patch/')
94
95 with urllib.request.urlopen(url) as response:
96 patch = response.read().decode('utf-8')
97
98 for line in patch.split("\n"):
99 if re.match("commit [0-9a-f]{40} upstream.", line):
100 # This is an LTS backport, skip it
101 return []
102 if re.match("\[ Upstream commit [0-9a-f]{40} \]", line):
103 # This is an LTS backport, skip it
104 return []
105 if not commit_hash and line.startswith("From "):
106 commit_hash = line.split(' ')[1]
107 continue
108 elif line.startswith("Fixes: "):
109 fix_hash = line.split(' ')[1]
110 fixes.append([fix_hash, commit_hash])
111
112 # If we didn't find a Fixes tag, just use -
113 if fixes == []:
114 fixes.append(['-', commit_hash])
115
116 return fixes
117
118def in_break_fixes(commit, break_fixes):
119 '''See if a commit is in the hash_list'''
120 # properly handle comparing short and long hashes
121 for [break_hash,fix_hash] in break_fixes:
122 if commit.startswith(break_hash):
123 return True
124 if break_hash.startswith(commit):
125 return True
126 return False
127
128def get_long_kernel_hash(short_hash):
129 '''Attempts to get a long kernel hash'''
130
131 url = 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=' + short_hash
132 with urllib.request.urlopen(url) as response:
133 patch = response.read().decode('utf-8')
134
135 for line in patch.split("\n"):
136 if line.startswith("From "):
137 commit_hash = line.split(' ')[1]
138 if commit_hash.startswith(short_hash):
139 return commit_hash
140
141 return short_hash
142
143
144def validate_kernel_fixes(break_fixes):
145 '''Validate list of break-fixes'''
146
147 if break_fixes == []:
148 return []
149
150 # Make sure a breaks URL wasn't listed in the URLs by mistake
151 validated = []
152 for [break_hash,fix_hash] in break_fixes:
153 # Don't check this for now, it can result in false positives
154 #if not in_break_fixes(fix_hash, break_fixes):
155 if True:
156 if break_hash != '-' and len(break_hash) < 40:
157 break_hash = get_long_kernel_hash(break_hash)
158 # Make sure it's not a dupe
159 dupe = False
160 for [v_break_hash,v_fix_hash] in validated:
161 if break_hash == v_break_hash and fix_hash == v_fix_hash:
162 dupe = True
163 if not dupe:
164 validated.append([break_hash, fix_hash])
165
166 return validated
167
168def _add_pkg(p, fp, fixed, parent, embargoed, break_fixes):74def _add_pkg(p, fp, fixed, parent, embargoed, break_fixes):
169 print('', file=fp)75 print('', file=fp)
170 print('Patches_%s:' % p, file=fp)76 print('Patches_%s:' % p, file=fp)
@@ -291,8 +197,8 @@ def create_or_update_cve(cve, packages, priority=None, bug_urls=None,
291 url.startswith('https://git.kernel.org/stable/c/') or197 url.startswith('https://git.kernel.org/stable/c/') or
292 url.startswith('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=') or198 url.startswith('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=') or
293 url.startswith('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=')):199 url.startswith('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=')):
294 break_fixes += fetch_kernel_fixes(url)200 break_fixes += cve_lib.fetch_kernel_fixes(url)
295 break_fixes = validate_kernel_fixes(break_fixes)201 break_fixes = cve_lib.validate_kernel_fixes(break_fixes)
296202
297 # collect notes from pkg_db and add any extra pkgs from pkg_db as well203 # collect notes from pkg_db and add any extra pkgs from pkg_db as well
298 notes = []204 notes = []
diff --git a/scripts/check-syntax b/scripts/check-syntax
index e5c909f..f89a0e4 100755
--- a/scripts/check-syntax
+++ b/scripts/check-syntax
@@ -475,6 +475,19 @@ def fixup_entry_wrong(filename, pkg, rel):
475475
476 cve_lib.update_state(filename, pkg, rel, status, None)476 cve_lib.update_state(filename, pkg, rel, status, None)
477477
478def fixup_entry_missing_break_fix(filename, pkg, ref):
479 urls = cve_lib.fetch_kernel_fixes(ref)
480 urls = cve_lib.validate_kernel_fixes(urls)
481
482 for url in urls:
483 # convert to the break-fix format as a string
484 url = " ".join(url)
485 if opt.dry_run:
486 print("Dry-Run: adding break-fix %s, %s, to %s" % (filename, pkg, url))
487 return
488
489 cve_lib.add_patch(filename, pkg, url, "break-fix")
490
478def get_cve_path(cve, rel):491def get_cve_path(cve, rel):
479492
480 cve = os.path.basename(cve)493 cve = os.path.basename(cve)
@@ -1132,6 +1145,25 @@ def check_cve(cve):
1132 )1145 )
1133 cve_okay = False1146 cve_okay = False
11341147
1148 # if there is a reference URL to a kernel commit then check there is a
1149 # break-fix entry against the linux package
1150 if "References" in data:
1151 for ref in data["References"].split("\n"):
1152 if "git.kernel.org" in ref:
1153 # the CVE needs to already be triaged against linux and hence
1154 # have a patches entry for it
1155 if "linux" in data["patches"] and len(data["patches"]["linux"]) == 0:
1156 filename = srcmap["References"][0] if "References" in srcmap else cvepath
1157 linenum = srcmap["References"][1] if "References" in srcmap else 1
1158 print(
1159 "%s: %d: missing break-fix entry for kernel commit"
1160 % (filename, linenum),
1161 file=sys.stderr,
1162 )
1163 cve_okay = False
1164 if opt.autofix:
1165 fixup_entry_missing_break_fix(filename, "linux", ref)
1166
1135 for entry in data["CVSS"]:1167 for entry in data["CVSS"]:
1136 srcname = entry['source']1168 srcname = entry['source']
1137 filename = srcmap["CVSS"][srcname][0]1169 filename = srcmap["CVSS"][srcname][0]
diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
index c97cae6..416d5f7 100755
--- a/scripts/cve_lib.py
+++ b/scripts/cve_lib.py
@@ -22,6 +22,8 @@ import time
22import cache_urllib22import cache_urllib
23import json23import json
24import yaml24import yaml
25import urllib.error
26import urllib.request
2527
26from functools import reduce28from functools import reduce
2729
@@ -3456,3 +3458,113 @@ def wrap_text(text, width=75):
3456 Wrap text to width chars wide.3458 Wrap text to width chars wide.
3457 """3459 """
3458 return wordwrap(text, width).replace(' \n', '\n')3460 return wordwrap(text, width).replace(' \n', '\n')
3461
3462def fetch_kernel_fixes(url):
3463 '''Downloads a kernel commit and returns a list of break-fixes'''
3464 commit_hash = None
3465 fixes = []
3466
3467 # Strip off comment at the end
3468 if ' ' in url:
3469 url = url.split(' ')[0]
3470
3471 # Short URL, turn it into long one
3472 if url.startswith('https://git.kernel.org/linus/'):
3473 url = url.replace('https://git.kernel.org/linus/',
3474 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=')
3475 if url.startswith('https://git.kernel.org/stable/c/'):
3476 url = url.replace('https://git.kernel.org/stable/c/',
3477 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=')
3478 # old URL style - replace to be more modern
3479 if url.startswith('http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h='):
3480 url = url.replace('http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=',
3481 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=')
3482
3483 # Get the raw patch
3484 url = url.replace('/commit/', '/patch/')
3485
3486 try:
3487 with urllib.request.urlopen(url) as response:
3488 patch = response.read().decode('utf-8')
3489 except urllib.error.HTTPError as e:
3490 print("WARNING: Failed to fetch patch URL %s: %s" % (url, str(e)), file=sys.stderr)
3491 return fixes
3492
3493 backport_re = re.compile(r"(commit [0-9a-f]{40} upstream.|\[ Upstream commit [0-9a-f]{40} \])")
3494 for line in patch.split("\n"):
3495 # stop early if we have reached the main patch body
3496 if line.startswith("---"):
3497 break
3498 if backport_re.match(line):
3499 # This is an LTS backport, skip it
3500 return []
3501 if not commit_hash and line.startswith("From "):
3502 commit_hash = line.split(' ')[1]
3503 continue
3504 elif line.startswith("Fixes: "):
3505 fix_hash = line.split(' ')[1]
3506 fixes.append([fix_hash, commit_hash])
3507
3508 if commit_hash is None:
3509 print("Failed to get commit hash from %s" % url, file=sys.stderr)
3510 return []
3511
3512 # If we didn't find a Fixes tag, just use -
3513 if fixes == []:
3514 fixes.append(['-', commit_hash])
3515
3516 return fixes
3517
3518def in_break_fixes(commit, break_fixes):
3519 '''See if a commit is in the hash_list'''
3520 # properly handle comparing short and long hashes
3521 for [break_hash,fix_hash] in break_fixes:
3522 if commit.startswith(break_hash):
3523 return True
3524 if break_hash.startswith(commit):
3525 return True
3526 return False
3527
3528def get_long_kernel_hash(short_hash):
3529 '''Attempts to get a long kernel hash'''
3530
3531 url = 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=' + short_hash
3532 with urllib.request.urlopen(url) as response:
3533 patch = response.read().decode('utf-8')
3534
3535 for line in patch.split("\n"):
3536 if line.startswith("From "):
3537 commit_hash = line.split(' ')[1]
3538 if commit_hash.startswith(short_hash):
3539 return commit_hash
3540
3541 return short_hash
3542
3543
3544def validate_kernel_fixes(break_fixes):
3545 '''Validate list of break-fixes'''
3546
3547 if break_fixes == []:
3548 return []
3549
3550 # Make sure a breaks URL wasn't listed in the URLs by mistake
3551 validated = []
3552 for [break_hash,fix_hash] in break_fixes:
3553 # Don't check this for now, it can result in false positives
3554 #if not in_break_fixes(fix_hash, break_fixes):
3555 if True:
3556 if break_hash is None or fix_hash is None:
3557 continue
3558 if break_hash != '-' and len(break_hash) < 40:
3559 break_hash = get_long_kernel_hash(break_hash)
3560 # Make sure it's not a dupe
3561 dupe = False
3562 for [v_break_hash,v_fix_hash] in validated:
3563 if break_hash == v_break_hash and fix_hash == v_fix_hash:
3564 dupe = True
3565 if not dupe:
3566 validated.append([break_hash, fix_hash])
3567
3568 return validated
3569
3570

Subscribers

People subscribed via source and target branches