Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:components-for-esm into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. components-for-esm
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merged at revision: 989f028f22e7a6f5f2af6e6fa0484d7c65788c17
Proposed branch: ~litios/ubuntu-cve-tracker:components-for-esm
Merge into: ubuntu-cve-tracker:master
Diff against target: 107 lines (+56/-7)
2 files modified
scripts/cve_lib.py (+42/-6)
scripts/source_map.py (+14/-1)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Eduardo Barretto Approve
Review via email: mp+436335@code.launchpad.net

Description of the change

Right now, umt tooling will report that "main" is the component for all packages in ESM releases. This recently caused an issue while building a package because of dependency resolution.

This MR tries to approach this issue by looking at the original release to find out which the real component is.

To post a comment you must log in.
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

$ python3
Python 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import source_map;import cve_lib; srcmap = source_map.load()
>>> cve_lib.is_supported(srcmap, "ffmpeg", "esm-apps/bionic")
True
>>> cve_lib.is_supported(srcmap, "ffmpeg", "bionic")
False
>>> print(srcmap['app-engine/focal']['python2.7'])
{'pocket': '', 'section': 'universe'}
>>> print(srcmap['bitglass-django/xenial']['u-msgpack-python'])
{'pocket': '', 'section': 'main'}

$ umt search python2.7
Running search command.

Ubuntu packages:

trusty/esm: 2.7.6-8ubuntu0.6+esm13, Pocket: release, Component: main
esm-infra/xenial: 2.7.12-1ubuntu0~16.04.18+esm3, Pocket: release, Component: main
esm-apps/focal: 2.7.18-1~20.04.3+esm1, Pocket: release, Component: universe
esm-apps/jammy: 2.7.18-13ubuntu1.1+esm2, Pocket: release, Component: universe
trusty: 2.7.6-8ubuntu0.5, Pocket: updates, Component: main
xenial: 2.7.12-1ubuntu0~16.04.18, Pocket: updates, Component: main
bionic: 2.7.17-1~18.04ubuntu1.10, Pocket: updates, Component: main
focal: 2.7.18-1~20.04.3, Pocket: updates, Component: universe
jammy: 2.7.18-13ubuntu1.1, Pocket: updates, Component: universe
kinetic: 2.7.18-13ubuntu2, Pocket: release, Component: universe
lunar: 2.7.18-13ubuntu2, Pocket: release, Component: universe

Other packages:

buster: 2.7.16-2+deb10u1, Pocket: release, Component: main
stable: 2.7.18-8, Pocket: release, Component: main
stretch: 2.7.13-2+deb9u6, Pocket: updates, Component: main

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks!

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks - just one minor change to please include a comment / docstring to explain what get_active_releases_with_esm() does compared to get_active_esm_releases()

review: Approve
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Docstrings were added to clarify that.
Thanks, Eduardo and Alex, for reviewing!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
2index 6968bd4..e10fb9d 100755
3--- a/scripts/cve_lib.py
4+++ b/scripts/cve_lib.py
5@@ -2366,20 +2366,50 @@ def is_active_release(rel):
6
7 # takes a standard release name
8 # XXX should perhaps adjust that
9-def is_active_esm_release(rel):
10- if not is_active_release(rel):
11- esm_rel = get_esm_name(rel)
12+def is_active_esm_release(rel, component='main'):
13+ if not is_active_release(rel) or \
14+ component == 'universe' or component == 'multiverse':
15+ esm_rel = get_esm_name(rel, component)
16 if esm_rel:
17 return esm_rel not in eol_releases
18 return False
19
20+def get_active_releases_with_esm():
21+ """Return Ubuntu releases with, at least, one active ESM release."""
22+ active_esm_releases = []
23+ all_esm_releases = set(esm_releases + esm_apps_releases + esm_infra_releases + ros_esm_releases)
24
25-def get_esm_name(rel, component=None):
26+ # Get ESM active releases that are EOL
27+ for esm_rel in all_esm_releases:
28+ if is_active_esm_release(esm_rel):
29+ active_esm_releases.append(esm_rel)
30+
31+ # Get active releases that also have ESM (apps)
32+ for esm_rel in all_esm_releases:
33+ if is_active_release(esm_rel):
34+ active_esm_releases.append(esm_rel)
35+
36+ return active_esm_releases
37+
38+def get_active_esm_releases():
39+ """Return all active ESM releases."""
40+ active_esm_releases = []
41+ for rel in get_active_releases_with_esm():
42+ for component in components:
43+ if is_active_esm_release(rel, component):
44+ active_esm_releases.append(get_esm_name(rel, component))
45+
46+ return set(active_esm_releases)
47+
48+# Defaults to main for historical reasons
49+def get_esm_name(rel, component='main'):
50 if rel in esm_releases:
51 return rel + '/esm'
52- elif rel in esm_apps_releases and component:
53+ elif rel in esm_apps_releases and \
54+ (component == 'universe' or component == 'multiverse'):
55 return 'esm-apps/' + rel
56- elif rel in esm_infra_releases:
57+ elif rel in esm_infra_releases and \
58+ (component == 'main' or component == 'restricted'):
59 return 'esm-infra/' + rel
60 elif rel in ros_esm_releases:
61 return 'ros-esm/' + rel
62@@ -2402,6 +2432,12 @@ def is_supported(map, pkg, rel, cvedata=None):
63 ('universe-binary' in cvedata['tags'][pkg] or
64 'not-ue' in cvedata['tags'][pkg]):
65 return False
66+
67+ # If it's inside a subproject, it's supported
68+ if (rel in external_releases or rel in get_active_esm_releases()) and rel in map \
69+ and pkg in map[rel]:
70+ return True
71+
72 # Look for a supported component
73 if rel in map and pkg in map[rel] and \
74 (map[rel][pkg]['section'] == 'main' or
75diff --git a/scripts/source_map.py b/scripts/source_map.py
76index 91f5dbe..e4d221e 100755
77--- a/scripts/source_map.py
78+++ b/scripts/source_map.py
79@@ -462,6 +462,10 @@ def load_subprojects_lists(releases=None):
80 if releases is None:
81 releases = cve_lib.all_releases
82
83+ all_sources_esm = {}
84+ for item in _find_sources(releases=cve_lib.get_active_releases_with_esm(), skip_eol_releases=False):
85+ load_sources_collection(item, all_sources_esm)
86+
87 for rel in releases:
88 _, _, _, details = cve_lib.get_subproject_details(rel)
89 if details is None:
90@@ -501,7 +505,16 @@ def load_subprojects_lists(releases=None):
91 if pkg not in map[rel]:
92 map[rel][pkg] = dict()
93 map[rel][pkg]['pocket'] = ''
94- map[rel][pkg]['section'] = 'main'
95+
96+ orig_rel = cve_lib.get_orig_rel_name(rel)
97+ if not orig_rel in all_sources_esm or pkg not in all_sources_esm[orig_rel]:
98+ # Not an ESM subproject
99+ _, orig_rel = cve_lib.product_series(rel)
100+
101+ if orig_rel in all_sources_esm and pkg in all_sources_esm[orig_rel]:
102+ map[rel][pkg]['section'] = all_sources_esm[orig_rel][pkg]['section']
103+ else:
104+ map[rel][pkg]['section'] = 'main'
105
106 if '|' in pkg:
107 main_package_name = pkg.split('|')[0]

Subscribers

People subscribed via source and target branches