debian2ubuntu:master

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

79175c9... by Steve Beattie on 2023-04-05

d2u: series of miscellaneous fixes

Steve Beattie (7):
  * [d59485f] d2u.py: python3 does not allow unbuffered text output
  * [7f21058] d2u.py: decode output from runcmd to convert to str
  * [a9c801b] d2u.py: fix debug function to print message
  * [f6f7c1a] gitignore: ignore the local clone of ubuntu-cve-tracker
  * [bf1585a] d2u.py: add an option to restrict to a set of packages
  * [0b151b2] d2u.py: fix issue where multiple releases match debian version
  * [eae1574] d2u.py: point ubuntu cve reference at ubuntu.com page

Signed-off-by: Steve Beattie <email address hidden>
Acked-by: Alex Murray <email address hidden>
MR: https://code.launchpad.net/~sbeattie/debian2ubuntu/+git/debian2ubuntu/+merge/440298

Merged branch ~sbeattie/debian2ubuntu:misc_fixes

eae1574... by Steve Beattie on 2023-04-03

d2u.py: point ubuntu cve reference at ubuntu.com page

The d2u script was never updated to point to the newer CVE web pages on
the ubuntu.com web site.

Signed-off-by: Steve Beattie <email address hidden>

0b151b2... by Steve Beattie on 2023-04-03

d2u.py: fix issue where multiple releases match debian version

Amir Naseredini noticed that in a few cases, the same fix for the same
CVE was being reported multiple times; for example libxstream-java in
focal would report something like:

 2022-Feb-15 Merge libxstream-java focal 1.4.11.1-1ubuntu0.3 1.4.11.1-1+deb9u5 Ubuntu/Debian CVE-2021-43859 needs-triage medium
 2022-Feb-15 Merge libxstream-java focal 1.4.11.1-1ubuntu0.3 1.4.11.1-1+deb9u5 Ubuntu/Debian CVE-2021-43859 needs-triage medium
 2022-Feb-15 Merge libxstream-java focal 1.4.11.1-1ubuntu0.3 1.4.11.1-1+deb9u5 Ubuntu/Debian CVE-2021-43859 needs-triage medium
 2022-Feb-15 Merge libxstream-java focal 1.4.11.1-1ubuntu0.3 1.4.11.1-1+deb9u5 Ubuntu/Debian CVE-2021-43859 needs-triage medium

The reason this was happening is because the script performs an SQL
lookup against the locally cached information about versions of
libxstream-java in ubuntu, and does this lookup for each release
in ubuntu *but did not match against the specific release in the
generated SQL query*. Because the versions in both focal and bionic are
derived from 1.4.11.1-1, this meant that when checking for bionic, it
would discover that the focal version matched and report it, then when
it would look at focal it would also again report the focal version.

Fix this by adding the release to the SQL query (and re-formatting the
function call to be a little easier to read).

Signed-off-by: Steve Beattie <email address hidden>

bf1585a... by Steve Beattie on 2023-04-03

d2u.py: add an option to restrict to a set of packages

This is to ease debugging by not examining all possible packages.

Signed-off-by: Steve Beattie <email address hidden>

f6f7c1a... by Steve Beattie on 2023-04-03

gitignore: ignore the local clone of ubuntu-cve-tracker

Signed-off-by: Steve Beattie <email address hidden>

a9c801b... by Steve Beattie on 2023-04-03

d2u.py: fix debug function to print message

Signed-off-by: Steve Beattie <email address hidden>

7f21058... by Steve Beattie on 2023-04-03

d2u.py: decode output from runcmd to convert to str

Otherwise running the script under python3 fails because the appendage
of the git hash to the rest of the html fails.

Signed-off-by: Steve Beattie <email address hidden>

d59485f... by Steve Beattie on 2023-04-03

d2u.py: python3 does not allow unbuffered text output

This would result in the script failing under python3 like so:

  Traceback (most recent call last):
    File "/home/steve/git/debian2ubuntu/d2u.py", line 82, in <module>
      synclist = open('synclist.html', 'w', buffering=0)
  ValueError: can't have unbuffered text I/O

Therefore convert to line buffering rather than the default block based
buffering.

Signed-off-by: Steve Beattie <email address hidden>

3c22e44... by Steve Beattie on 2021-10-08

d2u: add bullseye release

Signed-off-by: Steve Beattie <email address hidden>

e44d88c... by Steve Beattie on 2019-07-15

d2u.py: avoid lp roundtrips by caching distro_series

Any attempts to access distro_series from a publishedSource results in a
query to launchpad, which means the release series gets looked up over
and over again; cache it on each published source lookup to reduce it to
once per publication source.

Applying this drops the of http GET calls to launchpad in a current run
from ~34K calls to ~13.5K. If we could get the publishedSource to give
us a consistent distro_series object reference, we could cut it down
significantly more.

Signed-off-by: Steve Beattie <email address hidden>