Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: a8106732 by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00 remove-cve-dist-tags: remove empty CVE entries This can happen in ExtendFiles if they only contain dist tags that are being removed. - - - - - 47e07c9c by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00 gen-DSA: sanitize DISTS var after calculating it Rather than have every user have to do it. - - - - - 63516a0c by Emilio Pozuelo Monfort at 2022-02-01T16:16:50+01:00 gen-DSA: diff and commit changes to extracvefile In case we're processing a dist that uses an ExtendFile. - - - - - 2 changed files: - bin/gen-DSA - bin/remove-cve-dist-tags Changes: ===================================== bin/gen-DSA ===================================== @@ -372,8 +372,10 @@ for dist in $CODENAMES; do [ -z "$version" ] || DISTS="${DISTS},${dist}" done +DISTS="${DISTS#,}" + if [ -n "${DISTS}" ]; then - bin/remove-cve-dist-tags "${DISTS#,}" "${PACKAGE}" ${CVE} + bin/remove-cve-dist-tags "${DISTS}" "${PACKAGE}" ${CVE} fi if ! $save; then @@ -412,9 +414,12 @@ EOF echo "$IDMODE text written to ./$IDMODE-$DAID" if [ "$IDMODE" = "DLA" ] || [ "$IDMODE" = "ELA" ]; then idmode=$(echo "$IDMODE" | tr A-Z a-z) + if [ -n "${DISTS}" ]; then + extracvefile=`jq -r ".distributions.${DISTS}.maincvefile" data/config.json` + fi if [ -d .git ]; then echo "Made the following changes:" - git diff -- data/$IDMODE/list data/CVE/list $needed_file + git diff -- data/$IDMODE/list data/CVE/list $extracvefile $needed_file if ! git diff-index --name-only HEAD -- $needed_file | grep -qs . && [ $TYPE = security ]; then warn "did not make any changes to $needed_file - this may indicate duplicate work or misspelled package name" fi @@ -424,7 +429,7 @@ EOF echo -n "Do you want to commit and push them now ? [Yn] " read reply if [ "$reply" = "Y" ] || [ "$reply" = "" ] || [ "$reply" = "y" ]; then - git add data/$IDMODE/list data/CVE/list $needed_file + git add data/$IDMODE/list data/CVE/list $extracvefile $needed_file git commit -m "Reserve $IDMODE-$DAID for $PACKAGE" git push origin master fi ===================================== bin/remove-cve-dist-tags ===================================== @@ -56,6 +56,12 @@ for cve in data: if keep_annotation(cve, annotation) ) cve = cve._replace(annotations=annotations) + if not cve.annotations: + # this shouldn't happen on a normal CVE file as we're only removing + # the dist specific tags, but it may happen in an ExtendFile, in + # which case we don't want to keep an empty CVE entry + continue + new_data.append(cve) with open(main_list, 'w') as f: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d18f65e690cc218bcda4fc715d57a61082664af7...63516a0cf95e2d6a5b43cfceb44e48c0e0572825 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d18f65e690cc218bcda4fc715d57a61082664af7...63516a0cf95e2d6a5b43cfceb44e48c0e0572825 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits