From f8960360ebca8ae85b91e24047afc21f6eda33bb Mon Sep 17 00:00:00 2001 From: Paul Varner Date: Wed, 20 May 2009 21:46:46 +0000 Subject: Change behaviour of getMinUpgrade This allows to differentiate between situations where the system is unaffected and unexistance of an upgrade path. Previously, the glsa-check would treat GLSAs that had no upgrade path (such as mask glsas) as not affecting the system. svn path=/trunk/gentoolkit/; revision=647 http://git.overlays.gentoo.org/gitweb/?p=proj/gentoolkit.git;a=commit;h=ef38a394c5c2f5901173a53914705730850f9b3f --- bin/glsa-check | 10 ++++++++++ pym/portage/glsa.py | 15 ++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) mode change 100755 => 100644 bin/glsa-check diff --git a/bin/glsa-check b/bin/glsa-check old mode 100755 new mode 100644 index 0e2b7a3d4..969ad84fb --- a/bin/glsa-check +++ b/bin/glsa-check @@ -207,6 +207,11 @@ if mode in ["dump", "fix", "inject", "pretend"]: elif mode == "fix": sys.stdout.write("fixing "+myid+"\n") mergelist = myglsa.getMergeList(least_change=least_change) + if mergelist == None: + sys.stdout.write(">>> no vulnerable packages installed\n") + elif mergelist == []: + sys.stdout.write(">>> cannot fix GLSA, no unaffected packages available\n") + sys.exit(2) for pkg in mergelist: sys.stdout.write(">>> merging "+pkg+"\n") # using emerge for the actual merging as it contains the dependency @@ -225,6 +230,11 @@ if mode in ["dump", "fix", "inject", "pretend"]: elif mode == "pretend": sys.stdout.write("Checking GLSA "+myid+"\n") mergelist = myglsa.getMergeList(least_change=least_change) + if mergelist == None: + sys.stdout.write(">>> no vulnerable packages installed\n") + elif mergelist == []: + sys.stdout.write(">>> cannot fix GLSA, no unaffected packages available\n") + sys.exit(2) if mergelist: sys.stdout.write("The following updates will be performed for this GLSA:\n") for pkg in mergelist: diff --git a/pym/portage/glsa.py b/pym/portage/glsa.py index 514dcc044..76eae2b69 100644 --- a/pym/portage/glsa.py +++ b/pym/portage/glsa.py @@ -342,8 +342,9 @@ def getMinUpgrade(vulnerableList, unaffectedList, portdbapi, vardbapi, minimize= I{vulnerableList} and returns string describing the lowest version for the package that matches an atom in I{unaffectedList} and is greater than the currently installed - version or None if the system is not affected. Both - I{vulnerableList} and I{unaffectedList} should have the + version. It will return an empty list if the system is affected, + and no upgrade is possible or None if the system is not affected. + Both I{vulnerableList} and I{unaffectedList} should have the same base package. @type vulnerableList: List of Strings @@ -361,7 +362,7 @@ def getMinUpgrade(vulnerableList, unaffectedList, portdbapi, vardbapi, minimize= @return: the lowest unaffected version that is greater than the installed version. """ - rValue = None + rValue = "" v_installed = reduce(operator.add, [match(v, vardbapi) for v in vulnerableList], []) u_installed = reduce(operator.add, [match(u, vardbapi) for u in unaffectedList], []) @@ -371,14 +372,14 @@ def getMinUpgrade(vulnerableList, unaffectedList, portdbapi, vardbapi, minimize= install_unaffected = False if install_unaffected: - return rValue - + return None + for u in unaffectedList: mylist = match(u, portdbapi, match_type="match-all") for c in mylist: i = best(v_installed) if vercmp(c.version, i.version) > 0 \ - and (rValue == None \ + and (rValue == "" \ or not match("="+rValue, portdbapi) \ or (minimize ^ (vercmp(c.version, rValue.version) > 0)) \ and match("="+c, portdbapi)) \ @@ -646,7 +647,7 @@ class Glsa: for v in path["vul_atoms"]: rValue = rValue \ or (len(match(v, self.vardbapi)) > 0 \ - and getMinUpgrade(path["vul_atoms"], path["unaff_atoms"], \ + and None != getMinUpgrade(path["vul_atoms"], path["unaff_atoms"], \ self.portdbapi, self.vardbapi)) return rValue -- cgit v1.2.3-1-g7c22