From 654f95c32918456f928f117871b15f09c0b6ae25 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Mon, 22 Mar 2010 04:21:17 +0100 Subject: oeaudit: Move the oeaudit into a new subdirectory and split it up * OE should contain OE related handling * FreeBSD should contain the handling of FreeBSD specific things like the auditfile format, mapping BSD names to OE.. --- contrib/oeaudit/freebsd.py | 181 ++++++++++++++++++++++++++++++++++++++++++++ contrib/oeaudit/oe.py | 28 +++++++ contrib/oeaudit/oe_audit.py | 82 ++++++++++++++++++++ 3 files changed, 291 insertions(+) create mode 100644 contrib/oeaudit/freebsd.py create mode 100644 contrib/oeaudit/oe.py create mode 100755 contrib/oeaudit/oe_audit.py (limited to 'contrib/oeaudit') diff --git a/contrib/oeaudit/freebsd.py b/contrib/oeaudit/freebsd.py new file mode 100644 index 0000000000..5e8c22ec0c --- /dev/null +++ b/contrib/oeaudit/freebsd.py @@ -0,0 +1,181 @@ +""" +Handle FreeBSD port audit files and map the names to OpenEmbedded +""" + +class freebsd_info: + """ + Handles an entry like the one below: + vulnerability-test-port>=2000<2010.02.26|http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/|Not vulnerable, just a test port (database: 2010-02-26) + """ + def __init__(self, name, versions, link, kind): + self.name = name + self.versions = versions + self.link = link + + @classmethod + def split_versions(self, input): + """ + Split versions by <, >, >=, >= + """ + versions = [] + last_pos = 0 + + # Try to determine <, >, >=, <= + # we will have to carry stuff on to find the + # version.. + i = 0 + while i < len(input) - 1: + c1 = input[i] + c2 = input[i+1] + if c1 != '<' and c1 != '>' and c1 != '=': + i = i + 1 + continue + + # is a '=' coming behind it? + next = i + 1 + if c2 == '=': + next = next + 1 + + # submit + if last_pos != 0: + versions.append((next_type, input[last_pos:i])) + + # remember stuff + next_type = input[i:next] + last_pos = next + i = next + + assert last_pos != 0 + versions.append((next_type, input[last_pos:len(input)])) + return versions + + def __repr__(self): + return "%s: %s" % (self.name, self.versions) + + +def map_names(str): + """Map a FreeBSD name to OE""" + maps = { + "libpurple" : "pidgin", + "php4" : "php", + "php5" : "php", + "expat2" : "expat", + "freeciv-gtk" : "freeciv", + "pcre" : "libpcre", + "vim-gnome" : "vim", + "python23" : "python", + "python24" : "python", + "python25" : "python", + "python+ipv6" : "python", + "wget-devel" : "wget", + "xchat2" : "xchat", + "freetype" : "freetype", + "qemu-devel" : "qemu", + "krb5-beta" : "krb5", + "freeciv-gtk2": "freeciv", + "gtk" : "gtk+", + "wget+ipv6" : "wget", + "ja-gd" : "gd", + "openvpn-devel" : "openvpn", + "mpeg123-esound" : "mpeg123", + "mpeg123-nas" : "mpeg123", + "cdrtools-cjk" : "cdrtools", + "apache+mod_ssl+mod_deflate" : "apache2", + "apache+mod_ssl*" : "apache2", + "vim-gtk2" : "vim", + "zh-emacs" : "emacs", + "{ja-,}bugzilla" : "bugzilla", + "zh-tin" : "tin", + "mozilla+ipv6": "mozilla", + "mozilla-embeddded" : "mozilla", + "rar" : "unrar", + "libsndfile" : "libsndfile1", + "sylpheed-gtk2": "sylpheed", + "cdrtools-devel": "cdrtools", + "pine4-ssl": "pine", + "apache" : "apache2", + "ghostscript-gpl" : "gs", + "ghostscript-gnu-nox11" : "gs", + "ghostscript8" : "gs", + "ghostscript-afpl-nox11" : "gs", + "ghostscript-afpl" : "gs", + "isc-dhcp" : "dhcp", + "mplayer-gtk" : "mplayer", + "xerces-c2" : "xerces-c", + "libxml" : "libxml2", + "vim+ruby" : "vim", + "mplayer{,-gtk}{,-esound}" : "mplayer", + "proftpd-devel": "proftpd", + "neon28" : "neon", + "php4-dba" : "php", + "php5-{cgi,cli}" : "php", + + } + + try: + return maps[str] + except: + return str + +def is_not_in_oe(name): + """Method to reject packages not in OE""" + not_in = [ + # packages that we will never have... + "linux-firefox", "fr-linux-netscape", "linux-netscape-{communicator,navigator}", + "linux_base", "ja-netscape7", "{ja,ko}-netscape-{communicator,navigator}-linux", "zhTW-linux-mozillafirebird", "ja-linux-mozillafirebird-gtk1", "el-linux-mozillafirebird", "mozilla-firebird", "netscape7", + "acroread4", "acroread7", "acroread5", + "linux-openmotif", "linux-flock", "linux-jdk", "linux-curl", "linux-png", "linux-firefox-devel", + + # packages that we don't have now but maybe will have in + # the future and blacklisting them here might be a problem + "openoffice.org-2-devel", "openoffice.org-2", "it-openoffice", "ca-openoffice","sl-openoffice-SI", "ja-openoffice", + "drupal4", "drupal5", "drupal6", "drupal-pubcookie", + "gpdf", + "nagios", + "kdenetwork", "ja-kdelibs", "kdegraphics", "kdepim", "kdebase4-runtime", + "xemacs-devel", "xemacs-devel-21.5", "xemacs-mule", "zh-xemacs", "zh-xemacs-mule", + "geeklog", "apach13-ssl", "nvidia-driver", "eGroupWare", "varnish", "heimdal", + "bugzilla", "agenda-snow-libs", "mozilla", + ] + + return name in not_in + +def create_infos(line): + split = line.split("|") + for i in range(0, len(split[0])): + c = split[0][i] + if c != '<' and c != '=' and c != '>': + continue + name = map_names(split[0][0:i]) + versions = freebsd_info.split_versions(split[0][i:]) + break + + if is_not_in_oe(name): + #print "Not in oe %s" % name + return [] + + link = split[1] + kind = split[2] + return [freebsd_info(name, versions, link, kind)] + + +def read_auditfile(filename): + """ + Read an uncompressed audit file from freebsd + """ + f = open(filename) + packages = {} + for line in f: + if line.startswith("#"): + continue + + infos = create_infos(line) + for info in infos: + try: + packages[info.name].append(info) + except: + packages[info.name] = [] + packages[info.name].append(info) + return packages + + diff --git a/contrib/oeaudit/oe.py b/contrib/oeaudit/oe.py new file mode 100644 index 0000000000..f3326a5338 --- /dev/null +++ b/contrib/oeaudit/oe.py @@ -0,0 +1,28 @@ +def read_available(filename): + """ + Parses the output of bitbake -s + minus the first few lines + """ + f = open(filename) + packages = {} + + for line in f: + if line.startswith("NOTE: ") or line.startswith("Parsing .bb") or line.startswith("done."): + continue + + # str.split can not be used as we have multiple whitespace + split = line.split(" ", 1) + package = split[0] + rest = split[1].strip() + + # we might have a latest package... + split = rest.split(" ", 1) + if len(split) == 2: + version = split[1].strip() + else: + version = split[0] + + packages[package] = version + return packages + + diff --git a/contrib/oeaudit/oe_audit.py b/contrib/oeaudit/oe_audit.py new file mode 100755 index 0000000000..6729edfa73 --- /dev/null +++ b/contrib/oeaudit/oe_audit.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python + +import freebsd, oe, bb + +def strip_oe_version(oe_version): + """ + We need to strip the package epoch... and the PR to compare + it to the FreeBSD versions. Also FreeBSD seems to use _N as + PR so we might need to do more.. + """ + split = oe_version.split(':', 1) + ver = split[1] + + split = ver.rsplit('-r', 1) + ver = split[0] + return ver + +def strip_bsd_version(bsd_version): + """ + FreeBSD is adding ,1 for revisions.. remove that + """ + # FIXME return a tuple with a revision... + split = bsd_version.rsplit(',', 1) + split = split[0] + split = split.rsplit('_', 1) + return split[0] + +def compare_versions(oe, freebsd, not_known): + def handle_package(oe_name, bsd_name): + if not oe_name in oe: + if oe_name == bsd_name: + print >> not_known, "%s is not in OE" % oe_name + return + + oe_version = strip_oe_version(oe[oe_name]) + for ver in freebsd[bsd_name]: + affected = True + str = [] + for (cmp, vers) in ver.versions: + bsd_ver = strip_bsd_version(vers) + cmp_res = bb.utils.vercmp(('0', oe_version, 'r0'), ('0', bsd_ver, 'r0')) + if cmp == '<': + if cmp_res >= 0: + affected = False + pass + elif cmp == '<=': + if cmp_res > 0: + affected = False + pass + elif cmp == '>': + if cmp_res <= 0: + affected = False + pass + elif cmp == '>=': + if cmp_res < 0: + affected = False + pass + elif cmp == '=': + if cmp_res > 0: + affected = False + else: + print cmp + assert True + + str.append("%s %s %s %s" % (oe_name, oe_version, cmp, bsd_ver)) + if affected: + print " && ".join(str), ver.link + + for package in freebsd.keys(): + # handle the various versions of OE packages + handle_package(package, package) + handle_package("%s-native" % package, package) + handle_package("%s-full-native" % package, package) + handle_package("%s-sdk" % package, package) + + +# read the input data +oe_packages = oe.read_available("available") +freebsd_vuln = freebsd.read_auditfile("auditfile") +buggy = open("not_in_oe.bugs", "w+") + +compare_versions(oe=oe_packages, freebsd=freebsd_vuln, not_known=buggy) -- cgit 1.2.3-korg