summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-12-07 22:03:08 +0100
committerBjoern Tropf <asym@gentoo.org>2009-12-07 22:03:08 +0100
commit40fb1bc95de317567bd36aace2149061743d9598 (patch)
tree7425d6d9dce532fa48dfe46a0c05f5e807bf1dbe
parentFix two minor bugs (diff)
downloadkernel-check-40fb1bc95de317567bd36aace2149061743d9598.tar.gz
kernel-check-40fb1bc95de317567bd36aace2149061743d9598.tar.bz2
kernel-check-40fb1bc95de317567bd36aace2149061743d9598.zip
Implement kernel updates
-rw-r--r--TODO1
-rwxr-xr-xpym/kernelcheck/kernelcheck.py24
-rw-r--r--pym/kernelcheck/lib/kernellib.py29
3 files changed, 47 insertions, 7 deletions
diff --git a/TODO b/TODO
index d108ac4..0985d67 100644
--- a/TODO
+++ b/TODO
@@ -16,3 +16,4 @@
- Implement sync properly
- Sort print_items
- Port cron.py to python3
+- Move arch and genpatch to kernel class
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index 45914d6..0f08425 100755
--- a/pym/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -3,7 +3,7 @@
# Copyright 2009-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-from portage.output import blue, bold, colorize, EOutput, darkgreen #FIXME
+from portage.output import blue, bold, colorize, EOutput, darkgreen, teal #TODO
try:
from _emerge.userquery import userquery
@@ -112,12 +112,20 @@ def main(argv):
error('No kernel vulnerability files found!')
return
+ kernel_updates = lib.eval_kernel_updates(kernel, evaluation, arch) #FIXME
+
if len(evaluation.affected) is not 0:
- print_summary(evaluation.affected)
+ print_summary(evaluation.affected, kernel_updates)
- print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f\n' % (
+ print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % (
len(evaluation.affected), repr(evaluation), evaluation.avg_cvss))
+ if kernel_updates:
+ print('Kernel updates:')
+ for key in kernel_updates.keys():
+ print(' %s %s' % (teal('[%s]' % kernel_updates[key]), key))
+
+ print('')
prompt = "Would you like to upgrade your kernel?"
if userquery(prompt, None) == 'No':
print('')
@@ -150,7 +158,7 @@ def print_items(category, header):
print('%s%s' % (' ' * 23, string))
-def print_summary(vullist):
+def print_summary(vullist, kernel_updates):
'Prints the vulnerability summary'
for item in vullist:
@@ -177,9 +185,13 @@ def print_summary(vullist):
if 'A:P' in cve.vector or 'A:C' in cve.vector:
cvetype += '%s%s' % (' ', blue('-availability'))
- print ('[%s %26s] %s %s TYPE="%s"') % (darkgreen('bugid'),
+ index = str()
+ if repr(item.fixed) in kernel_updates:
+ index = teal('[%s]' % kernel_updates[repr(item.fixed)])
+
+ print('[%s %26s] %s %s TYPE="%s" %s') % (darkgreen('bugid'),
colorize('GOOD', item.bugid), darkgreen(cve.cve),
- blue('[%s]' % cve.score), cvetype)
+ blue('[%s]' % cve.score), cvetype, index)
print('')
diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py
index 2dcd8cd..384026f 100644
--- a/pym/kernelcheck/lib/kernellib.py
+++ b/pym/kernelcheck/lib/kernellib.py
@@ -211,6 +211,7 @@ class Vulnerability:
reported = str()
reporter = str()
status = str()
+ fixed = None
def __init__(self, bugid):
self.bugid = bugid
@@ -593,7 +594,7 @@ def extract_version(release):
match = REGEX['k_version'].match(release)
if not match:
- BUG_ON('[Error] Release %s contains no valid information' % release)
+ BUG_ON('Contains no valid information', release)
return None
version, rest = match.groups()
@@ -643,6 +644,32 @@ def all_version(source):
return versions
+
+def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO
+ ""
+
+ index = 0
+ kernel_dict = dict()
+
+ for compare in all_version(kernel.source):
+ if compare.version > kernel.version or \
+ (compare.version == kernel.version and \
+ compare.revision > kernel.revision):
+ compare.genpatch = get_genpatch(PORTDIR, compare)
+ compare_eval = eval_cve_files(DIR['out'], compare, arch, None)
+ comparison = compare_evaluation(kernel_eval, compare_eval)
+
+ for item in comparison.fixed:
+ if item.fixed is None:
+ item.fixed = compare
+
+ if repr(compare) not in kernel_dict:
+ kernel_dict[repr(compare)] = index
+ index += 1
+
+ return kernel_dict
+
+
def gather_configuration():
""