packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aops-apollo/0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch
wang-guangge 9b54858ffb add 0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch 
(cherry picked from commit ce77413dccda30992bbb688ab7282c16f42ba26f)
2023-06-28 17:29:07 +08:00

66 lines
2.9 KiB
Diff
Raw Blame History

From 4225065c74beb5e66c4d66a4bd3dfca5bcac91bd Mon Sep 17 00:00:00 2001
From: wang-guangge <wangguangge@huawei.com>
Date: Wed, 28 Jun 2023 16:53:10 +0800
Subject: [PATCH] do not return the related hotpatches when the cve is fixed
---
hotpatch/hotpatch_updateinfo.py | 15 ++++++++++++---
hotpatch/hotupgrade.py | 2 +-
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
index 4b39969..7dc92ce 100644
--- a/hotpatch/hotpatch_updateinfo.py
+++ b/hotpatch/hotpatch_updateinfo.py
@@ -291,7 +291,7 @@ class HotpatchUpdateInfo(object):
Get hotpatches from specified cve. If there are several hotpatches for the same source package for a cve, only return the
hotpatch with the highest version.
- Args:
+ Args:
cves: [cve_id_1, cve_id_2]
Returns:
@@ -307,14 +307,23 @@ class HotpatchUpdateInfo(object):
continue
# find the hotpatch with the highest version for the same source package
mapping_src_pkg_to_hotpatches = dict()
+ # check whether the cve is fixed
+ is_cve_fixed = False
for hotpatch in self.hotpatch_cves[cve_id].hotpatches:
+ if hotpatch.state == self.INSTALLED:
+ is_cve_fixed = True
if hotpatch.state == self.INSTALLABLE:
- mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append([hotpatch.hotpatch_name, hotpatch])
+ mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append(
+ [hotpatch.hotpatch_name, hotpatch]
+ )
+ # do not return the releated hotpatches if the cve is fixed
+ if is_cve_fixed:
+ continue
for src_pkg, hotpatches in mapping_src_pkg_to_hotpatches.items():
# extract the number in HPxxx and sort hotpatches in descending order according to the number
hotpatches = sorted(hotpatches, key=lambda x: int(re.findall("\d+", x[0])[0]), reverse=True)
mapping_cve_hotpatches[cve_id].append(hotpatches[0][1].nevra)
-
+
return mapping_cve_hotpatches
def get_hotpatches_from_advisories(self, advisories: list[str]) -> dict():
diff --git a/hotpatch/hotupgrade.py b/hotpatch/hotupgrade.py
index 2a36312..3bff9a1 100644
--- a/hotpatch/hotupgrade.py
+++ b/hotpatch/hotupgrade.py
@@ -251,7 +251,7 @@ class HotupgradeCommand(dnf.cli.Command):
cve_hp_dict = updateinfo.get_hotpatches_from_cve(cves)
for cve, hp in cve_hp_dict.items():
if not hp:
- logger.info(_("The cve's hot patch doesn't exist: %s"), cve)
+ logger.info(_("The cve doesn't exist or cannot be fixed by hotpatch: %s"), cve)
continue
hp_list += hp
return list(set(hp_list))
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink