Merge branch 'master' into f/centos8

Change-Id: Iaa64a33118b5e228529bf5ab42bdfd3feb784f70 Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-12-11 09:12:53 -08:00 · 2019-12-11 09:12:53 -08:00 · 202776a187
parent 05df9bec8f c0ce51dd42
commit 202776a187
6 changed files with 175 additions and 45 deletions
--- a/centos-mirror-tools/rpms_centos.lst
+++ b/centos-mirror-tools/rpms_centos.lst
@ -758,9 +758,9 @@ libwayland-cursor-1.15.0-1.el7.x86_64.rpm
 libwayland-egl-1.15.0-1.el7.x86_64.rpm
 libwayland-server-1.15.0-1.el7.x86_64.rpm
 libwebp-0.3.0-7.el7.x86_64.rpm
-libX11-1.6.5-2.el7.x86_64.rpm
-libX11-common-1.6.5-2.el7.noarch.rpm
-libX11-devel-1.6.5-2.el7.x86_64.rpm
+libX11-1.6.7-2.el7.x86_64.rpm
+libX11-common-1.6.7-2.el7.noarch.rpm
+libX11-devel-1.6.7-2.el7.x86_64.rpm
 libXau-1.0.8-2.1.el7.x86_64.rpm
 libXau-devel-1.0.8-2.1.el7.x86_64.rpm
 libXaw-1.0.13-4.el7.x86_64.rpm
@ -783,8 +783,8 @@ libXi-1.7.9-1.el7.x86_64.rpm
 libXi-devel-1.7.9-1.el7.x86_64.rpm
 libXinerama-1.1.3-2.1.el7.x86_64.rpm
 libXinerama-devel-1.1.3-2.1.el7.x86_64.rpm
-libxkbcommon-0.7.1-1.el7.x86_64.rpm
-libxkbcommon-devel-0.7.1-1.el7.x86_64.rpm
+libxkbcommon-0.7.1-3.el7.x86_64.rpm
+libxkbcommon-devel-0.7.1-3.el7.x86_64.rpm
 libxkbfile-1.0.9-3.el7.x86_64.rpm
 libxklavier-5.4-7.el7.x86_64.rpm
 libxklavier-devel-5.4-7.el7.x86_64.rpm
@ -906,7 +906,7 @@ nss-sysinit-3.36.0-7.el7_5.x86_64.rpm
 nss-tools-3.36.0-7.el7_5.x86_64.rpm
 nss-util-3.36.0-1.el7_5.x86_64.rpm
 nss-util-devel-3.36.0-1.el7_5.x86_64.rpm
-ntp-4.2.6p5-28.el7.centos.src.rpm
+ntp-4.2.6p5-29.el7.centos.src.rpm
 numactl-devel-2.0.9-7.el7.x86_64.rpm
 numactl-libs-2.0.9-7.el7.x86_64.rpm
 objectweb-asm-3.3.1-9.el7.noarch.rpm
@ -1061,9 +1061,9 @@ plexus-interpolation-1.15-8.el7.noarch.rpm
 plexus-sec-dispatcher-1.4-13.el7.noarch.rpm
 plexus-utils-3.0.9-9.el7.noarch.rpm
 pm-utils-1.4.1-27.el7.x86_64.rpm
-polkit-0.112-18.el7.x86_64.rpm
-polkit-devel-0.112-18.el7.x86_64.rpm
-polkit-docs-0.112-18.el7.noarch.rpm
+polkit-0.112-22.el7.x86_64.rpm
+polkit-devel-0.112-22.el7.x86_64.rpm
+polkit-docs-0.112-22.el7.noarch.rpm
 polkit-pkla-compat-0.1-4.el7.x86_64.rpm
 poppler-0.26.5-20.el7.x86_64.rpm
 poppler-data-0.4.6-3.el7.noarch.rpm
@ -1145,7 +1145,7 @@ python2-barbicanclient-4.5.3-1.el7.noarch.rpm
 python2-bcrypt-3.1.6-2.el7.x86_64.rpm
 python2-bitmath-1.3.1-1.el7.noarch.rpm
 python2-boto-2.45.0-3.el7.noarch.rpm
-python2-botocore-1.6.0-1.el7.noarch.rpm
+python2-botocore-1.12.75-1.el7.noarch.rpm
 python2-cachez-0.1.0-2.el7.noarch.rpm
 python2-castellan-0.19.0-1.el7.noarch.rpm
 python2-certifi-2018.10.15-5.el7.noarch.rpm
@ -1606,18 +1606,18 @@ rpm-python-4.11.3-35.el7.x86_64.rpm
 rsync-3.1.2-4.el7.x86_64.rpm
 rtctl-1.13-2.el7.noarch.rpm
 rt-setup-1.59-5.el7.noarch.rpm
-ruby-2.0.0.648-34.el7_6.x86_64.rpm
+ruby-2.0.0.648-36.el7.x86_64.rpm
 ruby-augeas-0.5.0-1.el7.x86_64.rpm
-ruby-devel-2.0.0.648-34.el7_6.x86_64.rpm
-rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm
-rubygem-io-console-0.4.2-34.el7_6.x86_64.rpm
-rubygem-json-2.0.2-2.el7.x86_64.rpm
-rubygem-psych-2.0.0-34.el7_6.x86_64.rpm
-rubygem-rdoc-4.0.0-34.el7_6.noarch.rpm
+ruby-devel-2.0.0.648-36.el7.x86_64.rpm
+rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm
+rubygem-io-console-0.4.2-36.el7.x86_64.rpm
+rubygem-json-1.7.7-36.el7.x86_64.rpm
+rubygem-psych-2.0.0-36.el7.x86_64.rpm
+rubygem-rdoc-4.0.0-36.el7.noarch.rpm
 rubygem-rgen-0.6.6-2.el7.noarch.rpm
-rubygems-2.0.14.1-34.el7_6.noarch.rpm
-ruby-irb-2.0.0.648-34.el7_6.noarch.rpm
-ruby-libs-2.0.0.648-34.el7_6.x86_64.rpm
+rubygems-2.0.14.1-36.el7.noarch.rpm
+ruby-irb-2.0.0.648-36.el7.noarch.rpm
+ruby-libs-2.0.0.648-36.el7.x86_64.rpm
 ruby-shadow-1.4.1-23.el7.x86_64.rpm
 sanlock-3.6.0-1.el7.x86_64.rpm
 sanlock-devel-3.6.0-1.el7.x86_64.rpm
@ -1672,7 +1672,7 @@ stix-math-fonts-1.1.0-5.el7.noarch.rpm
 strace-4.12-9.el7.x86_64.rpm
 subversion-1.7.14-14.el7.x86_64.rpm
 subversion-libs-1.7.14-14.el7.x86_64.rpm
-sudo-1.8.23-3.el7.src.rpm
+sudo-1.8.23-4.el7_7.1.src.rpm
 supermin5-5.1.19-1.el7.x86_64.rpm
 swig-2.0.10-5.el7.x86_64.rpm
 sysfsutils-2.1.0-16.el7.x86_64.rpm
@ -1681,7 +1681,7 @@ syslinux-extlinux-4.05-15.el7.x86_64.rpm
 syslog-ng-3.5.6-3.el7.x86_64.rpm
 syslog-ng-libdbi-3.5.6-3.el7.x86_64.rpm
 sysstat-10.1.5-17.el7.x86_64.rpm
-systemd-219-62.el7_6.5.src.rpm
+systemd-219-67.el7.src.rpm
 sysvinit-tools-2.88-14.dsf.el7.x86_64.rpm
 t1lib-5.1.2-14.el7.x86_64.rpm
 taglib-1.8-7.20130218git.el7.x86_64.rpm
@ -1977,7 +1977,7 @@ wavpack-4.60.1-9.el7.x86_64.rpm
 wayland-devel-1.15.0-1.el7.x86_64.rpm
 wayland-protocols-devel-1.14-1.el7.noarch.rpm
 web-assets-filesystem-5-1.el7.noarch.rpm
-wget-1.14-18.el7.x86_64.rpm
+wget-1.14-18.el7_6.1.x86_64.rpm
 which-2.20-7.el7.x86_64.rpm
 wqy-microhei-fonts-0.2.0-0.12.beta.el7.noarch.rpm
 wqy-unibit-fonts-1.1.0-13.el7.noarch.rpm
--- a/centos-mirror-tools/rpms_centos3rdparties.lst
+++ b/centos-mirror-tools/rpms_centos3rdparties.lst
@ -21,12 +21,12 @@ devtoolset-7-libstdc++-devel-7.3.1-5.10.el7.x86_64.rpm
 devtoolset-7-runtime-7.1-4.el7.x86_64.rpm
 docker-ce-18.09.6-3.el7.x86_64.rpm
 docker-ce-cli-18.09.6-3.el7.x86_64.rpm
-elfutils-0.172-2.el7.x86_64.rpm
-elfutils-default-yama-scope-0.172-2.el7.noarch.rpm
-elfutils-devel-0.172-2.el7.x86_64.rpm
-elfutils-libelf-0.172-2.el7.x86_64.rpm
-elfutils-libelf-devel-0.172-2.el7.x86_64.rpm
-elfutils-libs-0.172-2.el7.x86_64.rpm
+elfutils-0.176-2.el7.x86_64.rpm
+elfutils-default-yama-scope-0.176-2.el7.noarch.rpm
+elfutils-devel-0.176-2.el7.x86_64.rpm
+elfutils-libelf-0.176-2.el7.x86_64.rpm
+elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
+elfutils-libs-0.176-2.el7.x86_64.rpm
 glib2-2.56.1-2.el7.x86_64.rpm
 glib2-devel-2.56.1-2.el7.x86_64.rpm
 glib2-doc-2.56.1-2.el7.noarch.rpm
@ -83,7 +83,7 @@ openscap-1.2.17-2.el7.x86_64.rpm
 openscap-scanner-1.2.17-2.el7.x86_64.rpm
 openstack-tempest-17.2.0-4.el7.noarch.rpm
 osinfo-db-20180531-1.el7.noarch.rpm
-OVMF-20150414-2.gitc9e5618.el7.noarch.rpm
+OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm
 policycoreutils-2.5-29.el7.x86_64.rpm
 policycoreutils-devel-2.5-29.el7.x86_64.rpm
 policycoreutils-newrole-2.5-29.el7.x86_64.rpm
@ -124,10 +124,10 @@ selinux-policy-targeted-3.13.1-229.el7_6.6.noarch.rpm
 spice-protocol-0.12.14-1.el7.noarch.rpm
 spice-server-0.14.0-6.el7.x86_64.rpm
 spice-server-devel-0.14.0-6.el7.x86_64.rpm
-systemd-219-62.el7_6.5.x86_64.rpm
-systemd-devel-219-62.el7_6.5.x86_64.rpm
-systemd-libs-219-62.el7_6.5.x86_64.rpm
-systemd-sysv-219-62.el7_6.5.x86_64.rpm
+systemd-219-67.el7.x86_64.rpm
+systemd-devel-219-67.el7.x86_64.rpm
+systemd-libs-219-67.el7.x86_64.rpm
+systemd-sysv-219-67.el7.x86_64.rpm
 systemtap-3.3-3.el7.x86_64.rpm
 systemtap-client-3.3-3.el7.x86_64.rpm
 systemtap-devel-3.3-3.el7.x86_64.rpm
--- a/centos-mirror-tools/tarball-dl.lst
+++ b/centos-mirror-tools/tarball-dl.lst
@ -27,8 +27,8 @@ gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#gorilla-mux#https://
 helm-charts-92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#helm-charts#https://github.com/helm/charts/archive/92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#http##
 helm-charts-elastic-2bd7616ceddbdf2eee88965e2028ee37d304c79c.tar.gz#helm-charts-elastic#https://github.com/elastic/helm-charts/archive/2bd7616ceddbdf2eee88965e2028ee37d304c79c.tar.gz#http##
 helm-v2.13.1-linux-amd64.tar.gz#linux-amd64#https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz#http##
-i40e-2.7.29.tar.gz#i40e-2.7.29#https://sourceforge.net/projects/e1000/files/i40e%20stable/2.7.29/i40e-2.7.29.tar.gz/download#http##
-i40evf-3.6.15.tar.gz#i40evf-3.6.15#https://sourceforge.net/projects/e1000/files/i40evf%20stable/3.6.15/i40evf-3.6.15.tar.gz/download#http##
+i40e-2.10.19.30.tar.gz#i40e-2.10.19.30#https://sourceforge.net/projects/e1000/files/i40e%20stable/2.10.19.30/i40e-2.10.19.30.tar.gz/download#http##
+iavf-3.7.61.20.tar.gz#iavf-3.7.61.20#https://sourceforge.net/projects/e1000/files/iavf%20stable/3.7.61.20/iavf-3.7.61.20.tar.gz/download#http##
 ibsh-0.3e.tar.gz#cgcs-users-1.0#https://sourceforge.net/projects/ibsh/files/ibsh/ibsh-0.3e/ibsh-0.3e.tar.gz/download#http##
 !integrity-kmod-e6aef069.tar.gz#integrity#http://git.infradead.org/users/jjs/linux-tpmdd.git/snapshot/e6aef069b6e97790cb127d5eeb86ae9ff0b7b0e3.tar.gz#http_script##post-dl-script/integrity-kmod.sh
 isa-l-7e1a337433a340bc0974ed0f04301bdaca374af6.tar.gz#isa-l#https://api.github.com/repos/ceph/isa-l/tarball/7e1a337433a340bc0974ed0f04301bdaca374af6#https##
@ -47,8 +47,8 @@ lua-1fce39c6397056db645718b8f5821571d97869a4.tar.gz#lua#https://api.github.com/r
 !mariadb-10.1.28.tar.gz#mariadb-10.1.28#https://github.com/MariaDB/server/archive/mariadb-10.1.28.tar.gz#http_script##post-dl-script/mariadb.sh
 !MLNX_OFED_SRC-4.5-1.0.1.0.tgz#MLNX_OFED_SRC-4.5-1.0.1.0#http://content.mellanox.com/ofed/MLNX_OFED-4.5-1.0.1.0/MLNX_OFED_SRC-4.5-1.0.1.0.tgz#http_script##post-dl-script/MLNX_OFEDqat1.7.sh
 opae-intel-fpga-driver-1.3.0-2.tar.gz#opae-intel-fpga-driver-1.3.0-2#https://github.com/OPAE/opae-sdk/releases/download/1.3.0-2/opae-intel-fpga-driver-1.3.0-2.tar.gz#http##
-openstack-helm-6c71637222f47d85681038994f02feac92f75bd2.tar.gz#openstack-helm#https://github.com/openstack/openstack-helm/archive/6c71637222f47d85681038994f02feac92f75bd2.tar.gz#http##
-openstack-helm-infra-aae64213c95fbcea7a0a7671dcb9d8a366f16fa5.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/aae64213c95fbcea7a0a7671dcb9d8a366f16fa5.tar.gz#http##
+openstack-helm-82c72367c85ca94270f702661c7b984899c1ae38.tar.gz#openstack-helm#https://github.com/openstack/openstack-helm/archive/82c72367c85ca94270f702661c7b984899c1ae38.tar.gz#http##
+openstack-helm-infra-c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz#http##
 openvswitch-2.11.0.tar.gz#openvswitch-2.11.0#https://github.com/openvswitch/ovs/archive/v2.11.0.tar.gz#http##
 puppet-boolean-22b726dd78b0a60a224cc7054aebbf28e9306f62.tar.gz#puppet-boolean#https://github.com/voxpupuli/puppet-boolean/tarball/22b726dd78b0a60a224cc7054aebbf28e9306f62#http##
 puppet-dnsmasq-cff07e90890662972c97684a2baee964f68ff3ed.tar.gz#packstack/puppet/modules/dnsmasq/#https://github.com/procore/puppet-dnsmasq/tarball/cff07e90890662972c97684a2baee964f68ff3ed#http##
--- a/cve_support/cve_policy_filter.py
+++ b/cve_support/cve_policy_filter.py
@ -12,6 +12,7 @@ Create documentation as pydoc -w cve_policy_filter
 import json
 import sys
 import os
+from lp import find_lp_assigned

 def print_html_report(cves_report, title):
    """
@ -25,6 +26,7 @@ def print_html_report(cves_report, title):
    template = template_env.get_template(template_file)
    heads = ["cve_id", "status", "cvss2Score", "av", "ac", "au", "ai"]
    output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
+        cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
        cves_to_track=cves_report["cves_to_track"],\
        cves_w_errors=cves_report["cves_w_errors"],\
        cves_to_omit=cves_report["cves_to_omit"],\
@ -40,7 +42,7 @@ def print_report(cves_report, title):
    Print the txt STDOUT report
    """
    print("\n%s report:" % (title))
-    print("\nValid CVEs to take action immediately: %d\n" \
+    print("\nCVEs to fix w/o a launchpad assigned: %d\n" \
        % (len(cves_report["cves_to_fix"])))
    for cve in cves_report["cves_to_fix"]:
        print("\n")
@ -57,6 +59,15 @@ def print_report(cves_report, title):
        if cve["sourcelink"]:
            print(cve["sourcelink"])

+    print("\nCVEs to fix w/ a launchpad assigned: %d \n" \
+        % (len(cves_report["cves_to_fix_lp"])))
+    for cve in cves_report["cves_to_fix_lp"]:
+        cve_line = []
+        for key, value in cve.items():
+            if key != "summary":
+                cve_line.append(key + ":" + str(value))
+        print(cve_line)
+
    print("\nCVEs to track for incoming fix: %d \n" \
        % (len(cves_report["cves_to_track"])))
    for cve in cves_report["cves_to_track"]:
@ -128,6 +139,7 @@ def main():
    cves = []
    cves_valid = []
    cves_to_fix = []
+    cves_to_fix_lp = []
    cves_to_track = []
    cves_w_errors = []
    cves_to_omit = []
@ -197,13 +209,17 @@ def main():
                and ("N" in cve["au"] or "S" in cve["au"])
                and ("P" in cve["ai"] or "C" in cve["ai"])):
            if cve["status"] == "fixed":
-                cves_to_fix.append(cve)
+                if find_lp_assigned(cve["id"]):
+                    cves_to_fix_lp.append(cve)
+                else:
+                    cves_to_fix.append(cve)
            else:
                cves_to_track.append(cve)
        else:
            cves_to_omit.append(cve)

    cves_report["cves_to_fix"] = cves_to_fix
+    cves_report["cves_to_fix_lp"] = cves_to_fix_lp
    cves_report["cves_to_track"] = cves_to_track
    cves_report["cves_w_errors"] = cves_w_errors
    cves_report["cves_to_omit"] = cves_to_omit
--- a/cve_support/lp.py
+++ b/cve_support/lp.py
@ -0,0 +1,92 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (C) 2019 Intel Corporation
+#
+
+"""
+Implement system to detect if CVEs has launchpad assigned
+"""
+import json
+import os
+from os import path
+from launchpadlib.launchpad import Launchpad
+
+
+# Filter the open bugs
+STATUSES = [
+    'New',
+    'Incomplete',
+    'Confirmed',
+    'Triaged',
+    'In Progress',
+    'Fix Committed',
+    'Fix Released',
+]
+
+CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
+CVES_FILE = path.join(CACHEDIR, 'cves_open.json')
+DATA = []
+
+
+def search_upstrem_lps():
+    """
+    Search for launchpads open with CVE or cve in title
+    """
+    launchpad = Launchpad.login_anonymously\
+        ('lplib.cookbook.json_fetcher', 'production',
+         CACHEDIR, version='devel')
+    project = launchpad.projects['starlingx']
+    tasks = project.searchTasks(status=STATUSES)
+    for task in tasks:
+        bug = task.bug
+        if ("cve" in bug.title.lower()):
+            bug_dic = {}
+            bug_dic['id'] = bug.id
+            bug_dic['title'] = bug.title
+            bug_dic['link'] = bug.self_link
+            DATA.append(bug_dic)
+
+    with open(CVES_FILE, 'w') as outfile:
+        json.dump(DATA, outfile)
+
+def find_lp_assigned(cve_id):
+    """
+    Check if a launchpad for CVE exist in DATA
+    DATA must came from file or from upstream launchpad DB
+    """
+    global DATA
+
+    if not DATA:
+        if path.isfile(CVES_FILE):
+            DATA = json.load(open(CVES_FILE, "r"))
+        else:
+            search_upstrem_lps()
+
+    for bug in DATA:
+        if cve_id in bug["title"]:
+            return bug
+
+    return None
+
+def main():
+
+    """
+    Sanity test
+    """
+    cve_ids = ["CVE-2019-0160",\
+        "CVE-2019-11810",\
+        "CVE-2019-11811",\
+        "CVE-2018-15686",\
+        "CVE-2019-10126"]
+
+    for cve_id in cve_ids:
+        bug = find_lp_assigned(cve_id)
+        if bug:
+            print("\n")
+            print(bug)
+        else:
+            print("\n%s has no LP assigned\n" % (cve_id))
+
+if __name__ == "__main__":
+    main()
--- a/cve_support/template.txt
+++ b/cve_support/template.txt
@ -1,9 +1,9 @@
 <head></head>
 <body>
 	<h1>Security report from vuls scan from {{title}}</h1>
-	<h2>Valid CVEs to take action immediately: {{cves_to_fix | length}}</h2>
+	<h2>CVEs to fix w/o a launchpad assigned: {{cves_to_fix | length}}</h2>
 	<table>
-		{% if cves_to_fix|length > 1 %}
+		{% if cves_to_fix|length >= 1 %}
 			<tr>
 				{% for head in heads %}
 					<th>{{head}}</th>
@ -23,9 +23,31 @@
 			{% endfor %}
 		{% endif %}
 		</table>
+	<h2>CVEs to fix w/ a launchpad assigend: {{cves_to_fix_lp | length}}</h2>
+	<table>
+		{% if cves_to_fix_lp|length >= 1 %}
+			<tr>
+				{% for head in heads %}
+					<th>{{head}}</th>
+				{% endfor %}
+			</tr>
+
+			{% for cve in cves_to_fix_lp %}
+			<tr>
+				<td>{{cve["id"]}}</td>
+				<td>{{cve["status"]}}</td>
+				<td>{{cve["cvss2Score"]}}</td>
+				<td>{{cve["av"]}}</td>
+				<td>{{cve["ac"]}}</td>
+				<td>{{cve["au"]}}</td>
+				<td>{{cve["ai"]}}</td>
+			</tr>
+			{% endfor %}
+		{% endif %}
+		</table>
 	<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
 	<table>
-		{% if cves_to_track|length > 1 %}
+		{% if cves_to_track|length >= 1 %}
 			<tr>
 			{% for head in heads %}
 				<th>{{head}}</th>
@ -47,7 +69,7 @@
 	</table>
 	<h2> CVEs to omit: {{cves_to_omit | length}}</h2>
 	<table>
-		{% if cves_to_omit|length > 1 %}
+		{% if cves_to_omit|length >= 1 %}
 			<tr>
 			{% for head in heads %}
 				<th>{{head}}</th>
@ -70,7 +92,7 @@

 	<h2>ERROR: CVEs that have no cvss2Score or cvss2Vector:{{cves_w_errors | length}}</h2>
 		<table>
-		{% if cves_w_errors|length > 1 %}
+		{% if cves_w_errors|length >= 1 %}
 			{% for cve in cves_to_track %}
 			<tr>
 				<td>{{cve["id"]}}</td>