1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#!/usr/bin/env python
import freebsd, oe
try:
import bb
except Exception, e:
import sys
sys.stderr.write("Set PYTHONPATH to bitbake/lib and restart.\n")
sys.stderr.write("The backtrace can be seen below.\n")
raise e
def strip_oe_version(oe_version):
"""
We need to strip the package epoch... and the PR to compare
it to the FreeBSD versions. Also FreeBSD seems to use _N as
PR so we might need to do more..
"""
split = oe_version.split(':', 1)
ver = split[1]
split = ver.rsplit('-r', 1)
ver = split[0]
return ver
def compare_versions(oe, freebsd_dict, not_known):
def handle_package(oe_name, bsd_name):
if not oe_name in oe:
if oe_name == bsd_name:
print >> not_known, "%s is not in OE" % oe_name
return
oe_version = strip_oe_version(oe[oe_name])
for ver in freebsd_dict[bsd_name]:
affected = True
str = []
for (cmp, vers) in ver.versions:
(bsd_ver, bsd_pr) = freebsd.prepare_version(vers)
cmp_res = bb.utils.vercmp(('0', oe_version, 'r0'), ('0', bsd_ver, bsd_pr))
if cmp == '<':
if cmp_res >= 0:
affected = False
pass
elif cmp == '<=':
if cmp_res > 0:
affected = False
pass
elif cmp == '>':
if cmp_res <= 0:
affected = False
pass
elif cmp == '>=':
if cmp_res < 0:
affected = False
pass
elif cmp == '=':
if cmp_res > 0:
affected = False
else:
print cmp
assert True
str.append("%s %s %s %s" % (oe_name, oe_version, cmp, bsd_ver))
if affected:
print " && ".join(str), ver.link
for package in freebsd_dict.keys():
# handle the various versions of OE packages
handle_package(package, package)
handle_package("%s-native" % package, package)
handle_package("%s-full-native" % package, package)
handle_package("%s-sdk" % package, package)
handle_package("%s-essential" % package, package)
handle_package("%s-cross" % package, package)
handle_package("%s-initial" % package, package)
handle_package("%s-trim" % package, package)
handle_package("%s-canadian" % package, package)
handle_package("%s-cross-sdk" % package, package)
def handle_options(args):
import optparse
parser = optparse.OptionParser(version = "OE Audit version 0.1",
usage = "%prog [options]")
parser.add_option("-a", "--auditfile", help = "FreeBSD auditfile to use",
action = "store", dest = "freebsd_auditfile", default = None)
parser.add_option("-p", "--available", help = "Output of bitbake -s",
action = "store", dest = "oe_available", default = None)
parser.add_option("-b", "--buggy", help = "Write out unmaped packets",
action = "store", dest = "buggy", default = "not_in_oe.bugs")
parser.add_option("-f", "--fetch", help = "Fetch a new auditfile",
action = "store_true", dest = "fetch", default = False)
options, args = parser.parse_args(args)
return options
# read the input data
import sys
opts = handle_options(sys.argv)
if opts.fetch:
import os
print "Fetching new auditfile with wget and unpacking to the local directory"
os.system("(rm auditfile.tbz || true) && wget -c http://ports.freebsd.org/auditfile.tbz; tar xjf auditfile.tbz auditfile && rm auditfile.tbz")
if not opts.oe_available or not opts.freebsd_auditfile:
print "You need to specific -a and -p."
sys.exit(0)
oe_packages = oe.read_available(opts.oe_available)
freebsd_vuln = freebsd.read_auditfile(opts.freebsd_auditfile)
buggy = open(opts.buggy, "w+")
compare_versions(oe=oe_packages, freebsd_dict=freebsd_vuln, not_known=buggy)
|
