Secure testing commits - May 2010 - r14666 - lib/python/sectracker

Author: fw
Date: 2010-05-10 20:02:30 +0000 (Mon, 10 May 2010)
New Revision: 14666

Modified:
   lib/python/sectracker/analyzers.py
Log:
sectracker.analyzers.vulnerabilities(): allow {} overrides

See thread "A new ambiguity" on the debian-security-tracker list:
<http://lists.debian.org/debian-security-tracker/2010/05/msg00011.html>


Modified: lib/python/sectracker/analyzers.py
==================================================================---
lib/python/sectracker/analyzers.py	2010-05-10 19:08:42 UTC (rev 14665)
+++ lib/python/sectracker/analyzers.py	2010-05-10 20:02:30 UTC (rev 14666)
@@ -109,21 +109,25 @@
 
     assert "sid" in versions # should come from extractversions()
 
-    def buildpackages1(bug):
+    def buildpackages1(bug, target=None):
         packages = {}
+        xref = () # current {} contents
         for ann in bug.annotations:
-            if ann.type == "package":
+            # only copy if target is listed in current {} list
+            if ann.type == "package" and (target is None or target in
xref):
                 if ann.package not in packages:
                     packages[ann.package] = {}
                 pkg = packages[ann.package]
                 pkg[ann.release] = (bug, ann)
+            elif ann.type == "xref":
+                xref = ann.bugs
         return packages
 
     def buildpackages(bug):
         packages = buildpackages1(bug)
         if bug.header.name not in copysrc:
             return packages
-        copiers = [buildpackages1(bugdb[b])
+        copiers = [buildpackages1(bugdb[b], target=bug.header.name)
                    for b in copysrc[bug.header.name]]
         for c in copiers:
             for pname, creleases in c.items():