diff --git a/0010-modify-the-interface-of-get_hotpatches_from_cve.patch b/0010-modify-the-interface-of-get_hotpatches_from_cve.patch new file mode 100644 index 0000000000000000000000000000000000000000..612840baa3083a8f21f228e83f335ef8f9dae6ee --- /dev/null +++ b/0010-modify-the-interface-of-get_hotpatches_from_cve.patch @@ -0,0 +1,52 @@ +From 59a7c96963736f496e8a7574725b50d105b28c87 Mon Sep 17 00:00:00 2001 +From: wang-guangge +Date: Mon, 12 Jun 2023 12:22:08 +0800 +Subject: [PATCH] modify the interface of get_hotpatches_from_cve + +--- + hotpatch/hotpatch_updateinfo.py | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py +index 399e05c..4b39969 100644 +--- a/hotpatch/hotpatch_updateinfo.py ++++ b/hotpatch/hotpatch_updateinfo.py +@@ -5,6 +5,7 @@ from typing import Optional + import gzip + import xml.etree.ElementTree as ET + import datetime ++import re + + + class HotpatchUpdateInfo(object): +@@ -287,7 +288,8 @@ class HotpatchUpdateInfo(object): + + def get_hotpatches_from_cve(self, cves: list[str]) -> dict(): + """ +- Get hotpatches from specified cve ++ Get hotpatches from specified cve. If there are several hotpatches for the same source package for a cve, only return the ++ hotpatch with the highest version. + + Args: + cves: [cve_id_1, cve_id_2] +@@ -303,9 +305,16 @@ class HotpatchUpdateInfo(object): + mapping_cve_hotpatches[cve_id] = [] + if cve_id not in self.hotpatch_cves: + continue ++ # find the hotpatch with the highest version for the same source package ++ mapping_src_pkg_to_hotpatches = dict() + for hotpatch in self.hotpatch_cves[cve_id].hotpatches: + if hotpatch.state == self.INSTALLABLE: +- mapping_cve_hotpatches[cve_id].append(hotpatch.nevra) ++ mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append([hotpatch.hotpatch_name, hotpatch]) ++ for src_pkg, hotpatches in mapping_src_pkg_to_hotpatches.items(): ++ # extract the number in HPxxx and sort hotpatches in descending order according to the number ++ hotpatches = sorted(hotpatches, key=lambda x: int(re.findall("\d+", x[0])[0]), reverse=True) ++ mapping_cve_hotpatches[cve_id].append(hotpatches[0][1].nevra) ++ + return mapping_cve_hotpatches + + def get_hotpatches_from_advisories(self, advisories: list[str]) -> dict(): +-- +2.33.0 + diff --git a/aops-apollo.spec b/aops-apollo.spec index 051fe97919b59aacacb9547d70bd73dbdab57ad0..4eafc821c74375386e32b872bc45c9c5b6a005fd 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,6 +1,6 @@ Name: aops-apollo Version: v1.2.1 -Release: 5 +Release: 6 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} @@ -14,7 +14,7 @@ Patch0006: 0006-update-hotpatch-status-related-operation-support.patch Patch0007: 0007-fix-hotpatch-status-filter-exception.patch Patch0008: 0008-update-validation-rules-for-paging-parameters.patch Patch0009: 0009-cve-fix-task-generate-api-return-500-when-request-without-auto-reboot.patch - +Patch0010: 0010-modify-the-interface-of-get_hotpatches_from_cve.patch BuildRequires: python3-setuptools Requires: aops-vulcanus >= v1.2.0 @@ -85,6 +85,9 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/ %{python3_sitelib}/aops_apollo_tool/* %changelog +* Mon Jun 12 2023 wangguangge - v1.2.1-6 +- modify the interface of get_hotpatches_from_cve + * Fri Jun 09 2023 wenxin - v1.2.1-5 - fix issue: API return 500 when create cve fix task without parameter auto_reboot