Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d2f3228e by Sylvain Beucler at 2021-02-12T17:09:54+01:00 tracker_service: display CVE entries using natural sort order [#76] to avoid annoying confusions with the default incorrect sort due to e.g. CVE-2021-3392 considered higher than CVE-2021-20203 Approach: - use 'COLLATE natorder' [1]; however, we'd have to leave the bug unfixed for a few years, until this feature is merged and packaged in stable sqlite3 [1] https://sqlite.org/forum/forumpost/e4dc6f3331 - sort at the Python level; AFAICS this breaks the current code global logic that delegates the sort to the database, so we'd need to revamp the Python code or introduce ad-hoc logic - use a size-bounded sort at the SQL level (current patch) using a reasonable max size (10 digits / 32-bits), until 1) is available. (variable-length is feasible but impacts readability and performance) - - - - - f72d124e by Salvatore Bonaccorso at 2021-02-27T16:14:00+01:00 Merge branch 'beuc/security-tracker-natsort' tracker_service: display CVE entries using natural sort order See merge request security-tracker-team/security-tracker!76 - - - - - 1 changed file: - lib/python/security_db.py Changes: ===================================== lib/python/security_db.py ===================================== @@ -138,7 +138,14 @@ BugsForSourcePackage_query = \ JOIN source_packages sp ON (st.package = sp.rowid) WHERE sp.name = ? AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%') - ORDER BY bugs.name DESC, sp.release""" + ORDER BY + -- 'COLLATE natorder' emulation, using 0-padding (MR#76) + -- e.g. CVE-2016-1000393 -> CVE-2016-0001000393 + CASE substr(bugs.name,1,3) + WHEN 'CVE' THEN + substr(bugs.name,1,9) || substr("0000000000"||substr(bugs.name, 10, 10), -10) + ELSE bugs.name + END DESC, sp.release""" # Sort order is important for the groupby operation below. def getBugsForSourcePackage(cursor, pkg): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b46bca4dc6f2fe204db071906e5c462b7171c9ae...f72d124e15df4d654960854613ae06d46eecdba6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b46bca4dc6f2fe204db071906e5c462b7171c9ae...f72d124e15df4d654960854613ae06d46eecdba6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
