def test_erratum_publishes_all_repos():
item = PulpErratumPushItem(
# We're being asked to push an advisory to a few repos...
pushsource_item=ErratumPushItem(name="RHSA-1234:56",
dest=["new1", "new2", "existing1"]),
pulp_state=State.PARTIAL,
pulp_unit=ErratumUnit(
id="abc123",
# ...and the advisory already exists in some Pulp, repos, maybe with
# some overlap
repository_memberships=[
"all-rpm-content",
"all-rpm-content-ff",
"existing1",
"existing2",
],
),
)
# Then when we calculate the repos which should be published for this item,
# it should always include both the new repo(s) we're pushing to and also the
# existing repos, as any mutation of the erratum requires metadata to be
# republished for all of them.
# all-rpm-content is an exception given that those repos don't get published.
assert item.publish_pulp_repos == [
"existing1", "existing2", "new1", "new2"
]
def test_construct_underscore():
"""Constructing item with 'from_' works correctly."""
item = ErratumPushItem(name="TEST-123", from_="test-from")
# Should be identical under both names
assert item.from_ == "test-from"
assert getattr(item, "from") == "test-from"
def test_evolve_underscore():
"""Evolving item with "from_" works correctly."""
item = ErratumPushItem(name="TEST-123")
item = attr.evolve(item, from_="test-from")
# Should be identical under both names
assert item.from_ == "test-from"
assert getattr(item, "from") == "test-from"
def test_construct_mixed():
"""Constructing item with both 'from' and 'from_' works correctly,
with 'from' being preferred."""
kwargs = {"from": "from1", "from_": "from2"}
item = ErratumPushItem(name="TEST-123", **kwargs)
# Should be identical under both names - 'from_' is just discarded
assert item.from_ == "from1"
assert getattr(item, "from") == "from1"
def test_asdict():
"""asdict() returns "from" and not "from_"."""
kwargs = {"name": "adv", "from": "bob"}
item = ErratumPushItem(**kwargs)
item_dict = attr.asdict(item)
# It should have exactly the fields from the inputs
assert item_dict["name"] == kwargs["name"]
assert item_dict["from"] == kwargs["from"]
# And it should not have any extra 'from_'
assert "from_" not in item_dict
def test_staged_simple_errata():
staged_dir = os.path.join(DATADIR, "simple_errata")
source = Source.get("staged:" + staged_dir)
items = list(source)
items.sort(key=lambda item: item.src)
# It should load all the expected errata with fields filled in by metadata
assert items == [
ErratumPushItem(
name="RHBA-2020:0518",
state="PENDING",
src=os.path.join(staged_dir, "dest1/ERRATA/advisory1.yaml"),
dest=["dest1"],
md5sum=None,
sha256sum=None,
origin=staged_dir,
build=None,
signing_key=None,
type="bugfix",
release="0",
status="final",
pushcount="1",
reboot_suggested=False,
references=[
ErratumReference(
href="https://access.redhat.com/errata/RHBA-2020:0518",
id="RHBA-2020:0518",
title="RHBA-2020:0518",
type="self",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1744149",
id="1744149",
title=
"CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1771909",
id="1771909",
title=
"CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1773519",
id="1773519",
title=
"CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1774671",
id="1774671",
title=
"CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1774870",
id="1774870",
title=
"CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c",
type="bugzilla",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-13734.html",
id="CVE-2019-13734",
title="CVE-2019-13734",
type="cve",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-14816.html",
id="CVE-2019-14816",
title="CVE-2019-14816",
type="cve",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-14895.html",
id="CVE-2019-14895",
title="CVE-2019-14895",
type="cve",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-14898.html",
id="CVE-2019-14898",
title="CVE-2019-14898",
type="cve",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-14901.html",
id="CVE-2019-14901",
title="CVE-2019-14901",
type="cve",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-17133.html",
id="CVE-2019-17133",
title="CVE-2019-17133",
type="cve",
),
ErratumReference(
href="https://access.redhat.com/errata/RHSA-2020:0374",
id="ref_0",
title="other_reference_0",
type="other",
),
ErratumReference(
href=
"https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/devtools/rust-toolset-rhel7",
id="ref_1",
title="other_reference_1",
type="other",
),
],
pkglist=[],
from_="*****@*****.**",
rights="Copyright 2020 Red Hat Inc",
title="updated devtools/rust-toolset-rhel7 container image",
description=
"The devtools/rust-toolset-rhel7 container image has been updated for Red Hat Developer Tools to address the following security advisory: RHSA-2020:0374 (see References)\n\nUsers of devtools/rust-toolset-rhel7 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
version="1",
updated="2020-02-17 09:14:49 UTC",
issued="2020-02-17 09:14:49 UTC",
severity="None",
summary=
"Updated devtools/rust-toolset-rhel7 container image is now available for Red Hat Developer Tools.",
solution=
"The Red Hat Developer Tools container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
content_types=["docker"],
),
ErratumPushItem(
name="RHSA-2020:0509",
state="PENDING",
src=os.path.join(staged_dir, "dest1/ERRATA/advisory2.json"),
dest=["dest1"],
md5sum=None,
sha256sum=None,
origin=staged_dir,
build=None,
signing_key=None,
type="security",
release="0",
status="final",
pushcount="3",
reboot_suggested=False,
references=[
ErratumReference(
href="https://access.redhat.com/errata/RHSA-2020:0509",
id=None,
title=None,
type="self",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1796944",
id="1796944",
title=
"CVE-2019-18634 sudo: Stack based buffer overflow when pwfeedback is enabled",
type="bugzilla",
),
ErratumReference(
href=
"https://www.redhat.com/security/data/cve/CVE-2019-18634.html",
id="CVE-2019-18634",
title="CVE-2019-18634",
type="cve",
),
ErratumReference(
href=
"https://access.redhat.com/security/updates/classification/#important",
id="classification",
title="important",
type="other",
),
],
pkglist=[
ErratumPackageCollection(
name="RHSA-2020:0509",
packages=[
ErratumPackage(
arch="ppc64le",
filename="sudo-1.8.25p1-4.el8_0.3.ppc64le.rpm",
epoch="0",
name="sudo",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="0d56f302617696d3511e71e1669e62c0",
sha1sum=None,
sha256sum=
"31c4f73af90c6d267cc5281c59e4a93ae3557b2253d9a8e3fef55f3cafca6e54",
),
ErratumPackage(
arch="SRPMS",
filename="sudo-1.8.25p1-4.el8_0.3.src.rpm",
epoch="0",
name="sudo",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="f94ab3724b498e3faeab643fe2a67c9c",
sha1sum=None,
sha256sum=
"10d7724302a60d0d2ca890fc7834b8143df55ba1ce0176469ea634ac4ab7aa28",
),
ErratumPackage(
arch="x86_64",
filename="sudo-1.8.25p1-4.el8_0.3.x86_64.rpm",
epoch="0",
name="sudo",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="25e9470c4fe96034fe1d7525c04b5d8e",
sha1sum=None,
sha256sum=
"593f872c1869f7beb963c8df2945fc691a1d999945c8c45c6bc7e02731fa016f",
),
ErratumPackage(
arch="ppc64le",
filename=
"sudo-debuginfo-1.8.25p1-4.el8_0.3.ppc64le.rpm",
epoch="0",
name="sudo-debuginfo",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="e242826fb38f487502cdc1f1a06991d2",
sha1sum=None,
sha256sum=
"04db0c39efb31518ff79bf98d1c27256d46cdc72b967a5b2094a6efec3166df2",
),
ErratumPackage(
arch="x86_64",
filename=
"sudo-debuginfo-1.8.25p1-4.el8_0.3.x86_64.rpm",
epoch="0",
name="sudo-debuginfo",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="91126f02975c06015880d6ea99cb2760",
sha1sum=None,
sha256sum=
"1b7d3a7613236ffea7c4553eb9dea69fc19557005ac3a059d7e83efc08c5b754",
),
ErratumPackage(
arch="ppc64le",
filename=
"sudo-debugsource-1.8.25p1-4.el8_0.3.ppc64le.rpm",
epoch="0",
name="sudo-debugsource",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="d6da7e2e3d9efe050fef2e8d047682be",
sha1sum=None,
sha256sum=
"355cbb9dc348b17782cff57120391685d6a1f6884facc54fac4b7fb54abeffba",
),
ErratumPackage(
arch="x86_64",
filename=
"sudo-debugsource-1.8.25p1-4.el8_0.3.x86_64.rpm",
epoch="0",
name="sudo-debugsource",
version="1.8.25p1",
release="4.el8_0.3",
src="sudo-1.8.25p1-4.el8_0.3.src.rpm",
md5sum="6b0967941c0caf626c073dc7da0272b6",
sha1sum=None,
sha256sum=
"43e318fa49e4df685ea0d5f0925a00a336236b2e20f27f9365c39a48102c2cf6",
),
],
short="",
module=None,
)
],
from_="*****@*****.**",
rights="Copyright 2020 Red Hat Inc",
title="Important: sudo security update",
description=
"The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
version="3",
updated="2020-02-13 19:00:11 UTC",
issued="2020-02-13 19:00:11 UTC",
severity="Important",
summary=
"An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
solution=
"For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
content_types=["rpm"],
),
]
def test_type_enforced():
"""ErratumPushItem complains on invalid values for 'type'"""
with pytest.raises(ValueError):
ErratumPushItem(name="TEST-123", type="oops-bad-type")
def test_type_converted(in_type, out_type):
"""ErratumPushItem converts values of 'type' field to one of the expected."""
item = ErratumPushItem(name="TEST-123", type=in_type)
assert item.type == out_type
def test_errata_typical_metadata(fake_errata_tool):
"""Test fetching an advisory with no files:
- it is not necessary to provide a koji source
- returns ErratumPushItem with appropriate content
"""
source = Source.get("errata:https://errata.example.com?errata=RHBA-2020:0518")
# It should not have tried to access ET yet (lazy fetching)
assert not fake_errata_tool.last_url
# Load all items
items = list(source)
# It should have queried the expected XML-RPC endpoint.
assert (
fake_errata_tool.last_url == "https://errata.example.com/errata/errata_service"
)
# It should have loaded that one advisory
assert len(items) == 1
# The advisory object should be initialized with all the right fields
assert items[0] == ErratumPushItem(
name="RHBA-2020:0518",
state="PENDING",
src=None,
dest=[
"rhel-7-server-devtools-rpms__x86_64",
"rhel-7-server-for-power-le-devtools-rpms__ppc64le",
"rhel-7-server-for-system-z-devtools-rpms__s390x",
],
content_types=["docker"],
from_="*****@*****.**",
rights="Copyright 2020 Red Hat Inc",
title="updated devtools/rust-toolset-rhel7 container image",
updated="2020-02-17 09:14:49 UTC",
issued="2020-02-17 09:14:49 UTC",
severity="None",
summary=(
"Updated devtools/rust-toolset-rhel7 container image is now available "
"for Red Hat Developer Tools."
),
solution=(
"The Red Hat Developer Tools container image provided by this update "
"can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. "
"Installation instructions for your platform are available at Red Hat Container "
"Catalog (see References).\n\nDockerfiles and scripts should be amended either to "
"refer to this new image specifically, or to the latest image generally."
),
description=(
"The devtools/rust-toolset-rhel7 container image has been updated for Red "
"Hat Developer Tools to address the following security advisory: RHSA-2020:0374 "
"(see References)\n\nUsers of devtools/rust-toolset-rhel7 container images are "
"advised to upgrade to these updated images, which contain backported patches to "
"correct these security issues, fix these bugs and add these enhancements. Users of "
"these images are also encouraged to rebuild all container images that depend on these "
"images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog "
"(see References)."
),
references=[
ErratumReference(
href="https://access.redhat.com/errata/RHBA-2020:0518",
id="RHBA-2020:0518",
title="RHBA-2020:0518",
type="self",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1744149",
id="1744149",
title="CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1771909",
id="1771909",
title="CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1773519",
id="1773519",
title="CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1774671",
id="1774671",
title="CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599",
type="bugzilla",
),
ErratumReference(
href="https://bugzilla.redhat.com/show_bug.cgi?id=1774870",
id="1774870",
title="CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c",
type="bugzilla",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-13734.html",
id="CVE-2019-13734",
title="CVE-2019-13734",
type="cve",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-14816.html",
id="CVE-2019-14816",
title="CVE-2019-14816",
type="cve",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-14895.html",
id="CVE-2019-14895",
title="CVE-2019-14895",
type="cve",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-14898.html",
id="CVE-2019-14898",
title="CVE-2019-14898",
type="cve",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-14901.html",
id="CVE-2019-14901",
title="CVE-2019-14901",
type="cve",
),
ErratumReference(
href="https://www.redhat.com/security/data/cve/CVE-2019-17133.html",
id="CVE-2019-17133",
title="CVE-2019-17133",
type="cve",
),
ErratumReference(
href="https://access.redhat.com/errata/RHSA-2020:0374",
id="ref_0",
title="other_reference_0",
type="other",
),
ErratumReference(
href="https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/devtools/rust-toolset-rhel7",
id="ref_1",
title="other_reference_1",
type="other",
),
],
)