[Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.1, 1.1.2.2
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Wed Jan 9 21:42:42 UTC 2008
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Fedora.pm
Log Message:
Finally commiting the splitoff of the tracking bug routines to the library
12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty...
And hopefuly merging in tomas' change... :}
Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Fedora.pm 6 Jan 2008 12:48:45 -0000 1.1.2.1
+++ Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2
@@ -14,6 +14,10 @@
'low' => 'low',
);
+###
+### Parent bugs from CVE
+###
+
# Get the text to include in the CVE bug descripiton
sub cve_bug_desc
{
@@ -64,3 +68,183 @@
'alias' => $cve,
);
}
+
+###
+### Tracking bugs
+###
+
+my $comment_head =
+ 'This is an automatically created tracking bug! '.
+ 'It was created to ensure that one or more security '.
+ 'vulnerabilities are fixed in all affected branches.'.
+ "\n\n".
+ 'You should *not* refer to this bug publicly, as it is a '.
+ 'private "Fedora Project Contributors" bug.'.
+ "\n\n".
+ 'For comments that are specific to the vulnerability please use bugs '.
+ 'filed against "Security Response" product referenced in "Blocks" '.
+ 'field.'.
+ "\n\n";
+
+my $comment_tail =
+ 'For more information see: '.
+ 'http://fedoraproject.org/wiki/Security/TrackingBugs';
+
+my $comment_update =
+ # Following the list of parent bugs
+ "\n".
+ 'When creating an update for the version this this bug is reported '.
+ 'against please include the bug IDs of respective bugs filed '.
+ 'against "Security Response" product as well as of this bug and let the '.
+ 'update system close them. Please '.
+ 'note that the update announcement will (and should) contain only '.
+ 'references to "Security Response" bugs as long as the tracking '.
+ 'bug is restricted to "Fedora Project Contributors".'.
+ "\n\n";
+
+my $comment_rawhide =
+ "\n".
+ 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '.
+ 'Fixed In field if possible) once is it fixed in devel branch. '.
+ 'Do *not* include the bug id of this bug in the RPM changelog and the '.
+ 'commit message.'.
+ "\n\n";
+
+my %priorities = (
+ 'urgent', => 4,
+ 'high', => 3,
+ 'medium', => 2,
+ 'low' => 1,
+);
+
+# Valid versions
+my %versions = (
+ '6', => '6',
+ 'f6', => '6',
+ 'fc6', => '6',
+ '7', => '7',
+ 'f7', => '7',
+ 'fc7', => '7',
+ '8', => '8',
+ 'f8', => '8',
+ 'fc8', => '8',
+ '9', => 'rawhide',
+ 'f9', => 'rawhide',
+ 'fc9', => 'rawhide',
+ 'devel', => 'rawhide',
+);
+
+sub tracking_bugs
+{
+ my $bugs = shift;
+ my $component = shift;
+ my @versions = @_;
+
+ my @retval;
+
+ # Construct a tracking bug template
+
+ my %bug_tmpl = (
+ 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs',
+ 'rep_platform' => 'All',
+ 'op_sys' => 'Linux',
+ 'short_desc' => '',
+ 'keywords' => 'Security',
+ 'product' => 'Fedora',
+ 'component' => $component,
+ 'bug_severity' => 'low',
+ 'priority' => 'low',
+ 'bit-58' => '1', # Fedora Project Contributors
+ );
+
+ my $comment_parents = '';
+
+ foreach my $bug (@{$bugs}) {
+
+ # Take the highest of priorities
+ $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'}
+ if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}});
+ $bug_tmpl{'priority'} = $bug->{'priority'}
+ if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}});
+
+ # This will be overwriten if we block just one parent bug
+ $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' ';
+
+ # Add the parent bug to the comment
+ $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n";
+ }
+
+ if (@{$bugs} > 1) {
+ $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities";
+ } else {
+ $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'};
+ }
+
+ # Create a bug hash for each version
+
+ foreach my $version (@versions) {
+ my %bug = %bug_tmpl;
+ $bug{'short_desc'} .= " [Fedora $versions{$version}]";
+ $bug{'version'} = $versions{$version};
+
+ $bug{'comment'} =
+ $comment_head.
+ $comment_parents.
+ ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update).
+ $comment_tail;
+
+ push @retval, \%bug;
+ }
+
+ return \@retval;
+}
+
+sub file_tracking_bugs
+{
+ my $parent_bugs = shift;
+ my $tracking_bugs = shift;
+ my $bugzilla = shift;
+
+ foreach my $bug (@{$tracking_bugs}) {
+ my $bug_id = $bugzilla->file_bug (\%bug);
+
+ if ($bug{'version'} ne 'rawhide') {
+ my $tr_comment =
+ 'You can eventually use the following link to '.
+ 'create the update request: '."\n".
+ 'https://admin.fedoraproject.org/updates/new/'.
+ '?request=Stable'.
+ '&type=security'.
+ '&release=Fedora%20'.$bug{'version'}.
+ '&bugs='.$bug_id;
+
+ foreach my $bug (@{$bugs}) {
+ $tr_comment .= ','.$bug->{'bug_id'};
+ }
+
+ # XXX: public
+ $bugzilla->add_private_comment ($bug_id, $tr_comment);
+ }
+
+ $bugzilla->add_blockers ($bug_id, \@bugs);
+ $comment .= $bug{'version'}.": bug #$bug_id\n";
+=cut
+}
+
+=cut
+
+# File for each version
+
+my $comment = "Created Fedora tracking bugs for $component:\n\n";
+
+=cut
+=cut
+
+# Add comment to original bugs
+
+foreach my $bug (@bugs) {
+ $bugzilla->add_private_comment ($bug, $comment);
+}
+
+print STDERR $comment;
+=cut
More information about the Fedora-security-commits
mailing list