[Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.1, 1.1.2.2

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Wed Jan 9 21:42:42 UTC 2008 

Author: lkundrak

Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig

Modified Files:
      Tag: lkundrak-tools-ng
	Fedora.pm 
Log Message:
Finally commiting the splitoff of the tracking bug routines to the library
12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty...
And hopefuly merging in tomas' change... :}



Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Fedora.pm	6 Jan 2008 12:48:45 -0000	1.1.2.1
+++ Fedora.pm	9 Jan 2008 21:42:37 -0000	1.1.2.2
@@ -14,6 +14,10 @@
 	'low'		=> 'low',
 );
 
+###
+### Parent bugs from CVE
+###
+
 # Get the text to include in the CVE bug descripiton
 sub cve_bug_desc
 {
@@ -64,3 +68,183 @@
 		'alias'		=> $cve,
 	);
 }
+
+###
+### Tracking bugs
+###
+
+my $comment_head = 
+	'This is an automatically created tracking bug! '.
+	'It was created to ensure that one or more security '.
+	'vulnerabilities are fixed in all affected branches.'.
+	"\n\n".
+	'You should *not* refer to this bug publicly, as it is a '.
+	'private "Fedora Project Contributors" bug.'.
+	"\n\n".
+	'For comments that are specific to the vulnerability please use bugs '.
+	'filed against "Security Response" product referenced in "Blocks" '.
+	'field.'.
+	"\n\n";
+
+my $comment_tail = 
+	'For more information see: '.
+	'http://fedoraproject.org/wiki/Security/TrackingBugs';
+
+my $comment_update = 
+	# Following the list of parent bugs
+	"\n".
+	'When creating an update for the version this this bug is reported '.
+	'against please include the bug IDs of respective bugs filed '.
+	'against "Security Response" product as well as of this bug and let the '.
+	'update system close them. Please '.
+	'note that the update announcement will (and should) contain only '.
+	'references to "Security Response" bugs as long as the tracking '.
+	'bug is restricted to "Fedora Project Contributors".'.
+	"\n\n";
+
+my $comment_rawhide = 
+	"\n".
+	'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '.
+	'Fixed In field if possible) once is it fixed in devel branch. '.
+	'Do *not* include the bug id of this bug in the RPM changelog and the '.
+	'commit message.'.
+	"\n\n";
+
+my %priorities = (
+	'urgent',	=> 4,
+	'high',		=> 3,
+        'medium',	=> 2,
+	'low'		=> 1,
+);
+
+# Valid versions
+my %versions = (
+	'6',		=> '6',
+	'f6',		=> '6',
+	'fc6',		=> '6',
+	'7',		=> '7',
+	'f7',		=> '7',
+	'fc7',		=> '7',
+	'8',		=> '8',
+	'f8',		=> '8',
+	'fc8',		=> '8',
+	'9',		=> 'rawhide',
+	'f9',		=> 'rawhide',
+	'fc9',		=> 'rawhide',
+	'devel',	=> 'rawhide',
+);
+
+sub tracking_bugs
+{
+	my $bugs = shift;
+	my $component = shift;
+	my @versions = @_;
+
+	my @retval;
+
+	# Construct a tracking bug template
+
+	my %bug_tmpl = (
+		'bug_file_loc'	=> 'http://fedoraproject.org/wiki/Security/TrackingBugs',
+		'rep_platform'	=> 'All',
+		'op_sys'	=> 'Linux',
+		'short_desc'	=> '',
+		'keywords'	=> 'Security',
+		'product'	=> 'Fedora',
+		'component'	=> $component,
+		'bug_severity'	=> 'low',
+		'priority'	=> 'low',
+		'bit-58'	=> '1', # Fedora Project Contributors
+	);
+
+	my $comment_parents = '';
+
+	foreach my $bug (@{$bugs}) {
+
+		# Take the highest of priorities
+		$bug_tmpl{'bug_severity'} = $bug->{'bug_severity'}
+			if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}});
+		$bug_tmpl{'priority'} = $bug->{'priority'}
+			if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}});
+
+		# This will be overwriten if we block just one parent bug
+		$bug_tmpl{'short_desc'} .= $bug->{'alias'}.' ';
+
+		# Add the parent bug to the comment
+		$comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n";
+	}
+
+	if (@{$bugs} > 1) {
+		$bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities";
+	} else {
+		$bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'};
+	}
+
+	# Create a bug hash for each version
+
+	foreach my $version (@versions) {
+		my %bug = %bug_tmpl;
+		$bug{'short_desc'} .= " [Fedora $versions{$version}]";
+		$bug{'version'} = $versions{$version};
+
+		$bug{'comment'} =
+			$comment_head.
+			$comment_parents.
+			($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update).
+			$comment_tail;
+
+		push @retval, \%bug;
+	}
+
+	return \@retval;
+}
+
+sub file_tracking_bugs
+{
+	my $parent_bugs = shift;
+	my $tracking_bugs = shift;
+	my $bugzilla = shift;
+
+	foreach my $bug (@{$tracking_bugs}) {
+		my $bug_id = $bugzilla->file_bug (\%bug);
+
+		if ($bug{'version'} ne 'rawhide') {
+			my $tr_comment = 
+				'You can eventually use the following link to '.
+				'create the update request: '."\n".
+				'https://admin.fedoraproject.org/updates/new/'.
+				'?request=Stable'.
+				'&type=security'.
+				'&release=Fedora%20'.$bug{'version'}.
+				'&bugs='.$bug_id;
+
+			foreach my $bug (@{$bugs}) {
+				$tr_comment .= ','.$bug->{'bug_id'};
+			}
+
+			# XXX: public
+			$bugzilla->add_private_comment ($bug_id, $tr_comment);
+		}
+
+		$bugzilla->add_blockers ($bug_id, \@bugs);
+		$comment .= $bug{'version'}.": bug #$bug_id\n";
+=cut
+}
+
+=cut
+
+# File for each version
+
+my $comment = "Created Fedora tracking bugs for $component:\n\n";
+
+=cut
+=cut
+
+# Add comment to original bugs
+
+foreach my $bug (@bugs) {
+	$bugzilla->add_private_comment ($bug, $comment);
+}
+
+print STDERR $comment;
+=cut

More information about the Fedora-security-commits mailing list