fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3052/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Bodhi.pm
Log Message:
getting number of updates per package should no longer be needed with current
bodhi version, 0 seems to work well
Index: Bodhi.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Bodhi.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1
+++ Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2
@@ -79,15 +79,9 @@
my @retval;
- # Get number of updates
-
- # XXX escape
- my $json = `wget --post-data 'package=$pkg&tg_paginate_limit=1' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`;
- my $obj = jsonToObj ($json);
-
- # Get updates themselves
-
- $json = `wget --post-data 'package=$pkg&tg_paginate_limit=$obj->{num_items}' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`;
+ # Get updates
+ $json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\
+ 'https://admin.fedoraproject.org/updates/list?tg_format=json'`;
$obj = jsonToObj ($json);
foreach my $update (@{$obj->{'updates'}}) {
16 years, 5 months
fedora-security/tools/lib/Libexig CVE.pm, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
CVE.pm
Log Message:
Use LWP::Simple instead of wget in CVE.pm
Index: CVE.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/CVE.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- CVE.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1
+++ CVE.pm 10 Jan 2008 14:53:09 -0000 1.1.2.2
@@ -9,6 +9,7 @@
use Exporter 'import';
use XML::Parser;
+use LWP::Simple;
@EXPORT = qw/cve/;
@@ -82,10 +83,10 @@
{
my ($file, $age) = @_;
- # XXX: escaping
+ mkdir $cachebase;
system ("mkdir -p '$cachebase'");
- system ("wget -qcO '$cachebase$file' '$sourcebase$file'")
- and die ('Failed to update cache');
+ mirror ($sourcebase.$file, $cachebase.$file)
+ or die ('Failed to update cache');
return $cachebase.$file;
}
16 years, 5 months
fedora-security/tools/scripts get-cve, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/scripts
Modified Files:
Tag: lkundrak-tools-ng
get-cve
Log Message:
Use LWP::Simple instead of wget in CVE.pm
Index: get-cve
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/get-cve,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- get-cve 6 Jan 2008 03:31:54 -0000 1.1.2.1
+++ get-cve 10 Jan 2008 14:53:09 -0000 1.1.2.2
@@ -4,13 +4,12 @@
# Get CVE information from NVD
# Lubomir Kundrak <lkundrak(a)redhat.com>
-die "Possibly useless";
-=cut
use warnings;
use strict;
use Libexig::CVE;
+use Data::Dumper;
@ARGV or die 'Usage: get-cve <cve> [...]';
16 years, 5 months
fedora-security/tools fedora-security.spec, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894
Modified Files:
Tag: lkundrak-tools-ng
fedora-security.spec
Log Message:
Use LWP::Simple instead of wget in CVE.pm
Index: fedora-security.spec
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/Attic/fedora-security.spec,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- fedora-security.spec 6 Jan 2008 03:31:52 -0000 1.1.2.1
+++ fedora-security.spec 10 Jan 2008 14:53:08 -0000 1.1.2.2
@@ -1,6 +1,6 @@
Name: fedora-security
Version: 0.9
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Tools for Fedora Security Response Team use
Group: Development/Libraries
@@ -25,7 +25,6 @@
#!/bin/sh
%{__perl_requires} $* |\
sed -e '/perl(Email::Simple)/d' |\
- sed -e '/perl(LWP::Simple)/d' |\
sed -e '/perl(Mail::Mbox::MessageParser)/d' |\
sed -e '/perl(Net::FTP)/d'
EOF
16 years, 5 months
fedora-security/audit f8, 1.75, 1.76 f9, 1.68, 1.69 fc7, 1.232, 1.233
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26031
Modified Files:
f8 f9 fc7
Log Message:
wordpress
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- f8 10 Jan 2008 13:45:34 -0000 1.75
+++ f8 10 Jan 2008 13:54:16 -0000 1.76
@@ -8,6 +8,12 @@
# Up to date F8 as of 20071221
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299]
+**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
+CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
+**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
+**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x)
+**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
+CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- f9 9 Jan 2008 16:25:15 -0000 1.68
+++ f9 10 Jan 2008 13:54:16 -0000 1.69
@@ -8,6 +8,12 @@
# Up to date F9 as of 20071029
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
+**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
+CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
+**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
+**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x)
+**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
+CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- fc7 10 Jan 2008 13:45:34 -0000 1.232
+++ fc7 10 Jan 2008 13:54:16 -0000 1.233
@@ -9,6 +9,12 @@
# Up to date FC7 as of 20071221
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333]
+**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
+CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
+**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
+**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x)
+**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
+CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828
16 years, 5 months
fedora-security/audit f8, 1.74, 1.75 fc7, 1.231, 1.232
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25800/audit
Modified Files:
f8 fc7
Log Message:
xfce cve ids
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- f8 9 Jan 2008 13:00:00 -0000 1.74
+++ f8 10 Jan 2008 13:45:34 -0000 1.75
@@ -20,6 +20,8 @@
CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password
CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw
CVE-2007-6595 VULNERABLE (clamav) #427287
+CVE-2007-6532 version (libxfcegui4) #412761 [since FEDORA-2007-4368]
+CVE-2007-6531 version (xfce-panel) #412761 [since FEDORA-2007-4368]
CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562]
CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
@@ -46,9 +48,6 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
-GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368]
-GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368]
-GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368]
CVE-2007-6285 VULNERABLE (autofs) #426400
CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655]
CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- fc7 9 Jan 2008 16:25:15 -0000 1.231
+++ fc7 10 Jan 2008 13:45:34 -0000 1.232
@@ -20,6 +20,8 @@
CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password
CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw
CVE-2007-6595 VULNERABLE (clamav) #427288
+CVE-2007-6532 version (libxfcegui4) #412751 [since FEDORA-2007-4385]
+CVE-2007-6531 version (xfce-panel) #412751 [since FEDORA-2007-4385]
CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584]
CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
@@ -46,9 +48,6 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
-GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385]
-GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385]
-GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385]
CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709]
CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
16 years, 5 months
fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Fedora.pm
Log Message:
Finally commiting the splitoff of the tracking bug routines to the library
12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty...
And hopefuly merging in tomas' change... :}
Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Fedora.pm 6 Jan 2008 12:48:45 -0000 1.1.2.1
+++ Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2
@@ -14,6 +14,10 @@
'low' => 'low',
);
+###
+### Parent bugs from CVE
+###
+
# Get the text to include in the CVE bug descripiton
sub cve_bug_desc
{
@@ -64,3 +68,183 @@
'alias' => $cve,
);
}
+
+###
+### Tracking bugs
+###
+
+my $comment_head =
+ 'This is an automatically created tracking bug! '.
+ 'It was created to ensure that one or more security '.
+ 'vulnerabilities are fixed in all affected branches.'.
+ "\n\n".
+ 'You should *not* refer to this bug publicly, as it is a '.
+ 'private "Fedora Project Contributors" bug.'.
+ "\n\n".
+ 'For comments that are specific to the vulnerability please use bugs '.
+ 'filed against "Security Response" product referenced in "Blocks" '.
+ 'field.'.
+ "\n\n";
+
+my $comment_tail =
+ 'For more information see: '.
+ 'http://fedoraproject.org/wiki/Security/TrackingBugs';
+
+my $comment_update =
+ # Following the list of parent bugs
+ "\n".
+ 'When creating an update for the version this this bug is reported '.
+ 'against please include the bug IDs of respective bugs filed '.
+ 'against "Security Response" product as well as of this bug and let the '.
+ 'update system close them. Please '.
+ 'note that the update announcement will (and should) contain only '.
+ 'references to "Security Response" bugs as long as the tracking '.
+ 'bug is restricted to "Fedora Project Contributors".'.
+ "\n\n";
+
+my $comment_rawhide =
+ "\n".
+ 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '.
+ 'Fixed In field if possible) once is it fixed in devel branch. '.
+ 'Do *not* include the bug id of this bug in the RPM changelog and the '.
+ 'commit message.'.
+ "\n\n";
+
+my %priorities = (
+ 'urgent', => 4,
+ 'high', => 3,
+ 'medium', => 2,
+ 'low' => 1,
+);
+
+# Valid versions
+my %versions = (
+ '6', => '6',
+ 'f6', => '6',
+ 'fc6', => '6',
+ '7', => '7',
+ 'f7', => '7',
+ 'fc7', => '7',
+ '8', => '8',
+ 'f8', => '8',
+ 'fc8', => '8',
+ '9', => 'rawhide',
+ 'f9', => 'rawhide',
+ 'fc9', => 'rawhide',
+ 'devel', => 'rawhide',
+);
+
+sub tracking_bugs
+{
+ my $bugs = shift;
+ my $component = shift;
+ my @versions = @_;
+
+ my @retval;
+
+ # Construct a tracking bug template
+
+ my %bug_tmpl = (
+ 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs',
+ 'rep_platform' => 'All',
+ 'op_sys' => 'Linux',
+ 'short_desc' => '',
+ 'keywords' => 'Security',
+ 'product' => 'Fedora',
+ 'component' => $component,
+ 'bug_severity' => 'low',
+ 'priority' => 'low',
+ 'bit-58' => '1', # Fedora Project Contributors
+ );
+
+ my $comment_parents = '';
+
+ foreach my $bug (@{$bugs}) {
+
+ # Take the highest of priorities
+ $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'}
+ if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}});
+ $bug_tmpl{'priority'} = $bug->{'priority'}
+ if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}});
+
+ # This will be overwriten if we block just one parent bug
+ $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' ';
+
+ # Add the parent bug to the comment
+ $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n";
+ }
+
+ if (@{$bugs} > 1) {
+ $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities";
+ } else {
+ $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'};
+ }
+
+ # Create a bug hash for each version
+
+ foreach my $version (@versions) {
+ my %bug = %bug_tmpl;
+ $bug{'short_desc'} .= " [Fedora $versions{$version}]";
+ $bug{'version'} = $versions{$version};
+
+ $bug{'comment'} =
+ $comment_head.
+ $comment_parents.
+ ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update).
+ $comment_tail;
+
+ push @retval, \%bug;
+ }
+
+ return \@retval;
+}
+
+sub file_tracking_bugs
+{
+ my $parent_bugs = shift;
+ my $tracking_bugs = shift;
+ my $bugzilla = shift;
+
+ foreach my $bug (@{$tracking_bugs}) {
+ my $bug_id = $bugzilla->file_bug (\%bug);
+
+ if ($bug{'version'} ne 'rawhide') {
+ my $tr_comment =
+ 'You can eventually use the following link to '.
+ 'create the update request: '."\n".
+ 'https://admin.fedoraproject.org/updates/new/'.
+ '?request=Stable'.
+ '&type=security'.
+ '&release=Fedora%20'.$bug{'version'}.
+ '&bugs='.$bug_id;
+
+ foreach my $bug (@{$bugs}) {
+ $tr_comment .= ','.$bug->{'bug_id'};
+ }
+
+ # XXX: public
+ $bugzilla->add_private_comment ($bug_id, $tr_comment);
+ }
+
+ $bugzilla->add_blockers ($bug_id, \@bugs);
+ $comment .= $bug{'version'}.": bug #$bug_id\n";
+=cut
+}
+
+=cut
+
+# File for each version
+
+my $comment = "Created Fedora tracking bugs for $component:\n\n";
+
+=cut
+=cut
+
+# Add comment to original bugs
+
+foreach my $bug (@bugs) {
+ $bugzilla->add_private_comment ($bug, $comment);
+}
+
+print STDERR $comment;
+=cut
16 years, 5 months
fedora-security/tools/scripts add-tracking-bugs, 1.1.2.2, 1.1.2.3
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/scripts
Modified Files:
Tag: lkundrak-tools-ng
add-tracking-bugs
Log Message:
Finally commiting the splitoff of the tracking bug routines to the library
12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty...
And hopefuly merging in tomas' change... :}
Index: add-tracking-bugs
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- add-tracking-bugs 7 Jan 2008 16:52:18 -0000 1.1.2.2
+++ add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3
@@ -21,72 +21,11 @@
use Libexig::Util;
use Libexig::Bugzilla;
+use Libexig::Fedora;
use warnings;
use strict;
-my $comment_head =
- 'This is an automatically created tracking bug! '.
- 'It was created to ensure that one or more security '.
- 'vulnerabilities are fixed in all affected branches.'.
- "\n\n".
- 'You should *not* refer to this bug publicly, as it is a '.
- 'private "Fedora Project Contributors" bug.'.
- "\n\n".
- 'For comments that are specific to the vulnerability please use bugs '.
- 'filed against "Security Response" product referenced in "Blocks" '.
- 'field.'.
- "\n\n";
-
-my $comment_tail =
- 'For more information see: '.
- 'http://fedoraproject.org/wiki/Security/TrackingBugs';
-
-my $comment_update =
- # Following the list of parent bugs
- "\n".
- 'When creating an update for the version this this bug is reported '.
- 'against please include the bug IDs of respective bugs filed '.
- 'against "Security Response" product as well as of this bug and let the '.
- 'update system close them. Please '.
- 'note that the update announcement will (and should) contain only '.
- 'references to "Security Response" bugs as long as the tracking '.
- 'bug is restricted to "Fedora Project Contributors".'.
- "\n\n";
-
-my $comment_rawhide =
- "\n".
- 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '.
- 'Fixed In field if possible) once is it fixed in devel branch. '.
- 'Do *not* include the bug id of this bug in the RPM changelog and the '.
- 'commit message.'.
- "\n\n";
-
-
-my %impact = (
- 'urgent', => 4,
- 'high', => 3,
- 'medium', => 2,
- 'low' => 1,
-);
-
-# Valid versions
-my %versions = (
- '6', => '6',
- 'f6', => '6',
- 'fc6', => '6',
- '7', => '7',
- 'f7', => '7',
- 'fc7', => '7',
- '8', => '8',
- 'f8', => '8',
- 'fc8', => '8',
- '9', => 'rawhide',
- 'f9', => 'rawhide',
- 'fc9', => 'rawhide',
- 'devel', => 'rawhide',
-);
-
# Command line options
my (@bugs, @versions, $dryrun, $debug,
$username, $password, $component);
@@ -115,14 +54,17 @@
$options{'versions'} or die 'versions argument is mandatory';
@versions = split (/,/, $options{'versions'});
-$versions{$_} or die "Invalid version: $_" foreach (@versions);
+#XXX
+##$versions{$_} or die "Invalid version: $_" foreach (@versions);
$component = $options{'component'} or die 'component argument is mandatory';
$dryrun = ($options{'dryrun'} or 0);
$debug = ($options{'debug'} or 0);
$username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com');
-$password = ($options{'password'} or $dryrun or
- read_noecho ("Bugzilla password for $username: "));
+$password = ($options{'password'} or read_noecho ("Bugzilla password for $username: "))
+ unless $dryrun;
+
+$dryrun = 1;
my $bugzilla = new Libexig::Bugzilla ({
'username' => $username,
@@ -133,92 +75,10 @@
# Get parent bugs
-my $bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']);
-print Dumper ($bugs) if $debug;
-
-# Construct a tracking bug template
-
-my %bug_tmpl = (
- 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs',
- 'rep_platform' => 'All',
- 'op_sys' => 'Linux',
- 'short_desc' => '',
- 'keywords' => 'Security',
- 'product' => 'Fedora',
- 'comment' => $comment_head,
- 'component' => $component,
- 'bug_severity' => 'low',
- 'priority' => 'low',
- 'bit-58' => '1', # Fedora Project Contributors
-);
-
-foreach my $bug (@{$bugs}) {
-
- # Take the highest of priorities
- $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'}
- if ($impact{$bug->{'bug_severity'}} > $impact{$bug_tmpl{'bug_severity'}});
- $bug_tmpl{'priority'} = $bug->{'priority'}
- if ($impact{$bug->{'priority'}} > $impact{$bug_tmpl{'priority'}});
-
- # This will be overwriten if we block just one parent bug
- $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' ';
-
- # Add the parent bug to the comment
- $bug_tmpl{'comment'} .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n";
-}
-
-if ($#bugs) {
- $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities";
-} else {
- $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'};
-}
-
-# File for each version
-
-my $comment = "Created Fedora tracking bugs for $component:\n\n";
-
-foreach my $version (@versions) {
- my %bug = %bug_tmpl;
- $bug{'short_desc'} .= " [Fedora $versions{$version}]";
- $bug{'version'} = $versions{$version};
-
- if ($bug{'version'} eq 'rawhide') {
- $bug{'comment'} .= $comment_rawhide;
- } else {
- $bug{'comment'} .= $comment_update;
- }
-
- $bug{'comment'} .= $comment_tail;
-
- print Dumper (\%bug) if $debug;
- my $bug_id = $bugzilla->file_bug (\%bug);
-
- if ($bug{'version'} ne 'rawhide') {
- my $tr_comment =
- 'You can eventually use the following link to '.
- 'create the update request: '."\n".
- 'https://admin.fedoraproject.org/updates/new/'.
- '?request=Stable'.
- '&type=security'.
- '&release=Fedora%20'.$bug{'version'}.
- '&bugs='.$bug_id;
-
- foreach my $bug (@{$bugs}) {
- $tr_comment .= ','.$bug->{'bug_id'};
- }
-
- # XXX: public
- $bugzilla->add_private_comment ($bug_id, $tr_comment);
- }
+my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']);
+print Dumper ($parent_bugs) if $debug;
- $bugzilla->add_blockers ($bug_id, \@bugs);
- $comment .= $bug{'version'}.": bug #$bug_id\n";
-}
-
-# Add comment to original bugs
-
-foreach my $bug (@bugs) {
- $bugzilla->add_private_comment ($bug, $comment);
-}
+my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions);
-print STDERR $comment;
+use Data::Dumper;
+print Dumper ($tracking_bugs);
16 years, 5 months
fedora-security/audit f9, 1.67, 1.68 fc7, 1.230, 1.231
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12515/audit
Modified Files:
f9 fc7
Log Message:
syslog-ng fixed in rawhide
minor pcre cleanup
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- f9 9 Jan 2008 13:00:00 -0000 1.67
+++ f9 9 Jan 2008 16:25:15 -0000 1.68
@@ -34,7 +34,7 @@
CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
-CVE-2007-6437 VULNERABLE (syslog-ng) #426307
+CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- fc7 9 Jan 2008 13:00:00 -0000 1.230
+++ fc7 9 Jan 2008 16:25:15 -0000 1.231
@@ -684,7 +684,8 @@
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
-CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378411
+CVE-2006-7228 version (pcre, fixed 6.7)
+CVE-2006-7227 version (pcre, fixed 6.7)
CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-7205 ignore (php) See NVD
CVE-2006-7204 ignore (php) See NVD
16 years, 5 months
fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.2, 1.1.2.3
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27408/tools/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Bugzilla.pm
Log Message:
make add_comment more generic wrapper for addComment
add close_bug*
Index: Bugzilla.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bugzilla.pm,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- Bugzilla.pm 8 Jan 2008 16:15:51 -0000 1.1.2.2
+++ Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3
@@ -147,15 +147,18 @@
return undef;
}
-# Add comment to a bug (unless in dryrun mode)
-# Arguments: bug id, comment, make comment private (0/1)
+# Add comment - wrapper around bugzilla addComment XMLRPC method
+#
+# Mandatory arguments:
+# bugid, comment
+# Optional arguments:
+# isprivate, timestamp, worktime, bz_gid, private_in_it, nomail
sub add_comment
{
my $self = shift;
my $bug = shift or die 'No bug!';
my $comment = shift or die 'No comment!';
- my $private; $private = shift or $private= 0;
if ($self->{dryrun}) {
print STDERR 'Would add following comment to bug: #'.$bug."\n";
@@ -164,7 +167,7 @@
}
my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment,
- @{$self->{creds}}, $private);
+ @{$self->{creds}}, @_);
my $result = $call->result
or die $call->faultstring;
@@ -175,13 +178,66 @@
}
# Add private comment to a bug
+#
+# Arguments:
+# bugid, comment
sub add_private_comment
{
my $self = shift;
+
my $bug = shift;
my $comment = shift;
$self->add_comment($bug, $comment, 1);
}
+# Close bug - wrapper around bugzilla closeBug XMLRPC method
+#
+# Mandatory arguments:
+# bugid, resolution
+# Optional arguments:
+# dupeid, fixedin, comment, isprivate, private_in_it, nomail
+sub close_bug
+{
+ my $self = shift;
+
+ my $bug = shift or die 'No bug!';
+ my $resolution = shift or die 'No resolution!';
+
+ if ($self->{dryrun}) {
+ print STDERR 'Would close bug #'.$bug.' as: '.$resolution."\n";
+ return 0;
+ }
+
+ my $call = $self->{rpc}->call('bugzilla.closeBug', $bug, $resolution,
+ @{$self->{creds}}, @_);
+
+ my $result = $call->result
+ or die $call->faultstring;
+
+ print STDERR 'Bugzilla answered to closeBug: '.Dumper($result)
+ if $self->{debug};
+ return undef;
+}
+
+# Close bug with comment
+#
+# Mandatory arguments:
+# bugid, resulution, comment
+# Optional arguments:
+# newfixedin, dupeid
+sub close_bug_with_comment
+{
+ my $self = shift;
+
+ my $bug = shift;
+ my $resolution = shift;
+ my $comment = shift or die 'No comment!';
+
+ my $fixedin = shift;
+ my $dupeid = shift;
+
+ $self->close_bug($bug, $resolution, $dupeid, $fixedin, $comment);
+}
+
1;
16 years, 5 months