[Fedora-security-commits] fedora-security/tools/scripts check-updates, 1.3, 1.4

Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16755/tools/scripts Modified Files: check-updates Log Message: Add support for using 'since' in check-updates. So far, only tracking bugs were supported. That is pain, if we learn about some issue from submitted update request (cough ... asterisk ... cough). At that time, updated packages are already built and filing tracking bugs just for tracking purposes will just annoy developer. You can now add '[since nvr]' to tracking file istead of tracking bug id. Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- check-updates 14 Jan 2008 16:33:12 -0000 1.3 +++ check-updates 25 Apr 2008 13:00:00 -0000 1.4 @@ -10,23 +10,87 @@ use Libexig::Audit; use Libexig::Bodhi; +my $debug= 1; + # Parse the audit file my $audit = new Libexig::Audit ({file => $ARGV[0]}); foreach my $entry (@{$audit->{audit}}) { $entry->{'status'} eq 'VULNERABLE' or next; - # See if the VULNERABLE bug was referenced by an update + # Check if we have some info to compare against + if (!defined($entry->{'bug'}) && !defined($entry->{'since'})) { + next; + } + + if ($debug) { + print "Checking... $entry->{'cve'} $entry->{'component'}"; + if (defined($entry->{'bug'})) { + print " #$entry->{'bug'}"; + } + if (defined($entry->{'since'})) { + print " [since $entry->{'since'}]"; + } + print "\n"; + } + + # Figure out if since is update id or nvr + my ($update_nvr, $update_id); + if (defined($entry->{'since'})) { + if ($entry->{'since'} =~ /^FEDORA-/) { + $update_id= $entry->{'since'}; + } else { + $update_nvr= $entry->{'since'}; + } + } + + # Go through the updates foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) { - $u->{'_Bugs'}->{$entry->{bug}} or next; + if ( + # See if the VULNERABLE bug was referenced by an update + (defined($entry->{'bug'}) && + defined($u->{'_Bugs'}->{$entry->{bug}}) ) || + + # See if since Update ID was found + (defined($update_id) && + defined($u->{'Update ID'}) && + $u->{'Update ID'} eq $update_id ) || + + # See if since NVR was found + # TODO: check also higher NVRs to deal with obsoleted update + # requests? + (defined($update_nvr) && + scalar(grep($_ eq $update_nvr, @{ $u->{'_NVRs'} })) > 0) + ) { + ; # update was found, do nothing + } else { + next; # try next update + } + + if ($debug) { + print " -> Found: ", grep($_ eq $update_nvr, @{ $u->{'_NVRs'} }); + } + # Modify the line accordingly - $entry->{since} = $u->{'Update ID'}; - $u->{'Status'} eq 'stable' and $entry->{status} = 'fixed'; + if (defined($u->{'Update ID'})) { + $entry->{'since'}= $u->{'Update ID'}; + if ($debug) { + print " ($u->{'Update ID'})"; + } + } + if ($u->{'Status'} eq 'stable') { + $entry->{status}= 'fixed'; + } Libexig::Audit::update_entry ($entry); + if ($debug) { + print " - status: $u->{'Status'}\n"; + } + last; }; } $audit->save; +