Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig
Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: Finally commiting the splitoff of the tracking bug routines to the library 12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty... And hopefuly merging in tomas' change... :}
Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Fedora.pm 6 Jan 2008 12:48:45 -0000 1.1.2.1 +++ Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2 @@ -14,6 +14,10 @@ 'low' => 'low', );
+### +### Parent bugs from CVE +### + # Get the text to include in the CVE bug descripiton sub cve_bug_desc { @@ -64,3 +68,183 @@ 'alias' => $cve, ); } + +### +### Tracking bugs +### + +my $comment_head = + 'This is an automatically created tracking bug! '. + 'It was created to ensure that one or more security '. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. + "\n\n". + 'For comments that are specific to the vulnerability please use bugs '. + 'filed against "Security Response" product referenced in "Blocks" '. + 'field.'. + "\n\n"; + +my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs + "\n". + 'When creating an update for the version this this bug is reported '. + 'against please include the bug IDs of respective bugs filed '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. + 'note that the update announcement will (and should) contain only '. + 'references to "Security Response" bugs as long as the tracking '. + 'bug is restricted to "Fedora Project Contributors".'. + "\n\n"; + +my $comment_rawhide = + "\n". + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Do *not* include the bug id of this bug in the RPM changelog and the '. + 'commit message.'. + "\n\n"; + +my %priorities = ( + 'urgent', => 4, + 'high', => 3, + 'medium', => 2, + 'low' => 1, +); + +# Valid versions +my %versions = ( + '6', => '6', + 'f6', => '6', + 'fc6', => '6', + '7', => '7', + 'f7', => '7', + 'fc7', => '7', + '8', => '8', + 'f8', => '8', + 'fc8', => '8', + '9', => 'rawhide', + 'f9', => 'rawhide', + 'fc9', => 'rawhide', + 'devel', => 'rawhide', +); + +sub tracking_bugs +{ + my $bugs = shift; + my $component = shift; + my @versions = @_; + + my @retval; + + # Construct a tracking bug template + + my %bug_tmpl = ( + 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', + 'rep_platform' => 'All', + 'op_sys' => 'Linux', + 'short_desc' => '', + 'keywords' => 'Security', + 'product' => 'Fedora', + 'component' => $component, + 'bug_severity' => 'low', + 'priority' => 'low', + 'bit-58' => '1', # Fedora Project Contributors + ); + + my $comment_parents = ''; + + foreach my $bug (@{$bugs}) { + + # Take the highest of priorities + $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} + if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}}); + $bug_tmpl{'priority'} = $bug->{'priority'} + if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}}); + + # This will be overwriten if we block just one parent bug + $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; + + # Add the parent bug to the comment + $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; + } + + if (@{$bugs} > 1) { + $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; + } else { + $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; + } + + # Create a bug hash for each version + + foreach my $version (@versions) { + my %bug = %bug_tmpl; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; + $bug{'version'} = $versions{$version}; + + $bug{'comment'} = + $comment_head. + $comment_parents. + ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update). + $comment_tail; + + push @retval, %bug; + } + + return @retval; +} + +sub file_tracking_bugs +{ + my $parent_bugs = shift; + my $tracking_bugs = shift; + my $bugzilla = shift; + + foreach my $bug (@{$tracking_bugs}) { + my $bug_id = $bugzilla->file_bug (%bug); + + if ($bug{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$bugs}) { + $tr_comment .= ','.$bug->{'bug_id'}; + } + + # XXX: public + $bugzilla->add_private_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, @bugs); + $comment .= $bug{'version'}.": bug #$bug_id\n"; +=cut +} + +=cut + +# File for each version + +my $comment = "Created Fedora tracking bugs for $component:\n\n"; + +=cut +=cut + +# Add comment to original bugs + +foreach my $bug (@bugs) { + $bugzilla->add_private_comment ($bug, $comment); +} + +print STDERR $comment; +=cut
security-commits@lists.fedoraproject.org