[Fedora-security-commits] fedora-security/tools/scripts check-updates, 1.3, 1.4

[fedora-security-commits at redhat.com]

Author: thoger

Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16755/tools/scripts

Modified Files:
	check-updates 
Log Message:
Add support for using 'since' in check-updates.  So far, only tracking bugs
were supported.  That is pain, if we learn about some issue from submitted
update request (cough ... asterisk ... cough).  At that time, updated packages
are already built and filing tracking bugs just for tracking purposes will just
annoy developer.  You can now add '[since nvr]' to tracking file istead of
tracking bug id.



Index: check-updates
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- check-updates	14 Jan 2008 16:33:12 -0000	1.3
+++ check-updates	25 Apr 2008 13:00:00 -0000	1.4
@@ -10,23 +10,87 @@
 use Libexig::Audit;
 use Libexig::Bodhi;
 
+my $debug= 1; 
+
 # Parse the audit file
 my $audit = new Libexig::Audit ({file => $ARGV[0]});
 
 foreach my $entry (@{$audit->{audit}}) {
 	$entry->{'status'} eq 'VULNERABLE' or next;
 
-	# See if the VULNERABLE bug was referenced by an update	
+	# Check if we have some info to compare against
+	if (!defined($entry->{'bug'})  &&  !defined($entry->{'since'})) {
+		next;
+	}
+
+	if ($debug) {
+		print "Checking... $entry->{'cve'} $entry->{'component'}";
+		if (defined($entry->{'bug'})) {
+			print " #$entry->{'bug'}";
+		}
+		if (defined($entry->{'since'})) {
+			print " [since $entry->{'since'}]";
+		}
+		print "\n";
+	}
+
+	# Figure out if since is update id or nvr
+	my ($update_nvr, $update_id);
+	if (defined($entry->{'since'})) {
+		if ($entry->{'since'} =~ /^FEDORA-/) {
+			$update_id= $entry->{'since'};
+		} else {
+			$update_nvr= $entry->{'since'};
+		}
+	}
+
+	# Go through the updates
 	foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) {
-		$u->{'_Bugs'}->{$entry->{bug}} or next;
 
+		if (
+			# See if the VULNERABLE bug was referenced by an update	
+			(defined($entry->{'bug'})  &&
+			 defined($u->{'_Bugs'}->{$entry->{bug}}) )  ||
+
+			# See if since Update ID was found
+			(defined($update_id)  &&
+			 defined($u->{'Update ID'})  &&
+			 $u->{'Update ID'} eq $update_id )  ||
+
+			# See if since NVR was found
+			# TODO: check also higher NVRs to deal with obsoleted update
+			# requests?
+			(defined($update_nvr)  &&
+			 scalar(grep($_ eq $update_nvr, @{ $u->{'_NVRs'} })) > 0)
+			) {
+			;		# update was found, do nothing
+		} else {
+			next;	# try next update
+		}
+
+		if ($debug) {
+			print "  -> Found: ", grep($_ eq $update_nvr, @{ $u->{'_NVRs'} });
+		}
+		
 		# Modify the line accordingly
-		$entry->{since} = $u->{'Update ID'};
-		$u->{'Status'} eq 'stable' and $entry->{status} = 'fixed';
+		if (defined($u->{'Update ID'})) {
+			$entry->{'since'}= $u->{'Update ID'};
+			if ($debug) {
+				print " ($u->{'Update ID'})";
+			}
+		}
+		if ($u->{'Status'} eq 'stable') {
+			$entry->{status}= 'fixed';
+		}
 		Libexig::Audit::update_entry ($entry);
 
+		if ($debug) {
+			print " - status: $u->{'Status'}\n";
+		}
+
 		last;
 	};
 }
 
 $audit->save;
+