From nobody Sun Feb  8 03:58:04 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1557748350; cv=none;
	d=zoho.com; s=zohoarc;
	b=ORIEaoV8JawUyBc0BO6FWITDIWrgc+iSrE5VL1rEFdfVhpsHquGD5iIWEMU0/ZlkBW/Ufz/y0tRQRZfD0/d0hQGP4U9Azc8pZpEaAvU3Tm7JMG1C1jPNUzeZZKPHOnHnmNO5CUCZ+q92yDkTqxBEXDMiFs+xmnKv/Ep20/2JWvk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1557748350;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=XX1bYDdT1J/selkWZ00QNJrLOY+5qmwF3cnte79Kj3Q=;
	b=ZxHJolk/5kKbHLqmEKkBFAZb5q/g2OymzRuUyGfOiJ0NerMvBEsal6x8syz7I717sKos/PVDMxebQuOw6aIZgyxtfXaYGldMNiQFVfgPRv+n2gTPMCAbiwe2DfplT5IMu7G1BRsmm8pF5YUe0MAiBvlhYcUp1OAFWDx/HJMrMCM=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1557748350106136.26370370176835;
 Mon, 13 May 2019 04:52:30 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 63877C057F3F;
	Mon, 13 May 2019 11:52:28 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 362D063F70;
	Mon, 13 May 2019 11:52:28 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EAB8141F5D;
	Mon, 13 May 2019 11:52:27 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x4DBqDWL030813 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 13 May 2019 07:52:13 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5A0426A489; Mon, 13 May 2019 11:52:13 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.42.22.189])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BC6B3196A8;
	Mon, 13 May 2019 11:52:11 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Mon, 13 May 2019 12:51:58 +0100
Message-Id: <20190513115206.1088-2-berrange@redhat.com>
In-Reply-To: <20190513115206.1088-1-berrange@redhat.com>
References: <20190513115206.1088-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [security-notice PATCH 1/9] scripts: change data
	structures used to track branches & tags
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Mon, 13 May 2019 11:52:28 +0000 (UTC)

We need to track more info against each branch, so use a more
advanced data structure.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 scripts/report-vulnerable-tags.pl | 53 ++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 15 deletions(-)

diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-=
tags.pl
index 0b6ea6f..14d31c0 100644
--- a/scripts/report-vulnerable-tags.pl
+++ b/scripts/report-vulnerable-tags.pl
@@ -11,6 +11,15 @@ if (int(@ARGV) !=3D 1) {
=20
 my $changeset =3D shift @ARGV;
=20
+# branch name to hash with keys
+#   - brokenchanges -> list of commit ids
+#   - brokentags -> hash of tag names to '1'
+my %branches;
+
+# tag name to '0' (fixed) or '1' (broken)
+my %tags;
+
+
 sub get_tags {
     my @args =3D @_;
=20
@@ -53,17 +62,31 @@ sub get_branch {
     return @branches;
 }
=20
-my @branches;
-my %tags;
-my %branches;
+sub add_branch {
+    my $name =3D shift @_;
+
+    return if exists $branches{$name};
+
+    $branches{$name} =3D {
+       "brokenchanges" =3D> [$changeset],
+       "brokentags" =3D> {},
+    };
+}
+
+sub add_broken_tag {
+    my $branch =3D shift @_;
+    my $tag =3D shift @_;
+
+    $tags{$tag} =3D 1;
+    $branches{$branch}->{"brokentags"}->{$tag} =3D 1;
+}
+
+add_branch("master");
=20
-$branches{"master"} =3D [];
 # Most tags live on master so lets get them first
 for my $tag (get_tags("--contains", $changeset, "--merged", "master")) {
-    push @{$branches{"master"}}, $tag;
-    $tags{$tag} =3D 1;
+    add_broken_tag("master", $tag);
 }
-push @branches, "master";
=20
 # Now we need slower work to find branches for
 # few remaining tags
@@ -84,22 +107,22 @@ for my $tag (get_tags("--contains", $changeset)) {
     if (int(@tagbranches) > 1) {
         print "Tag $tag appears in multiple branches\n";
     }
+    my $branch =3D $tagbranches[0];
=20
-    unless (exists($branches{$tagbranches[0]})) {
-        $branches{$tagbranches[0]} =3D [];
-        push @branches, $tagbranches[0];
-    }
-    push @{$branches{$tagbranches[0]}}, $tag;
+    add_branch($branch);
+    add_broken_tag($branch, $tag);
 }
=20
=20
-foreach my $branch (sort versioncmp @branches) {
+foreach my $branch (sort versioncmp keys %branches) {
     print "    <branch>\n";
     print "      <name>$branch</name>\n";
-    foreach my $tag (sort versioncmp @{$branches{$branch}}) {
+    foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokenta=
gs"}}) {
         print "      <tag state=3D\"vulnerable\">$tag</tag>\n";
     }
-    print "      <change state=3D\"vulnerable\">$changeset</change>\n";
+    foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) {
+	print "      <change state=3D\"vulnerable\">$commit</change>\n";
+    }
=20
     if ($branch eq "master") {
 	print "      <change state=3D\"fixed\"></change>\n";
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list