From nobody Sun Feb  8 05:54:52 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1557748343; cv=none;
	d=zoho.com; s=zohoarc;
	b=L9KqzSLMhQtC+XuFmZAiT3IJkCF6yfn7d5k/uJlcgFmpqz5/z7fWxeQNmHDyMBXWL5CaF/LwssxGYDmmRHVKsXphMVa59ErHh9RZZ8JwjF4JFAwZPVrQmgthCOUN3vggNL0ArgQPr+3ACJv8kOtfOrF+HSFMXBeATHa+QkISnI0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1557748343;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=ulpr01Tp0HN38XjC9Po2UzdeNEhNNib+AykAQSRoLE4=;
	b=orDbYBSF/3vueFc4vT3G4LOMwoZkekEkaMl2pHUFSCnsZsMMTgkI21nKkfDVCo44Y+RlOJGRZiD53fXa0/GJyfXWa8H1xSq05VMzJxeRrWayAeUbSIcY77C3Bl89FBjISYAhcztqxKgspm0V5yElk2vxkhLGwUho6hcWPyYsrZM=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 155774834390369.2551557207189;
 Mon, 13 May 2019 04:52:23 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2FCA73082E50;
	Mon, 13 May 2019 11:52:22 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EED4D1001E79;
	Mon, 13 May 2019 11:52:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3970C41F58;
	Mon, 13 May 2019 11:52:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x4DBqK1g031020 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 13 May 2019 07:52:20 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 810DD6843C; Mon, 13 May 2019 11:52:20 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.42.22.189])
	by smtp.corp.redhat.com (Postfix) with ESMTP id E7ED8196A8;
	Mon, 13 May 2019 11:52:19 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Mon, 13 May 2019 12:52:01 +0100
Message-Id: <20190513115206.1088-5-berrange@redhat.com>
In-Reply-To: <20190513115206.1088-1-berrange@redhat.com>
References: <20190513115206.1088-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [security-notice PATCH 4/9] scripts: change to update
	notice files inplace
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Mon, 13 May 2019 11:52:22 +0000 (UTC)

Instead of printing out a snippet which then has to be cut and pasted
into the notice file, directly read the template notice file and
update it in place with new branch/tag info.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 scripts/report-vulnerable-tags.pl | 66 ++++++++++++++++++++++++-------
 1 file changed, 52 insertions(+), 14 deletions(-)

diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-=
tags.pl
index 431a7bf..3a94721 100644
--- a/scripts/report-vulnerable-tags.pl
+++ b/scripts/report-vulnerable-tags.pl
@@ -5,12 +5,37 @@ use warnings;
=20
 use Sort::Versions;
=20
-if (int(@ARGV) !=3D 1 && int(@ARGV) !=3D 2) {
-    die "syntax: $0 BROKEN-CHANGESET [FIXED-CHANGESET]\n";
+if (int(@ARGV) !=3D 1) {
+    die "syntax: $0 NOTICE.XML\n";
 }
=20
-my $broken =3D shift @ARGV;
-my $fixed =3D shift @ARGV;
+my $broken;
+my $fixed;
+my $notice =3D shift @ARGV;
+my @notice;
+
+open NOTICE, $notice or die "cannot read $notice: $!";
+my $master;
+my $discard;
+for my $line (<NOTICE>) {
+    push @notice, $line unless $discard;
+    if ($line =3D~ m,<repository>,) {
+	$discard =3D 1;
+    } elsif ($line =3D~ m,<name>master</name>,) {
+	$master =3D 1;
+    } elsif ($line =3D~ m,</branch>,) {
+	$master =3D 0;
+    } elsif ($master) {
+	if ($line =3D~ m,<change state=3D"(vulnerable|fixed)">([a-zA-Z0-9]+)</cha=
nge>,) {
+	    if ($1 eq "vulnerable") {
+		$broken =3D $2;
+	    } else {
+		$fixed =3D $2;
+	    }
+	}
+    }
+}
+close NOTICE;
=20
 # branch name to hash with keys
 #   - brokenchanges -> list of commit ids
@@ -154,7 +179,7 @@ for my $tag (get_tags("--contains", $broken)) {
     }
=20
     if (int(@tagbranches) > 1) {
-        print "Tag $tag appears in multiple branches\n";
+	print "Tag $tag appears in multiple branches\n";
     }
     my $branch =3D $tagbranches[0];
=20
@@ -172,21 +197,34 @@ if (defined $fixed) {
     }
 }
=20
+open NOTICE, ">$notice.tmp" or die "cannot create $notice.tmp: $!";
+foreach my $line (@notice) {
+    print NOTICE $line;
+}
+
 foreach my $branch (sort versioncmp keys %branches) {
-    print "    <branch>\n";
-    print "      <name>$branch</name>\n";
+    print NOTICE "    <branch>\n";
+    print NOTICE "      <name>$branch</name>\n";
+
     foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokenta=
gs"}}) {
-        print "      <tag state=3D\"vulnerable\">$tag</tag>\n";
+        print NOTICE "      <tag state=3D\"vulnerable\">$tag</tag>\n";
     }
-    foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) {
-	print "      <change state=3D\"vulnerable\">$commit</change>\n";
+    foreach my $change (@{$branches{$branch}->{"brokenchanges"}}) {
+	print NOTICE "      <change state=3D\"vulnerable\">$change</change>\n";
     }
=20
     foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"fixedtag=
s"}}) {
-        print "      <tag state=3D\"fixed\">$tag</tag>\n";
+        print NOTICE "      <tag state=3D\"fixed\">$tag</tag>\n";
     }
-    foreach my $commit (@{$branches{$branch}->{"fixedchanges"}}) {
-	print "      <change state=3D\"fixed\">$commit</change>\n";
+    foreach my $change (@{$branches{$branch}->{"fixedchanges"}}) {
+	print NOTICE "      <change state=3D\"fixed\">$change</change>\n";
     }
-    print "    </branch>\n";
+    print NOTICE "    </branch>\n";
 }
+
+print NOTICE "  </product>\n";
+print NOTICE "\n";
+print NOTICE "</security-notice>\n";
+close NOTICE;
+
+rename "$notice.tmp", "$notice" or die "cannot replace $notice: $!";
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list