diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-09 11:09:49 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-09 11:10:49 +0000 |
commit | 15febe81ddfe7576c5495111b7dcfe62d4796692 (patch) | |
tree | 80696037b89e218e49b226a3582b89d865fe464c | |
parent | faaf92d8971442ea600e4b76fc4a0c8c49e8902f (diff) | |
download | vulns-15febe81ddfe7576c5495111b7dcfe62d4796692.tar.gz |
bippy: start tracking the "fixes" tags better
Not quite there yet, but getting closer...
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rwxr-xr-x | scripts/bippy | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/scripts/bippy b/scripts/bippy index e42cd170..6c2bbcd0 100755 --- a/scripts/bippy +++ b/scripts/bippy @@ -175,7 +175,8 @@ commit_text=$(cd ${KERNEL_TREE} && git show --no-patch --pretty=format:"%B" "${G # this with the "expanded" SHA value, the short one will give us too many # false-positives when it shows up in other Fixes: tags fixes_lines=$(echo "${commit_text}" | grep -i "fixes:" | sed -e 's/^[ \t]*//' | cut -f 2 -d ':' | sed -e 's/^[ \t]*//' | cut -f 1 -d ' ') -#echo "fixes_lines=${fixes_lines}" +dbg "fixes_lines=${fixes_lines}" +og_vuln="0" if [ "${fixes_lines}" != "" ] ; then # figure out what kernels this commit fixes, (i.e. which are # vulnerable) and turn them into an array @@ -185,8 +186,14 @@ if [ "${fixes_lines}" != "" ] ; then done # now sort and uniq the list of versions vuln_kernels=($(echo "${v[@]}" | sed 's/ /\n/g' | sort -V | uniq)) + + dbg "vuln_kernels=${vuln_kernels[@]}" + # Figure out the "original" oldest commit where this showed up, we need + # this as a default value in case we can't match up anything else to + # it. + og_vuln="${vuln_kernels[0]}" + dbg "og vuln=${og_vuln}" fi -dbg "vuln_kernels=${vuln_kernels[@]}" # Find the fixed kernels where this release was done fixed_kernels=$("${FOUND_IN}" "${GIT_SHA_FULL}") @@ -206,7 +213,7 @@ for v in ${fixed_kernels[@]}; do vuln_array+="versions[]=$(jo -- \ -s lessThan="${v}" \ -s status="affected" \ - -s version="0" \ + -s version="${og_vuln}" \ -s versionType="custom" \ ) " fi |