[libvirt] [security-notice PATCH 2/9] scripts: report vulnerable branches which don't have any tags too

Currently we only report branches which have some tags on them which means we only pick up branches which have had stable releases. We must also report vulnerable status against other branches which exist but have not yet had releases. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- scripts/report-vulnerable-tags.pl | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 14d31c0..8a6c2e4 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -42,7 +42,7 @@ sub get_tags { return @tags; } -sub get_branch { +sub get_branches { my $tag = shift; my @branches; @@ -94,7 +94,7 @@ for my $tag (get_tags("--contains", $changeset)) { next if exists $tags{$tag}; - my @tagbranches = get_branch($tag); + my @tagbranches = get_branches($tag); if (int(@tagbranches) == 0) { if ($tag eq "v2.1.0") { @tagbranches = ("master") @@ -113,6 +113,9 @@ for my $tag (get_tags("--contains", $changeset)) { add_broken_tag($branch, $tag); } +for my $branch (get_branches($broken)) { + add_branch($branch); +} foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; @@ -125,7 +128,7 @@ foreach my $branch (sort versioncmp keys %branches) { } if ($branch eq "master") { - print " <change state=\"fixed\"></change>\n"; + print " <change state=\"fixed\">$fixed</change>\n"; } print " </branch>\n"; } -- 2.21.0