Linkify CVE reports (closes: #568464). Thanks to Martin Zobel-Helas.

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index c9103ba470bdc8cb6797a9da1f59d90c9ae78b9d..ba4c7a4f30ee3185b9eb5dc377a177bc914b18da 100644 (file)
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -251,7 +251,13 @@ sub display_entity {
                    $temp =~ s{(\d+)}
                              {bug_links(bug=>$1)}ge;
                    $temp;]gxie;
-
+        if (defined $config{cve_tracker} and
+            length $config{cve_tracker}
+           ) {
+            # Add links to CVE vulnerabilities (closes #568464)
+            $body =~ s{(CVE-\d{4}-\d{4,})}
+                      {<a href="http://$config{cve_tracker}$1">$1</a>}gx;
+        }
         if (not exists $param{att}) {
              print {$param{output}} qq(<pre class="message">$body</pre>\n);
         }

diff --git a/Debbugs/Config.pm b/Debbugs/Config.pm
index 56c79580230a40a5b30fa622f0811b290b83583a..9e538e1ccb4f067eb94d4a5cfe4b8c048f2de949 100644 (file)
--- a/Debbugs/Config.pm
+++ b/Debbugs/Config.pm
@@ -60,6 +60,7 @@ BEGIN {
                                 qw($gVersionPackagesDir $gVersionIndex $gBinarySourceMap $gSourceBinaryMap),
                                 qw($gVersionTimeIndex),
                                 qw($gSimpleVersioning),
+                                qw($gCVETracker),
                                 qw($gSendmail $gLibPath $gSpamScan @gExcludeFromControl),
                                 qw(%gSeverityDisplay @gTags @gSeverityList @gStrongSeverities),
                                 qw(%gTagsSingleLetter),
@@ -205,9 +206,21 @@ Domain where subscriptions to package lists happen
 
 =cut
 
-
 set_default(\%config,'subscription_domain',undef);
 
+
+=item cve_tracker $gCVETracker
+
+URI to CVE security tracker; in bugreport.cgi, CVE-2001-0002 becomes
+linked to http://$config{cve_tracker}CVE-2001-002
+
+Default: security-tracker.debian.org/tracker/
+
+=cut
+
+set_default(\%config,'cve_tracker','security-tracker.debian.org/tracker/');
+
+
 =back
 
 =cut
@@ -1064,7 +1077,7 @@ sub __convert_name{
      $hash_name =~ s/^([\$\%\@])g//;
      my $glob_type = $1;
      my $glob_name = 'g'.$hash_name;
-     $hash_name =~ s/(HTML|CGI)/ucfirst(lc($1))/ge;
+     $hash_name =~ s/(HTML|CGI|CVE)/ucfirst(lc($1))/ge;
      $hash_name =~ s/^([A-Z]+)/lc($1)/e;
      $hash_name =~ s/([A-Z]+)/'_'.lc($1)/ge;
      return $hash_name unless wantarray;

diff --git a/debian/changelog b/debian/changelog
index 9f3fd1c39a95ca3c8ef5785ef76cb3b54ccb2c90..4b03178d5eeee08a93b5bf02177a12dc660728f2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,7 @@ debbugs (2.4.2~exp1) experimental; urgency=low
   * Fix source package src: urls
   * Use package_maintainer to search for packages maintained by a
     maintainer (closes: #556863). Thanks to Yves-Alexis Perez.
+  * Linkify CVE reports (closes: #568464). Thanks to Martin Zobel-Helas.
 
  -- Don Armstrong <don@debian.org>  Wed, 26 Aug 2009 21:32:53 -0700