From 3540ed87aca7f53a5eb0763460e94db2b7fecf4e Mon Sep 17 00:00:00 2001
From: Don Armstrong <don@donarmstrong.com>
Date: Thu, 4 Feb 2010 18:20:01 -0800
Subject: [PATCH] Linkify CVE reports (closes: #568464). Thanks to Martin
 Zobel-Helas.

---
 Debbugs/CGI/Bugreport.pm |  8 +++++++-
 Debbugs/Config.pm        | 17 +++++++++++++++--
 debian/changelog         |  1 +
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index c9103ba..ba4c7a4 100644
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -251,7 +251,13 @@ sub display_entity {
 		    $temp =~ s{(\d+)}
 			      {bug_links(bug=>$1)}ge;
 		    $temp;]gxie;
-
+	 if (defined $config{cve_tracker} and
+	     length $config{cve_tracker}
+	    ) {
+	     # Add links to CVE vulnerabilities (closes #568464)
+	     $body =~ s{(CVE-\d{4}-\d{4,})}
+		       {<a href="http://$config{cve_tracker}$1">$1</a>}gx;
+	 }
 	 if (not exists $param{att}) {
 	      print {$param{output}} qq(<pre class="message">$body</pre>\n);
 	 }
diff --git a/Debbugs/Config.pm b/Debbugs/Config.pm
index 56c7958..9e538e1 100644
--- a/Debbugs/Config.pm
+++ b/Debbugs/Config.pm
@@ -60,6 +60,7 @@ BEGIN {
 				 qw($gVersionPackagesDir $gVersionIndex $gBinarySourceMap $gSourceBinaryMap),
 				 qw($gVersionTimeIndex),
 				 qw($gSimpleVersioning),
+				 qw($gCVETracker),
 				 qw($gSendmail $gLibPath $gSpamScan @gExcludeFromControl),
 				 qw(%gSeverityDisplay @gTags @gSeverityList @gStrongSeverities),
 				 qw(%gTagsSingleLetter),
@@ -205,9 +206,21 @@ Domain where subscriptions to package lists happen
 
 =cut
 
-
 set_default(\%config,'subscription_domain',undef);
 
+
+=item cve_tracker $gCVETracker
+
+URI to CVE security tracker; in bugreport.cgi, CVE-2001-0002 becomes
+linked to http://$config{cve_tracker}CVE-2001-002
+
+Default: security-tracker.debian.org/tracker/
+
+=cut
+
+set_default(\%config,'cve_tracker','security-tracker.debian.org/tracker/');
+
+
 =back
 
 =cut
@@ -1064,7 +1077,7 @@ sub __convert_name{
      $hash_name =~ s/^([\$\%\@])g//;
      my $glob_type = $1;
      my $glob_name = 'g'.$hash_name;
-     $hash_name =~ s/(HTML|CGI)/ucfirst(lc($1))/ge;
+     $hash_name =~ s/(HTML|CGI|CVE)/ucfirst(lc($1))/ge;
      $hash_name =~ s/^([A-Z]+)/lc($1)/e;
      $hash_name =~ s/([A-Z]+)/'_'.lc($1)/ge;
      return $hash_name unless wantarray;
diff --git a/debian/changelog b/debian/changelog
index 9f3fd1c..4b03178 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,7 @@ debbugs (2.4.2~exp1) experimental; urgency=low
   * Fix source package src: urls
   * Use package_maintainer to search for packages maintained by a
     maintainer (closes: #556863). Thanks to Yves-Alexis Perez.
+  * Linkify CVE reports (closes: #568464). Thanks to Martin Zobel-Helas.
 
  -- Don Armstrong <don@debian.org>  Wed, 26 Aug 2009 21:32:53 -0700
 
-- 
2.39.2