From b70486ed25b58b31c51e2faaf00f21ce404afec9 Mon Sep 17 00:00:00 2001
From: Michal Kubecek <mkubecek@suse.cz>
Date: Apr 20 2024 18:17:03 +0000
Subject: Merge branch 'scripts' into master


---

diff --git a/scripts/check-kernel-fix b/scripts/check-kernel-fix
index 538f908..31f435c 100755
--- a/scripts/check-kernel-fix
+++ b/scripts/check-kernel-fix
@@ -44,11 +44,14 @@ usage()
     echo "	-v: verbose mode: show state of each branch and even NOP actions"
     echo "	-r: refresh any cached data. Use if cve->sha or cve->cvss fails"
     echo "	    (git pull VULNS_GIT, cve, bsc medata)"
-    echo "	-f: flat mode. Do not filter output based on cvss scoring or common"
+    echo "	-t: flat mode. Do not filter output based on cvss scoring or common"
     echo "	    ancestors."
     echo "	-s CVSS: override the CVSS score if known. This can be useful when"
     echo "	   the CVE->CVSS DB is not synced yet."
     echo "	-b bsc#NUMBER: override the bugzilla number if known"
+    echo "	-f sha: provide explicit Fixes tag. Use when the one in the commit is"
+    echo "	   unknown but you could figure it from the code inspection."
+    echo "	   Specify repeteadly if more are required"
 }
 
 branch=
@@ -95,11 +98,14 @@ check_branch_state()
 {
     local branch="$1"
     local sha="$2"
-    shift 2
+    local expl_fixes="$3"
+    shift 3
     local references="$@"
 
     [ -z "$branch" ] && fail "check_branch_state: No branch provided"
     [ -z "$sha" ] && fail "check_branch_state: No sha provided"
+    # FIXME ugh
+    [ "$expl_fixes" = "none" ] && expl_fixes=""
 
     local patch=
     local base=
@@ -141,9 +147,9 @@ check_branch_state()
 
     # Sha is not backported
     # Do we need to backport it because of the Fixes tag?
-    local sha_git_fixes=$(sha_get_upstream_git_fixes $sha)
-    if [ -n "$sha_git_fixes" ] ; then
-	local affected_by_git_fixes="$(affected_by_git_fixes "$branch" "$base" $sha_git_fixes)"
+    local sha_git_fixes="$(sha_get_upstream_git_fixes $sha)"
+    if [ -n "$sha_git_fixes" -o -n "$expl_fixes" ] ; then
+	local affected_by_git_fixes="$(affected_by_git_fixes "$branch" "$base" $sha_git_fixes $expl_fixes)"
 
 	if [ -n "$affected_by_git_fixes" ] ; then
 	    print_branch_state "$msg_prefix:missing_patch:$affected_by_git_fixes"
@@ -297,22 +303,25 @@ find_and_print_toplevel_actions()
 		fi
 
 		# branch name might include '/', e.g. cve/linux-4.12
-		mb_line=$(echo -n "$line" | sed -e "s|^$branch:|$merge_branch:|")
+		mb_line=$(grep ^$merge_branch: $branch_state_file)
+		mb_state=$(echo $mb_line | cut -d: -f3)
 
-		# ignore the state when the same change is needed in a merge branch
-		if grep -q "^$mb_line$" "$branch_state_file" ; then
-		    merge_found=1
+		# if the merge branch is in the same state then do not
+		# bother
+		if [ "$mb_state" == "$state" ]
+		then
+			merge_found=1
+			break
 		fi
 
-		mb_state=$(echo $mb_line | cut -d: -f3)
-
 		if [ "$state" == "missing_references" -o		\
 		     "$state" == "missing_patch" -o			\
 		     "$state" == "maybe_missing_patch" ] ; then
 
 		    # No action is needed when the patch is backported
-		    # and has all the references in the merge branch
-		    if [ "$mb_state" == "ok" ] ; then
+		    # even if it has references missing. Those will be
+		    # reported for the merge origin
+		    if [ "$mb_state" == "ok" -o "$mb_state" == "missing_references" ] ; then
 			merge_found=1
 		    fi
 		fi
@@ -329,8 +338,9 @@ find_and_print_toplevel_actions()
 verbose_mode=
 quiet_mode=
 flat_mode=0
+expl_fixes=""
 
-while getopts "hvrqfs:b:" OPT
+while getopts "hvrqts:b:f:" OPT
 do
     case $OPT in
 	h)
@@ -346,7 +356,7 @@ do
 	q)
 	    quiet_mode=1
 	    ;;
-	f)
+	t)
 	    flat_mode=1
 	    ;;
 	s)
@@ -354,10 +364,17 @@ do
 	    ;;
 	b)
 	    bsc=$OPTARG
+	    ;;
+	f)
+	    expl_fixes="$expl_fixes $OPTARG"
 
     esac
 done
 
+# Fixme: Ugh but we have to send this as a parameter to a function and it
+# cannot be the last (implicit one)
+[ -z "$expl_fixes" ] && expl_fixes="none"
+
 shift "$(($OPTIND-1))"
 
 [ -n "$verbose_mode" ] && quiet_mode=
@@ -378,7 +395,7 @@ if ! sha_in_upstream "$1" ; then
 	fi
 fi
 
-print_upstream_sha_summary $sha
+print_upstream_sha_summary $sha "$expl_fixes"
 
 cve=$(sha2cve $sha $refresh)
 if [ -n "$cve" ]
@@ -399,7 +416,7 @@ references="$cve $bsc"
 branches_conf="$(fetch_branches $refresh)"
 
 # Check state of each branch
-for_each_build_branch "$branches_conf" check_branch_state $sha $references
+for_each_build_branch "$branches_conf" check_branch_state $sha "$expl_fixes" $references
 
 # Newline after the dots showing progress
 [ -z "$quiet_mode" ] && echo
diff --git a/scripts/common-functions b/scripts/common-functions
index f5b8aee..11e01ff 100644
--- a/scripts/common-functions
+++ b/scripts/common-functions
@@ -172,11 +172,15 @@ print_upstream_sha_info()
 print_upstream_sha_summary()
 {
     local sha=$1
-    local upstream_git=${2:-$LINUX_GIT}
+    local expl_fixes=$2
+    local upstream_git=${3:-$LINUX_GIT}
     local has_fixes=0
 
+    # FIXME ugh
+    [ "$expl_fixes" = "none" ] && expl_fixes=""
+
     print_upstream_sha_info $sha $upstream_git
-    for fix in $(sha_get_upstream_git_fixes $1 $upstream_git)
+    for fix in $(sha_get_upstream_git_fixes $1 $upstream_git) $expl_fixes
     do
 	    echo -n "Fixes: "
 	    print_upstream_sha_info $fix $upstream_git