blob: 004c078117d66814c49d1475301a552fe05b1fff (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
PYTHON = python
PYTHON_MODULES = $(wildcard lib/python/*.py)
BUG_LISTS = $(wildcard data/*/list)
# Adjust these if necessary. The architecture selection is rather
# arbitrary at the moment. More architectures can be added later.
MIRROR = http://debian.csail.mit.edu/debian/
wheezy_ARCHS = amd64 armel armhf i386
jessie_ARCHS = amd64 arm64 armel armhf i386 mips mipsel powerpc ppc64el s390x
stretch_ARCHS = amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
buster_ARCHS = amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
sid_ARCHS = amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mips64el mipsel powerpc ppc64el s390x
OLDOLDSTABLE = wheezy
OLDSTABLE = jessie
STABLE = stretch
TESTING = buster
all:
$(PYTHON) bin/update-db data/security.db
clean:
-rm -f data/security.db lib/python/test_security.db
-rm -f stamps/*-*
.PHONY: check check-syntax
test check: check-syntax
check-syntax: stamps/CVE-syntax \
stamps/DSA-syntax stamps/DTSA-syntax stamps/DLA-syntax
stamps/CVE-syntax: data/CVE/list bin/check-syntax $(PYTHON_MODULES)
$(PYTHON) bin/check-syntax CVE data/CVE/list
touch $@
stamps/DSA-syntax: data/DSA/list bin/check-syntax $(PYTHON_MODULES)
$(PYTHON) bin/check-syntax DSA data/DSA/list
touch $@
stamps/DTSA-syntax: data/DTSA/list bin/check-syntax $(PYTHON_MODULES)
$(PYTHON) bin/check-syntax DTSA data/DTSA/list
touch $@
stamps/DLA-syntax: data/DLA/list bin/check-syntax $(PYTHON_MODULES)
$(PYTHON) bin/check-syntax DLA data/DLA/list
touch $@
.PHONY: serve
serve:
@bash bin/test-web-server
.PHONY: update-packages update-testing update-stable update-oldstable update-oldoldstable
update-packages: update-testing
set -e ; for rel in sid ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/source/Sources \
data/packages/$${rel}__$${archive}_Sources ; \
done ; \
for arch in $(sid_ARCHS) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/binary-$$arch/Packages \
data/packages/$${rel}__$${archive}_$${arch}_Packages ; \
done ; \
done ; \
done
update-testing:
set -e ; for rel in $(TESTING) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/source/Sources \
data/packages/$${rel}__$${archive}_Sources ; \
done ; \
for arch in $($(TESTING)_ARCHS) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/binary-$$arch/Packages \
data/packages/$${rel}__$${archive}_$${arch}_Packages ; \
done ; \
done ; \
done
update-stable:
set -e ; for rel in $(STABLE) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/source/Sources \
data/packages/$${rel}__$${archive}_Sources ; \
done ; \
for arch in $($(STABLE)_ARCHS) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/binary-$$arch/Packages \
data/packages/$${rel}__$${archive}_$${arch}_Packages ; \
done ; \
done ; \
done
update-oldstable:
set -e ; for rel in $(OLDSTABLE) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/source/Sources \
data/packages/$${rel}__$${archive}_Sources ; \
done ; \
for arch in $($(OLDSTABLE)_ARCHS) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/binary-$$arch/Packages \
data/packages/$${rel}__$${archive}_$${arch}_Packages ; \
done ; \
done ; \
done
update-oldoldstable:
set -e ; for rel in $(OLDOLDSTABLE) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/source/Sources \
data/packages/$${rel}__$${archive}_Sources ; \
done ; \
for arch in $($(OLDOLDSTABLE)_ARCHS) ; do \
for archive in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$$rel/$$archive/binary-$$arch/Packages \
data/packages/$${rel}__$${archive}_$${arch}_Packages ; \
done ; \
done ; \
done
.PHONY: update-security update-old-security update-oldold-security update-testing-security
ST_MIRROR = http://security.debian.org/dists/$(TESTING)/updates
ST_FILE = data/packages/$(TESTING)_security_
update-testing-security:
for section in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(ST_MIRROR)/$$section/source/Sources $(ST_FILE)$${section}_Sources ; \
set -e ; for arch in $($(TESTING)_ARCHS) ; do \
$(PYTHON) bin/apt-update-file \
$(ST_MIRROR)/$$section/binary-$${arch}/Packages $(ST_FILE)$${section}_$${arch}_Packages ; \
done ; \
done
SEC_MIRROR = http://security.debian.org/dists
update-security: update-old-security update-oldold-security
for archive in $(STABLE); do \
for section in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/source/Sources \
data/packages/$${archive}_security_$${section}_Sources ; \
for arch in $($(STABLE)_ARCHS) ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/binary-$$arch/Packages \
data/packages/$${archive}_security_$${section}_$${arch}_Packages ; \
done ; \
done ; \
done
update-old-security:
for archive in $(OLDSTABLE); do \
for section in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/source/Sources \
data/packages/$${archive}_security_$${section}_Sources ; \
for arch in $($(OLDSTABLE)_ARCHS) ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/binary-$$arch/Packages \
data/packages/$${archive}_security_$${section}_$${arch}_Packages ; \
done ; \
done ; \
done
update-oldold-security:
for archive in $(OLDOLDSTABLE); do \
for section in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/source/Sources \
data/packages/$${archive}_security_$${section}_Sources ; \
for arch in $($(OLDOLDSTABLE)_ARCHS) ; do \
$(PYTHON) bin/apt-update-file \
$(SEC_MIRROR)/$$archive/updates/$$section/binary-$$arch/Packages \
data/packages/$${archive}_security_$${section}_$${arch}_Packages ; \
done ; \
done ; \
done
update-backports: update-backports-$(STABLE) update-backports-$(OLDSTABLE) update-backports-$(OLDOLDSTABLE)
update-backports-%:
set -e && archive=$(shell echo $@ | cut -d- -f3) ; \
for section in main contrib non-free ; do \
for arch in $($(shell echo $@ | cut -d- -f3)_ARCHS) ; do \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$${archive}-backports/$$section/binary-$$arch/Packages \
data/packages/$${archive}-backports__main_$${arch}_Packages ; \
done ; \
$(PYTHON) bin/apt-update-file \
$(MIRROR)/dists/$${archive}-backports/$$section/source/Sources \
data/packages/$${archive}-backports__main_Sources ; \
done ; \
update-lists:
svn update -q data
# Since October 16, 2015 the XML data feeds are no longer available for
# download in an uncompressed format.
update-nvd:
mkdir -p data/nvd
for x in $$(seq 2002 $$(date +%Y)) ; do \
name=nvdcve-$$x.xml.gz; \
wget -q -Odata/nvd/$$name https://nvd.nist.gov/download/$$name || true; \
gzip -f -d data/nvd/$$name || true; \
done
python bin/update-nvd data/nvd/nvdcve-*.xml
# Experimental code to compare the Debian and NVD CVE databases using
# CPE values as common key.
update-compare-nvd:
mkdir -p data/nvd2
for x in $$(seq 2002 $$(date +%Y)) ; do \
name=nvdcve-2.0-$$x.xml.gz; \
wget -q -Odata/nvd2/$$name https://static.nvd.nist.gov/feeds/xml/cve/$$name || true ; \
gzip -f -d data/nvd2/$$name || true; \
done
bin/compare-nvd-cve 2> compare-nvd-cve.log
update-all: update-nvd update-lists update-packages update-oldoldstable update-oldstable update-stable update-security update-testing-security update-packages update-backports all
|