diff options
author | Thomas Lange <lange@debian.org> | 2024-01-13 15:47:39 +0100 |
---|---|---|
committer | Thomas Lange <lange@debian.org> | 2024-01-13 15:47:39 +0100 |
commit | f5025bb27b189058c7f8ed5827b85bff7d9e96ea (patch) | |
tree | ff6ea234e0e1d2154a4a1a146d3c5df3bfbd6f5c /english/security | |
parent | e5052a72bd09dde564c0d85e35df0f53d0241a43 (diff) |
remove scripts which worked on the .data and .wml files
Diffstat (limited to 'english/security')
-rwxr-xr-x | english/security/check-advisories | 25 | ||||
-rwxr-xr-x | english/security/check-cve-refs.pl | 246 | ||||
-rwxr-xr-x | english/security/check-cve-refs.sh | 19 | ||||
-rwxr-xr-x | english/security/check-used-data.sh | 66 | ||||
-rwxr-xr-x | english/security/find-missing-advisories | 135 | ||||
-rwxr-xr-x | english/security/parse-advisory.pl | 305 |
6 files changed, 0 insertions, 796 deletions
diff --git a/english/security/check-advisories b/english/security/check-advisories deleted file mode 100755 index 8c1e9eebfdb..00000000000 --- a/english/security/check-advisories +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# -# Searchs in all *.data files it founds for security advisory files and checks how often the -# fixed package occurs in it. This is useful to avoid references to wrong advisories. -# -# Jens Seidel (jensseidel@users.sf.net), (c) 2005, GPL - -for file in $(find -name "*.data"); do - packages=$(cat $file | sed -n 's,<define-tag packages>\([^<]*\)</define-tag>.*$,\1,p') - for package in $(echo $packages | sed 's/,/ /g' | tr [A-Z] [a-z]); do - for md5sums in "md5sums" "revised-md5sums"; do - emails=$(cat $file | sed -n "s,^.*<$md5sums \([^ ]*\).*$,\1,p" | sed 's,/*> *$,,') - if [ -z "$emails" ]; then - grep --silent "< *$md5sums" $file && echo "Error: advisory for $file not found" - else - for email in $emails; do - # FIXME: evaluate <!--X-MsgBody-End--> to search only in message of mail, - # -hiddenlinks=ignore doesn't work - found=$(wget -q -O - $email | lynx -width=100000 -hiddenlinks=ignore -dump -stdin | grep "$package" | wc -l) - [ $found -lt 8 ] && echo URL $(basename $email) from $file contains only $found references to package $package - done - fi - done - done -done diff --git a/english/security/check-cve-refs.pl b/english/security/check-cve-refs.pl deleted file mode 100755 index 9b9472219b4..00000000000 --- a/english/security/check-cve-refs.pl +++ /dev/null @@ -1,246 +0,0 @@ -#!/usr/bin/perl -w -# Compare the CVE cross-reference with the information of DSAs in -# the website. -# -# This is a hack (based on the cross reference map) that uses the -# information posted at CVE to determine if DSAs include the proper -# references. Code is klunky and there's quite a lot of room for -# improvement (be my guest). -# -# Usage: -# (for the brave of heart) -# lynx -source https://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html | \ -# perl check-cve-refs.pl [-v] -# -# Copyright (c) 2003-2007 - Javier Fernandez-Sanguino <jfs@debian.org> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software Foundation: -# 51 Franklin Street, Suite 500, Boston, MA 02110-1335 -# (http://www.fsf.org/about/contact/) -# -# For more information please see -# https://www.gnu.org/licenses/licenses.html#GPL -# -# ------------------------------------------------------------------------- -# -# TODO -# - download automatically the Mitre reference (instead of STDIN) -# - output nice patches (+<define-tag secrefs>XXXX</secrefs>) instead -# of the current format. This would allow the security/web team to -# automatically update the information (after a proper review, of course) -# - -v output should be trimmed down (i.e. provide different levels of debug) -# - references ok! output should be omitted -# - Ask Mitre to fix their references :-) -# - Since there's a lot of shared code from the make-cross-ref script have -# them _share_ it -# - Attempt to make it useful for Bugtraq too -# - - -# Format of data files is: -#<define-tag pagetitle>DSA-###-# PACKAGE</define-tag> -#<define-tag report_date>yyyy-mm-dd</define-tag> -#<define-tag secrefs>CAN|CVE-XXXX-XXXX</define-tag> -#<define-tag packages>PACKAGE</define-tag> -#<define-tag isvulnerable>yes|no</define-tag> -#<define-tag fixed>yes|no</define-tag> - - -use Getopt::Std; -use IO::File; -# Stdin options -# -v verbose -my $opt_v = 0; -getopts('v'); - -# Read first all the DSA information from the current directory -# (should be english/security/ BTW to parse all the data files) -parsedirs (".", "data", 2); - -# We just print for the time being only CVE references -# (and the URL is not used, yet) -comparecvererefs("CVE|CAN","https://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html"); - -exit 0; - -sub loadcverefs { -# This should take the url and convert it properly -# For the time being it will only take STDIN - -# Finite-state machine - my $state=0; - while (<STDIN> ){ - chomp; - $state = 0 if /\<\/TR\>/ ; - if ( $state == 1 ) { - while ( m/((CVE|CAN)-[\d-]+)/g ) { - my $cveref = $1; - print STDERR "Found CVE reference $cveref for DSA $dsaref\n" if $opt_v; - if ( ! defined $dsacverefs{$dsaref} ) { - $dsacverefs{$dsaref} = $cveref; - } elsif ( $dsacverefs{$dsaref} !~ /$cveref/ ) { - $dsacverefs{$dsaref} .= " ".$cveref ; - } - } - } -# Note: Old advisories have both numbers and letters! That's -# why this is \w and not \d - if ( /\<TD\>DEBIAN:(\d+\w+)/ || /\<TD\>DEBIAN:DSA-(\d+)/ ) { - $dsaref = $1; - print STDERR "Found DSA $dsaref\n" if $opt_v; - $state = 1; - } - } - return 0; -} - -sub comparecvedsa { - my ($dsa,$type) = @_ ; - my $nok=0; - print "Comparing references for DSA $dsa: $dsaref{$dsa}{'secrefs'}\n" if $opt_v; - my (@references) = split(' ', $dsaref{$dsa}{'secrefs'}); - foreach $ref ( pop (@references) ) { - if ( $ref =~ /^$type/ ) { -#Compare against those in dsacverefs - my $notexist = 0 ; - my $promoted = 0 ; - if ( defined $dsacverefs{$dsa} ) { - my $cveprom = $ref; - $cveprom =~ s/CAN/CVE/; - $notexist = 1 if $dsacverefs{$dsa} !~/$ref/; - $promoted = 1 if $dsacverefs{$dsa} =~/$cveprom/ and $ref =~ /^CAN/; - } else { - $notexist =1; - } - if ( $notexist ) { - if ( $promoted ) { - print "DSA $dsa holds candidate that needs to be promoted to CVE: $ref\n"; - } else { - print "DSA $dsa holds reference $ref from CVE but it's not in Mitre's reference map\n"; - } - $nok=1; - } - } - } -# And viceversa -# this is quite klunky since we are doing the same test twice. -# oh well... - if ( defined $dsacverefs{$dsa} ) { - @references = split(' ', $dsacverefs{$dsa}); - foreach $ref ( pop (@references) ) { - if ( $ref =~ /^$type/ ) { - my $notexist = 0 ; - my $promoted = 0 ; - if ( defined $dsaref{$dsa}{'secrefs'} ) { - my $cand = $ref; - $cand =~ s/CVE/CAN/; - $notexist = 1 if $dsaref{$dsa}{'secrefs'} !~/$ref/; - $promoted = 1 if $dsaref{$dsa}{'secrefs'} =~ /$cand/ and $ref !~ /^CAN/; - } else { - $notexist =1; - } - if ( $notexist ) { - if ( $promoted ) { - print "Mitre holds a promoted reference $ref for DSA $dsa (Debian holds a candidate)\n" ; - } else { - print "Mitre holds reference $ref for DSA $dsa but it's not in Debian references\n" ; - } - $nok=1; - } - - } else { - print "Mitre does not hold any information for DSA $dsa\n"; - $nok=0; - } - } # of foreach ref - } # of if defined - - return $nok; - -} # of sub comparecve - -sub comparecvererefs { -# Compares local references to external references - my ($text,$url) = @_; - -# First load in the external references - my %dsacverefs; - loadcverefs(); -# We take the input and compare it - foreach $dsa (sort(keys %dsaref)) { - print STDERR "Checking DSA $dsa\n" if $opt_v; - if ( defined $dsaref{$dsa}{'secrefs'}) { - my $nok = comparecvedsa($dsa,$text); - print "DSA $dsa and Mitre hold the same information (references ok!)\n" if ! $nok; - } elsif ( defined $dsacverefs{$dsa} ) { - print "Mitre holds the following references for DSA $dsa: $dsacverefs{$dsa}\n"; - } - } #of foreach dsa - - return 0; -} #of sub - -sub parsefile { - my ($file,$filename) = @_ ; -# The filename gives us the DSA we are parsing - if ( $filename =~ /dsa\-(\d+)/ || $filename =~ /(\d+\w+)/ ) { - $dsa=$1; - } else { - print STDERR "File $file does not look like a proper DSA, not checking\n" if $opt_v; - return 1; - } - print STDERR "Parsing DSA $dsa from file $file\n" if $opt_v; - - open (DATAFILE , $file) || die ("Cannot read $file: $!"); - while ($line=<DATAFILE>) { - chomp $line; - print STDERR "Reading $line\n" if $opt_v > 2; - # Redefine the dsa value if there is a pagetitle - if ( $line =~ /pagetitle\>DSA-(\d+).*?\<\/define-tag/ ) { - $dsa=$1; - print STDERR "Redefined DSA to $dsa (from $file)\n" if $opt_v; - } - $dsaref{$dsa}{'date'}=$1 if ( $line =~ /report_date\>(.*?)\<\/define-tag/ ) ; - $dsaref{$dsa}{'secrefs'}=$1 if ( $line =~ /secrefs\>(.*?)\<\/define-tag/ ) ; - $dsaref{$dsa}{'packages'}=$1 if ( $line =~ /packages\>(.*?)\<\/define-tag/ ) ; - $dsaref{$dsa}{'vulnerable'}=$1 if ( $line =~ /isvulnerable\>(.*?)\<\/define-tag/ ) ; - $dsaref{$dsa}{'fixed'}=$1 if ( $line =~ /fixed\>(.*?)\<\/define-tag/ ) ; - } - close DATAFILE; - return 0; -} - -sub parsedirs { - my ($directory, $postfix, $depth) = @_ ; - my $dir = new IO::File; - if ( $depth == 0 ) { - print STDERR "Maximum depth reached ($depth) at $directory\n" if $opt_v; - return 0; - } - opendir ($dir , $directory) || die ("Cannot read $directory: $!"); - while ( my $file = readdir ($dir) ) { - print STDERR "Checking $file (for $postfix at $depth)\n" if $opt_v; - if ( -d "${directory}/${file}" and ! -l "${directory}/${file}" && $file !~ /^\./ ) { - print STDERR "Entering directory ${directory}/${file}\n" if $opt_v; - parsedirs ( "${directory}/${file}", $postfix, $depth - 1 ); - } - if ( -r "${directory}/${file}" && $file =~ /$postfix$/ && $file !~ /^[\.\#]/ ) { - parsefile($directory."/".$file,$file); - } - } # of the while - closedir $dir; - return 0; -} - - diff --git a/english/security/check-cve-refs.sh b/english/security/check-cve-refs.sh deleted file mode 100755 index 50b02cbcc06..00000000000 --- a/english/security/check-cve-refs.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -e -# Simple script to review the CVE mappings -PATH=/bin:/usr/bin:/sbin:/usr/sbin - -if [ ! -n "`which lynx`" ] ; then - echo "Sorry, lynx not found" >&2 - exit 1 -fi -if [ ! -n "`which perl`" ] ; then - echo "Sorry, perl not found" >&2 - exit 1 -fi - -lynx -source https://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html | -perl check-cve-refs.pl | -/bin/grep -v "references ok" | -/usr/bin/less - -exit 0 diff --git a/english/security/check-used-data.sh b/english/security/check-used-data.sh deleted file mode 100755 index 3da82cbcd87..00000000000 --- a/english/security/check-used-data.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# A simple script which checks that the included DSA data file matches the -# current DSA. dsa-1000.wml should contain: -#include "$(ENGLISHDIR)/security/2006/dsa-1000.data" -# -# It also checks that the package versions in DSA match across -# all translations. -# -# It outputs all wrong files. There is no output if all files are OK. -# Japanese files are sometime false positives (because of a word search). -# -# Jens Seidel (jensseidel@users.sf.net), (c) 2006, GPL - -if ! test -e english/security; then - echo Please start $0 from the top level directory containing - echo english/security - echo - exit 1 -fi - -# search for proper inclusion -for dir in $(find -name "security" -type d); do - cd $dir - for dsa in $(find -name "dsa-[0-9]*.wml" -o -name "[0-9]*.wml"); do - file=$(echo $dsa | sed 's,^.,$(ENGLISHDIR)/security,;s,.wml$,.data,') - grep --color=no "#include ['\"]$file['\"]" $dsa > /dev/null || \ - (echo -n "$dir/$dsa: "; grep "#include" $dsa) - done - cd - > /dev/null -done - -# search for proper version numbers -rm -f /tmp/dsa -for dsa in $(find english/security -name "dsa-[0-9]*.wml"); do - # append all lines to one to simplify search - cat $dsa | awk '{file=file " " $0} END {print file }' | sed 's/ * / /g' > .dsa - # extract the version string after $phrase - for phrase in ' been fixed in version ' \ - ' will be fixed in version ' \ - ' is fixed in version ' \ - ' are fixed in version ' \ - ' was fixed in version ' \ - ' in version ' \ - ' fixed in upstream version ' -# ' fixed in the upstream version ' # "of Linux " - do - while grep "$phrase" .dsa > /dev/null; do - # matches the last version string (line limit of sed exceeds) - #version=$(cat .dsa | sed -n "s/^.*$phrase\([^,< ]*\).*$/\1/p" | sed 's/\.$//') - version=$(cat .dsa | perl -p -e "s/^.*$phrase([^,< ]*).*$/\1/" | sed 's/\.$//') - version_regex=$(echo $version | sed 's/\./\\./g') - # removed the last found match - #cat .dsa | sed "s/^\(.*\)$phrase\([^,< ]*\)\(.*\)$/\1\3/" > .dsa.tmp; mv .dsa.tmp .dsa - perl -p -i -e "s/^(.*)$phrase([^,< ]*)(.*)$/\1\3/" .dsa - for dsa_tr in */$(echo $dsa | sed 's,^english/,,'); do - if ! grep -w "$version_regex" $dsa_tr > /dev/null; then - echo "Error: version $version does not occur in $dsa_tr" - fi - done - done - done - # record ignored version strings (to be analyzed later) - cat .dsa >> /tmp/dsa -done - diff --git a/english/security/find-missing-advisories b/english/security/find-missing-advisories deleted file mode 100755 index 0f060556561..00000000000 --- a/english/security/find-missing-advisories +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/python3 - -import argparse -import logging -import os.path -import re - -import requests - -# regex used in data/DLA/list and data/DSA/list files to identify -# advisories -RE_ADV = r'\[(?P<date>\d+\s+\w+\s+(?P<year>\d+))\]\s+D[SL]A-(?P<number>\d+)(?:-(?P<errata>\d+))?\s+(-\s+)?(?P<package>[\w.+-]*)' # noqa: E501 -RE_SKIP = r'^\s+' - -# the URL for the lists if not provided locally, joker replaced with -# DSA or DLA depending on --mode -BASE_URL = 'https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/%s/list' # noqa: E501 - - -class LoggingAction(argparse.Action): - """change log level on the fly - - The logging system should be initialized befure this, using - `basicConfig`. - """ - def __init__(self, *args, **kwargs): - """setup the action parameters - - This enforces a selection of logging levels. It also checks if - const is provided, in which case we assume it's an argument - like `--verbose` or `--debug` without an argument. - """ - kwargs['choices'] = logging._nameToLevel.keys() - if 'const' in kwargs: - kwargs['nargs'] = 0 - super().__init__(*args, **kwargs) - - def __call__(self, parser, ns, values, option): - """if const was specified it means argument-less parameters""" - if self.const: - logging.getLogger('').setLevel(self.const) - else: - logging.getLogger('').setLevel(values) - - -def main(): - logging.basicConfig(format='%(levelname)s: %(message)s', level='WARNING') - parser = argparse.ArgumentParser(description='Find missing advisories') - parser.add_argument('--tracker', help='security-tracker path (default: fetch)') - parser.add_argument('--directory', - help='website path (default: english/security or english/lts/security, depending on mode)') # noqa: E501 - parser.add_argument('--verbose', action=LoggingAction, const='INFO', - help='show more progress information') - parser.add_argument('--debug', action=LoggingAction, const='DEBUG', - help='show debug information') - parser.add_argument('--mode', default='DSA', choices=('DSA', 'DLA'), - help='which sort of advisory to check (default: %(default)s)') # noqa: E501 - parser.add_argument('--author', action='store_true', - help='print who reserved the advisory, requires --tracker') - - args = parser.parse_args() - if not args.directory: - webwml_dir = os.path.dirname(__file__) + '/../../' - if args.mode == 'DSA': - args.directory = webwml_dir + 'english/security' - elif args.mode == 'DLA': - args.directory = webwml_dir + 'english/lts/security' - - if not args.tracker: - url = BASE_URL % args.mode - logging.info('fetching URL %s', url) - response = requests.get(url) - response.raise_for_status() - for adv in parse_advisories(response.iter_lines(decode_unicode=True)): - check_advisory(args.mode, args.directory, **adv) - else: - if args.author: - try: - import git - - repo = git.Repo(args.tracker) - for commit, lines in repo.blame('HEAD', 'data/%s/list' % args.mode): - for adv in parse_advisories(lines): - check_advisory(args.mode, args.directory, **adv, author=commit.author) - return - except ImportError: - logging.error('git module not found, will not report author information') - - with open(os.path.join(args.tracker,'data',args.mode,'list')) as text: - for adv in parse_advisories(text): - check_advisory(args.mode, args.directory, **adv) - - -def parse_advisories(stream): - for line in stream: - m = re.match(RE_ADV, line) - if m: - yield m.groupdict() - elif re.match(RE_SKIP, line): - logging.debug('skipping line: "%s"', line) - else: - logging.warning('malformed line: "%s"', line) - - -def check_advisory(mode, directory, year, date, number, errata, package, author=None): - if errata is None: - errata = '1' - - if int(errata) >= 2 and mode == 'DSA': - logging.info('skipping DSA regression update %s-%s-%s (%s)', - mode, number, errata, year) - return - - logging.info('checking %s-%s-%s (%s)', mode, number, errata, year) - path = "%s/%s/%s-%s-%s" % (directory, year, mode.lower(), number, errata) - found = False - if os.path.exists(path + '.data') and os.path.exists(path + '.wml'): - logging.debug('both data and wml files found') - found = True - elif errata == '1': - path = "%s/%s/%s-%s" % (directory, year, mode.lower(), number) - if os.path.exists(path + '.data') and os.path.exists(path + '.wml'): - logging.debug('both data and wml files found, without -1') - found = True - if not found: - author_info = "" - if author: - author_info = " (reserved by %s)" % (author) - logging.error('.data or .wml file missing for %s %s-%s (%s) (%s)%s', - mode, number, errata, date, package, author_info - ) - - -if __name__ == '__main__': - main() diff --git a/english/security/parse-advisory.pl b/english/security/parse-advisory.pl deleted file mode 100755 index bd6796e1202..00000000000 --- a/english/security/parse-advisory.pl +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/perl -# -# parse-advisory.pl -# -# this script parses files in -# security.debian.org:/org/security.debian.org/advisories/DSA/ -# and makes wmls out of them -# -# Copyright (C) 2001 Josip Rodin -# Copyright (c) 2002,3 Josip Rodin, Martin Schulze -# Licensed under the GNU General Public License version 2. - -use WWW::Mechanize; -use File::Path qw(remove_tree make_path); - -my $debug = 0; -my $adv = $ARGV[0]; -if ($adv eq "-d") { - $debug = 1; - $adv = $ARGV[1]; -} - -$adv || die "you must specify a parameter (original advisory file)!\n"; -die "that advisory file either ain't there or doesn't have anything in it!\n" unless -s $adv; - -# i'm lame, so shoot me -my %longmoy = ( en => [ - 'January', 'February', 'March', 'April', 'May', 'June', - 'July', 'August', 'September', 'October', 'November', 'December' ] -); -my %shortmoy = ( en => [ - 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', - 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] -); - -my $curyear = (localtime())[5] + 1900; - -my %arch = ( - 'alpha' => 'Alpha', - 'amd64' => 'AMD64', - 'hppa' => 'HP Precision', - 'i386' => 'Intel IA-32', - 'ia64' => 'Intel IA-64', - 'm68k' => 'Motorola 680x0', - 'mips' => 'Big-endian MIPS', - 'mipsel' => 'Little-endian MIPS', - 's390' => 'IBM S/390', - 'sparc' => 'Sun Sparc', - 'powerpc' => 'PowerPC', - 'arm' => 'ARM', - 'armel' => 'ARM EABI', - ); - -open ADV, $adv; -foreach $l (<ADV>) { - if ($l =~ /^Debian Security Advisory (DSA[- ]\d+-\d+)/) { - $dsa = $1; - } - if ($l =~ /^(\w+)\s+(\d+)(\D\D)?, (\d+)/) { - $month = $1; $day = $2; $year = $4; - while ($i < 12) { - if ($month eq $longmoy{en}[$i]) { - $month = $i + 1; - $date = "$year-$month-$day"; - $i = 12; - } - elsif ($month eq $shortmoy{en}[$i]) { - $month = $i + 1; - $date = "$year-$month-$day"; - $i = 12; - } - $i++ - } - } - if ($l =~ /^Package(?:s)*\s*: (.+)\s*/) { - $package = $1; - } - if ($l =~ /^(Vulnerability)\s*: (.+)\s*/) { - $desc = $2; - $desc .= ' vulnerabilities' if $desc =~ /(several|multiple)\s*$/; - } - if ($desc eq "") { $desc = "security update"; } - if ($l =~ /^(Debian Bug\(?s?\)?)\s*: (.+)/i) { - for $id (split (/,? /, $2)) { - push @dbids, "Bug#".$id if ($id ne "none"); - } - } - if ($l =~ /^(CVE (names?|id\(?s?\)?|references?)?|CERT advisor(y|ies))\s*: (.+)/i) { - push @dbids, join (" ", split (/,? /, $4)); - } - if ($l =~ /^\s+((?:CVE-\d+-\d+[ ]*)+)$/i) { - push @dbids, join (" ", split (/,? /, $1)); - } - if ($l =~ /^\s+((?:VU#\d+[ ]*)+)$/i) { - push @dbids, join (" ", split (/,? /, $1)); - } - if ($l =~ /^Bugtraq Ids?\s*: (.+)/i) { - for $id (split (/,? /, $1)) { - push @dbids, "BID".$id; - } - } - last if ($l =~ /Further information about Debian Security Advisories.*$/i); - last if ($l =~ /Thanks to.+for proof read/i); - $mi = 0 if ($l =~ /^(wget url|Obtaining updates|Upgrade Instructions)/i); - $moreinfo .= "<p>" if ($mi && $nl); - $nl = 0; - $nl = 1 if ($mi && ($l eq "\n") && $moreinfo); - if ($mi) { - if ($mi > 1) { - $moreinfo .= $l; - } else { - $moreinfo .= "\n<p>".$l; - $mi++; - } - } - $headersnearingend++ if ($l =~ /^Package :/); - if ($headersnearingend && $l =~ /^\s*$/) { - $mi++; - $headersnearingend = 0; - } - - $f++ if ($l =~ /^Debian (GNU\/Linux.*alias|.*\(.*\)).*/); - $f = 0 if ($l =~ /^((- )?-- |( )?These (files|packages) will (probably )?be moved)/); - $files .= $l if ($f); -} -close ADV; - - -$moreinfo =~ s/(- )?-+\n//g; -$moreinfo =~ s/\n\n$/\n/s; -$moreinfo =~ s/\n<p>\n$//; -$moreinfo =~ s/\n<p>note\:/<p><b>Note<\/b>:/ig; -$moreinfo =~ s/(\s)"(\w[\w\.,'\(\)\s]*?\w)"([\:\.',\(\)\s])/$1<q>$2<\/q>$3/g; -$moreinfo =~ s/(\s)'(\w[\w\.,\(\)\s]*?\w)'([\:\.,\(\)\s])/$1<q>$2<\/q>$3/g; -$moreinfo =~ s|\n+(<p>(CAN\|CVE)-\d+-\d+[\:]*)\s?(\s*)(\S+)|\n\n$1\n$3$4|g; -$moreinfo =~ s/\n\n/<\/p>\n\n/sg; -$moreinfo =~ s|\n<p>((CAN\|CVE)-\d+-\d+[^\n]*)</p>\n|\n<li>$1\n|g; -$moreinfo =~ s|\n<p>((CAN\|CVE)-\d+-\d+[^\n]*)\n|\n<li>$1\n<p>\n|g; -$moreinfo =~ s|((CAN\|CVE)-\d+-\d+)|<a href="https://security-tracker.debian.org/tracker/$1">$1</a>|g; -$moreinfo =~ s|</p>\n\n<p>\n<p>(\w* \w* stable)|</p></li>\n\n</ul>\n\n<p>$1|; -$moreinfo =~ s|<p>(\s+)|$1<p>|g; -$moreinfo =~ s|<p><p>|<p>|g; -$moreinfo =~ s|</p>\n\n<li>|</p></li>\n\n<li>|g; -$moreinfo =~ s|</li>\n\n<li>|\n\n<ul>\n\n<li>|; -$moreinfo =~ s|(\s+)(https?://[^\s<>{}\\^\[\]\"\'\`]+)|$1<a href="$2">$2</a>|g; - -# matrix creation start -# in matrix lines, each item cannot have space charecter sequence in it -# space charecter sequence (>=2) is treated as a delimiter -# $matrix_h is used as header and $matrix_f is used as footer -my $matrix_h = qq|<div class="centerdiv">\n <table cellspacing="0" cellpadding="2">\n|; -my $matrix_f = " </table>\n</div>\n"; -$moreinfo =~ s{(<p>The following matrix[\s\S]+?</p>\n+)\s+<p>([\s\S]+?)</p>}{$1<matrix>\n $2\n</matrix>}g; -$moreinfo =~ m|<matrix>\n([\s\S]+?)</matrix>|; -my $matrix = $1; -$matrix =~ s/\n\s+/\n/g; -my @matrixl = split(/\n/,$matrix); -for my $i(0 .. $#matrixl){ - $matrixl[$i] = " <tr>\n <td>" . - join("</td>\n <td>", split(/\s{2,}/,$matrixl[$i])) . - "</td>\n </tr>\n"; -# 1st line, use <th> - $matrixl[$i] =~ s/td>/th>/g if($i<1); -} -$matrix = join("", @matrixl); -$moreinfo =~ s|<matrix>\n([\s\S]+?)</matrix>|$matrix_h$matrix$matrix_f|; -# matrix end - -if (($moreinfo =~ /<ul>\n\n<li>/) && ($moreinfo !~ /<\/li>\n\n<\/ul>/)){ - $moreinfo =~ s{</p>\n\n<p>((\w+ \w+ \w* ?(old ?stable|stable|testing))|Th[eo]se)}{</p></li>\n\n</ul>\n\n<p>$1}; } -chomp ($moreinfo); - -$files =~ s/(- )?-+\n//g; -$files =~ s/\n\n$/\n/s; - -$files =~ s/.+ updates are available for .+\n//g; - -$files =~ s/( )? (Size\/)?MD5 checksum: (\s*\d+ )?\w{32}\n//sg; -$files =~ s/( )?Source archives:/<dt><source \/>/sg; -$files =~ s/( )?Architecture.independent \w+:\n/<dt><arch-indep \/>\n/sg; -$files =~ s/HP Precision architecture/HPPA architecture/gi; -$files =~ s/(?: )?(\w+) architecture \(([\w -()\/]+)\)/<dt>$arch{$1}:/sg; -$files =~ s/(?: )?([\w -\/]+) architecture:/<dt>$1:/sg; -$files =~ s/(?: )? (http:\S+)/ <dd><fileurl $1 \/>/sg; -$files =~ s,[\n]?Debian (GNU/Linux )?(\S+) (alias |\()([a-z]+)\)?,</dl>\n\n<h3>Debian $2 ($4)</h3>\n\n<dl>,sg; - -my @f = (); -my $ign = 0; -foreach $_ (split (/\n/, $files)) { - if (!$ign && /was released/) { - $ign = 1; - } elsif ($ign && /^$/) { - $ign = 0; - } elsif (!$ign) { - push (@f, $_); - } -} -$files = join ("\n", @f); - -if (defined($package) && $dsa =~ /DSA[- ](\d+)-(\d+)/ ) { - $dsa_number=$1; - $dsa_revision=$2; - $wml = "$curyear/dsa-$dsa_number.wml"; - $data = "$curyear/dsa-$dsa_number.data"; - $pagetitle = "DSA-$dsa_number-$dsa_revision $package"; -} else { - die ("Could not parse advisory filename '$adv'. Must contain Package and DSA number information"); -} -$data = $wml = "-" if ($debug); - -if (!(-d $curyear)){ - print "directory $curyear does not exist! Creating $curyear\n"; - make_path($curyear,{ verbose => 0, mode => 0755 }) or print "Could not create $curyear: $!\n"; -} - -&make_data; -&make_wml; -print "double check the content of $wml and $data, and eventually fix it before commit them.\n"; -&make_index; -&make_makefile; - - -sub make_data{ - if (-f $data){ - print "$data already exists!\n"; - return; - } - $files =~ s,^</dl>\n\n,,; - open DATA, ">", "$data"; - print DATA "<define-tag pagetitle>$pagetitle</define-tag>\n"; - print DATA "<define-tag report_date>$date</define-tag>\n"; - print DATA "<define-tag secrefs>@dbids</define-tag>\n" if @dbids; - print DATA "<define-tag packages>$package</define-tag>\n"; - print DATA "<define-tag isvulnerable>yes</define-tag>\n"; - print DATA "<define-tag fixed>yes</define-tag>\n"; - print DATA "<define-tag fixed-section>no</define-tag>\n"; # Kaare, 2011-01-24: Line added because the "fixed in" section is no longer available - print DATA "\n#use wml::debian::security\n\n"; - print DATA "$files\n\n</dl>\n"; - close DATA; -} - -sub make_wml{ - if (-f $wml){ - print "$wml already exists!\n"; - return; - } - open WML, ">", "$wml"; - print WML "<define-tag description>$desc</define-tag>\n"; - print WML "<define-tag moreinfo>$moreinfo</p>\n</define-tag>\n"; - print WML "\n# do not modify the following line\n"; - print WML "#include \"\$(ENGLISHDIR)/security/$data\"\n"; - printf WML "# %sId: \$\n", "\$"; - close WML; -} - -sub make_index{ - return if (-f "$curyear/index.wml"); - print "$curyear/index.wml does not exist! Creating..."; - my $ldo = '<a href="https://lists.debian.org/'; - my $dsan = 'debian-security-announce'; - my $index = "<define-tag pagetitle>Security Advisories from $curyear</define-tag>\n"; - $index .= qq|#use wml::debian::template title="<pagetitle>" GEN_TIME="yes"\n|; - $index .= qq|#use wml::debian::recent_list\n\n|; - $index .= qq|<:= get_recent_list ('.', '0', '\$(ENGLISHDIR)/security/$curyear', '', 'dsa-\\d+' ) :>\n\n|; - $index .= qq|<p>You can get the latest Debian security advisories by subscribing to our\n|; - $index .= qq|$ldo$dsan/">\\\n|; - $index .= qq|<strong>$dsan</strong></a> mailing list.\n|; - $index .= qq|You can also $ldo$dsan/$dsan-2013/">\\\n|; - $index .= qq|browse the archives</a> for the list.</p>\n|; - open INDEX, ">", "$curyear/index.wml"; - print INDEX $index; - close INDEX; - print "done\n"; - print "Do not forget to commit index.wml.\n"; -} - -sub make_makefile{ - return if (-f "$curyear/Makefile"); - print "$curyear/Makefile does not exist! Creating..."; - my $makefile = qq|# If this makefile is not generic enough to support a translation,\n|; - $makefile .= qq|# please contact debian-www.\n\n|; - $makefile .= qq|WMLBASE=../..\n|; - $makefile .= qq|CUR_DIR=security/2013\n|; - $makefile .= qq|SUBS=\n\n|; - $makefile .= qq|GETTEXTFILES += security.mo\n\n|; - $makefile .= qq|NOGENERICDEP := true\n|; - $makefile .= qq|include \$(WMLBASE)/Make.lang\n\n\n|; - $makefile .= qq|# The "\| $(VCSREVCACHE)" here is an order-only prerequisite - always|; - $makefile .= qq|# check that the prerequisite exists and is up to date, but don't|; - $makefile .= qq|# rebuild everything whenever it's updated - see|; - $makefile .= qq|# https://www.gnu.org/software/make/manual/html_node/Prerequisite-Types.html|; - - $makefile .= qq|\%.\$(LANGUAGE).html: \%.wml \$(TEMPLDIR)/security.wml \\\n|; - $makefile .= qq| \$(ENGLISHSRCDIR)/\$(CUR_DIR)/\%.data \$(GETTEXTDEP) \| \$(VCSREVCACHE)\n|; - $makefile .= qq|\t\$(WML) \$(<F)\n\n|; - $makefile .= qq|index.\$(LANGUAGE).html: index.wml \$(sort \$(wildcard dsa-[0-9]*.wml)) \\\n|; - $makefile .= qq| \$(ENGLISHSRCDIR)/\$(CUR_DIR)/dsa-[0-9]*.data \\\n|; - $makefile .= qq| \$(TEMPLDIR)/template.wml \$(TEMPLDIR)/recent_list.wml \$(GETTEXTDEP) \| \$(VCSREVCACHE)\n|; - $makefile .= qq|\t\$(WML) \$(<F)\n|; - open MAKEFILE, ">", "$curyear/Makefile"; - print MAKEFILE $makefile; - close MAKEFILE; - print "done\n"; - print "Do not forget to commit Makefile.\n"; -} |