Hi all. While playing with security advisories, I tried to regenerate one with the advisory mail. As I looked at the parse-advisory.pl source code I had the urgent need to clean it up ;)
Attached are my changes. Can someone send me an original advisory so I can make sure I broke nothing? (Should not be, have tested all carefully) I will also added a sentence to the README. Patch also attached. Gruesse, -- *** Frank Lichtenheld <[EMAIL PROTECTED]> *** *** http://www.djpig.de/ *** see also: - http://www.usta.de/ - http://fachschaft.physik.uni-karlsruhe.de/
Index: parse-advisory.pl =================================================================== RCS file: /cvs/webwml/webwml/english/security/parse-advisory.pl,v retrieving revision 1.43 diff -u -r1.43 parse-advisory.pl --- parse-advisory.pl 11 May 2003 13:21:54 -0000 1.43 +++ parse-advisory.pl 7 Jun 2003 14:18:22 -0000 @@ -10,6 +10,8 @@ # Copyright (c) 2002,3 Josip Rodin, Martin Schulze # Licensed under the GNU General Public License version 2. +use strict; + my $debug = 0; my $adv = $ARGV[0]; if ($adv eq "-d") { @@ -29,7 +31,7 @@ my $curyear = (localtime())[5] + 1900; my $mlURL = "http://lists.debian.org/debian-security-announce/debian-security-announce-$curyear/"; -my $arch = ( +my %arch = ( 'alpha' => 'Alpha', 'hppa' => 'HP Precision', 'i386' => 'Intel IA-32', @@ -43,13 +45,24 @@ 'arm' => 'ARM', ); -open ADV, $adv; -foreach $l (<ADV>) { +my ( $mi, $nl, $f ); +my ( $dsa, $date, $desc, $package, @dbids, $headersnearingend, + $files, $moreinfo ); +$mi = 0; +$headersnearingend = 0; +open ADV, $adv or die "couldn't open advisory file: $!"; +foreach my $l (<ADV>) { if ($l =~ /^Debian Security Advisory (DSA[- ]\d+-\d+)/) { $dsa = $1; + next; + } + if ($l =~ m,^http://www.debian.org/security/\s+([\w\s]+)$,) { + # autor + next; } if ($l =~ /^(\w+)\s+(\d+)(\D\D)?, (\d+)/) { - $month = $1; $day = $2; $year = $4; + my $month = $1; my $day = $2; my $year = $4; + my $i = 0; while ($i < 12) { if ($month eq $longmoy{en}[$i]) { $month = $i + 1; @@ -58,20 +71,29 @@ } $i++ } + next; } if ($l =~ /^Package\s*: (.+)/) { $package = $1; + next; } if ($l =~ /^(Problem type|Vulnerability)\s*: (.+)/) { $desc = $2; + next; + } + if ($l =~ /^(Problem-Type)\s*: (.+)/) { + # local, remote + next; } if ($l =~ /^(CVE (names?|ids?|references?)?|CERT advisor(y|ies))\s*: (.+)/i) { push @dbids, $4; + next; } if ($l =~ /^Bugtraq Ids?\s*: (.+)/i) { - for $id (split (/ /, $1)) { + for my $id (split (/,? /, $1)) { push @dbids, "BID".$id; } + next; } $mi = 0 if ($l =~ /^(wget url|Obtaining updates|Upgrade Instructions)/); $moreinfo .= "<p>" if ($mi && $nl); @@ -92,10 +114,10 @@ } $f++ if ($l =~ /^Debian (GNU\/Linux.*alias|.*\(.*\)).*/); - $f = 0 if ($l =~ /^((- )?-- | These (files|packages) will (probably )?be moved)/); + $f = 0 if ($l =~ /^((- )?-- |( )?These (files|packages) will (probably )?be moved)/); $files .= $l if ($f); } -close ADV; +close ADV or die "couldn't close advisory file: $!"; $moreinfo =~ s/(- )?-+\n//g; @@ -128,10 +150,12 @@ } $files = join ("\n", @f); -$adv =~ /.*dsa[- ](\d+)-(\d+)\.(.*)/; -$wml = "$curyear/dsa-$1.wml"; -$data = "$curyear/dsa-$1.data"; -$pagetitle = "DSA-$1-$2 $3"; +($adv =~ /.*dsa[- ](\d+)-(\d+)\.(.*)/) + or die "advisory file not correctly named." + . "Expected '*dsa-<num>-<rev>.<pkgname>*'"; +my $wml = "$curyear/dsa-$1.wml"; +my $data = "$curyear/dsa-$1.data"; +my $pagetitle = "DSA-$1-$2 $3"; $data = $wml = "-" if ($debug); @@ -139,7 +163,7 @@ die "$data already exists!\n" if (-f $data); $files =~ s,^</dl>\n\n,,; -open DATA, ">$data"; +open DATA, ">$data" or die "couldn't open data file $data: $!"; print DATA "<define-tag pagetitle>$pagetitle</define-tag>\n"; print DATA "<define-tag report_date>$date</define-tag>\n"; print DATA "<define-tag secrefs>@dbids</define-tag>\n" if @dbids; @@ -149,15 +173,15 @@ print DATA "\n#use wml::debian::security\n\n"; print DATA "$files\n\n</dl>\n"; print DATA "\n<p><md5sums $mlURL>\n"; -close DATA; +close DATA or die "couldn't close data file $date: $!"; -open WML, ">$wml"; +open WML, ">$wml" or die "couldn't open wml file $wml: $!"; print WML "<define-tag description>$desc</define-tag>\n"; print WML "<define-tag moreinfo>$moreinfo</p>\n</define-tag>\n"; print WML "\n# do not modify the following line\n"; print WML "#include \"\$(ENGLISHDIR)/security/$data\"\n"; printf WML "# %sId: \$\n", "\$"; -close WML; +close WML or die "couldn't close wml file $wml: $!"; print "Now edit $data and remove any English-specific stuff from it.\n"; print "\n";
Index: README =================================================================== RCS file: /cvs/webwml/webwml/english/security/README,v retrieving revision 1.2 diff -u -r1.2 README --- README 29 Mar 2003 14:01:23 -0000 1.2 +++ README 7 Jun 2003 14:20:16 -0000 @@ -18,6 +18,8 @@ You can also use the text of the advisory as sent over the debian-security-announce mailing list if you have no access to security.d.o and no one of the security team has time to help you. +Therefor you have to save the mail body in a file named +dsa-<dsanum>-<revnum>.<pkgname> (you can add arbitrary pre- and suffixes). Usage: ./parse_advisory.pl [ -d ] <advisory_file>