Contents of /bin/bts-update

#!/usr/bin/perl
use warnings;
use strict;

my $user="debian-security\@lists.debian.org";
my $list=shift;
my $oldlist="$list.old";

if (! -e $list) {
        die "$list does not exist\n";
}
if (! -e $oldlist) {
        die "$oldlist does not exist (touch it if running for first time)\n";
}

my %old = processlist($oldlist);
my %new = processlist($list);

# Build up a list of changes between the two lists.
my @changes;

# Remove anything that is on both lists from both,
# so the lists only contain changes.
foreach my $bug (keys %old) {
        foreach my $cve (keys %{$old{$bug}}) {
                if (exists $new{$bug} && exists $new{$bug}{$cve}) {
                        delete $new{$bug}{$cve};
                        delete $old{$bug}{$cve};
                }
        }
}

# Add tags for all new stuff.
foreach my $bug (keys %new) {
        foreach my $cve (keys %{$new{$bug}}) {
                push @changes, "usertag $bug + $cve"
                        unless $cve =~ /CVE-\d+-XXXX/;
                push @changes, "usertag $bug + tracked";
        }
}

# Remove tags for all old stuff.
foreach my $bug (keys %old) {
        foreach my $cve (keys %{$old{$bug}}) {
                push @changes, "usertag $bug - $cve"
                        unless $cve =~ /CVE-\d+-XXXX/;
                push @changes, "usertag $bug - tracked";
        }
}

if (system("cp", $list, $oldlist) != 0) {
        die "failed to copy $list to $oldlist, didn't send any mail";
}

if (@changes) {
        open(MAIL, "| mail -s \"CVE usertag update\" control\@bugs.debian.org");
        #open(MAIL, ">&STDOUT");
        print MAIL "user $user\n";
        print MAIL "$_\n" foreach @changes;
        close MAIL;
}
print int(@changes)." tags changed\n";

sub processlist {
        my $list=shift;
        my %ret;
        
        open (IN, $list) || die "read $list: $!\n";
        my $cve;
        while (<IN>) {
                chomp;
                if (/^(CVE-(?:[0-9]+|[A-Z]+)-(?:[0-9]+|[A-Z]+))\s*(.*)/) {
                        $cve=$1;
                }
                elsif (/\s+-\s+.*\((.*)\)/) {
                        my @notes=split(/\s*;\s+/, $1);
                        foreach my $note (@notes) {
                                if ($note =~ /bug #(\d+)/) {
                                        if (! defined $cve) {
                                                print STDERR "no cve for bug at line $.!\n";
                                                next;
                                        }
                                        $ret{$1}{$cve}=1;
                                }
                        }
                }
        }
        close IN;

        return %ret;
}
1	joeyh	2468	#!/usr/bin/perl
2			use warnings;
3			use strict;
4
5			my $user="debian-security\@lists.debian.org";
6			my $list=shift;
7			my $oldlist="$list.old";
8
9			if (! -e $list) {
10			die "$list does not exist\n";
11			}
12			if (! -e $oldlist) {
13			die "$oldlist does not exist (touch it if running for first time)\n";
14			}
15
16			my %old = processlist($oldlist);
17			my %new = processlist($list);
18
19			# Build up a list of changes between the two lists.
20			my @changes;
21
22			# Remove anything that is on both lists from both,
23			# so the lists only contain changes.
24			foreach my $bug (keys %old) {
25			foreach my $cve (keys %{$old{$bug}}) {
26			if (exists $new{$bug} && exists $new{$bug}{$cve}) {
27			delete $new{$bug}{$cve};
28			delete $old{$bug}{$cve};
29			}
30			}
31			}
32
33			# Add tags for all new stuff.
34			foreach my $bug (keys %new) {
35			foreach my $cve (keys %{$new{$bug}}) {
36			push @changes, "usertag $bug + $cve"
37			unless $cve =~ /CVE-\d+-XXXX/;
38			push @changes, "usertag $bug + tracked";
39			}
40			}
41
42			# Remove tags for all old stuff.
43			foreach my $bug (keys %old) {
44			foreach my $cve (keys %{$old{$bug}}) {
45			push @changes, "usertag $bug - $cve"
46			unless $cve =~ /CVE-\d+-XXXX/;
47			push @changes, "usertag $bug - tracked";
48			}
49			}
50
51			if (system("cp", $list, $oldlist) != 0) {
52			die "failed to copy $list to $oldlist, didn't send any mail";
53			}
54
55			if (@changes) {
56			open(MAIL, "\| mail -s \"CVE usertag update\" control\@bugs.debian.org");
57			#open(MAIL, ">&STDOUT");
58			print MAIL "user $user\n";
59			print MAIL "$_\n" foreach @changes;
60			close MAIL;
61			}
62			print int(@changes)." tags changed\n";
63
64			sub processlist {
65			my $list=shift;
66			my %ret;
67
68			open (IN, $list) \|\| die "read $list: $!\n";
69			my $cve;
70			while (<IN>) {
71			chomp;
72			if (/^(CVE-(?:[0-9]+\|[A-Z]+)-(?:[0-9]+\|[A-Z]+))\s(.)/) {
73			$cve=$1;
74			}
75			elsif (/\s+-\s+.\((.)\)/) {
76			my @notes=split(/\s*;\s+/, $1);
77			foreach my $note (@notes) {
78	joeyh	2471	if ($note =~ /bug #(\d+)/) {
79			if (! defined $cve) {
80			print STDERR "no cve for bug at line $.!\n";
81			next;
82			}
83	joeyh	2468	$ret{$1}{$cve}=1;
84			}
85			}
86			}
87			}
88			close IN;
89
90			return %ret;
91			}