Contents of /bin/bts-update

#!/usr/bin/perl
use warnings;
use strict;

my $user="debian-security\@lists.debian.org";
my $list=shift;
my $oldlist="$list.old";

if (! -e $list) {
        die "$list does not exist\n";
}
if (! -e $oldlist) {
        die "$oldlist does not exist (touch it if running for first time)\n";
}

my %old = processlist($oldlist);
my %new = processlist($list);

# Build up a list of changes between the two lists.
my @changes;

# Remove anything that is on both lists from both,
# so the lists only contain changes.
foreach my $bug (keys %old) {
        foreach my $cve (keys %{$old{$bug}}) {
                if (exists $new{$bug} && exists $new{$bug}{$cve}) {
                        delete $new{$bug}{$cve};
                        delete $old{$bug}{$cve};
                }
        }
}

# Remove tags for all old stuff. Hs to come before adding tags for new
# stuff, to deal with edge cases where bugs move between CVE ids.
foreach my $bug (keys %old) {
        foreach my $cve (keys %{$old{$bug}}) {
                push @changes, "usertag $bug - $cve"
                        unless $cve =~ /CVE-\d+-XXXX/;
                push @changes, "usertag $bug - tracked";
        }
}

# Add tags for all new stuff.
foreach my $bug (keys %new) {
        foreach my $cve (keys %{$new{$bug}}) {
                push @changes, "usertag $bug + $cve"
                        unless $cve =~ /CVE-\d+-XXXX/;
                push @changes, "usertag $bug + tracked";
        }
}

if (system("cp", $list, $oldlist) != 0) {
        die "failed to copy $list to $oldlist, didn't send any mail";
}

if (@changes) {
        open(MAIL, "| mail -s \"CVE usertag update\" control\@bugs.debian.org");
        #open(MAIL, ">&STDOUT");
        print MAIL "user $user\n";
        print MAIL "$_\n" foreach @changes;
        close MAIL;
}
print int(@changes)." tags changed\n";

sub processlist {
        my $list=shift;
        my %ret;
        
        open (IN, $list) || die "read $list: $!\n";
        my $cve;
        while (<IN>) {
                chomp;
                if (/^(CVE-(?:[0-9]+|[A-Z]+)-(?:[0-9]+|[A-Z]+))\s*(.*)/) {
                        $cve=$1;
                }
                elsif (/\s+-\s+.*\((.*)\)/) {
                        my @notes=split(/\s*;\s+/, $1);
                        foreach my $note (@notes) {
                                if ($note =~ /bug #(\d+)/) {
                                        if (! defined $cve) {
                                                print STDERR "no cve for bug at line $.!\n";
                                                next;
                                        }
                                        $ret{$1}{$cve}=1;
                                }
                        }
                }
        }
        close IN;

        return %ret;
}
1	#!/usr/bin/perl
2	use warnings;
3	use strict;
4
5	my $user="debian-security\@lists.debian.org";
6	my $list=shift;
7	my $oldlist="$list.old";
8
9	if (! -e $list) {
10	die "$list does not exist\n";
11	}
12	if (! -e $oldlist) {
13	die "$oldlist does not exist (touch it if running for first time)\n";
14	}
15
16	my %old = processlist($oldlist);
17	my %new = processlist($list);
18
19	# Build up a list of changes between the two lists.
20	my @changes;
21
22	# Remove anything that is on both lists from both,
23	# so the lists only contain changes.
24	foreach my $bug (keys %old) {
25	foreach my $cve (keys %{$old{$bug}}) {
26	if (exists $new{$bug} && exists $new{$bug}{$cve}) {
27	delete $new{$bug}{$cve};
28	delete $old{$bug}{$cve};
29	}
30	}
31	}
32
33	# Remove tags for all old stuff. Hs to come before adding tags for new
34	# stuff, to deal with edge cases where bugs move between CVE ids.
35	foreach my $bug (keys %old) {
36	foreach my $cve (keys %{$old{$bug}}) {
37	push @changes, "usertag $bug - $cve"
38	unless $cve =~ /CVE-\d+-XXXX/;
39	push @changes, "usertag $bug - tracked";
40	}
41	}
42
43	# Add tags for all new stuff.
44	foreach my $bug (keys %new) {
45	foreach my $cve (keys %{$new{$bug}}) {
46	push @changes, "usertag $bug + $cve"
47	unless $cve =~ /CVE-\d+-XXXX/;
48	push @changes, "usertag $bug + tracked";
49	}
50	}
51
52	if (system("cp", $list, $oldlist) != 0) {
53	die "failed to copy $list to $oldlist, didn't send any mail";
54	}
55
56	if (@changes) {
57	open(MAIL, "\| mail -s \"CVE usertag update\" control\@bugs.debian.org");
58	#open(MAIL, ">&STDOUT");
59	print MAIL "user $user\n";
60	print MAIL "$_\n" foreach @changes;
61	close MAIL;
62	}
63	print int(@changes)." tags changed\n";
64
65	sub processlist {
66	my $list=shift;
67	my %ret;
68
69	open (IN, $list) \|\| die "read $list: $!\n";
70	my $cve;
71	while (<IN>) {
72	chomp;
73	if (/^(CVE-(?:[0-9]+\|[A-Z]+)-(?:[0-9]+\|[A-Z]+))\s(.)/) {
74	$cve=$1;
75	}
76	elsif (/\s+-\s+.\((.)\)/) {
77	my @notes=split(/\s*;\s+/, $1);
78	foreach my $note (@notes) {
79	if ($note =~ /bug #(\d+)/) {
80	if (! defined $cve) {
81	print STDERR "no cve for bug at line $.!\n";
82	next;
83	}
84	$ret{$1}{$cve}=1;
85	}
86	}
87	}
88	}
89	close IN;
90
91	return %ret;
92	}