| 1 |
#!/usr/bin/perl
|
| 2 |
# Must run on a machine with madison.
|
| 3 |
use URI::Escape;
|
| 4 |
|
| 5 |
my $html=0;
|
| 6 |
if ($ARGV[0] eq 'html') {
|
| 7 |
shift;
|
| 8 |
$html=1;
|
| 9 |
}
|
| 10 |
|
| 11 |
if (! @ARGV) {
|
| 12 |
die "usage: $0 [html] list\n";
|
| 13 |
}
|
| 14 |
|
| 15 |
|
| 16 |
my %data;
|
| 17 |
my $unprop = my $unfixed = my $todos = 0;
|
| 18 |
|
| 19 |
sub record {
|
| 20 |
my ($package, $condition, $item)=@_;
|
| 21 |
|
| 22 |
if ($html) {
|
| 23 |
$condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
|
| 24 |
$condition=~s{unfixed}{<b>unfixed</b>}g;
|
| 25 |
$item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
|
| 26 |
}
|
| 27 |
|
| 28 |
push @{$data{$package}{$condition}}, $item;
|
| 29 |
}
|
| 30 |
|
| 31 |
foreach my $list (@ARGV) {
|
| 32 |
if (-d $list) {
|
| 33 |
$list="$list/list";
|
| 34 |
}
|
| 35 |
|
| 36 |
open (IN, $list) || die "open $list: $!";
|
| 37 |
while (<IN>) {
|
| 38 |
chomp;
|
| 39 |
if (/^\[/) {
|
| 40 |
($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /;
|
| 41 |
}
|
| 42 |
elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) {
|
| 43 |
$id=$1;
|
| 44 |
}
|
| 45 |
elsif (/^\s+[!-]\s+(.*?)\s+(.*)$/) {
|
| 46 |
my $package=$1;
|
| 47 |
my $version=$2;
|
| 48 |
|
| 49 |
my $maddy=`madison -s testing '$package'`;
|
| 50 |
if ($? & 128) {
|
| 51 |
# good old newraff..
|
| 52 |
record($package, "madison segfaulted", $id);
|
| 53 |
}
|
| 54 |
elsif ($? >> 8 != 0 && $? >> 8 != 1) {
|
| 55 |
record($package, "madison exited with ".($? >> 8), $id);
|
| 56 |
}
|
| 57 |
if (! length $maddy) {
|
| 58 |
next;
|
| 59 |
}
|
| 60 |
|
| 61 |
if ($version=~/unfixed/) {
|
| 62 |
record($package, $version, $id);
|
| 63 |
$unfixed++;
|
| 64 |
}
|
| 65 |
else {
|
| 66 |
my @fields = split(/\s*\|\s*/, $maddy);
|
| 67 |
my $havver=$fields[1];
|
| 68 |
my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
|
| 69 |
if ($cmp != 0) {
|
| 70 |
if ($html) {
|
| 71 |
$havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>';
|
| 72 |
}
|
| 73 |
record($package, "$version needed, have $havver", $id);
|
| 74 |
$unprop++;
|
| 75 |
}
|
| 76 |
}
|
| 77 |
}
|
| 78 |
elsif (/\s+TODO/) {
|
| 79 |
$todos++;
|
| 80 |
}
|
| 81 |
}
|
| 82 |
}
|
| 83 |
|
| 84 |
|
| 85 |
if ($html) {
|
| 86 |
print "<html><title>testing security issues</title>\n";
|
| 87 |
print "<ul>\n";
|
| 88 |
}
|
| 89 |
|
| 90 |
foreach my $package (sort keys %data) {
|
| 91 |
foreach my $condition (sort keys %{$data{$package}}) {
|
| 92 |
print "<li>" if $html;
|
| 93 |
print "$package $condition for ";
|
| 94 |
my $items=0;
|
| 95 |
foreach my $item (sort @{$data{$package}{$condition}}) {
|
| 96 |
print ", " if $items > 0;
|
| 97 |
print $item;
|
| 98 |
$items++;
|
| 99 |
}
|
| 100 |
print "\n";
|
| 101 |
}
|
| 102 |
}
|
| 103 |
|
| 104 |
if ($html) {
|
| 105 |
print "</ul>\n";
|
| 106 |
print "<hr>\n";
|
| 107 |
print "Total holes unfixed: $unfixed<br>\n";
|
| 108 |
print "Total holes fixed in unstable but not testing: $unprop<br>\n";
|
| 109 |
print "Number of TODO lines in <a href=\"http://svn.debian.org/wsvn/secure-testing/sarge-checks/?rev=0&sc=0\">records</a>: $todos<br>\n";
|
| 110 |
print "Maintained by the <a href=\"http://secure-testing.alioth.debian.org/\">testing security team</a><br>\n";
|
| 111 |
print "Last update: ".`date`."<br>\n";
|
| 112 |
print "</html>\n";
|
| 113 |
}
|
Parent Directory
| 
Revision Log