| 1 |
#!/usr/bin/python
|
| 2 |
|
| 3 |
# Reasonably well-formed announcements to the debian-security-announce
|
| 4 |
# mailing list can be piped through this script. The result is an
|
| 5 |
# entry suitable for data/DSA/list.
|
| 6 |
|
| 7 |
import os
|
| 8 |
import os.path
|
| 9 |
import re
|
| 10 |
import string
|
| 11 |
import sys
|
| 12 |
import time
|
| 13 |
import urllib2
|
| 14 |
|
| 15 |
def setup_paths():
|
| 16 |
check_file = 'lib/python/debian_support.py'
|
| 17 |
paths = [os.getcwd(), os.path.dirname(sys.argv[0])]
|
| 18 |
try:
|
| 19 |
paths.append(os.path.dirname(os.readlink(sys.argv[0])))
|
| 20 |
except OSError:
|
| 21 |
pass
|
| 22 |
for path in paths:
|
| 23 |
while 1:
|
| 24 |
if os.path.exists("%s/%s" % (path, check_file)):
|
| 25 |
sys.path = [path + '/lib/python'] + sys.path
|
| 26 |
return path
|
| 27 |
idx = string.rfind(path, '/')
|
| 28 |
if idx == -1:
|
| 29 |
break
|
| 30 |
path = path[0:idx]
|
| 31 |
raise ImportError, "could not setup paths"
|
| 32 |
os.chdir(setup_paths())
|
| 33 |
|
| 34 |
import debian_support
|
| 35 |
|
| 36 |
# DSAs do not contain version numbers with epochs, so they are useless
|
| 37 |
# for our purposes.
|
| 38 |
|
| 39 |
def fetch_dsc(url):
|
| 40 |
u = urllib2.urlopen(url)
|
| 41 |
assert u.readline()[0] == '-' # OpenPGP cleartext signature header
|
| 42 |
|
| 43 |
def parse(*regexps):
|
| 44 |
result = [None] * len(regexps)
|
| 45 |
for line in u:
|
| 46 |
for i in range(len(regexps)):
|
| 47 |
match = regexps[i].match(line)
|
| 48 |
if match:
|
| 49 |
result[i] = match.groups()[0]
|
| 50 |
continue
|
| 51 |
if line[0] == '-':
|
| 52 |
break
|
| 53 |
return result
|
| 54 |
|
| 55 |
(source, version)= parse(re.compile("^Source: (\S+)$"),
|
| 56 |
re.compile("^Version: (\S+)$"))
|
| 57 |
assert source is not None
|
| 58 |
assert version is not None
|
| 59 |
return (source, version)
|
| 60 |
|
| 61 |
re_title = re.compile(r'^Subject: .*\[DSA[ -](\d+-\d+)\] .* fix(?:es)? (.*)$')
|
| 62 |
re_date = re.compile(r'^([A-Z][a-z][a-z])[a-z]* (\d+)[a-z]*, (\d+)\s+http://.*')
|
| 63 |
|
| 64 |
re_cve = re.compile('(CVE-\d{4}-\d{4})')
|
| 65 |
release_headline_re = re.compile(
|
| 66 |
r'^Debian GNU/Linux [0-9.]+ (?:\(|alias) ([a-z]+).*')
|
| 67 |
release_headline_re_s = re.compile(r'^Debian \((\w+)\)')
|
| 68 |
dscurl_re = re.compile(r'^\s*(http://\S+\.dsc).*')
|
| 69 |
|
| 70 |
# Variants used by "dak new-security-install"
|
| 71 |
re_date1 = re.compile(r'^([A-Z][a-z][a-z])[a-z]* (\d+), (2\d{3}).*')
|
| 72 |
release_headline1_re = re.compile(r'^Debian [0-9.]+ \(([a-z]+)\).*')
|
| 73 |
release_map = {'stable' : 'squeeze', 'oldstable' : 'lenny'}
|
| 74 |
|
| 75 |
def process_file(file):
|
| 76 |
cve_names = {}
|
| 77 |
package_notes = []
|
| 78 |
release = ''
|
| 79 |
date = ''
|
| 80 |
dsa_name = ''
|
| 81 |
title = ''
|
| 82 |
packages = {}
|
| 83 |
for line in file.readlines():
|
| 84 |
match = re_title.match(line)
|
| 85 |
if match:
|
| 86 |
(dsa_name, title) = match.groups()
|
| 87 |
continue
|
| 88 |
|
| 89 |
match = re_date.match(line)
|
| 90 |
if match:
|
| 91 |
(m, d, y) = match.groups()
|
| 92 |
date = "%02d %s %s" % (int(d), m, y)
|
| 93 |
continue
|
| 94 |
|
| 95 |
for cve in re_cve.findall(line):
|
| 96 |
cve_names[cve] = True
|
| 97 |
|
| 98 |
match = release_headline_re.match(line)
|
| 99 |
if match:
|
| 100 |
(release,) = match.groups()
|
| 101 |
continue
|
| 102 |
else:
|
| 103 |
match = release_headline_re_s.match(line)
|
| 104 |
if match:
|
| 105 |
(release,) = match.groups()
|
| 106 |
release = release_map[release]
|
| 107 |
continue
|
| 108 |
|
| 109 |
match = dscurl_re.match(line)
|
| 110 |
if match:
|
| 111 |
assert release
|
| 112 |
(source, version) = fetch_dsc(match.groups()[0])
|
| 113 |
packages[source] = True
|
| 114 |
package_notes.append((release, source, version))
|
| 115 |
|
| 116 |
# Variants used by "dak new-security-install"
|
| 117 |
|
| 118 |
match = re_date1.match(line)
|
| 119 |
if match:
|
| 120 |
(m, d, y) = match.groups()
|
| 121 |
date = "%02d %s %s" % (int(d), m, y)
|
| 122 |
continue
|
| 123 |
match = release_headline1_re.match(line)
|
| 124 |
if match:
|
| 125 |
(release,) = match.groups()
|
| 126 |
release = release_map[release]
|
| 127 |
continue
|
| 128 |
|
| 129 |
assert date
|
| 130 |
assert title
|
| 131 |
packages = packages.keys()
|
| 132 |
packages.sort()
|
| 133 |
print "[%s] DSA-%s %s - %s" % (date, dsa_name, ' '.join(packages), title)
|
| 134 |
|
| 135 |
cve_names = cve_names.keys()
|
| 136 |
if cve_names:
|
| 137 |
cve_names.sort()
|
| 138 |
print "\t{%s}" % (' '.join(cve_names))
|
| 139 |
|
| 140 |
for (release, source, version) in package_notes:
|
| 141 |
print "\t[%s] - %s %s" % (release, source, version)
|
| 142 |
|
| 143 |
if len(sys.argv) == 1:
|
| 144 |
process_file(sys.stdin)
|
| 145 |
else:
|
| 146 |
l = sys.argv[1:]
|
| 147 |
l.reverse()
|
| 148 |
def is_bad(f):
|
| 149 |
if os.path.exists(f):
|
| 150 |
return True
|
| 151 |
sys.stderr.write("error: file does not exist: %s\n" % f)
|
| 152 |
return False
|
| 153 |
l = filter(is_bad, l)
|
| 154 |
for x in l:
|
| 155 |
process_file(file(x))
|
Parent Directory
| 
Revision Log