#!/usr/bin/perl
# Must run on a machine with madison.

my $html=0;
if ($ARGV[0] eq 'html') {
	shift;
	$html=1;
}

if (! @ARGV) {
	die "usage: $0 [html] list\n";
}

if ($html) {
	print "<html><title>testing security issues</title>\n";
	print "<ul>\n";
}

sub formatout {
	my $out=shift;
	if ($html) {
		$out=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
		$out=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
	}
	return $out;
}

my $unprop = my $unfixed = 0;

foreach my $list (@ARGV) {
	if (-d $list) {
		$list="$list/list";
	}
	
	open (IN, $list) || die "open $list: $!";
	while (<IN>) {
		chomp;
		if (/^\[/) {
			($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /;
		}
		elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) {
			$id=$1;
		}
		elsif (/^\s+[!-]\s+(.*?)\s+(.*)$/) {
			my $package=$1;
			my $version=$2;
			
			my $maddy=`madison -s testing '$package'`;
			next unless length $maddy; # skip if not in testing
			
			if ($version=~/unfixed/) {
				print "<li>" if $html;
				print formatout("$package $version for $id\n");
				$unprop++;
			}
			else {
				my @fields = split(/\s*\|\s*/, $maddy);
				my $havver=$fields[1];
				my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
				if ($cmp != 0) {
					if ($html) {
						print "<li>";
						$havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.$package.'">'.$havver.'</a>';
					}
					print formatout("$package $version needed, have $havver for $id\n");
					$unfixed++;
				}
			}
		}
	}
}

if ($html) {
	print "</ul>\n";
	print "<hr>\n";
	print "Total unfixed: $unfixed<br>\n";
	print "Total fixed in unstable but not testing: $unprop<br>\n";
	print "Last update: ".`date`."<br>\n";
	print "</html>\n";
}