Parent Directory | Revision Log
|Links to HEAD:||(view) (download) (annotate)|
Switch from http to https for lists.debian.org at weasel's request
Generate https links to the security-tracker
Handle undefined description field by using a default text: security update
Updated to handle the latest format change
Fixed to parse the new reduced format
taking care of quotes and notes
make correctly ends CVEs, change wording more appropriate
make .data and .wml separately, create a directory/Makefile instead of die when not exist, create an index when not exist, create a matrix if needed.
fixes #691804: this makes empty line to trigger moreinfo
Remove GNU/Linux from security scripts used to generate oval XML and DSA [Paul Wise, wrt:#614233]
Remove useless query to ML archive
Make the list work even in absence of newline after CVE
Don't push Bug#none in .data
Add short months support (as in DSA-2302 or DSA-2304)
Drop generic footer of DSA from the web version
Removing 'dead' md5sums link to original advisory, automatically add fixed-section=no
use security-tracker.debian.org links instead of cve.mitre.org ones for the upcoming DSAs (closes: #603934)
also allow (s) for Debian Bug(s)
allow "old stable" likewise to "oldstable"
Fix the regex
Also allow oldstable after the CVE list as end marker
optipng all png files
parse-advisory.pl: Add armel => ARM EABI mapping
Allow the script to run even if no mail-archived DSA found
Avoid matching several times CVE ids
Automatically get the link to list archives
* No specific input filename needed anymore * All CVE references are sent to .data, not only the first line of them
error out if filename could not be parsed
The security doesn't seem to care about strict whitespace, so lets not care here either, it makes life just harder
CAN -> CVE
Corrections and spend more \ns
Improvements by Helge Kreutzmann to create proper HTML code when there's a list of CVE ids
Don't confuse the vulnerability with the type
ARGS. Reverted: Helge Kreutzmann: Added support for </li> and automatically add <ul></ul>. That adds <ul> and <li> too often. *sigh*
Helge Kreutzmann: Added support for </li> and automatically add <ul></ul>
Helge Kreutzmann: Text string for amd64, precaution if year dir does not exist.
Adjustments so that both Joey's and mstone's advisories can be parsed
allow CVE Id(s) additionally to CVE Ids
Match "Upgrade Instructions" case insensitive
Small fix to allow advisories the listing of empty security reference lines
Added support for CVE id lists (still need to enclose it with <ul></ul> manually)
Alfie told me that <foo/> is deprecated and <foo /> should be used instead, hence I changed this script to do just this. Also accept the plural form for Debian Bugs.
Added support for Debian bug reports, since several security advisories refer to a Debian bug as well.
correctly close empty tags
match (several|multiple) only at the end of line, to avoid vulnerabilities vulnerabilities
Matt uses a comma to separate CANs unfortunately. Turn CANs in the body into clickable links as well.
Automatic markup of bug numbers.
Two small little corrections.
append 'vulnerabilities' if the description is 'multiple' or 'several' (Bug#196580)
Added support for multiple bugtraq ids
Added support for a debug mode in which no files will be written but the output will be sent to stdout. This helps when dealing with updated advisories and stuff.
Damn! Wiggy always uses a different format and different keywords so our parser doesn't work. Maybe I should just ignore it and let other people fiddle with it. *grmbl*
Small update to reflect recent advisories
Added a fix to parse a wiggyism
Some adjustments so Wicherts nighties are parsed properly again
Bugfix to de-expand the expanded version of HPPA, adjusted the copyright line. If there's a particular copyright, then all major authors need to be listed and not just the creator.
reverted to the dot -- once the template writers learned how to spell, the script would break again :>
. Automatically strip the empty line I was always stripping manually... . Exchange string to <arch-indep> in the entire advisory . Added the Id tag back, since I'd like to see it.
lacking a proper retort from Joey, removed Id again
Gack! Who called an external program just to find out the current year? Dimwit... Corrected that, used this variable and don't use it for the pathname anymore since it's part of the filename already.
Corrected the filename parser, added the year while I was at it, so I don't have to mv the files around anymore.
This will handle bugtraq ids properly, even if there is more than one single id. Added writing of RCS Id, since I want to have it included, and since I maintain the security pages currently, my wish should have some weight here. *grmbl*
Added support for bugtraq ids
Another fix to be able to parse wiggy's advisories again, thought we've had that before already... Damn it!
Ok, this patch actually fixed several flaws in the parse-advisory.pl script. It's now able to parse DSA 137 properly. . Support for more than one distribution (i.e. potato and woody) . Support for more than one source archive . Better support for architectures (i.e. IBM S/390) . Removed hard coded potato thingy . Added support for </p> . In sum this adds support for Wichert-type and Joey-type advisories . The script can now actually parse both DSA 136 *and* DSA 137 *whoohooo*
Finally added working support for remote advisory links for CVE and CERT
updated for new template
added code to generate <secrefs> from the headers. also allowed for any number of custom headers, as long as the Debian-specific: header is there.
fixed the regexps for new format of fields
removed pointless and byte-wasting CVS data line, containing information already obtainable elsewhere
This should be more cute
Add the $Id $ auto-variable as well, helpful for translations
Parse my advisories properly again. I noticed that not all packages from security.debian.org make it into the stable archive, so better use 'probably' since we can't ensure that.
check if the file is -s; make date +%Y a variable to be able to use it later on in one of the print()s that was 2001-specific
updated the link to the mailing list archive (so it no longer uses the redirection)
Make the parser more cute.
really added <md5sums> stuff
in order to recognize Intel IA-32
regexp missed one-digit dates, fixed
This is only to annoy Joy, find out yourself what it does. :)
don't skip md5sums, remove extra newlines, use <source> and <arch-indep> tags
note to self: don't hardcode stuff, fool
fixed month; exit the loop when found
put description and moreinfo in data file
a little script to aid with making a wml out of an advisory
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.
|Powered by ViewVC 1.1.5|