Corrections for parse-advisory.pl
Hi all.
While playing with security advisories, I tried to regenerate one
with the advisory mail. As I looked at the parse-advisory.pl
source code I had the urgent need to clean it up ;)
Attached are my changes. Can someone send me an original advisory so I can
make sure I broke nothing? (Should not be, have tested all carefully)
I will also added a sentence to the README. Patch also attached.
Gruesse,
--
*** Frank Lichtenheld <frank@lichtenheld.de> ***
*** http://www.djpig.de/ ***
see also: - http://www.usta.de/
- http://fachschaft.physik.uni-karlsruhe.de/
Index: parse-advisory.pl
===================================================================
RCS file: /cvs/webwml/webwml/english/security/parse-advisory.pl,v
retrieving revision 1.43
diff -u -r1.43 parse-advisory.pl
--- parse-advisory.pl 11 May 2003 13:21:54 -0000 1.43
+++ parse-advisory.pl 7 Jun 2003 14:18:22 -0000
@@ -10,6 +10,8 @@
# Copyright (c) 2002,3 Josip Rodin, Martin Schulze
# Licensed under the GNU General Public License version 2.
+use strict;
+
my $debug = 0;
my $adv = $ARGV[0];
if ($adv eq "-d") {
@@ -29,7 +31,7 @@
my $curyear = (localtime())[5] + 1900;
my $mlURL = "http://lists.debian.org/debian-security-announce/debian-security-announce-$curyear/";
-my $arch = (
+my %arch = (
'alpha' => 'Alpha',
'hppa' => 'HP Precision',
'i386' => 'Intel IA-32',
@@ -43,13 +45,24 @@
'arm' => 'ARM',
);
-open ADV, $adv;
-foreach $l (<ADV>) {
+my ( $mi, $nl, $f );
+my ( $dsa, $date, $desc, $package, @dbids, $headersnearingend,
+ $files, $moreinfo );
+$mi = 0;
+$headersnearingend = 0;
+open ADV, $adv or die "couldn't open advisory file: $!";
+foreach my $l (<ADV>) {
if ($l =~ /^Debian Security Advisory (DSA[- ]\d+-\d+)/) {
$dsa = $1;
+ next;
+ }
+ if ($l =~ m,^http://www.debian.org/security/\s+([\w\s]+)$,) {
+ # autor
+ next;
}
if ($l =~ /^(\w+)\s+(\d+)(\D\D)?, (\d+)/) {
- $month = $1; $day = $2; $year = $4;
+ my $month = $1; my $day = $2; my $year = $4;
+ my $i = 0;
while ($i < 12) {
if ($month eq $longmoy{en}[$i]) {
$month = $i + 1;
@@ -58,20 +71,29 @@
}
$i++
}
+ next;
}
if ($l =~ /^Package\s*: (.+)/) {
$package = $1;
+ next;
}
if ($l =~ /^(Problem type|Vulnerability)\s*: (.+)/) {
$desc = $2;
+ next;
+ }
+ if ($l =~ /^(Problem-Type)\s*: (.+)/) {
+ # local, remote
+ next;
}
if ($l =~ /^(CVE (names?|ids?|references?)?|CERT advisor(y|ies))\s*: (.+)/i) {
push @dbids, $4;
+ next;
}
if ($l =~ /^Bugtraq Ids?\s*: (.+)/i) {
- for $id (split (/ /, $1)) {
+ for my $id (split (/,? /, $1)) {
push @dbids, "BID".$id;
}
+ next;
}
$mi = 0 if ($l =~ /^(wget url|Obtaining updates|Upgrade Instructions)/);
$moreinfo .= "<p>" if ($mi && $nl);
@@ -92,10 +114,10 @@
}
$f++ if ($l =~ /^Debian (GNU\/Linux.*alias|.*\(.*\)).*/);
- $f = 0 if ($l =~ /^((- )?-- | These (files|packages) will (probably )?be moved)/);
+ $f = 0 if ($l =~ /^((- )?-- |( )?These (files|packages) will (probably )?be moved)/);
$files .= $l if ($f);
}
-close ADV;
+close ADV or die "couldn't close advisory file: $!";
$moreinfo =~ s/(- )?-+\n//g;
@@ -128,10 +150,12 @@
}
$files = join ("\n", @f);
-$adv =~ /.*dsa[- ](\d+)-(\d+)\.(.*)/;
-$wml = "$curyear/dsa-$1.wml";
-$data = "$curyear/dsa-$1.data";
-$pagetitle = "DSA-$1-$2 $3";
+($adv =~ /.*dsa[- ](\d+)-(\d+)\.(.*)/)
+ or die "advisory file not correctly named."
+ . "Expected '*dsa-<num>-<rev>.<pkgname>*'";
+my $wml = "$curyear/dsa-$1.wml";
+my $data = "$curyear/dsa-$1.data";
+my $pagetitle = "DSA-$1-$2 $3";
$data = $wml = "-" if ($debug);
@@ -139,7 +163,7 @@
die "$data already exists!\n" if (-f $data);
$files =~ s,^</dl>\n\n,,;
-open DATA, ">$data";
+open DATA, ">$data" or die "couldn't open data file $data: $!";
print DATA "<define-tag pagetitle>$pagetitle</define-tag>\n";
print DATA "<define-tag report_date>$date</define-tag>\n";
print DATA "<define-tag secrefs>@dbids</define-tag>\n" if @dbids;
@@ -149,15 +173,15 @@
print DATA "\n#use wml::debian::security\n\n";
print DATA "$files\n\n</dl>\n";
print DATA "\n<p><md5sums $mlURL>\n";
-close DATA;
+close DATA or die "couldn't close data file $date: $!";
-open WML, ">$wml";
+open WML, ">$wml" or die "couldn't open wml file $wml: $!";
print WML "<define-tag description>$desc</define-tag>\n";
print WML "<define-tag moreinfo>$moreinfo</p>\n</define-tag>\n";
print WML "\n# do not modify the following line\n";
print WML "#include \"\$(ENGLISHDIR)/security/$data\"\n";
printf WML "# %sId: \$\n", "\$";
-close WML;
+close WML or die "couldn't close wml file $wml: $!";
print "Now edit $data and remove any English-specific stuff from it.\n";
print "\n";
Index: README
===================================================================
RCS file: /cvs/webwml/webwml/english/security/README,v
retrieving revision 1.2
diff -u -r1.2 README
--- README 29 Mar 2003 14:01:23 -0000 1.2
+++ README 7 Jun 2003 14:20:16 -0000
@@ -18,6 +18,8 @@
You can also use the text of the advisory as sent over the
debian-security-announce mailing list if you have no access to security.d.o
and no one of the security team has time to help you.
+Therefor you have to save the mail body in a file named
+dsa-<dsanum>-<revnum>.<pkgname> (you can add arbitrary pre- and suffixes).
Usage:
./parse_advisory.pl [ -d ] <advisory_file>
Reply to: