diff options
author | Raphael Geissert <geissert@debian.org> | 2011-01-05 21:59:33 +0000 |
---|---|---|
committer | Raphael Geissert <geissert@debian.org> | 2011-01-05 21:59:33 +0000 |
commit | 68bb410cb466262d45722cc3017b6a3c8c195c94 (patch) | |
tree | 93fdfb5d68baa1e9b898d51e30d93b80015cdb4e | |
parent | 35dda2883050cac4b89fe0d3da6cba09c94a6649 (diff) |
Add a DSA template and a script to generate it
Example: bin/gen-DSA 2120-1 php5 "multiple vulnerabilities" > DSA
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15794 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rwxr-xr-x | bin/gen-DSA | 100 | ||||
-rw-r--r-- | doc/DSA.template | 36 |
2 files changed, 136 insertions, 0 deletions
diff --git a/bin/gen-DSA b/bin/gen-DSA new file mode 100755 index 0000000000..3a82678ad9 --- /dev/null +++ b/bin/gen-DSA @@ -0,0 +1,100 @@ +#!/bin/sh + +#################### +# Copyright (C) 2011 by Raphael Geissert <geissert@debian.org> +# +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see <http://www.gnu.org/licenses/>. +#################### + +set -e + +OLDSTABLE= +STABLE=lenny +TESTING=squeeze + +[ -f doc/DSA.template ] || { + echo "error: call this script from the root of the repository" >&2 + exit 1 +} + +[ $# -ge 3 ] || { + echo "usage: $0 DSA package vulnerability [cve(s) [bugnumber]]" >&2 + exit 1 +} + +DSAID="$1" +PACKAGE="$(printf '%s' "$2" | tr "[:upper:]" "[:lower:]")" +VULNERABILITY="$3" +CVE="$(printf '%s' "$4" | tr "[:lower:]" "[:upper:]")" +BUGNUM="$5" + +if grep -wq "DSA-$DSAID" data/DSA/list; then + echo "error: DSA-$DSAID has already been used" >&2 + exit 1 +fi + +setvar() { + local var="$1" value="$2" + + if [ -z "$value" ]; then + value="$(eval 'printf "%s" "$'"$var"'"')" + fi + + sed -i "s=\$$var=$value=g" "$tmpf" +} + +tmpf=$(mktemp) +cat doc/DSA.template > $tmpf + +name_length=$(echo -n "$DEBFULLNAME" | wc -c) +spacing=$((24-$name_length)) +SPACEDDEBFULLNAME="$DEBFULLNAME" +while [ $spacing -gt 0 ]; do + SPACEDDEBFULLNAME=" $SPACEDDEBFULLNAME" + spacing=$((spacing-1)) +done + +DATE="$(date +"%B %d, %Y")" +date_length=$(echo -n "$DATE" | wc -c) +spacing=$((22-$date_length)) +SPACEDDATE="$DATE" +while [ $spacing -gt 0 ]; do + SPACEDDATE="$SPACEDDATE " + spacing=$((spacing-1)) +done + +setvar DEBEMAIL +setvar DEBFULLNAME +setvar SPACEDDEBFULLNAME +setvar PACKAGE +setvar CVE +setvar REMLOCAL "${REMLOCAL:-remote}" +setvar DSAID +setvar BUGNUM +setvar VULNERABILITY +setvar DEBIANSPECIFIC "${DEBIANSPECIFIC:-no}" +setvar OLDSTABLE +setvar STABLE +setvar TESTING +setvar SPACEDDATE +setvar DATE + +for dist in $OLDSTABLE $STABLE $TESTING UNSTABLE; do + version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')" + [ -z "$version" ] || setvar "${dist}_VERSION" "$version" +done + +cat $tmpf +rm -f "$tmpf" diff --git a/doc/DSA.template b/doc/DSA.template new file mode 100644 index 0000000000..27d040cdce --- /dev/null +++ b/doc/DSA.template @@ -0,0 +1,36 @@ +From: $DEBFULLNAME <$DEBEMAIL> +To: debian-security-announce@lists.debian.org +Subject: [DSA-$DSAID] New $PACKAGE packages fix $VULNERABILITY + +------------------------------------------------------------------------- +Debian Security Advisory DSA-$DSAID security@debian.org +http://www.debian.org/security/ $SPACEDDEBFULLNAME +$SPACEDDATE http://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : $PACKAGE +Vulnerability : $VULNERABILITY +Problem type : $REMLOCAL +Debian-specific: $DEBIANSPECIFIC +CVE ID : $CVE +Debian Bug : $BUGNUM + +For the oldstable distribution ($OLDSTABLE), this problem has been fixed in +version $$OLDSTABLE_VERSION. + +For the stable distribution ($STABLE), this problem has been fixed in +version $$STABLE_VERSION. + +For the testing distribution ($TESTING), this problem has been fixed in +version $$TESTING_VERSION. + +For the unstable distribution (sid), this problem has been fixed in +version $UNSTABLE_VERSION. + +We recommend that you upgrade your $PACKAGE package. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |