#!/usr/bin/perl # # parse-dla.pl # # Copyright © 2016 Frank Lichtenheld # Based on parse-advisories.pl: # Copyright (C) 2001 Josip Rodin # Copyright (c) 2002,3 Josip Rodin, Martin Schulze # Licensed under the GNU General Public License version 2. use strict; use warnings; use File::Path qw(remove_tree make_path); use MIME::QuotedPrint; use POSIX qw(strftime); my $debug = 0; my $adv = $ARGV[0]; if ($adv eq "-d") { $debug = 1; $adv = $ARGV[1]; } $adv || die "you must specify a parameter (original advisory file)!\n"; die "that advisory file either ain't there or doesn't have anything in it!\n" unless -s $adv; # i'm lame, so shoot me my %longmoy = ( en => [ 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December' ] ); my %shortmoy = ( en => [ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] ); open my $fh, '<', $adv or die "couldn't open advisory file $adv: $!\n"; my ($dla, $date, $package, $version, @dbids, $moreinfo, $year); $package = $moreinfo = $dla = ''; $year = strftime "%Y", localtime; $date = strftime "%Y-%m-%d", localtime; my ($nl, $mi, $headersnearingend); foreach my $l (<$fh>) { $l = decode_qp($l); if ($l =~ /Subject.*:.*\[(DLA[- ]\d+-\d+)\]/) { $dla = $1; } if ($l =~ /Date.*:.*\s(\d+)\s+(\w+)\s+(\d+)/) { my $month = $2; my $day = $1; $year = $3; my $i = 0; while ($i < 12) { if ($month eq $longmoy{en}[$i]) { $month = $i + 1; $date = "$year-$month-$day"; $i = 12; } elsif ($month eq $shortmoy{en}[$i]) { $month = $i + 1; $date = "$year-$month-$day"; $i = 12; } $i++ } } if ($l =~ /Package(?:s)*\s*: (.+)\s*/) { $package = $1; } if ($l =~ /Version\s*: (.+)\s*/) { $version = $1; } if ($l =~ /^(Debian Bug\(?s?\)?)\s*: (.+)/i) { for my $id (split (/,? /, $2)) { push @dbids, "Bug#".$id if ($id ne "none"); } } if ($l =~ /^(CVE (names?|id\(?s?\)?|references?)?|CERT advisor(y|ies))\s*: (.+)/i) { push @dbids, join (" ", split (/,? /, $4)); } if ($l =~ /^\s+((?:CVE-\d+-\d+[ ]*)+)$/i) { push @dbids, join (" ", split (/,? /, $1)); } if ($l =~ /^\s+((?:VU#\d+[ ]*)+)$/i) { push @dbids, join (" ", split (/,? /, $1)); } if ($l =~ /^Bugtraq Ids?\s*: (.+)/i) { for my $id (split (/,? /, $1)) { push @dbids, "BID".$id; } } last if ($l =~ /Learn more about the/i); last if ($l =~ /Thanks to.+for proof read/i); last if ($l =~ /Regards,/i); last if ($l =~ /^-- /); last if ($l =~ /^Ben Hutchings/); last if ($l =~ /^Raphaël Hertzog/); last if ($l =~ /^mike gabriel aka sunweaver/); last if ($l =~ /^Support Debian LTS:/); last if ($l =~ /^-----BEGIN PGP SIGNATURE/); last if ($package and $l =~ /^--[a-zA-Z0-9]+$/); # another MIME boundary, we're done last if ($l =~ /^Attachment: /); #$mi = 0 if ($l =~ /^(wget url|Obtaining updates|Upgrade Instructions)/i); $moreinfo .= "
" if ($mi && $nl); $nl = 0; $nl = 1 if ($mi && ($l eq "\n") && $moreinfo); if ($mi) { if ($mi > 1) { $moreinfo .= $l; } else { $moreinfo .= "\n
".$l; $mi++; } } $headersnearingend++ if ($l =~ /Package(?:s)*\s*:/); if ($headersnearingend && $l =~ /^\s*$/) { $mi++; $headersnearingend = 0; } } close $fh; $moreinfo =~ s/(- )?-+\n//g; $moreinfo =~ s/\n\n$/\n/s; $moreinfo =~ s/^\n+/\n/s; $moreinfo =~ s/\n
\n$//; $moreinfo =~ s/\n
note\:/
Note<\/b>:/ig;
$moreinfo =~ s/(\s)"(\w[\w\.,'\(\)\s]*?\w)"([\:\.',\(\)\s])/$1 (CAN\|CVE)-\d+-\d+[\:]*)\s?(\s*)(\S+)|\n\n$1\n$3$4|g;
$moreinfo =~ s/\n\n/<\/p>\n\n/sg;
$moreinfo =~ s|\n ((CAN\|CVE)-\d+-\d+[^\n]*) ((CAN\|CVE)-\d+-\d+[^\n]*)\n|\n \n|g;
$moreinfo =~ s|((CAN\|CVE)-\d+-\d+)|$1|g;
$moreinfo =~ s| \n (\w* \w* stable)| $1|;
$moreinfo =~ s| (\s+)|$1 |g;
$moreinfo =~ s| | |g;
$moreinfo =~ s/\n $//;
$moreinfo =~ s|$2<\/q>$3/g;
$moreinfo =~ s/(\s)'(\w[\w\.,\(\)\s]*?\w)'([\:\.,\(\)\s])/$1
$2<\/q>$3/g;
$moreinfo =~ s|\n+(
(((\w+ ){1,3}(old ?stable|stable|testing|Debian \d))|Th[eo]se)}{
$1}; } chomp ($moreinfo); if (($moreinfo =~ /
For Debian 6 Squeeze
, these issues have been fixed in $package version $version