[Secure-testing-commits] r3107 - bin doc
Florian Weimer
fw at costa.debian.org
Tue Dec 20 12:44:05 UTC 2005
Author: fw
Date: 2005-12-20 12:44:04 +0000 (Tue, 20 Dec 2005)
New Revision: 3107
Added:
bin/dsa2list
Modified:
doc/narrative_introduction
Log:
bin/dsa2list:
New script.
doc/narrative_introduction:
Mention it.
Added: bin/dsa2list
===================================================================
--- bin/dsa2list 2005-12-20 12:38:49 UTC (rev 3106)
+++ bin/dsa2list 2005-12-20 12:44:04 UTC (rev 3107)
@@ -0,0 +1,114 @@
+#!/usr/bin/python
+
+import os
+import os.path
+import re
+import string
+import sys
+import time
+import urllib2
+
+def setup_paths():
+ check_file = 'lib/python/debian_support.py'
+ path = os.getcwd()
+ while 1:
+ if os.path.exists("%s/%s" % (path, check_file)):
+ sys.path = [path + '/lib/python'] + sys.path
+ return path
+ idx = string.rfind(path, '/')
+ if idx == -1:
+ raise ImportError, "could not setup paths"
+ path = path[0:idx]
+os.chdir(setup_paths())
+
+import debian_support
+
+def fetch_dsc(url):
+ u = urllib2.urlopen(url)
+ assert u.readline()[0] == '-' # OpenPGP cleartext signature header
+
+ def parse(*regexps):
+ result = [None] * len(regexps)
+ for line in u:
+ for i in range(len(regexps)):
+ match = regexps[i].match(line)
+ if match:
+ result[i] = match.groups()[0]
+ continue
+ if line[0] == '-':
+ break
+ return result
+
+ (source, version)= parse(re.compile("^Source: (\S+)$"),
+ re.compile("^Version: (\S+)$"))
+ assert source is not None
+ assert version is not None
+ return (source, version)
+
+re_title = re.compile(r'<h2>(DSA-\d+-\d+) (\S+) -- (.*)</h2>')
+re_date = re.compile(r'^\s+<dd>(\d\d [A-Z][a-z][a-z] \d{4})</dd>$')
+
+re_cve = re.compile('(CVE-\d{4}-\d{4})')
+release_headline_re = re.compile(
+ r'.*<h3>Debian GNU/Linux \S+ \(([a-z]+)\)</h3>.*')
+dscurl_re = re.compile(r'.*"(http://[^">]+\.dsc)".*')
+
+if len(sys.argv) <> 2:
+ print "usage: dsa2list DSA-NUMBER"
+ sys.exit(1)
+
+try:
+ dsa_number = int(sys.argv[1])
+except ValueError:
+ print `sys.argv[1]`, "is not an integer"
+ sys.exit(1)
+
+cve_names = {}
+package_notes = []
+for year in range(0, 6):
+ try:
+ url = "http://www.debian.org/security/%d/dsa-%d" % \
+ ((time.gmtime().tm_year - year), dsa_number)
+ u = urllib2.urlopen(url)
+ except urllib2.HTTPError:
+ continue
+
+ title = ''
+ release = ''
+ date = ''
+ for line in u.readlines():
+ match = re_title.match(line)
+ if match:
+ title = "%s %s - %s" % match.groups()
+ continue
+
+ match = re_date.match(line)
+ if match:
+ (date,) = match.groups()
+
+ for cve in re_cve.findall(line):
+ cve_names[cve] = True
+
+ match = release_headline_re.match(line)
+ if match:
+ (release,) = match.groups()
+ continue
+
+ match = dscurl_re.match(line)
+ if match:
+ assert release
+ (source, version) = fetch_dsc(match.groups()[0])
+ package_notes.append((release, source, version))
+ break
+
+assert date
+assert title
+print "[%s] %s" % (date, title)
+
+cve_names = cve_names.keys()
+if cve_names:
+ cve_names.sort()
+ print "\t{ %s }" % (' '.join(cve_names))
+
+for (release, source, version) in package_notes:
+ print "\t[%s] - %s %s" % (release, source, version)
Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction 2005-12-20 12:38:49 UTC (rev 3106)
+++ doc/narrative_introduction 2005-12-20 12:44:04 UTC (rev 3107)
@@ -310,6 +310,10 @@
that tracks, when a fix has reached testing relative to the time when it hit
stable.
+The bin/dsa2list script can be used to generate a template for a new
+DSA entry once the official DSA is published on the web. You should
+not blindly trust the script output and double-check it, though.
+
The security bug tracker
------------------------
There is a more detailed tracker that provides a lot more views into this
More information about the Secure-testing-commits
mailing list