[Secure-testing-commits] r307 - in sarge-checks: . CAN
Joey Hess
joeyh@costa.debian.org
Sat, 22 Jan 2005 04:50:37 +0100
Author: joeyh
Date: 2005-01-22 04:50:34 +0100 (Sat, 22 Jan 2005)
New Revision: 307
Modified:
sarge-checks/CAN/list
sarge-checks/checklist
Log:
improve report by combining lines
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-01-21 22:59:55 UTC (rev 306)
+++ sarge-checks/CAN/list 2005-01-22 03:50:34 UTC (rev 307)
@@ -114,7 +114,6 @@
NOTE: not-for-us (jadc2s)
CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
- a2ps 1:4.13b-4.3
- - a2ps 1:4.13b-4.3
CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
TODO: check
CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
Modified: sarge-checks/checklist
===================================================================
--- sarge-checks/checklist 2005-01-21 22:59:55 UTC (rev 306)
+++ sarge-checks/checklist 2005-01-22 03:50:34 UTC (rev 307)
@@ -12,22 +12,21 @@
die "usage: $0 [html] list\n";
}
-if ($html) {
- print "<html><title>testing security issues</title>\n";
- print "<ul>\n";
-}
-sub formatout {
- my $out=shift;
+my %data;
+my $unprop = my $unfixed = 0;
+
+sub record {
+ my ($package, $condition, $item)=@_;
+
if ($html) {
- $out=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
- $out=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
+ $condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
+ $item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
}
- return $out;
+
+ push @{$data{$package}{$condition}}, $item;
}
-my $unprop = my $unfixed = 0;
-
foreach my $list (@ARGV) {
if (-d $list) {
$list="$list/list";
@@ -47,11 +46,12 @@
my $version=$2;
my $maddy=`madison -s testing '$package'`;
- next unless length $maddy; # skip if not in testing
+ if (! length $maddy) {
+ next;
+ }
if ($version=~/unfixed/) {
- print "<li>" if $html;
- print formatout("$package $version for $id\n");
+ record($package, $version, $id);
$unfixed++;
}
else {
@@ -60,10 +60,9 @@
my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
if ($cmp != 0) {
if ($html) {
- print "<li>";
$havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>';
}
- print formatout("$package $version needed, have $havver for $id\n");
+ record($package, "$version needed, have $havver", $id);
$unprop++;
}
}
@@ -71,11 +70,31 @@
}
}
+
if ($html) {
+ print "<html><title>testing security issues</title>\n";
+ print "<ul>\n";
+}
+
+foreach my $package (sort keys %data) {
+ foreach my $condition (sort keys %{$data{$package}}) {
+ print "<li>" if $html;
+ print "$package $condition for ";
+ my $items=0;
+ foreach my $item (sort @{$data{$package}{$condition}}) {
+ print ", " if $items > 0;
+ print $item;
+ $items++;
+ }
+ print "\n";
+ }
+}
+
+if ($html) {
print "</ul>\n";
print "<hr>\n";
- print "Total unfixed: $unfixed<br>\n";
- print "Total fixed in unstable but not testing: $unprop<br>\n";
+ print "Total holes unfixed: $unfixed<br>\n";
+ print "Total holes fixed in unstable but not testing: $unprop<br>\n";
print "Last update: ".`date`."<br>\n";
print "</html>\n";
}