[Secure-testing-commits] r307 - in sarge-checks: . CAN

Joey Hess joeyh@costa.debian.org
Sat, 22 Jan 2005 04:50:37 +0100


Author: joeyh
Date: 2005-01-22 04:50:34 +0100 (Sat, 22 Jan 2005)
New Revision: 307

Modified:
   sarge-checks/CAN/list
   sarge-checks/checklist
Log:
improve report by combining lines


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-01-21 22:59:55 UTC (rev 306)
+++ sarge-checks/CAN/list	2005-01-22 03:50:34 UTC (rev 307)
@@ -114,7 +114,6 @@
 	NOTE: not-for-us (jadc2s)
 CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
 	- a2ps 1:4.13b-4.3
-	- a2ps 1:4.13b-4.3
 CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
 	TODO: check
 CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)

Modified: sarge-checks/checklist
===================================================================
--- sarge-checks/checklist	2005-01-21 22:59:55 UTC (rev 306)
+++ sarge-checks/checklist	2005-01-22 03:50:34 UTC (rev 307)
@@ -12,22 +12,21 @@
 	die "usage: $0 [html] list\n";
 }
 
-if ($html) {
-	print "<html><title>testing security issues</title>\n";
-	print "<ul>\n";
-}
 
-sub formatout {
-	my $out=shift;
+my %data;
+my $unprop = my $unfixed = 0;
+
+sub record {
+	my ($package, $condition, $item)=@_;
+		
 	if ($html) {
-		$out=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
-		$out=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
+		$condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
+		$item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
 	}
-	return $out;
+
+	push @{$data{$package}{$condition}}, $item;
 }
 
-my $unprop = my $unfixed = 0;
-
 foreach my $list (@ARGV) {
 	if (-d $list) {
 		$list="$list/list";
@@ -47,11 +46,12 @@
 			my $version=$2;
 			
 			my $maddy=`madison -s testing '$package'`;
-			next unless length $maddy; # skip if not in testing
+			if (! length $maddy) {
+				next;
+			}
 			
 			if ($version=~/unfixed/) {
-				print "<li>" if $html;
-				print formatout("$package $version for $id\n");
+				record($package, $version, $id);
 				$unfixed++;
 			}
 			else {
@@ -60,10 +60,9 @@
 				my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
 				if ($cmp != 0) {
 					if ($html) {
-						print "<li>";
 						$havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>';
 					}
-					print formatout("$package $version needed, have $havver for $id\n");
+					record($package, "$version needed, have $havver", $id);
 					$unprop++;
 				}
 			}
@@ -71,11 +70,31 @@
 	}
 }
 
+
 if ($html) {
+	print "<html><title>testing security issues</title>\n";
+	print "<ul>\n";
+}
+
+foreach my $package (sort keys %data) {
+	foreach my $condition (sort keys %{$data{$package}}) {
+		print "<li>" if $html;
+		print "$package $condition for ";
+		my $items=0;
+		foreach my $item (sort @{$data{$package}{$condition}}) {
+			print ", " if $items > 0;
+			print $item;
+			$items++;
+		}
+		print "\n";
+	}
+}
+
+if ($html) {
 	print "</ul>\n";
 	print "<hr>\n";
-	print "Total unfixed: $unfixed<br>\n";
-	print "Total fixed in unstable but not testing: $unprop<br>\n";
+	print "Total holes unfixed: $unfixed<br>\n";
+	print "Total holes fixed in unstable but not testing: $unprop<br>\n";
 	print "Last update: ".`date`."<br>\n";
 	print "</html>\n";
 }