[Secure-testing-commits] r27894 - bin doc
Raphael Geissert
geissert at moszumanska.debian.org
Tue Jul 22 20:26:58 UTC 2014
Author: geissert
Date: 2014-07-22 20:26:58 +0000 (Tue, 22 Jul 2014)
New Revision: 27894
Added:
bin/gen-DLA
doc/DLA.template
Log:
gen-DLA: similar to gen-DSA, awaiting merge
Added: bin/gen-DLA
===================================================================
--- bin/gen-DLA (rev 0)
+++ bin/gen-DLA 2014-07-22 20:26:58 UTC (rev 27894)
@@ -0,0 +1,328 @@
+#!/bin/sh
+
+####################
+# Copyright (C) 2011, 2012, 2013, 2014 by Raphael Geissert <geissert at debian.org>
+#
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <http://www.gnu.org/licenses/>.
+####################
+
+set -e
+
+OLDSTABLE=squeeze
+
+export LANG=C
+
+[ -f doc/DLA.template ] || {
+ echo "error: call this script from the root of the repository" >&2
+ exit 1
+}
+
+[ $# -ge 1 ] || {
+ echo "usage: $0 [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]]"
+ echo " 'DLA' is the DLA number, required when issuing a revision"
+ echo " 'cve(s)' and 'bugnumber(s)' can be passed in any order but"
+ echo " always AFTER the description"
+ echo " If it doesn't like your bug number, prefix it with # and report"
+ exit 1
+} >&2
+
+save=false
+if [ "$1" = "--save" ]; then
+ save=true
+ shift
+fi
+
+embargoed=false
+if [ "$1" = "--embargoed" ]; then
+ embargoed=true
+ shift
+fi
+
+unembargo=false
+if [ "$1" = "--unembargo" ]; then
+ unembargo=true
+ shift
+ set -- "$1"
+fi
+
+toupper() {
+ printf '%s' "$1" | tr '[:lower:]' '[:upper:]'
+}
+
+tolower() {
+ printf '%s' "$1" | tr '[:upper:]' '[:lower:]'
+}
+
+split_n_sort() {
+ printf '%s' "$1" | sed -r 's/[ ,;]+/ /g;s/^ //' | tr ' ' "\n" | sort -u |
+ sort -n | tr "\n" ' ' | sed -r 's/\s+/ /g;s/\s$//'
+}
+
+_d_space() {
+ local direction="$1" text="$2" to_length="$3"
+ local right='' left='' output='' spacing=0
+
+ if [ "$direction" = 'right' ]; then
+ right=' '
+ elif [ "$direction" = 'left' ]; then
+ left=' '
+ else
+ echo FIXME >&2
+ exit 1
+ fi
+
+ spacing=$(($to_length-${#text}))
+ output="$text"
+ while [ $spacing -gt 0 ]; do
+ output="${left}${output}${right}"
+ spacing=$((spacing-1))
+ done
+ printf '%s' "$output"
+}
+
+left_space() {
+ _d_space left "$@"
+}
+
+right_space() {
+ _d_space right "$@"
+}
+
+warn() {
+ printf "${YELLOW}warning:${NORMAL} %s\n" "$1"
+}
+
+notice() {
+ printf "${MAGENTA}notice:${NORMAL} %s\n" "$1"
+}
+
+error() {
+ printf "${RED}error:${NORMAL} %s\n" "$1"
+}
+
+setvar() {
+ local var="$1" value="$2"
+
+ if [ -z "$value" ]; then
+ value="$(eval 'printf "%s" "$'"$var"'"')"
+ fi
+
+ sed -i "s=\$$var=$value=g" "$tmpf"
+}
+
+if which tput >/dev/null; then
+ RED=$(tput setaf 1)
+ YELLOW=$(tput setaf 3)
+ MAGENTA=$(tput setaf 5)
+ NORMAL=$(tput op)
+else
+ RED=''
+ YELLOW=''
+ MAGENTA=''
+ NORMAL=''
+fi
+
+DLAID=
+if printf '%s' "$1" | grep -Eq '^(DLA-|)[0-9]+(-[0-9]+|)$'; then
+ DLAID="${1#DLA-}"
+ shift
+fi
+
+PACKAGE="$(tolower "$1")"
+shift
+
+TYPE=security
+if [ regression = "$1" ]; then
+ TYPE=regression
+ shift
+fi
+
+CVE=
+BUGNUM=
+REFERENCES=0
+TEXT=
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ [cC][vV][eE]-*)
+ CVE="$CVE $(toupper "$1")"
+ ;;
+ [0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
+ BUGNUM="$BUGNUM ${1#\#}"
+ ;;
+ *)
+ error "Don't know what to do with '$1' argument" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+BUGNUM="$(split_n_sort "$BUGNUM")"
+
+CVE="$(split_n_sort "$CVE")"
+cve_spacing=
+
+for i in $(seq 0 16); do
+ cve_spacing="$cve_spacing "
+done
+sed_cmd='s/((CVE-[0-9-]+[ ]+){4})(.+)$/\1\\n'"$cve_spacing"'\3/g;P;D'
+CVE_LIST="$(printf '%s' "$CVE" | sed -r "$sed_cmd")"
+
+for id in $CVE; do
+ REFERENCES=$(($REFERENCES+1))
+ grep -wq "^$id" data/CVE/list || {
+ warn "'$id' is not known" >&2
+ }
+
+ TEXT="$TEXT\n\n$id\n\n Description"
+done
+
+if [ $REFERENCES -eq 1 ]; then
+ TEXT=
+fi
+
+if [ -n "$TEXT" ]; then
+ TEXT="Brief introduction $TEXT"
+
+ if ! $save; then
+ TEXT="The CVE ids will be listed here when --save'ing"
+ fi
+fi
+
+case "$DLAID" in
+ *-*|'')
+ :
+ ;;
+ *)
+ notice "missing DLA revision number, assuming 1" >&2
+ DLAID="$DLAID-1"
+ ;;
+esac
+
+dla_exists() {
+ grep -wq "DLA-$1" data/DLA/list
+}
+
+if $embargoed; then
+ DLAID=EMBRGD-"$PACKAGE"
+fi
+
+if [ -z "$DLAID" ]; then
+ latest_dla="$(sed -nr '/DLA-[0-9]+-1/{s/^.+DLA-([0-9]+).*$/\1/;p;q}' data/DLA/list)"
+ dla=$(($latest_dla+1))
+ c=0
+ while dla_exists "$dla-1"; do
+ dla=$(($dla+1))
+ c=$(($c+1))
+ if [ $c -eq 10 ]; then
+ error "unable to find an unused DLA id after $c attempts" >&2
+ error "to workaround specify an id as the first parameter" >&2
+ exit 1
+ fi
+ done
+ DLAID="$dla-1"
+fi
+
+if dla_exists "$DLAID"; then
+ error "DLA-$DLAID has already been used" >&2
+ exit 1
+fi
+
+if $unembargo; then
+ EMBRGD_ID="EMBRGD-$PACKAGE"
+ mv "DLA-${EMBRGD_ID}" DLA-"$DLAID"
+
+ # get the date of when the embargoed entry was generated
+ gen_date="$(sed -rn "/DLA-${EMBRGD_ID}/{s/^\[(.+)\].+$/\1/;p;t}" data/DLA/list)"
+
+ OLD_DATE="$(date -d "$gen_date" +"%B %d, %Y")"
+
+ NEW_DATE="$(date +"%B %d, %Y")"
+
+ sed -ri "/DLA-${EMBRGD_ID}/{s/\[.+\]/[$(date +"%d %b %Y")]/;s/DLA-${EMBRGD_ID}/DLA-$DLAID/;}" data/DLA/list
+ sed -i "s/${EMBRGD_ID}/$DLAID/g" DLA-"$DLAID"
+
+ echo "'Unembargoing' as DLA-$DLAID"
+ exit
+fi
+
+tmpf=$(mktemp)
+cat doc/DLA.template > $tmpf
+
+if [ "$TYPE" = regression ]; then
+ sed -ri '/^Subject:/s/security update$/regression update/' $tmpf
+fi
+
+if [ $REFERENCES -gt 1 ]; then
+ sed -ri 's/this problem has/these problems have/' $tmpf
+fi
+
+DATE="$(date +"%B %d, %Y")"
+
+setvar DEBEMAIL
+setvar DEBFULLNAME
+setvar PACKAGE
+setvar CVE "$CVE_LIST"
+setvar DLAID
+setvar BUGNUM
+setvar OLDSTABLE
+setvar DATE
+setvar TEXT "${TEXT:-DLA text goes here}"
+
+for dist in $OLDSTABLE; do
+ version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
+ if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then
+ printf "Enter $dist's version [unset]: "
+ read version
+ if [ -n "$version" ]; then
+ eval "${dist}_VERSION='$version'"
+ fi
+ fi
+ [ -z "$version" ] || setvar "${dist}_VERSION" "$version"
+done
+
+if ! $save; then
+ cat $tmpf
+ echo
+ echo " ---- "
+ echo "Pass --save as the first parameter to save the text to DLA-$DLAID"
+ echo "(the data/DLA/list entry will also be added)"
+ rm -f "$tmpf"
+ exit
+else
+ mv -i $tmpf "DLA-$DLAID" || { rm -f $tmpf; exit; }
+ dla_entry=$(mktemp)
+ cat <<EOF > $dla_entry
+[$(date +"%d %b %Y")] DLA-$DLAID $PACKAGE - $TYPE update
+EOF
+
+ if [ "$CVE" ]; then
+ printf "\t{%s}\n" "$CVE" >> $dla_entry
+ fi
+
+ for dist in $OLDSTABLE; do
+ version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
+ [ -z "$version" ] || \
+ printf "\t[%s] - %s %s\n" "$dist" "$PACKAGE" "$version" >> $dla_entry
+ done
+ tmp_list="$(mktemp)"
+ cat $dla_entry data/DLA/list > $tmp_list
+ cat $tmp_list > data/DLA/list
+ rm -f $tmp_list
+ sed -rn '/^'"$PACKAGE"'\b/{: next;n;/^\s/b next;d};p' data/dla-needed.txt > data/dla-needed.txt.new
+ mv data/dla-needed.txt.new data/dla-needed.txt
+ echo "DLA text written to ./DLA-$DLAID"
+fi
Property changes on: bin/gen-DLA
___________________________________________________________________
Added: svn:executable
+ *
Added: doc/DLA.template
===================================================================
--- doc/DLA.template (rev 0)
+++ doc/DLA.template 2014-07-22 20:26:58 UTC (rev 27894)
@@ -0,0 +1,10 @@
+From: $DEBFULLNAME <$DEBEMAIL>
+To: debian-lts-announce at lists.debian.org
+Subject: [DLA $DLAID] $PACKAGE security update
+
+Package : $PACKAGE
+Version : $squeeze_VERSION
+CVE ID : $CVE
+Debian Bug : $BUGNUM
+
+$TEXT
More information about the Secure-testing-commits
mailing list