PLD-doc: PLDSA/new-sa (NEW), PLDSA/send-sa (NEW), PLDSA/PLDSA_numb...

glen glen at pld-linux.org
Sun Jun 4 21:03:28 CEST 2006 

Author: glen                         Date: Sun Jun  4 19:03:28 2006 GMT
Module: PLD-doc                       Tag: HEAD
---- Log message:
- new security announcements sending framework. needs more work and ideas welcome!
- previous code branched to RA-branch.

---- Files affected:
PLD-doc/PLDSA:
   new-sa (NONE -> 1.1)  (NEW), send-sa (NONE -> 1.1)  (NEW), PLDSA_numbers (1.1.1.1 -> NONE)  (REMOVED), pld-security-announce (1.8 -> NONE)  (REMOVED), poldek-apt.conf.txt (1.2 -> NONE)  (REMOVED), poldek-apt.txt (1.2 -> NONE)  (REMOVED), szkielet.txt (1.4 -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: PLD-doc/PLDSA/new-sa
diff -u /dev/null PLD-doc/PLDSA/new-sa:1.1
--- /dev/null	Sun Jun  4 21:03:28 2006
+++ PLD-doc/PLDSA/new-sa	Sun Jun  4 21:03:23 2006
@@ -0,0 +1,163 @@
+#!/bin/sh
+#  Copyright (C) 2006 Elan Ruusamäe <glen at pld-linux.org>
+#
+#  Script for making security announce for PLD Linux Distribution
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+self=$(basename "$0")
+set -e
+
+# init database
+year=$(date +%Y)
+db="db/$year"
+mkdir -p "$db"
+
+# guess new id
+id=$(ls -1v $db/*.pldsa 2>/dev/null | tail -n 1 | xargs -r basename | sed -e 's,\.pldsa$,,' )
+if [ "$id" ]; then
+	id=$(expr $id + 1)
+else
+	id=0
+fi
+
+sa_file=$db/$(printf %02d $id).pldsa
+sa_id="PLDSA $year-$(printf %02d $id)"
+
+vulnreability=
+problem_type="local/remote"
+pld_specific="yes/no"
+cve_id=
+bugtraq_id=
+upstream_url=
+
+# parse command line args
+t=`getopt -o p: --long \
+package:,cve-id:,bugtraq-id:,upstream-url:,vulnreability:,local,remote \
+-n "$self" -- "$@"`
+if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
+eval set -- "$t"
+
+while true; do
+	case "$1" in
+		-p|--package)
+			shift
+			package="$1"
+		;;
+		--cve-id)
+			shift
+			cve_id="$1"
+		;;
+		--bugtraq-id)
+			shift
+			bugtraq_id="$1"
+		;;
+		--upstream-url)
+			shift
+			upstream_url="$1"
+		;;
+		--vulnreability)
+			shift
+			vulnreability="$1"
+		;;
+		--local)
+			problem_type=local
+		;;
+		--remote)
+			problem_type=remote
+		;;
+		--)
+			shift
+			break
+			;;
+		*)
+			echo 2>&1 "$self: Internal error: [$1] not recognized!"
+			exit 1
+		;;
+	esac
+	shift
+done
+
+get_input() {
+	eval `dml <<-EOF
+	<meta title="Create new announce">
+	<br>
+	Please fill info about updated package.<br>
+	<br>
+	Package (Name-Version-Release) : <input id="package" caption="$package"><br>
+	<br>
+	Vulnreability is short description of the problem.<br>
+	It will be included in announce Subject.<br>
+	<br>
+	Vulnerability   : <input id="vulnreability" caption="$vulnreability"><br>
+	Problem-Type    : <input id="problem_type" caption="$problem_type"><br>
+	PLD specific    : <input id="pld_specific" caption="$pld_specific"><br>
+	<br>
+	CVE ID, BugTraq ID and Upstream URL are optional.<br>
+	<br>
+	CVE ID          : <input id="CAN" caption="$cve_id"><br>
+	BugTraq ID      : <input id="bugtraq_ID" caption="$bugtraq_id"><br>
+	Upstream URL    : <input id="upstream_URL" caption="$upstream_url"><br>
+
+	<br>
+	<button caption="Ok" id="ok"> <button caption="Cancel" id="cancel">
+	<br><br>
+	After pressing OK the new template of announce mail is created and PLDSA ID is assigned.<br>
+	The announce itself can be sent out any time in the future.<br>
+EOF`
+}
+
+error() {
+	local msg="$1"
+	eval `dml <<-EOF
+	<meta title=" Error ">
+	<br>
+	$msg
+	<br><br>
+	<button caption="Ok">
+EOF`
+}
+
+while true; do
+	get_input
+	if [ "$cancel" = yes ]; then
+		echo "Aborting..."
+		exit 0
+	fi
+	if [ "$pld_specific" = "yes/no" ]; then
+		error "Field 'PLD specific' must be filled!"
+		continue
+	fi
+	break
+done
+
+cat <<EOF > $sa_file
+----------------------------------------------------------------------------
+PLD Security Advisory $sa_id                   security at pld-linux.org
+http://www.pld-linux.org/security/                         PLD Security Team
+%{date}                             http://www.pld-linux.org/security/faq
+----------------------------------------------------------------------------
+
+Package       : $package
+Vulnerability : $vulnreability
+Problem-Type  : $problem_type
+PLD-specific  : $pld_specific
+
+EOF
+
+(cd $(dirname "$sa_file"); ${EDITOR-vim} $(basename "$sa_file"))
+
+echo ""
+echo "Created PLDSA template as $sa_file"
+echo ""

================================================================
Index: PLD-doc/PLDSA/send-sa
diff -u /dev/null PLD-doc/PLDSA/send-sa:1.1
--- /dev/null	Sun Jun  4 21:03:28 2006
+++ PLD-doc/PLDSA/send-sa	Sun Jun  4 21:03:23 2006
@@ -0,0 +1,45 @@
+#!/bin/sh
+#  Copyright (C) 2006 Elan Ruusamäe <glen at pld-linux.org>
+#
+#  Script for making security announce for PLD Linux Distribution
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+self=$(basename "$0")
+
+sa_file="$1"
+if [ -z "$sa_file" ]; then
+	echo >&2 "$self: Please input file to send!"
+	exit 1
+fi
+
+if [ ! -f "$sa_file" ]; then
+	echo >&2 "$self: $sa_file does not exist!"
+	exit 1
+fi
+sa_id="PLDSA $year-$(printf %02d $id)"
+date=$(date +%Y-%m-%d)
+
+gen_sa() {
+	local sa_file="$1"
+	cat "$sa_file" | sed -e "
+	s/%{date}/$date/
+	"
+}
+
+# TODO
+# - generate update links
+# - md5 checksums
+# - based on sth like this: http://lists.pld-linux.org/mailman/pipermail/pld-security-announce/2003-May/000037.html
+gen_sa $sa_file
================================================================

More information about the pld-cvs-commit mailing list