#!/usr/bin/perl -w # # Copyright (c) 2004 Oliver Eikemeier. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: # # 1. Redistributions of source code must retain the above copyright notice # this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the name of the author nor the names of its contributors may be # used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # $FreeBSD$ # # portaudit to VuXML converter, use with # portaudit2vuxml.pl # and edit the entry to suit your needs. # require 5.005; use strict; use Cwd 'abs_path'; my $portsdir = $ENV{PORTSDIR} ? $ENV{PORTSDIR} : '/usr/ports'; my $portauditdb = "$portsdir/security/portaudit-db/database/portaudit.txt"; my $uuid = $ARGV[0]; $#ARGV == 0 && $uuid =~ /^[0-9a-f]{8}(?:-[0-9a-f]{4}){4}[0-9a-f]{8}$/ or die "usage: $0 $uuid \n"; my $today=`date -u +%Y-%m-%d`; chomp $today; my @pkg; my $url; my $topic; open PORTAUDITDB, "<$portauditdb" or die "Can't open $portauditdb: $!\n"; while () { chomp; next if /^(?:#|$)/; my @line = split /\|/; next if $#line < 3 || $line[3] ne $uuid; push @pkg, $line[0]; $url = $line[1]; $topic = $line[2]; } close PORTAUDITDB; $url =~ s//>/g; $url =~ s/&/&/g; $topic =~ s//>/g; $topic =~ s/&/&/g; my %oper = ( '<' => 'lt', '<=' => 'le', '=' => 'eq', '>=' => 'ge', '>' => 'gt' ); if (@pkg) { print " \n"; print " $topic\n"; print " \n"; foreach (@pkg) { my @vers = split /((?:<|>)=?|=)/; my $pkgname = shift @vers; print " \n"; print " $pkgname\n"; if (@vers) { print " "; while (@vers) { my $op = $oper{shift @vers}; my $v = shift @vers; print "<$op>$v"; } print "\n"; } print " \n"; } print " \n"; print " \n"; print " \n"; print "

Please contact\n"; print " the FreeBSD Security Team for more information.

\n"; print " \n"; print " \n"; print " \n"; foreach (split ' ', $url) { if (m'^http://cve\.mitre\.org/cgi-bin/cvename\.cgi\?name=(.+)$') { print " $1\n" } elsif (m'^(http://www\.securityfocus\.com/archive/.+)$') { print " $1\n" } elsif (m'^http://www\.securityfocus\.com/bid/(.+)$') { print " $1\n" } elsif (m'^(http://(?:article\.gmane\.org|lists\.netsys\.com|marc\.theaimsgroup\.com)/.+)$') { print " $1\n" } elsif (m'^http://www\.kb\.cert\.org/vuls/id/(.+)$') { print " $1\n" } elsif (m'^http://www\.cert\.org/advisories/(.+)\.html$') { print " $1\n" } else { print " $_\n"; } } print " \n"; print " \n"; print " 2000-00-00\n"; print " $today\n"; print " \n"; print " \n"; }