process-advisories.sh 2.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. #!/bin/bash -e
  2. # Copyright The GNU Toolchain Authors.
  3. # This file is part of the GNU C Library.
  4. #
  5. # The GNU C Library is free software; you can redistribute it and/or
  6. # modify it under the terms of the GNU Lesser General Public
  7. # License as published by the Free Software Foundation; either
  8. # version 2.1 of the License, or (at your option) any later version.
  9. #
  10. # The GNU C Library is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. # Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public
  16. # License along with the GNU C Library; if not, see
  17. # <https://www.gnu.org/licenses/>.
  18. if ! [ -d advisories ]; then
  19. echo "error: Run me from the toplevel directory of the glibc repository."
  20. exit 1
  21. fi
  22. command=$1
  23. usage () {
  24. cat >&2 <<EOF
  25. usage: $0 {update|news}
  26. EOF
  27. exit 1
  28. }
  29. command="$1"
  30. case "$command" in
  31. update|news)
  32. ;;
  33. *)
  34. usage
  35. ;;
  36. esac
  37. get_rel() {
  38. rel=$(git describe $1 | sed 's/glibc-\([^g]\+\)-g.*/\1/')
  39. # If the latest tag for the commit is the development tag, then increment
  40. # the release version.
  41. if echo $rel | grep -q "\.9000"; then
  42. rel=$(echo $rel | sed 's/2\.\([0-9]\+\)\.9000.*/\1/')
  43. rel="2.$((rel+1))"
  44. fi
  45. echo $rel
  46. }
  47. advisories_update() {
  48. advisory=$1
  49. if [ -z $1 ]; then
  50. echo "Usage: $0 update GLIBC-SA-YYYY-NNNN"
  51. exit 1
  52. fi
  53. advisory_file=advisories/$advisory
  54. grep --color=none Commit $advisory_file | awk '{printf "%s %s\n", $1, $2}' |
  55. while read t r; do
  56. rel=$(get_rel $r)
  57. echo "*** Updating: $t $r ($rel)"
  58. sed -i "s/^$t $r.*/$t $r ($rel)/" $advisory_file
  59. done
  60. }
  61. advisories_news() {
  62. rel=$(get_rel "HEAD")
  63. for f in $(grep -l "^Fix-Commit: .* ($rel)$" advisories/*); do
  64. echo -e " $(basename $f):"
  65. cve_id=$(sed -n 's/CVE-Id: \(.*\)/\1/p' $f)
  66. echo "$(head -1 $f) ($cve_id)" | fold -w 68 -s |
  67. while read line; do
  68. echo " $line"
  69. done
  70. echo
  71. done
  72. }
  73. advisories_$command $2