#!/usr/bin/perl -w
use strict;

my %allcve = ();
my %allpkgs = ();

my @allrpms=`find . -name "*.rpm"`;
my %pkgs;

foreach my $rpm (@allrpms) {
	chomp $rpm;
	next if ($rpm =~ /.src.rpm/);

	my $rpmvers = `rpm -q --qf '%{name} %{version}-%{release}\n' -p '$rpm'`;
	chomp $rpmvers;
	my ($rpmname,$rpmvr) = split(/ /,$rpmvers);

	next if ($rpmname =~ /-debuginfo/);
	next if ($rpmname =~ /-debugsource/);

	open(RPMQC,"rpm -qp --changelog '$rpm'|")||die "rpm -qp --changelog '$rpm'";
	while (<RPMQC>) {
		while (/(CVE-\d\d\d\d-\d\d\d\d\d*)/) {
			my $cve = $1;

			my %xpkgs = ();
			if (defined($allcve{$cve})) {
				%xpkgs = %{$allcve{$cve}};
			}
			$xpkgs{$rpmname} = $rpmvr;
			$allcve{$cve} = \%xpkgs;

			my %xcves = ();
			if (defined($allpkgs{"$rpmname-$rpmvr"})) {
				%xcves = %{$allpkgs{"$rpmname-$rpmvr"}};
			}
			$xcves{$cve} = 1;

			$allpkgs{"$rpmname-$rpmvr"} = \%xcves;

			s/(CVE-\d\d\d\d-\d\d\d\d\d*)//; # multiline cves..
		}
	}
	close(RPMQC)||die "rpm -qp --changelog '$rpm': $!";
}

#foreach my $cve (sort keys %allcve) {
#	my %pkgs = %{$allcve{$cve}};
#	foreach my $pkg (sort keys %pkgs) {
#		print "$cve,$pkg,$pkgs{$pkg}\n";
#	}
#}

my %cvesets;

foreach my $pkg (sort keys %allpkgs) {
	my %cves = %{$allpkgs{$pkg}};
	#print "$pkg," . join(",",sort keys %cves) . "\n";

	my $cveset = join(",",sort keys %cves);
	if (defined($cvesets{$cveset})) {
		$cvesets{$cveset} .= ";$pkg";
	} else {
		$cvesets{$cveset} = "$pkg";
	}
}

foreach my $cveset (keys %cvesets) {
	print "$cvesets{$cveset},$cveset\n";
}