diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | NEWS | 12 | ||||
| -rw-r--r-- | lib/MGA/Advisories.pm | 6 | ||||
| -rw-r--r-- | tmpl/advisory.json | 6 | ||||
| -rw-r--r-- | tmpl/newadvisory.adv | 2 | ||||
| -rw-r--r-- | tmpl/vulns.json | 2 |
6 files changed, 22 insertions, 8 deletions
@@ -1,4 +1,4 @@ -VERSION=0.31 +VERSION=0.33 PROJECTNAME=mga-advisories TARNAME=mgaadvisories @@ -1,6 +1,16 @@ -Version 0.X +Version 0.33 + +- show a hint if an SRPM can't be found in non-core +- include source=arch in the JSON purl parameter +- remove a couple of unneeded spaces in vulns.json +- don't always reset a "modified" value in the status file + +Version 0.32 - loading all advisories is much faster on multicore machines +- sort fields in templated output for consistency +- template: change default CVE year to 2025 +- template: fix encoding i18n text in JSON advisories Version 0.31 diff --git a/lib/MGA/Advisories.pm b/lib/MGA/Advisories.pm index ea32f90..c7248b8 100644 --- a/lib/MGA/Advisories.pm +++ b/lib/MGA/Advisories.pm @@ -219,7 +219,8 @@ sub get_advisories_from_dir { # TODO: this changes the ref set previously to include the extension # this time. Is that deliberate? my $fn = $adv->{ref} = basename($advfile); - if (exists $modified->{$fn}) { + if (exists $modified->{$fn} && + (! exists $adv->{status}{modified} || $modified->{$fn} > $adv->{status}{modified})) { # Pull the modified date into the advisory $adv->{status}{modified} = $modified->{$fn}; } @@ -395,6 +396,9 @@ sub assign_id { print $msg = "✔ "; } else { print $msg = "✘ ($rel/$media/$srpm) "; + if ($media ne "core" && index($srpm, ".$media") < 0) { + print $msg .= "(missing .$media suffix?) "; + } $failed = 1; } $buffer .= $msg; diff --git a/tmpl/advisory.json b/tmpl/advisory.json index 6194f38..5144f4c 100644 --- a/tmpl/advisory.json +++ b/tmpl/advisory.json @@ -3,8 +3,8 @@ use JSON; [% END -%] [% MACRO jsonvar(var) PERL -%] -# JSON-encode the given variable, including quotes -print JSON::encode_json($stash->get($stash->get('var'))); +# JSON-encode the given variable, including adding quotes +print JSON->new->utf8(0)->encode($stash->get($stash->get('var'))); [% END %] [%- SET adv = advdb.advisories.$advisory -%] { @@ -56,7 +56,7 @@ print JSON::encode_json($stash->get($stash->get('var'))); [% SET pkgver = pkg.text -%] [% USE purl = String('pkg:rpm/mageia/') -%] [% CALL purl.push(pkgname) -%] -[% CALL purl.push('?distro=mageia-') -%] +[% CALL purl.push('?arch=source&distro=mageia-') -%] [% CALL purl.push(rel) -%] [% SET purltext = purl.text -%] "purl": [% jsonvar('purltext') %] diff --git a/tmpl/newadvisory.adv b/tmpl/newadvisory.adv index 8c481c3..5e6aaca 100644 --- a/tmpl/newadvisory.adv +++ b/tmpl/newadvisory.adv @@ -2,7 +2,7 @@ type: [% type %] [% IF type == 'security' -%] subject: Updated [% name %] packages fix security vulnerability CVE: - - CVE-2024-XXXX + - CVE-2025-XXXX [% ELSE -%] subject: Updated [% name %] packages fix [something] [% END -%] diff --git a/tmpl/vulns.json b/tmpl/vulns.json index 790f88a..11e9773 100644 --- a/tmpl/vulns.json +++ b/tmpl/vulns.json @@ -4,7 +4,7 @@ [% USE advid = String(basename.ID(adv)) -%] [% IF advid.search('^MGASA-') -%] [%- "," IF gotone %] -{"id": "[% basename.ID(adv) %]","modified": "[% date.format(advdb.advisories.$adv.status.modified, format => '%Y-%m-%dT%H:%M:%SZ', gmt => 1) %]"} +{"id":"[% basename.ID(adv) %]","modified":"[% date.format(advdb.advisories.$adv.status.modified, format => '%Y-%m-%dT%H:%M:%SZ', gmt => 1) %]"} [%- SET gotone = 1 %] [%- END %] [%- END %] |