aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile2
-rw-r--r--NEWS16
-rw-r--r--lib/MGA/Advisories.pm43
-rw-r--r--tmpl/advisories_table.html6
-rw-r--r--tmpl/advisory.html4
-rw-r--r--tmpl/advisory.json10
-rw-r--r--tmpl/advisory.txt4
-rw-r--r--tmpl/advisory_item.rss4
-rw-r--r--tmpl/index.html8
-rw-r--r--tmpl/newadvisory.adv2
-rw-r--r--tmpl/vulns.json2
11 files changed, 69 insertions, 32 deletions
diff --git a/Makefile b/Makefile
index 69f5a59..f35f26f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION=0.30
+VERSION=0.33
PROJECTNAME=mga-advisories
TARNAME=mgaadvisories
diff --git a/NEWS b/NEWS
index 057f8ea..5eb026c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,18 @@
-Version 0.X
+Version 0.33
+
+- show a hint if an SRPM can't be found in non-core
+- include source=arch in the JSON purl parameter
+- remove a couple of unneeded spaces in vulns.json
+- don't always reset a "modified" value in the status file
+
+Version 0.32
+
+- loading all advisories is much faster on multicore machines
+- sort fields in templated output for consistency
+- template: change default CVE year to 2025
+- template: fix encoding i18n text in JSON advisories
+
+Version 0.31
- ensure .adv file ends with newline when publishing
- show how to get the OSV format advisories on the infos page
diff --git a/lib/MGA/Advisories.pm b/lib/MGA/Advisories.pm
index 3752250..c7248b8 100644
--- a/lib/MGA/Advisories.pm
+++ b/lib/MGA/Advisories.pm
@@ -12,6 +12,7 @@ use Email::Simple::Creator;
use Fcntl qw(SEEK_END);
use HTTP::Request;
use LWP::UserAgent;
+use MCE::Map;
use Parallel::ForkManager;
use File::Basename;
use XMLRPC::Lite;
@@ -171,23 +172,36 @@ sub login_bz {
return 0;
}
+# Load the advisory and its status and return both the filename and advisory contents
+sub read_adv {
+ my ($advfile) = @_;
+ my $adv;
+ eval {
+ $adv = LoadFile($advfile);
+ };
+ if ($adv) {
+ $adv->{ref} = basename($advfile, ".adv");
+ if ($adv->{ID}) {
+ my $statusfile = status_file($adv->{ID});
+ $adv->{status} = -f $statusfile ? LoadFile($statusfile) : {};
+ }
+ }
+ return [$advfile, $adv];
+}
sub get_advisories_from_dir {
# Retrieve last modified dates from SVN
my $modified = get_modified();
my %advisories;
- foreach my $advfile (glob "$config->{advisories_dir}/*.adv") {
- my $adv;
- eval {
- $adv = LoadFile($advfile);
- };
- if ($@) {
+ # Read all advisories in parallel
+ foreach my $advdata (mce_map {read_adv($_)} glob "$config->{advisories_dir}/*.adv") {
+ my ($advfile, $adv) = @$advdata;
+ if (!$adv) {
print "Failed to load $advfile\n";
print $@;
next;
}
- $adv->{ref} = basename($advfile, ".adv");
if (!$adv->{ID}) {
next unless $config->{mode} eq 'qa';
$adv->{ID} = next_id('TODO', keys %advisories);
@@ -197,10 +211,16 @@ sub get_advisories_from_dir {
report_exit("Unknown type $adv->{type}") unless
$config->{advisory_types}{$adv->{type}};
$advisories{$adv->{ID}} = $adv;
- my $statusfile = status_file($adv->{ID});
- $adv->{status} = -f $statusfile ? LoadFile($statusfile) : {};
+ if (!$adv->{status}) {
+ # If it isn't already loaded
+ my $statusfile = status_file($adv->{ID});
+ $adv->{status} = -f $statusfile ? LoadFile($statusfile) : {};
+ }
+ # TODO: this changes the ref set previously to include the extension
+ # this time. Is that deliberate?
my $fn = $adv->{ref} = basename($advfile);
- if (exists $modified->{$fn}) {
+ if (exists $modified->{$fn} &&
+ (! exists $adv->{status}{modified} || $modified->{$fn} > $adv->{status}{modified})) {
# Pull the modified date into the advisory
$adv->{status}{modified} = $modified->{$fn};
}
@@ -376,6 +396,9 @@ sub assign_id {
print $msg = "✔ ";
} else {
print $msg = "✘ ($rel/$media/$srpm) ";
+ if ($media ne "core" && index($srpm, ".$media") < 0) {
+ print $msg .= "(missing .$media suffix?) ";
+ }
$failed = 1;
}
$buffer .= $msg;
diff --git a/tmpl/advisories_table.html b/tmpl/advisories_table.html
index 5dcca66..7a104e9 100644
--- a/tmpl/advisories_table.html
+++ b/tmpl/advisories_table.html
@@ -29,8 +29,8 @@
<td>
[% SET sep = '' %]
[% SET pkgs = {} %]
- [% FOREACH rel IN advdb.advisories.$adv.src.keys %]
- [% FOREACH media IN advdb.advisories.$adv.src.$rel.keys %]
+ [% FOREACH rel IN advdb.advisories.$adv.src.keys.sort %]
+ [% FOREACH media IN advdb.advisories.$adv.src.$rel.keys.sort %]
[% FOREACH srpm IN advdb.advisories.$adv.src.$rel.$media %]
[% SET srcname = tools.pkgname(srpm) %]
[% IF ! pkgs.$srcname %]
@@ -46,7 +46,7 @@
<td>[% advdb.advisories.$adv.type %]</td>
<td>
[% SET sep = '' %]
- [% FOREACH rel IN advdb.advisories.$adv.src.keys %]
+ [% FOREACH rel IN advdb.advisories.$adv.src.keys.sort %]
[% sep %]
[% SET sep = ', ' %]
<a href="[% basename.rel(rel) %].html">[% rel %]</a>
diff --git a/tmpl/advisory.html b/tmpl/advisory.html
index dda79a4..bdffed9 100644
--- a/tmpl/advisory.html
+++ b/tmpl/advisory.html
@@ -60,8 +60,8 @@
<div class='section'>
<h2>SRPMS</h2>
- [% FOREACH rel IN adv.src.keys -%]
- [% FOREACH media IN adv.src.$rel.keys -%]
+ [% FOREACH rel IN adv.src.keys.sort -%]
+ [% FOREACH media IN adv.src.$rel.keys.sort -%]
<h3>[% rel %]/[% media %]</h3>
<ul>
[% FOREACH srpm IN adv.src.$rel.$media -%]
diff --git a/tmpl/advisory.json b/tmpl/advisory.json
index ab46f2b..5144f4c 100644
--- a/tmpl/advisory.json
+++ b/tmpl/advisory.json
@@ -3,8 +3,8 @@
use JSON;
[% END -%]
[% MACRO jsonvar(var) PERL -%]
-# JSON-encode the given variable, including quotes
-print JSON::encode_json($stash->get($stash->get('var')));
+# JSON-encode the given variable, including adding quotes
+print JSON->new->utf8(0)->encode($stash->get($stash->get('var')));
[% END %]
[%- SET adv = advdb.advisories.$advisory -%]
{
@@ -37,9 +37,9 @@ print JSON::encode_json($stash->get($stash->get('var')));
[% END -%]
],
"affected": [
-[% USE srciter = iterator(adv.src.keys) -%]
+[% USE srciter = iterator(adv.src.keys.sort) -%]
[% FOREACH rel IN srciter -%]
-[% USE mediaiter = iterator(adv.src.$rel.keys) -%]
+[% USE mediaiter = iterator(adv.src.$rel.keys.sort) -%]
[% FOREACH media IN mediaiter -%]
[% FOREACH srpm IN adv.src.$rel.$media -%]
{
@@ -56,7 +56,7 @@ print JSON::encode_json($stash->get($stash->get('var')));
[% SET pkgver = pkg.text -%]
[% USE purl = String('pkg:rpm/mageia/') -%]
[% CALL purl.push(pkgname) -%]
-[% CALL purl.push('?distro=mageia-') -%]
+[% CALL purl.push('?arch=source&distro=mageia-') -%]
[% CALL purl.push(rel) -%]
[% SET purltext = purl.text -%]
"purl": [% jsonvar('purltext') %]
diff --git a/tmpl/advisory.txt b/tmpl/advisory.txt
index b34b13c..353df82 100644
--- a/tmpl/advisory.txt
+++ b/tmpl/advisory.txt
@@ -24,8 +24,8 @@ References:
[% END -%]
SRPMS:
-[% FOREACH rel IN adv.src.keys -%]
-[% FOREACH media IN adv.src.$rel.keys -%]
+[% FOREACH rel IN adv.src.keys.sort -%]
+[% FOREACH media IN adv.src.$rel.keys.sort -%]
[% FOREACH srpm IN adv.src.$rel.$media -%]
- [% rel %]/[% media %]/[% srpm %]
[% END -%]
diff --git a/tmpl/advisory_item.rss b/tmpl/advisory_item.rss
index db533a5..40cb374 100644
--- a/tmpl/advisory_item.rss
+++ b/tmpl/advisory_item.rss
@@ -47,8 +47,8 @@
&lt;/ul&gt;
&lt;h2&gt;SRPMS&lt;/h2&gt;
- [% FOREACH rel IN advisory.src.keys -%]
- [% FOREACH media IN advisory.src.$rel.keys -%]
+ [% FOREACH rel IN advisory.src.keys.sort -%]
+ [% FOREACH media IN advisory.src.$rel.keys.sort -%]
&lt;h3&gt;[% rel %]/[% media %]&lt;/h3&gt;
&lt;ul&gt;
[% FOREACH srpm IN advisory.src.$rel.$media -%]
diff --git a/tmpl/index.html b/tmpl/index.html
index 9c85cce..16cd24d 100644
--- a/tmpl/index.html
+++ b/tmpl/index.html
@@ -7,8 +7,8 @@
a = {};
a.src = [];
pkgs = {};
- FOREACH rel IN advdb.advisories.$adv.src.keys;
- FOREACH media IN advdb.advisories.$adv.src.$rel.keys;
+ FOREACH rel IN advdb.advisories.$adv.src.keys.sort;
+ FOREACH media IN advdb.advisories.$adv.src.$rel.keys.sort;
FOREACH srpm IN advdb.advisories.$adv.src.$rel.$media;
SET srcname = tools.pkgname(srpm);
IF ! pkgs.$srcname;
@@ -19,7 +19,7 @@
END;
END;
a.CVE = advdb.advisories.$adv.CVE;
- a.rel = advdb.advisories.$adv.src.keys;
+ a.rel = advdb.advisories.$adv.src.keys.sort;
FOREACH rel IN a.rel;
mga_releases.$rel = 1;
END;
@@ -41,7 +41,7 @@
<td>[% advdb.advisories.$adv.type %]</td>
<td>
[% SET sep = '' %]
- [% FOREACH rel IN advdb.advisories.$adv.src.keys %]
+ [% FOREACH rel IN advdb.advisories.$adv.src.keys.sort %]
[% sep %]
[% SET sep = ', ' %]
<a href="[% basename.rel(rel) %].html">[% rel %]</a>
diff --git a/tmpl/newadvisory.adv b/tmpl/newadvisory.adv
index 8c481c3..5e6aaca 100644
--- a/tmpl/newadvisory.adv
+++ b/tmpl/newadvisory.adv
@@ -2,7 +2,7 @@ type: [% type %]
[% IF type == 'security' -%]
subject: Updated [% name %] packages fix security vulnerability
CVE:
- - CVE-2024-XXXX
+ - CVE-2025-XXXX
[% ELSE -%]
subject: Updated [% name %] packages fix [something]
[% END -%]
diff --git a/tmpl/vulns.json b/tmpl/vulns.json
index 790f88a..11e9773 100644
--- a/tmpl/vulns.json
+++ b/tmpl/vulns.json
@@ -4,7 +4,7 @@
[% USE advid = String(basename.ID(adv)) -%]
[% IF advid.search('^MGASA-') -%]
[%- "," IF gotone %]
-{"id": "[% basename.ID(adv) %]","modified": "[% date.format(advdb.advisories.$adv.status.modified, format => '%Y-%m-%dT%H:%M:%SZ', gmt => 1) %]"}
+{"id":"[% basename.ID(adv) %]","modified":"[% date.format(advdb.advisories.$adv.status.modified, format => '%Y-%m-%dT%H:%M:%SZ', gmt => 1) %]"}
[%- SET gotone = 1 %]
[%- END %]
[%- END %]
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-12 12:08:00 +0000