aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* 0.35HEAD0.35masterDan Fandrich2026-04-132-2/+2
|
* More accurately classify reference links in the JSON outputDan Fandrich2026-04-132-1/+2
| | | | | | | | | Use some simple heuristics to determine if each reference link is an advisory, a report or a generic link. Despite the simplicity, the classification ends up being surprisingly accurate, mostly because there are only a few sites generally used for advisories and reports, and errors are almost always harmless false negatives which end up in the generic "web" type.
* Restore some parenthesis that are actually necessaryDan Fandrich2026-03-251-2/+2
|
* Detect duplicated words or space charactersDan Fandrich2026-03-242-0/+20
| | | | | These are real typos more than 95% of time (based on current statistics) and worth eliminating.
* Add checks for valid CVE identifiersDan Fandrich2026-03-242-9/+30
| | | | | These must maintain strict syntax so that they can be referred to by others, especially in the advisory.json format.
* Move CVEs into the new "upstream" field in OSV outputDan Fandrich2026-03-242-2/+6
| | | | This field is a better match for these than "related".
* 0.340.34Dan Fandrich2025-12-012-1/+6
|
* Change default CVE year in new advisories to 2026Dan Fandrich2025-12-011-1/+1
|
* Escape text when writing HTML (mga#17478)Dan Fandrich2025-09-091-6/+7
|
* 0.330.33Dan Fandrich2025-04-252-1/+8
|
* Show a hint if an SRPM can't be found in non-coreDan Fandrich2025-04-021-0/+3
| | | | | If the RPM name is missing a .nonfree or .tainted suffix, warn the user that this might be the reason.
* Include source=arch in the JSON purl parameterDan Fandrich2025-03-221-1/+1
| | | | | | | This identifies the packages as source packages, which is the only type we supply in advisories. This is done in the same way as Debian, Ubuntu and Alpine (at least) and indicates that the package is not the binary package that is usually installed by users.
* Remove a couple of unneeded spaces in vulns.jsonDan Fandrich2025-02-251-1/+1
| | | | | This file grows unbounded with all vulnerabilities so reducing its size even by a little can be valuable.
* Don't always reset a "modified" value in the status fileDan Fandrich2025-02-241-1/+2
| | | | | The modified value starts off from SVN, but if a more recent value is found in the status file, use that instead.
* 0.320.32Dan Fandrich2025-02-172-2/+2
|
* template: fix encoding i18n text in JSON advisoriesDan Fandrich2025-02-172-2/+3
| | | | | The default JSON encoding assumed the input was Latin-1, not the UTF-8 it is.
* Change default CVE year in new advisories to 2025Dan Fandrich2024-12-062-1/+3
|
* Sort all hash keys in templatesDan Fandrich2024-12-066-15/+15
| | | | | This results in deterministic output, so multiple runs will produce the same output.
* Read advisories from disk in parallelDan Fandrich2024-12-062-9/+32
| | | | | | The parsing overhead is now spread over multiple cores when available, dramatically reducing the time to read them all. mgaadv list is twice as fast now on one test machine, for example.
* 0.310.31Dan Fandrich2024-10-252-2/+2
|
* Show how to get the OSV format advisories on the infos pageDan Fandrich2024-04-162-1/+12
|
* Add the modified field to the JSON bugs indexDan Fandrich2024-04-161-1/+2
| | | | This brings it in line with the vulnerabilities index.
* Ensure the .adv file ends with newline when publishingDan Fandrich2024-04-162-0/+15
| | | | | Lacking a newline corrupts the file when the ID is appended. Return an error if this case is detected.
* 0.300.30Dan Fandrich2024-04-162-2/+2
|
* Get the last modified date of advisories from SVNDan Fandrich2024-04-165-2/+34
| | | | | | | | | The modification date helps track if an advisory was changed after initial publication. This is especially important for OSV users who need the modification date in the vulns.json index to determine whether an existing advisory was updated so they can download the update. Also, keep "ref" (pointing to bug number) in all advisories, not just the TODO ones.
* Try to fix publish-allDan Fandrich2024-04-162-1/+5
| | | | | An argument to output_pages() was missing. This command probably never worked.
* 0.290.29Dan Fandrich2024-04-052-1/+5
|
* Install the new *.json templatesDan Fandrich2024-04-051-1/+1
|
* 0.280.28Dan Fandrich2024-04-052-2/+2
|
* Fix make tar to compress the fileDan Fandrich2024-04-052-1/+2
|
* Exit if any of the parallel processes return an errorDan Fandrich2024-03-211-1/+10
|
* Cross-check that at least one SRPM is listed in the advisoryDan Fandrich2024-03-212-0/+5
| | | | An advisory must come with at least one fixed package.
* Use multiprocessing in mksite for improved speedDan Fandrich2024-03-192-20/+69
| | | | | | | | | | This generates templated files using some parallelism, reducing the total mksite time to less than half in my tests. Increasing parallelism even further is possible, but would make the code harder to understand. The obvious technique of generating each templated file in its own process is actually far slower because the overhead of process creation dwarfs the time spent processing the template, which is on average very small and quick.
* Write JSON index files for advisoriesDan Fandrich2024-03-143-0/+22
| | | | | | The JSON schema is simple and compatible with the one published in the Go Vulnerability Database. Security advisories and bugfix advisories each have their own index.
* Write JSON output files in mksiteDan Fandrich2024-03-082-0/+3
|
* Add 'showjson' command to output an advisory in OSV JSONDan Fandrich2024-03-084-0/+135
| | | | | | Open Source Vulnerability format is a standard for publishing vulnerabilities in Open Source projects and is defined at https://ossf.github.io/osv-schema/
* Fix indentation in the new advisory templateDan Fandrich2024-02-141-4/+4
| | | | | While the old indentation works, the new one passes yamllint, making it easier to automatically check for problems.
* template: change default CVE year to 2024Dan Fandrich2024-01-202-1/+6
|
* Use https: links where possibleDan Fandrich2024-01-204-6/+6
|
* 0.270.27Thomas Backlund2023-07-022-1/+3
|
* template: change default CVE year to 2023Thomas Backlund2023-07-022-1/+2
|
* template: change default dist and dist-suffix for Mageia 9Thomas Backlund2023-07-022-2/+4
|
* 0.260.26Thomas Backlund2021-01-142-1/+3
|
* add missing NEWS entryThomas Backlund2021-01-141-0/+1
|
* - template: change default dist and dist-suffix for Mageia 8Thomas Backlund2021-01-142-3/+6
| | | | - template: change default CVE year to 2021
* Report the broken file rather than exploding when an advisory is invalidPascal Terjan2020-11-081-1/+9
|
* fix typoThomas Backlund2019-05-201-1/+1
|
* 0.250.25Thomas Backlund2019-05-202-1/+3
|
* - template: change default dist and dist-suffix for MageiaThomas Backlund2019-05-202-3/+6
| | | | - template: change default CVE year to 2019
* Rename 'make tar' tarball to match gitweb snapshot nameRĂ©mi Verschelde2017-09-201-2/+2
|
generated by cgit v1.2.1 (git 2.21.0) at 2026-05-07 20:59:16 +0000