| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | 0.33HEAD0.33master | Dan Fandrich | 2025-04-25 | 2 | -1/+8 |
| | | |||||
| * | Show a hint if an SRPM can't be found in non-core | Dan Fandrich | 2025-04-02 | 1 | -0/+3 |
| | | | | | | If the RPM name is missing a .nonfree or .tainted suffix, warn the user that this might be the reason. | ||||
| * | Include source=arch in the JSON purl parameter | Dan Fandrich | 2025-03-22 | 1 | -1/+1 |
| | | | | | | | | This identifies the packages as source packages, which is the only type we supply in advisories. This is done in the same way as Debian, Ubuntu and Alpine (at least) and indicates that the package is not the binary package that is usually installed by users. | ||||
| * | Remove a couple of unneeded spaces in vulns.json | Dan Fandrich | 2025-02-25 | 1 | -1/+1 |
| | | | | | | This file grows unbounded with all vulnerabilities so reducing its size even by a little can be valuable. | ||||
| * | Don't always reset a "modified" value in the status file | Dan Fandrich | 2025-02-24 | 1 | -1/+2 |
| | | | | | | The modified value starts off from SVN, but if a more recent value is found in the status file, use that instead. | ||||
| * | 0.320.32 | Dan Fandrich | 2025-02-17 | 2 | -2/+2 |
| | | |||||
| * | template: fix encoding i18n text in JSON advisories | Dan Fandrich | 2025-02-17 | 2 | -2/+3 |
| | | | | | | The default JSON encoding assumed the input was Latin-1, not the UTF-8 it is. | ||||
| * | Change default CVE year in new advisories to 2025 | Dan Fandrich | 2024-12-06 | 2 | -1/+3 |
| | | |||||
| * | Sort all hash keys in templates | Dan Fandrich | 2024-12-06 | 6 | -15/+15 |
| | | | | | | This results in deterministic output, so multiple runs will produce the same output. | ||||
| * | Read advisories from disk in parallel | Dan Fandrich | 2024-12-06 | 2 | -9/+32 |
| | | | | | | | The parsing overhead is now spread over multiple cores when available, dramatically reducing the time to read them all. mgaadv list is twice as fast now on one test machine, for example. | ||||
| * | 0.310.31 | Dan Fandrich | 2024-10-25 | 2 | -2/+2 |
| | | |||||
| * | Show how to get the OSV format advisories on the infos page | Dan Fandrich | 2024-04-16 | 2 | -1/+12 |
| | | |||||
| * | Add the modified field to the JSON bugs index | Dan Fandrich | 2024-04-16 | 1 | -1/+2 |
| | | | | | This brings it in line with the vulnerabilities index. | ||||
| * | Ensure the .adv file ends with newline when publishing | Dan Fandrich | 2024-04-16 | 2 | -0/+15 |
| | | | | | | Lacking a newline corrupts the file when the ID is appended. Return an error if this case is detected. | ||||
| * | 0.300.30 | Dan Fandrich | 2024-04-16 | 2 | -2/+2 |
| | | |||||
| * | Get the last modified date of advisories from SVN | Dan Fandrich | 2024-04-16 | 5 | -2/+34 |
| | | | | | | | | | | The modification date helps track if an advisory was changed after initial publication. This is especially important for OSV users who need the modification date in the vulns.json index to determine whether an existing advisory was updated so they can download the update. Also, keep "ref" (pointing to bug number) in all advisories, not just the TODO ones. | ||||
| * | Try to fix publish-all | Dan Fandrich | 2024-04-16 | 2 | -1/+5 |
| | | | | | | An argument to output_pages() was missing. This command probably never worked. | ||||
| * | 0.290.29 | Dan Fandrich | 2024-04-05 | 2 | -1/+5 |
| | | |||||
| * | Install the new *.json templates | Dan Fandrich | 2024-04-05 | 1 | -1/+1 |
| | | |||||
| * | 0.280.28 | Dan Fandrich | 2024-04-05 | 2 | -2/+2 |
| | | |||||
| * | Fix make tar to compress the file | Dan Fandrich | 2024-04-05 | 2 | -1/+2 |
| | | |||||
| * | Exit if any of the parallel processes return an error | Dan Fandrich | 2024-03-21 | 1 | -1/+10 |
| | | |||||
| * | Cross-check that at least one SRPM is listed in the advisory | Dan Fandrich | 2024-03-21 | 2 | -0/+5 |
| | | | | | An advisory must come with at least one fixed package. | ||||
| * | Use multiprocessing in mksite for improved speed | Dan Fandrich | 2024-03-19 | 2 | -20/+69 |
| | | | | | | | | | | | This generates templated files using some parallelism, reducing the total mksite time to less than half in my tests. Increasing parallelism even further is possible, but would make the code harder to understand. The obvious technique of generating each templated file in its own process is actually far slower because the overhead of process creation dwarfs the time spent processing the template, which is on average very small and quick. | ||||
| * | Write JSON index files for advisories | Dan Fandrich | 2024-03-14 | 3 | -0/+22 |
| | | | | | | | The JSON schema is simple and compatible with the one published in the Go Vulnerability Database. Security advisories and bugfix advisories each have their own index. | ||||
| * | Write JSON output files in mksite | Dan Fandrich | 2024-03-08 | 2 | -0/+3 |
| | | |||||
| * | Add 'showjson' command to output an advisory in OSV JSON | Dan Fandrich | 2024-03-08 | 4 | -0/+135 |
| | | | | | | | Open Source Vulnerability format is a standard for publishing vulnerabilities in Open Source projects and is defined at https://ossf.github.io/osv-schema/ | ||||
| * | Fix indentation in the new advisory template | Dan Fandrich | 2024-02-14 | 1 | -4/+4 |
| | | | | | | While the old indentation works, the new one passes yamllint, making it easier to automatically check for problems. | ||||
| * | template: change default CVE year to 2024 | Dan Fandrich | 2024-01-20 | 2 | -1/+6 |
| | | |||||
| * | Use https: links where possible | Dan Fandrich | 2024-01-20 | 4 | -6/+6 |
| | | |||||
| * | 0.270.27 | Thomas Backlund | 2023-07-02 | 2 | -1/+3 |
| | | |||||
| * | template: change default CVE year to 2023 | Thomas Backlund | 2023-07-02 | 2 | -1/+2 |
| | | |||||
| * | template: change default dist and dist-suffix for Mageia 9 | Thomas Backlund | 2023-07-02 | 2 | -2/+4 |
| | | |||||
| * | 0.260.26 | Thomas Backlund | 2021-01-14 | 2 | -1/+3 |
| | | |||||
| * | add missing NEWS entry | Thomas Backlund | 2021-01-14 | 1 | -0/+1 |
| | | |||||
| * | - template: change default dist and dist-suffix for Mageia 8 | Thomas Backlund | 2021-01-14 | 2 | -3/+6 |
| | | | | | - template: change default CVE year to 2021 | ||||
| * | Report the broken file rather than exploding when an advisory is invalid | Pascal Terjan | 2020-11-08 | 1 | -1/+9 |
| | | |||||
| * | fix typo | Thomas Backlund | 2019-05-20 | 1 | -1/+1 |
| | | |||||
| * | 0.250.25 | Thomas Backlund | 2019-05-20 | 2 | -1/+3 |
| | | |||||
| * | - template: change default dist and dist-suffix for Mageia | Thomas Backlund | 2019-05-20 | 2 | -3/+6 |
| | | | | | - template: change default CVE year to 2019 | ||||
| * | Rename 'make tar' tarball to match gitweb snapshot name | Rémi Verschelde | 2017-09-20 | 1 | -2/+2 |
| | | |||||
| * | 0.240.24 | Rémi Verschelde | 2017-09-20 | 2 | -1/+3 |
| | | |||||
| * | template: change default dist and dist-suffix for Mageia 6 | Rémi Verschelde | 2017-09-20 | 2 | -3/+5 |
| | | |||||
| * | Reset 'advisory' keyword instead of 'validated_update' for invalid advisories | Rémi Verschelde | 2017-09-20 | 2 | -2/+5 |
| | | | | | | This is now possible since 'advisory' was made a keyword, while it used to be written in the Whiteboard field. | ||||
| * | its 2016 now | Thomas Backlund | 2016-04-08 | 1 | -1/+1 |
| | | |||||
| * | use https in links to advisories | Thomas Backlund | 2016-04-08 | 2 | -3/+3 |
| | | |||||
| * | use https in mitre cve links | Thomas Backlund | 2016-04-08 | 4 | -4/+4 |
| | | |||||
| * | Add URL to descriptions | Pascal Terjan | 2016-02-29 | 1 | -0/+1 |
| | | |||||
| * | Version 0.230.23 | Rémi Verschelde | 2015-09-27 | 2 | -1/+3 |
| | | |||||
| * | template: also change dist-suffix from mga4 to mga5 | Rémi Verschelde | 2015-09-27 | 2 | -1/+3 |
| | | |||||
 |
index : mgaadvisories | |
| Scripts to Help with Update Advisories | Nicolas Vigier [boklm] |
| aboutsummaryrefslogtreecommitdiffstats |