Sync from SUSE:ALP:Source:Standard:1.0 govulncheck-vulndb revision 786fbe9a0762630aa4f31bed6b304f6b

2024-11-05 13:44:48 +01:00
commit 296d2acfe9
4 changed files with 228 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/govulncheck-vulndb.changes
+++ b/govulncheck-vulndb.changes
@@ -0,0 +1,144 @@
+-------------------------------------------------------------------
+Mon Nov  4 15:44:16 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Update to version 0.0.20241104T154416 2024-11-04T15:44:16Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3233 CVE-2024-46872 GHSA-762g-9p7f-mrww
+  * GO-2024-3234 CVE-2024-47401 GHSA-762v-rq7q-ff97
+  * GO-2024-3235 CVE-2024-50052 GHSA-g376-m3h3-mj4r
+  * GO-2024-3237 CVE-2024-0133 GHSA-f748-7hpg-88ch
+  * GO-2024-3239 CVE-2024-0132 GHSA-mjjw-553x-87pq
+  * GO-2024-3240 CVE-2024-10452 GHSA-66c4-2g2v-54qw
+  * GO-2024-3241 CVE-2024-10006 GHSA-5c4w-8hhh-3c3h
+  * GO-2024-3242 CVE-2024-10086 GHSA-99wr-c2px-grmh
+  * GO-2024-3243 CVE-2024-10005 GHSA-chgm-7r52-whjj
+
+-------------------------------------------------------------------
+Fri Nov  1 21:56:16 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Update to version 0.0.20241101T215616 2024-11-01T21:56:16Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3244 CVE-2024-50354 GHSA-cph5-3pgr-c82g
+  * GO-2024-3245 CVE-2024-39720
+  * GO-2024-3246 CVE-2024-8185 GHSA-g233-2p4r-3q7v
+
+-------------------------------------------------------------------
+Wed Oct 30 21:28:25 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Update to version 0.0.20241030T212825 2024-10-30T21:28:25Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3230 CVE-2024-48921 GHSA-qjvc-p88j-j9rm
+  * GO-2024-3232 CVE-2024-10241 GHSA-6mvp-gh77-7vwh
+
+-------------------------------------------------------------------
+Wed Oct 30 16:01:08 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Update to version 0.0.20241030T160108 2024-10-30T16:01:08Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3226 CVE-2024-47827 GHSA-ghjw-32xw-ffwr
+  * GO-2024-3227 CVE-2024-10214 GHSA-hm57-h27x-599c
+  * GO-2024-3228 GHSA-wcx9-ccpj-hx3c
+- Packaging improvments:
+  * Backfill CVE aliases in recent changelog entries
+
+-------------------------------------------------------------------
+Mon Oct 28 15:20:02 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Update to version 0.0.20241028T152002 2024-10-28T15:20:02Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3207 GHSA-p5wf-cmr4-xrwr
+  * GO-2024-3208 CVE-2024-47825 GHSA-3wwx-63fv-pfq6
+  * GO-2024-3210 CVE-2024-8901
+  * GO-2024-3211 CVE-2024-50312
+  * GO-2024-3212 GHSA-rjfv-pjvx-mjgv
+  * GO-2024-3213 CVE-2024-49380
+  * GO-2024-3214 CVE-2024-49381
+  * GO-2024-3215 CVE-2024-9264 GHSA-q99m-qcv4-fpm7
+  * GO-2024-3216 CVE-2024-49753 GHSA-6cf5-w9h3-4rqv
+  * GO-2024-3217 CVE-2024-49757 GHSA-3rmw-76m6-4gjc
+  * GO-2024-3219 GHSA-7h65-4p22-39j6
+  * GO-2024-3220 CVE-2023-32197 GHSA-7h8m-pvw3-5gh4
+  * GO-2024-3221 CVE-2024-22036 GHSA-h99m-6755-rgwc
+  * GO-2024-3222 GHSA-x7xj-jvwp-97rv
+  * GO-2024-3223 CVE-2022-45157 GHSA-xj7w-r753-vj8v
+  * GO-2024-3224 CVE-2024-39223 GHSA-8wxx-35qc-vp6r
+
+-------------------------------------------------------------------
+Thu Oct 17 15:37:30 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241017T153730 date 2024-10-17T15:37:30Z.
+  Refs jsc#PED-11136
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3189 CVE-2024-38365 GHSA-27vh-h6mc-q6g8
+  * GO-2024-3203 CVE-2024-9486
+  * GO-2024-3204 CVE-2024-9594
+
+-------------------------------------------------------------------
+Wed Oct 16 14:47:39 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Packaging improvements:
+  * Add ExcludeArch: s390. Go is supported on s390x but not
+    available on s390. Since the package will be submitted to
+    SLE-12, do not build on s390 consistent with other Go tools for
+    that arch.
+  * Fix License: CC-BY-4.0
+
+-------------------------------------------------------------------
+Tue Oct 15 18:38:57 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241015T183857 date 2024-10-15T18:38:57Z.
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3189 CVE-2024-38365 GHSA-27vh-h6mc-q6g8
+  * GO-2024-3196 CVE-2024-47877 GHSA-8rm2-93mq-jqhc
+  * GO-2024-3199 GHSA-vv6c-69r6-chg9
+  * GO-2024-3200 CVE-2024-48909 GHSA-3c32-4hq9-6wgj
+  * GO-2024-3201 CVE-2023-22644
+
+-------------------------------------------------------------------
+Mon Oct 14 19:20:43 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241014T192043 date 2024-10-14T19:20:43Z.
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3166 CVE-2024-47534 GHSA-4f8r-qqr9-fq8j
+  * GO-2024-3171 CVE-2024-9341 GHSA-mc76-5925-c5p6
+
+-------------------------------------------------------------------
+Fri Oct 10 14:32:39 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241011T143239 date 2024-10-11T14:32:39Z.
+  Go CVE Numbering Authority IDs added or updated with aliases:
+  * GO-2024-3161 CVE-2024-22030 GHSA-h4h5-9833-v2p4
+  * GO-2024-3162 CVE-2024-7594 GHSA-jg74-mwgw-v6x3
+  * GO-2024-3163 CVE-2024-47182
+  * GO-2024-3164 CVE-2024-47003 GHSA-59hf-mpf8-pqjh
+  * GO-2024-3166 CVE-2024-47534 GHSA-4f8r-qqr9-fq8j
+  * GO-2024-3167 CVE-2024-9355 GHSA-3h3x-2hwv-hr52
+  * GO-2024-3168 CVE-2024-8975 GHSA-chqx-36rm-rf8h
+  * GO-2024-3169 CVE-2024-9407 GHSA-fhqq-8f65-5xfc
+  * GO-2024-3170 CVE-2024-8996 GHSA-m5gv-m5f9-wgv4
+  * GO-2024-3172 CVE-2024-33662 GHSA-9mjw-79r6-c9m8
+  * GO-2024-3173 CVE-2024-7558 GHSA-mh98-763h-m9v4
+  * GO-2024-3174 CVE-2024-8037 GHSA-8v4w-f4r9-7h6x
+  * GO-2024-3175 CVE-2024-8038 GHSA-xwgj-vpm9-q2rq
+  * GO-2024-3179 CVE-2024-47616 GHSA-r7rh-jww5-5fjr
+  * GO-2024-3181 CVE-2024-9313 GHSA-x5q3-c8rm-w787
+  * GO-2024-3182 GHSA-wpr2-j6gr-pjw9
+  * GO-2024-3184 CVE-2024-36814 GHSA-9cp9-8gw2-8v7m
+  * GO-2024-3185 CVE-2024-47832
+  * GO-2024-3186 CVE-2024-9675 GHSA-586p-749j-fhwp
+  * GO-2024-3188 CVE-2024-9312 GHSA-4gfw-wf7c-w6g2
+  * GO-2024-3190 CVE-2024-47067 GHSA-8pph-gfhp-w226
+  * GO-2024-3191 CVE-2024-9180 GHSA-rr8j-7w34-xp5j
+
+-------------------------------------------------------------------
+Thu Sep 26 18:24:03 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Initial package govulncheck-vulndb version 0.0.20240926T182403:
+  * Upstream vulndb.zip with modified date 2024-09-26T18:24:03Z
+  * Previx version with 0.0.x to preserve options if upstream
+    decides on a versioning scheme to supplement the timestamp
--- a/govulncheck-vulndb.spec
+++ b/govulncheck-vulndb.spec
@@ -0,0 +1,58 @@
+#
+# spec file for package govulncheck-vulndb
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define shortname vulndb
+
+Name:           govulncheck-vulndb
+Version:        0.0.20241104T154416
+Release:        0
+Summary:        Local copy of Go vulnerability database
+License:        CC-BY-4.0
+Group:          Development/Languages/Go
+URL:            https://pkg.go.dev/vuln/
+Source:         %{shortname}.zip
+Suggests:       govulncheck
+BuildArch:      noarch
+BuildRequires:  unzip
+# SLE-12 has s390 but the Go compiler is not supported on that arch
+ExcludeArch:    s390
+
+%description
+govulncheck-vulndb provides a local copy of the Go vulnerability database
+https://vuln.go.dev as files in the Open Source Vulnerability (OSV) schema.
+This allows tools such as govulncheck to be used in offline environments.
+
+Usage:
+
+govulncheck -db file:///usr/share/vulndb
+
+%prep
+unzip %{SOURCE0} -d %{shortname}
+
+%build
+
+%install
+install -d %{buildroot}%{_datadir}/%{shortname}
+find . -name "*.json" -exec install -Dm644 \{\} %{buildroot}%{_datadir}/\{\} \;
+
+%check
+
+%files
+%{_datadir}/%{shortname}
+
+%changelog
--- a/vulndb.zip
+++ b/vulndb.zip