Sync from SUSE:SLFO:Main govulncheck-vulndb revision 212093b2fd8e687095785f7d71e9d0b1

2024-10-18 15:38:36 +02:00 · 2024-10-18 15:38:36 +02:00 · b9f5aeac9f
commit b9f5aeac9f
4 changed files with 148 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/govulncheck-vulndb.changes
+++ b/govulncheck-vulndb.changes
@ -0,0 +1,64 @@
+-------------------------------------------------------------------
+Wed Oct 16 14:47:39 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Packaging improvements:
+  * Add ExcludeArch: s390. Go is supported on s390x but not
+    available on s390. Since the package will be submitted to
+    SLE-12, do not build on s390 consistent with other Go tools for
+    that arch.
+  * Fix License: CC-BY-4.0
+
+-------------------------------------------------------------------
+Tue Oct 15 18:38:57 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241015T183857 date 2024-10-15T18:38:57Z.
+  Go CVE Numbering Authority IDs added or updated:
+  * GO-2024-3189
+  * GO-2024-3196
+  * GO-2024-3199
+  * GO-2024-3200
+  * GO-2024-3201
+
+-------------------------------------------------------------------
+Mon Oct 14 19:20:43 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241014T192043 date 2024-10-14T19:20:43Z.
+  Go CVE Numbering Authority IDs added or updated:
+  * GO-2024-3166
+  * GO-2024-3171
+
+-------------------------------------------------------------------
+Fri Oct 10 14:32:39 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Update to version 0.0.20241011T143239 date 2024-10-11T14:32:39Z.
+  Go CVE Numbering Authority IDs added or updated:
+  * GO-2024-3161
+  * GO-2024-3162
+  * GO-2024-3163
+  * GO-2024-3164
+  * GO-2024-3166
+  * GO-2024-3167
+  * GO-2024-3168
+  * GO-2024-3169
+  * GO-2024-3170
+  * GO-2024-3172
+  * GO-2024-3173
+  * GO-2024-3174
+  * GO-2024-3175
+  * GO-2024-3179
+  * GO-2024-3181
+  * GO-2024-3182
+  * GO-2024-3184
+  * GO-2024-3185
+  * GO-2024-3186
+  * GO-2024-3188
+  * GO-2024-3190
+  * GO-2024-3191
+
+-------------------------------------------------------------------
+Thu Sep 26 18:24:03 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com>
+
+- Initial package govulncheck-vulndb version 0.0.20240926T182403:
+  * Upstream vulndb.zip with modified date 2024-09-26T18:24:03Z
+  * Previx version with 0.0.x to preserve options if upstream
+    decides on a versioning scheme to supplement the timestamp
--- a/govulncheck-vulndb.spec
+++ b/govulncheck-vulndb.spec
@ -0,0 +1,58 @@
+#
+# spec file for package govulncheck-vulndb
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define shortname vulndb
+
+Name:           govulncheck-vulndb
+Version:        0.0.20241015T183857
+Release:        0
+Summary:        Local copy of Go vulnerability database
+License:        CC-BY-4.0
+Group:          Development/Languages/Go
+URL:            https://pkg.go.dev/vuln/
+Source:         %{shortname}.zip
+Suggests:       govulncheck
+BuildArch:      noarch
+BuildRequires:  unzip
+# SLE-12 has s390 but the Go compiler is not supported on that arch
+ExcludeArch:    s390
+
+%description
+govulncheck-vulndb provides a local copy of the Go vulnerability database
+https://vuln.go.dev as files in the Open Source Vulnerability (OSV) schema.
+This allows tools such as govulncheck to be used in offline environments.
+
+Usage:
+
+govulncheck -db file:///usr/share/vulndb
+
+%prep
+unzip %{SOURCE0} -d %{shortname}
+
+%build
+
+%install
+install -d %{buildroot}%{_datadir}/%{shortname}
+find . -name "*.json" -exec install -Dm644 \{\} %{buildroot}%{_datadir}/\{\} \;
+
+%check
+
+%files
+%{_datadir}/%{shortname}
+
+%changelog
--- a/vulndb.zip
+++ b/vulndb.zip