commit b9f5aeac9f487f23f0144197e19096fec8c90b1cef6a50c85496bc8e4334f1aa Author: Adrian Schröter Date: Fri Oct 18 15:38:36 2024 +0200 Sync from SUSE:SLFO:Main govulncheck-vulndb revision 212093b2fd8e687095785f7d71e9d0b1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/govulncheck-vulndb.changes b/govulncheck-vulndb.changes new file mode 100644 index 0000000..9f61ce0 --- /dev/null +++ b/govulncheck-vulndb.changes @@ -0,0 +1,64 @@ +------------------------------------------------------------------- +Wed Oct 16 14:47:39 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * Add ExcludeArch: s390. Go is supported on s390x but not + available on s390. Since the package will be submitted to + SLE-12, do not build on s390 consistent with other Go tools for + that arch. + * Fix License: CC-BY-4.0 + +------------------------------------------------------------------- +Tue Oct 15 18:38:57 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com> + +- Update to version 0.0.20241015T183857 date 2024-10-15T18:38:57Z. + Go CVE Numbering Authority IDs added or updated: + * GO-2024-3189 + * GO-2024-3196 + * GO-2024-3199 + * GO-2024-3200 + * GO-2024-3201 + +------------------------------------------------------------------- +Mon Oct 14 19:20:43 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com> + +- Update to version 0.0.20241014T192043 date 2024-10-14T19:20:43Z. + Go CVE Numbering Authority IDs added or updated: + * GO-2024-3166 + * GO-2024-3171 + +------------------------------------------------------------------- +Fri Oct 10 14:32:39 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com> + +- Update to version 0.0.20241011T143239 date 2024-10-11T14:32:39Z. + Go CVE Numbering Authority IDs added or updated: + * GO-2024-3161 + * GO-2024-3162 + * GO-2024-3163 + * GO-2024-3164 + * GO-2024-3166 + * GO-2024-3167 + * GO-2024-3168 + * GO-2024-3169 + * GO-2024-3170 + * GO-2024-3172 + * GO-2024-3173 + * GO-2024-3174 + * GO-2024-3175 + * GO-2024-3179 + * GO-2024-3181 + * GO-2024-3182 + * GO-2024-3184 + * GO-2024-3185 + * GO-2024-3186 + * GO-2024-3188 + * GO-2024-3190 + * GO-2024-3191 + +------------------------------------------------------------------- +Thu Sep 26 18:24:03 UTC 2024 - Jeff Kowalczyk jkowalczyk@suse.com> + +- Initial package govulncheck-vulndb version 0.0.20240926T182403: + * Upstream vulndb.zip with modified date 2024-09-26T18:24:03Z + * Previx version with 0.0.x to preserve options if upstream + decides on a versioning scheme to supplement the timestamp diff --git a/govulncheck-vulndb.spec b/govulncheck-vulndb.spec new file mode 100644 index 0000000..2fc88de --- /dev/null +++ b/govulncheck-vulndb.spec @@ -0,0 +1,58 @@ +# +# spec file for package govulncheck-vulndb +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define shortname vulndb + +Name: govulncheck-vulndb +Version: 0.0.20241015T183857 +Release: 0 +Summary: Local copy of Go vulnerability database +License: CC-BY-4.0 +Group: Development/Languages/Go +URL: https://pkg.go.dev/vuln/ +Source: %{shortname}.zip +Suggests: govulncheck +BuildArch: noarch +BuildRequires: unzip +# SLE-12 has s390 but the Go compiler is not supported on that arch +ExcludeArch: s390 + +%description +govulncheck-vulndb provides a local copy of the Go vulnerability database +https://vuln.go.dev as files in the Open Source Vulnerability (OSV) schema. +This allows tools such as govulncheck to be used in offline environments. + +Usage: + +govulncheck -db file:///usr/share/vulndb + +%prep +unzip %{SOURCE0} -d %{shortname} + +%build + +%install +install -d %{buildroot}%{_datadir}/%{shortname} +find . -name "*.json" -exec install -Dm644 \{\} %{buildroot}%{_datadir}/\{\} \; + +%check + +%files +%{_datadir}/%{shortname} + +%changelog diff --git a/vulndb.zip b/vulndb.zip new file mode 100644 index 0000000..90b5bea --- /dev/null +++ b/vulndb.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2404a7c41ad6811e9adc4329bf5f595bf67b7c7ba5844655709be516d962df9 +size 1253586