ryantm/nixpkgs-update
1
1
Fork 0
mirror of https://github.com/ryantm/nixpkgs-update.git synced 2024-09-20 02:07:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
529 Commits 14 Branches 2 Tags 1.4 MiB
6b84b3d9b5
Commit Graph

529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Mulligan
6b84b3d9b5 use LOGS_DIRECTORY for logs if set 
fixes problem where on build01 systemd would delete the runtime
directory and the logs would be lost
 2020-01-19 14:38:10 -08:00
Ryan Mulligan
3f559eb4c2 buffer stdout and stderr by line 2020-01-13 07:52:39 -08:00
Ryan Mulligan
1ee75c9b0e really fix hardcoded cache dir 2020-01-12 18:02:37 -08:00
Ryan Mulligan
2eae405c05 fix hardcoded reference to cache directory 2020-01-12 15:46:22 -08:00
Ryan Mulligan
df72830cd6 default.nix: expose returnShellEnv param and format 2020-01-12 14:57:51 -08:00
Ryan Mulligan
02e6ccfd26 improve documentation about Cachix downloads and trusted-users 
closes #134
 2020-01-01 21:21:26 -08:00
Ryan Mulligan
53f4d36689 log URLs of matched PRs 
closes #135
 2020-01-01 21:16:21 -08:00
Ryan Mulligan
64a512048a [CVE] add isuse relating to doas 2019-12-21 06:48:31 -08:00
Ryan Mulligan
9a395bdd48 [CVE] fix kanboard issue 2019-12-07 20:56:08 -08:00
Ryan Mulligan
c6f7aa5d5f [CVE] add TODO for cpeUpdatePresentAndNotPartOfVersion 2019-12-07 20:44:36 -08:00
Ryan Mulligan
42d01c92bb [CVE] resolve socat issue 2019-12-07 20:43:23 -08:00
Ryan Mulligan
1aa24ed735 [CVE] also try package names with - converted to _ 
This is something that Vulnix tries, so we should too.
 2019-12-07 20:19:23 -08:00
Ryan Mulligan
e26b367b55 try to stop waiting for ofBorg 
OfBorg is a lot different from when we started waiting for it. Let's
see if this breaks stuff. If it does we can revert it.
 2019-12-07 20:19:00 -08:00
Ryan Mulligan
634699585a [CVE] Fix getCVE SQL query 2019-12-07 20:08:46 -08:00
Ryan Mulligan
c75a9b730d remove extra newline in PR message 2019-12-07 20:08:29 -08:00
Ryan Mulligan
4cffa2ae96 [CVE] search more CVE fields for the package name 
Sometimes a package name might appear in other fields, so search these
ones too:

vendor,
edition,
software_edition, and
target_software.

The rational for this change is explained in the accompanied README
changes.
 2019-12-07 14:36:42 -08:00
Ryan Mulligan
e8a2b6d054 spellcheck README 2019-12-07 14:22:28 -08:00
Ryan Mulligan
92926e0502 [CVE] document security report in readme 2019-12-07 14:17:05 -08:00
Ryan Mulligan
6a4c47b51c [CVE] remove experimental status of security report 2019-12-07 14:16:13 -08:00
Ryan Mulligan
fc9c340cb8 [CVE] add socat issue 2019-11-28 13:51:10 -08:00
Ryan Mulligan
27c59e4f46 [CVE] add issue for kanboard 2019-11-28 06:17:50 -08:00
Ryan Mulligan
403d6b8310 remove debug lines 2019-11-24 21:56:35 -08:00
Ryan Mulligan
fc4d20b8ca [CVE] fix CVENOTES merge resolution mistakes 2019-11-24 21:36:49 -08:00
Ryan Mulligan
65fcc8dc21 Merge branch 'cve' 2019-11-24 21:35:18 -08:00
Ryan Mulligan
4435e4912f [CVE] fix go issues, improve uzbl handling 
Before it was going to always ignore certain uzbl CVEs, but now it
only ignores them if the version doesn't look like a date (start with
four numbers).
 2019-11-24 16:16:29 -08:00
Ryan Mulligan
828662099b [CVE] fix thrift issues 2019-11-24 15:19:43 -08:00
Ryan Mulligan
cab001cbfc [CVE] Fix arena issues 2019-11-24 15:11:51 -08:00
Ryan Mulligan
5fdc8af00d [CVE] Only consider bounded matchers, fix tor issues 
Sometimes the NVD contains unbounded matchers that match everything
for example https://nvd.nist.gov/vuln/detail/CVE-2009-0414 has a
matcher of

 cpe:2.3🅰️tor:tor:*:*:*:*:*:*:*:*

without any bounds. Lars and I decided to ignore these CPE matches
because it seems nonsensical or at least not useful for there to be a
CVE that cannot be fixed.
 2019-11-24 15:02:42 -08:00
Ryan Mulligan
29847728fb [CVE] fix uzbl issues 2019-11-24 14:39:52 -08:00
Ryan Mulligan
6d2c8f09c0 [CVE] add filtering, fix terraform CVE issue 2019-11-24 14:28:04 -08:00
Ryan Mulligan
40faec6f89 [CVE] Combine matchers and cpes into cpe matches 
This more directly matches the underlying data structure. Also the
code is making better use of the ToRow instance, and gets rid of the
uniqueness checks that Lars says are unnecessary.
 2019-11-24 06:12:14 -08:00
Ryan Mulligan
5fb671cca6 [CVE] populate a CPE table 2019-11-06 22:13:35 -08:00
Jan Tojnar
8ce6cf3bf0
[CVE] Fix links 2019-11-05 15:53:23 +01:00
Ryan Mulligan
793a933516 make import explicit 2019-11-03 21:45:14 -08:00
Ryan Mulligan
ad0b954b32 [CVE] add note about golang 2019-11-01 20:53:39 -07:00
Ryan Mulligan
39e9d68102 remove Gnome blacklist 
fixes #131
revert this during the next release season
 2019-11-01 06:08:06 -07:00
Ryan Mulligan
ad2fd44fc3 CVE: add note about Thrift 2019-10-31 06:26:40 -07:00
Ryan Mulligan
3741b7e634 indicate if a CVE has been patched 2019-10-28 07:41:45 -07:00
Ryan Mulligan
78fe5fe745 improve message about updating NVD 2019-10-27 13:09:44 -07:00
Ryan Mulligan
4edfde1895 use correct function for checking number of hashes 2019-10-27 13:09:29 -07:00
Ryan Mulligan
b4b5a6e7ad ignore derivations containing multiple "sha256 =" 
closes #130
 2019-10-27 07:14:34 -07:00
Ryan Mulligan
d51df0b316 remove long description from commit message 
I'm doing this to save space in the nixpkgs git repo.
 2019-10-27 06:20:00 -07:00
Ryan Mulligan
c005972fdd test checking GitHub for new versions 2019-10-12 16:20:16 -07:00
Ryan Mulligan
bb67484804 update CVE notes 2019-10-12 07:34:52 -07:00
Ryan Mulligan
ab2b5a6b91 add experimental CVE reporting 2019-10-06 16:17:08 -07:00
Ryan Mulligan
303aed0afc add notes researching CVE failed matches 2019-10-06 16:16:31 -07:00
Ryan Mulligan
990afa0319 Main: add commandline hook into the getCVEs function 2019-10-06 14:16:35 -07:00
Lars Jellema
490d1ed162
Remove feed caching and clean up queries 2019-10-02 17:02:12 +02:00
Lars Jellema
93437182d4
Define a partial order on versions 2019-10-02 15:50:12 +02:00
Lars Jellema
cf54777abd
Properly check if database is out of date 2019-10-02 14:09:52 +02:00