gds/gnu-guix - This repository contains snapshots of GNU Guix, to be used by the govuk-guix project.

	Commit message (Collapse)	Author	Age
*	cve: Update feed URL.	Ludovic Courtès	2018-08-26
\| \| \| \| \|	* guix/cve.scm (yearly-feed-uri): Remove "static." from the URL since the web site now redirects to the URL without "static.".
*	cve: Use 'http-fetch/cached' instead of having custom caching.	Ludovic Courtès	2017-11-16
\| \| \| \| \| \| \| \| \| \| \|	That way CVE fetching benefits from 'If-Modified-Since' handling. * guix/http-client.scm (http-fetch/cached): Add #:write-cache and #:cache-miss parameters and honor them. * guix/cve.scm (%current-year-ttl, %past-year-ttl): Reduce. (call-with-cve-port): Remove. (write-cache): New procedure. (fetch-vulnerabilities): Rewrite in terms of 'http-fetch/cached'.
*	cve: Disable position recording while reading the CVE list.	Ludovic Courtès	2017-09-19
\| \| \| \| \|	* guix/cve.scm (fetch-vulnerabilities)[read*]: New procedure. Use it in lieu of 'read'.
*	cve: Use a more compact format for the list of package/versions.	Ludovic Courtès	2016-05-28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	On a warm cache, "guix lint -c cve vorbis-tools" goes down from 6.5s to 2.4s. * guix/cve.scm (cpe->package-name): Change to return two values instead of a pair. (cpe->product-alist): New procedure. (%parse-vulnerability-feed): Use it instead of 'filter-map'. (fetch-vulnerabilities): Bump sexp format version to 1. (vulnerabilities->lookup-proc): Adjust accordingly. When #:version is omitted, return a list of vulnerabilities instead of a list of version/vulnerability pairs. * tests/cve.scm (%expected-vulnerabilities) ("vulnerabilities->lookup-proc): Adjust accordingly.
*	cve: Include the 3 previous years of vulnerabilities.	Ludovic Courtès	2016-05-26
\| \| \| \| \|	* guix/cve.scm (fetch-vulnerabilities): Add 'format' call. (current-vulnerabilities): Include the 3 previous years.
*	cve: Remove now unnecessary HTTP caching.	Ludovic Courtès	2016-05-23
\| \| \| \| \|	* guix/cve.scm (call-with-cve-port): Use 'http-fetch' instead of 'http-fetch/cached'.
*	cve: Keep a summarized sexp in cache instead of the full XML.	Ludovic Courtès	2016-05-23
\| \| \| \| \| \| \| \|	This avoids ~20s of XML parsing when running 'guix lint -c cve'. * guix/cve.scm (vulnerability->sexp, sexp->vulnerability) (fetch-vulnerabilities): New procedures. (current-vulnerabilities): Use 'fetch-vulnerabilities'.
*	cve: Read entire CVE databases for the current year and the past year.	Ludovic Courtès	2016-03-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The "Modified" database that we were reading is much smaller, but it only shows CVEs modified over the past week. * guix/cve.scm (%now, %current-year, %past-year): New variables. (yearly-feed-uri): New procedure. (%cve-feed-uri, %ttl): Remove. (%current-year-ttl, %past-year-ttl): New variables. (call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them. Add 'setvbuf' call. (current-vulnerabilities)[read-vulnerabilities]: New procedure. Read from both %LAST-YEAR and %CURRENT-YEAR.
*	cve: Make CPE patch level part of the version string.	Ludovic Courtès	2016-03-11
\| \| \| \| \|	* guix/cve.scm (%cpe-package-rx): Adjust to account for :PATCH-LEVEL. (cpe->package-name): Likewise.
*	Add (guix cve).	Ludovic Courtès	2015-11-26
	* guix/cve.scm, tests/cve-sample.xml, tests/cve.scm: New files. * Makefile.am (MODULES): Add guix/cve.scm. (SCM_TESTS): Add tests/cve.scm. (EXTRA_DIST): Add tests/cve-sample.scm.