diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-03-11 10:21:58 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-11 16:33:50 +0100 |
commit | cf557afa2e679f73b93796460dee23d5c5c314c5 (patch) | |
tree | c6e2f8674f414b291b3759dc576aa057cd223f6d | |
parent | d381962f35bf8e9facc1a495254235ee707167e3 (diff) | |
download | guix-cf557afa2e679f73b93796460dee23d5c5c314c5.tar.gz |
cve: Make CPE patch level part of the version string.
* guix/cve.scm (%cpe-package-rx): Adjust to account for :PATCH-LEVEL. (cpe->package-name): Likewise.
-rw-r--r-- | guix/cve.scm | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/guix/cve.scm b/guix/cve.scm index a7b0bde6dc..663097b483 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -70,8 +70,9 @@ (close-port port))))) (define %cpe-package-rx - ;; For applications: "cpe:/a:VENDOR:PACKAGE:VERSION". - (make-regexp "^cpe:/a:([^:]+):([^:]+):([^:]+)")) + ;; For applications: "cpe:/a:VENDOR:PACKAGE:VERSION", or sometimes + ;; "cpe/a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL". + (make-regexp "^cpe:/a:([^:]+):([^:]+):([^:]+)((:.+)?)")) (define (cpe->package-name cpe) "Converts the Common Platform Enumeration (CPE) string CPE to a package @@ -80,7 +81,13 @@ CPE string." (and=> (regexp-exec %cpe-package-rx (string-trim-both cpe)) (lambda (matches) (cons (match:substring matches 2) - (match:substring matches 3))))) + (string-append (match:substring matches 3) + (match (match:substring matches 4) + ("" "") + (patch-level + ;; Drop the colon from things like + ;; "cpe:/a:openbsd:openssh:6.8:p1". + (string-drop patch-level 1)))))))) (define %parse-vulnerability-feed ;; Parse the XML vulnerability feed from |