| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
It's just appending the new string annotations to the current
annotations, with special care not to add them if they are
already there (probably needed by grab-cve-in-fix or update-vuln).
|
|
|
|
|
|
| |
We no longer get a tuple, so there's no need to convert it to
a list and return it. The method just merges the annotation into
the received annotations.
|
| |
|
|
|
|
|
| |
Without creating a new object. Also since we're not creating
new objects, there's no need to recreate the data list.
|
|
|
|
|
| |
Replace the bug's annotations instead now that we can modify
the object.
|
|
|
|
|
| |
The notes dict is only going to contain notes for the current
CVE, so we can simply keep and pass the list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If CVE/list has a CVE such as:
CVE-2023-1234
[experimental] - foo 1.0-1
- foo 1.0-2
And we attempt to fix an annotation such as
CVE-2023-1234
[bullseye] - foo 0.1-1+deb11u1
that will crash when we are iterating over the experimental annotation
as next_annotation would be the sid one with release==None, and we would
be comparing internRelease(bullseye) with internRelease(None), which
is not supported.
This is happening with the current data/next-point-update.txt
|
|
|
|
|
|
|
| |
Avoid merge-cve-files stumbling over FlagAnnotations like RESERVED and
REJECTED.
Also add code to tidy up the .xpck files that can be generated by the
merge process.
|
|
|
|
|
|
|
|
|
|
| |
Support catching errors in the d.changelog
Add support for forcing a specific version
Fix typo in new support in bin/merge-cve-files
Update support in update-vuln to insert new
PackageAnnotations in specific order.
|
| |
|
|
|
|
| |
And slightly improve the message while at it.
|
| |
|
| |
|
|
It currently supports the necessary annotations to automatically merge
the point release lists.
|