From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms13.migadu.com with LMTPS
	id cI3fHRy5SWdKnQAA62LTzQ:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 29 Nov 2024 12:52:44 +0000
Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id cI3fHRy5SWdKnQAA62LTzQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 29 Nov 2024 13:52:44 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="lmN7+S/z";
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=l0ZwAfxb;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 57B1545FE9
	for <larch@yhetil.org>; Fri, 29 Nov 2024 13:52:43 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tH0Tc-00077g-2u; Fri, 29 Nov 2024 07:52:04 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tH0Ta-00077H-VL
 for guix-patches@gnu.org; Fri, 29 Nov 2024 07:52:03 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tH0Ta-0002jv-Mw
 for guix-patches@gnu.org; Fri, 29 Nov 2024 07:52:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=ox+Xf0V/iTAQriaaLYL76IAWE3eiFihAo02J292/bBs=; 
 b=lmN7+S/z/Iq3hdYQbY4IgUB0wDYPN7URnfUhW9abEnnGe4APr3tqk3p+7JM25EtFcwfhDo8akUe5MrAl6y71z+cDTycD3MGy6YxEqpIU/8j9tmwbRcKLtWHt1bBWM7gI5eaVPn9/CRHrkqOpv0yyR74yrpW6fGpQDx+uqpO/4W1X5gySGOaO2tgYCB76Ixki9CoEMInCahpCdcdD+MKi6nr2Pv5KMBW3MifyfjkwTLaac8ObRw9xxCyn8lyoLCANxevB2ToQhqkmwrGsFjZ19lvI98FaYavZuV2TKzXemyMFicDAim9DhKE16Bsnpra2f4SYVKl3OduTcxZyNPrRTw==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tH0Ta-0006kj-8h
 for guix-patches@gnu.org; Fri, 29 Nov 2024 07:52:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#74034] [PATCH v6 01/16] cve: Add cpe-vendor and
 lint-hidden-cpe-vendors properties.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 29 Nov 2024 12:52:02 +0000
Resent-Message-ID: <handler.74034.B74034.173288469925907@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74034
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Nicolas Graves <ngraves@ngraves.fr>
Cc: 74034@debbugs.gnu.org
Received: via spool by 74034-submit@debbugs.gnu.org id=B74034.173288469925907
 (code B ref 74034); Fri, 29 Nov 2024 12:52:02 +0000
Received: (at 74034) by debbugs.gnu.org; 29 Nov 2024 12:51:39 +0000
Received: from localhost ([127.0.0.1]:41424 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tH0TD-0006jm-6R
 for submit@debbugs.gnu.org; Fri, 29 Nov 2024 07:51:39 -0500
Received: from eggs.gnu.org ([209.51.188.92]:37136)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1tH0TA-0006jW-Pc
 for 74034@debbugs.gnu.org; Fri, 29 Nov 2024 07:51:37 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1tH0T2-0002V7-NM; Fri, 29 Nov 2024 07:51:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=ox+Xf0V/iTAQriaaLYL76IAWE3eiFihAo02J292/bBs=; b=l0ZwAfxbN2AwKWIE7alu
 g29+UGqIubOyfSTJnTO0+vlcWBeBX10zINIujrs6XzcfKWLzYsrGelLDTnIUqa1Vgf4C7sJy3O4Mi
 vrIuzx0soi5HfbotPKtAYUyRMjKHYAP1Idye/txKoo927r6F+D6hyuULA146yGQ4/0my3btWXK71L
 FAIh8T8x/4Y5/40Zd8pt2u3iEmXnW3676VwitUl+PclpXkLxlUccndVjxFsYyFpEsJDP4u5UVvzTZ
 nerYqRTxEgJxs6uSPOSuTMy0yqv08ljmLPj7NOCgswUKBhIEFNw2AIiDNyp3cfxLf/yGr/HJ1xDBG
 7p1eEoxK8eI2wQ==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
In-Reply-To: <20241124201638.10098-1-ngraves@ngraves.fr> (Nicolas Graves's
 message of "Sun, 24 Nov 2024 21:16:19 +0100")
References: <20241026222934.25890-1-ngraves@ngraves.fr>
 <20241124201638.10098-1-ngraves@ngraves.fr>
Date: Fri, 29 Nov 2024 13:51:01 +0100
Message-ID: <87iks62oga.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Migadu-Scanner: mx11.migadu.com
X-Migadu-Spam-Score: -3.54
X-Spam-Score: -3.54
X-Migadu-Queue-Id: 57B1545FE9
X-TUID: yrgg1YTrN1nq

Nicolas Graves <ngraves@ngraves.fr> skribis:

> * guix/cve.scm: Exploit cpe vendors information.
> (cpe->package-name): Rename to...
> (cpe->package-identifier): Renamed from cpe->package-name. Use
> cpe_vendor:cpe_name in place or cpe_name.
> (vulnerabily-matches?): Add helper function.
> (vulnerabilities->lookup-proc): Extract cpe_name for table
> hashes. Add vendor and hidden-vendor arguments. Adapt condition to
> pass vulnerabilities to result in the fold.
> (write-cache, fetch-vulnerabilities): Update the format version.
>
> * guix/lint.scm (package-vulnerabilities): Use additional arguments
> from vulnerabilities->lookup-proc.
>
> * tests/cve.scm (%expected-vulnerabilities): Adapt variable to changes
> in guix/cve.scm.

[...]

>      (match sexp
> -      (('vulnerabilities 1 vulns)
> -       (map sexp->vulnerability vulns)))))
> +      (('vulnerabilities 2 vulns)
> +       (map sexp->vulnerability vulns))
> +      (('vulnerabilities 1 vulns)  ;old format, lacks vendor info
> +       (map sexp-v1->vulnerability vulns)))))

=E2=80=98sexp-v1->vulnerability=E2=80=99 has yet to be written, if I=E2=80=
=99m not mistaken.

(Perhaps I wasn=E2=80=99t clear: you need to implement this procedure such =
that,
when reading v1 data from ~/.cache, you still get valid <vulnerability>
records.)

Ludo=E2=80=99.