From: Don Armstrong Date: Tue, 4 Jul 2017 16:48:20 +0000 (-0700) Subject: use https for CVE tracker by default X-Git-Tag: release/2.6.0~102 X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=commitdiff_plain;h=a2d0c09e87767baecc76442d11399b1c9ea17fe0 use https for CVE tracker by default --- diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm index 0fd134a..7883cd5 100644 --- a/Debbugs/CGI/Bugreport.pm +++ b/Debbugs/CGI/Bugreport.pm @@ -304,7 +304,7 @@ sub display_entity { ) { # Add links to CVE vulnerabilities (closes #568464) $body =~ s{(^|\s|[\(\[])(CVE-\d{4}-\d{4,})(\s|[,.-\[\]\)]|$)} - {$1$2$3}gxm; + {$1$2$3}gxm; } if (not exists $param{att}) { print {$output} qq(
$body
\n); diff --git a/Debbugs/Config.pm b/Debbugs/Config.pm index 0f23881..e8453e4 100644 --- a/Debbugs/Config.pm +++ b/Debbugs/Config.pm @@ -189,8 +189,9 @@ set_default(\%config,'mirrors',[]); =item package_pages $gPackagePages Domain where the package pages are kept; links should work in a -package_pages/foopackage manner. Defaults to undef, which means that -package links will not be made. +package_pages/foopackage manner. Defaults to undef, which means that package +links will not be made. Should be prefixed with the appropriate protocol +(http/https). =cut @@ -238,13 +239,13 @@ set_default(\%config,'cc_all_mails_to_addr',undef); =item cve_tracker $gCVETracker URI to CVE security tracker; in bugreport.cgi, CVE-2001-0002 becomes -linked to http://$config{cve_tracker}CVE-2001-002 +linked to $config{cve_tracker}CVE-2001-002 -Default: security-tracker.debian.org/tracker/ +Default: https://security-tracker.debian.org/tracker/ =cut -set_default(\%config,'cve_tracker','security-tracker.debian.org/tracker/'); +set_default(\%config,'cve_tracker','https://security-tracker.debian.org/tracker/'); =back