furlongm · fossabot · Apr 23, 2025 · Apr 23, 2025 · Apr 8, 2025 · Apr 18, 2025
diff --git a/README.md b/README.md
@@ -1,4 +1,6 @@
 # Patchman
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Ffurlongm%2Fpatchman.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Ffurlongm%2Fpatchman?ref=badge_shield)
+
 
 
 ## Summary
@@ -202,3 +204,7 @@ Errata for CentOS can be downloaded from https://cefs.steve-meier.de/ .
 These errata are parsed and stored in the database. If a PackageUpdate
 contains a package that is a security update in the errata, then that update is
 marked as being a security update.
+
+
+## License
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Ffurlongm%2Fpatchman.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Ffurlongm%2Fpatchman?ref=badge_large)
diff --git a/debian/copyright b/debian/copyright
@@ -6,7 +6,7 @@ Source: https://github.com/furlongm/patchman
 Files: *
 Copyright: 2011-2012 VPAC http://www.vpac.org
            2013-2021 Marcus Furlong <furlongm@gmail.com>
-License: GPL-3.0
+License: GPL-3.0-only
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 3 only.

diff --git a/errata/migrations/0001_initial.py b/errata/migrations/0001_initial.py
@@ -19,7 +19,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('er_type', models.CharField(max_length=255)),
-                ('url', models.URLField(max_length=2000)),
+                ('url', models.URLField(max_length=765)),
             ],
         ),
         migrations.CreateModel(

diff --git a/hosts/templatetags/report_alert.py b/hosts/templatetags/report_alert.py
@@ -1,19 +1,18 @@
-# Copyright 2016-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2016-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 from datetime import timedelta
 

diff --git a/modules/utils.py b/modules/utils.py
@@ -23,7 +23,7 @@
 
 def get_or_create_module(name, stream, version, context, arch, repo):
     """ Get or create a module object
-        Returns the module and a boolean for created
+        Returns the module
     """
     created = False
     m_arch, c = PackageArchitecture.objects.get_or_create(name=arch)
@@ -46,7 +46,7 @@ def get_or_create_module(name, stream, version, context, arch, repo):
             arch=m_arch,
             repo=repo,
         )
-    return module, created
+    return module
 
 
 def get_matching_modules(name, stream, version, context, arch):

diff --git a/packages/models.py b/packages/models.py
@@ -195,11 +195,11 @@ def __str__(self):
             rel = f'-{self.release}'
         else:
             rel = ''
-        if self.packagetype == self.GENTOO:
+        if self.packagetype == Package.GENTOO:
             return f'{self.category}/{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'
-        elif self.packagetype in [self.DEB, self.ARCH]:
+        elif self.packagetype in [Package.DEB, Package.ARCH]:
             return f'{self.name}_{epo}{self.version}{rel}_{self.arch}.{self.get_packagetype_display()}'
-        elif self.packagetype == self.RPM:
+        elif self.packagetype == Package.RPM:
             return f'{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'
         else:
             return f'{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'

diff --git a/repos/repo_types/yum.py b/repos/repo_types/yum.py
@@ -91,7 +91,7 @@ def extract_module_metadata(data, url, repo):
                 packages.add(package)
 
             from modules.utils import get_or_create_module
-            module, created = get_or_create_module(m_name, m_stream, m_version, m_context, arch, repo)
+            module = get_or_create_module(m_name, m_stream, m_version, m_context, arch, repo)
 
             package_ids = []
             for package in packages:

diff --git a/requirements.txt b/requirements.txt
@@ -1,12 +1,11 @@
-Django==4.2.20
+Django==4.2.25
 django-taggit==4.0.0
 django-extensions==3.2.3
 django-bootstrap3==23.1
 python-debian==1.0.1
 defusedxml==0.7.1
 PyYAML==6.0.2
-chardet==5.2.0
-requests==2.32.3
+requests==2.32.4
 colorama==0.4.6
 djangorestframework==3.15.2
 django-filter==25.1
@@ -16,7 +15,7 @@ python-magic==0.4.27
 gitpython==3.1.44
 tenacity==8.2.3
 celery==5.4.0
-redis==5.2.1
+redis==6.4.0
 django-celery-beat==2.7.0
 tqdm==4.67.1
 cvss==3.4
diff --git a/security/migrations/0001_initial.py b/security/migrations/0001_initial.py
@@ -27,7 +27,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('cwe_id', models.CharField(max_length=255, unique=True)),
                 ('name', models.CharField(blank=True, max_length=255, null=True)),
-                ('description', models.CharField(blank=True, max_length=65535, null=True)),
+                ('description', models.CharField(blank=True, max_length=255, null=True)),
             ],
         ),
         migrations.CreateModel(
@@ -36,7 +36,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('cve_id', models.CharField(max_length=255, unique=True)),
                 ('title', models.CharField(blank=True, max_length=255, null=True)),
-                ('description', models.CharField(max_length=65535)),
+                ('description', models.CharField(max_length=255)),
                 ('reserved_date', models.DateTimeField(blank=True, null=True)),
                 ('published_date', models.DateTimeField(blank=True, null=True)),
                 ('rejected_date', models.DateTimeField(blank=True, null=True)),

diff --git a/security/migrations/0005_reference_cve_references.py b/security/migrations/0005_reference_cve_references.py
@@ -15,7 +15,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('ref_type', models.CharField(max_length=255)),
-                ('url', models.URLField(max_length=2000)),
+                ('url', models.URLField(max_length=765)),
             ],
             options={
                 'unique_together': {('ref_type', 'url')},

diff --git a/security/models.py b/security/models.py
@@ -29,7 +29,7 @@
 class Reference(models.Model):
 
     ref_type = models.CharField(max_length=255)
-    url = models.URLField(max_length=2000)
+    url = models.URLField(max_length=765)
 
     class Meta:
         unique_together = ['ref_type', 'url']
@@ -125,19 +125,20 @@ def add_cvss_score(self, vector_string, score=None, severity=None, version=None)
             score = cvss_score.base_score
         if not severity:
             severity = cvss_score.severities()[0]
-        existing = self.cvss_scores.filter(version=version, vector_string=vector_string)
-        if existing:
-            cvss = existing.first()
-        else:
+        try:
             cvss, created = CVSS.objects.get_or_create(
                 version=version,
                 vector_string=vector_string,
                 score=score,
                 severity=severity,
             )
-        cvss.score = score
-        cvss.severity = severity
-        cvss.save()
+        except CVSS.MultipleObjectsReturned:
+            matching_cvsses = CVSS.objects.filter(
+                version=version,
+                vector_string=vector_string,
+            )
+            cvss = matching_cvsses.first()
+            matching_cvsses.exclude(id=cvss.id).delete()
         self.cvss_scores.add(cvss)
 
     def fetch_cve_data(self, fetch_nist_data=False, sleep_secs=6):

diff --git a/setup.py b/setup.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright 2013-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2013-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #

diff --git a/util/filterspecs.py b/util/filterspecs.py
@@ -1,20 +1,19 @@
 # Copyright 2010 VPAC
-# Copyright 2014-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2014-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 from django.utils.safestring import mark_safe
 from django.db.models.query import QuerySet

diff --git a/util/templatetags/common.py b/util/templatetags/common.py
@@ -1,20 +1,18 @@
-# Copyright 2010 VPAC
-# Copyright 2013-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2013-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 import re