The current (0.4) implementation offers --list and --test to identify relevant GLSAs. --list offers all GLSAs while --test lists only those that affect the current system. Unfortunately --test does not provide the description which makes assessing exposure and severity difficult while --list shows all GLSAs which is useful on its own but adds clutter when searching for only relevant vulnerabilities. Solutions 1. glsa-check --list | grep '\[N\]' (not good for new users) 2. The attached patch provides new options, '--needed' and '-n', that show only needed GLSAs and their descriptions. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 39173 [details, diff] Provides --needed and -n options as described in the original submission Generated against version 0.4 using 'diff -u'. Please let me know if this is not the preferred method. To apply: cd /usr/bin patch < glsa-check_needed.patch
I just wanted to add that I did view bug 45647 but thought there may have been some confusion about problems with existing versus new modes. Regardless of the implementation details, glsa-check should have a mode to view only relevant vulnerabilities with brief descriptions. This functionality exists in all other similar tools that I am aware of (urpmi, up2date, etc.). If this enhancement is marked as a duplicate of #45647 or otherwise indicated as invalid, a brief explanation might help to get everyone on the same page.
Created attachment 66968 [details, diff] Another possible patch I attach my own small patch, basically I added a "-u" "--unapplied" switch which works as --list, but showing only unapplied GLSAs.
implemented as a new target "affected" parallel to "new" and "all"
Fix is in gentoolkit-0.2.1
