@@ -1164,6 +1164,23 @@ the NIST server non-fatal."
package-vulnerabilities))
"Check for known vulnerabilities for PACKAGE. Obtain the list of
vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
+
+ (define (vulnerability< v1 v2)
+ (define (string-list< list1 list2)
+ (match list1
+ ((head1 tail1 ...)
+ (match list2
+ ((head2 tail2 ...)
+ (if (string=? head1 head2)
+ (string-list< tail1 tail2)
+ (string<? head1 head2)))
+ (_ #f)))
+ (_ #f)))
+
+ (let ((separators (char-set-complement char-set:letter+digit)))
+ (string-list< (string-split (vulnerability-id v1) separators)
+ (string-split (vulnerability-id v2) separators))))
+
(let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
(()
@@ -1184,7 +1201,8 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
(make-warning
package
(G_ "probably vulnerable to ~a")
- (list (string-join (map vulnerability-id unpatched)
+ (list (string-join (map vulnerability-id
+ (sort unpatched vulnerability<))
", "))))))))))
(define (check-for-updates package)