| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8795311fe744f6669fdf3da1ae281615aa97450a.
This causes issues e.g. on
https://security-tracker.debian.org/tracker/CVE-2021-20313.
Revert the change for now, but should be re-add once the bug can be
fixed.
|
| |
|
|
|
|
| |
Move the print statements inside the conditional.
|
|
|
|
|
| |
Print the supported commands before entering interactive mode.
Skip if only listing the CVEs
|
| |
|
|
|
|
|
| |
Otherwise we will crash if there's a DLA for a package in one of
those components.
|
|
|
|
|
|
|
|
|
|
| |
When calling gen-DSA without --save, there's no version/release
information, so skip the call there to avoid a crash. In those
situations, gen-DSA will be called once more when the DSA is
ready with the --save argument, and we'll then remove the
appropriate CVE tags.
Closes #9
|
|
|
|
|
|
|
|
|
|
| |
The recent addition of the remove-cve-dist-tags hook in gen-D[SL]A
script removes entries from data/CVE/list when they had a no-dsa (or
it's substates) which are handled in the update.
When gen-DSA script is invoked in DLA mode though, there is a mechanism
to automatically commit the changes (and option to push) but that did
not take into account the changes in data/CVE/list.
|
| |
|
|
|
|
|
|
|
|
|
| |
And do it after we've asked for all the versions. Calling the script
after asking for each version and before asking for the next is
annoying as the script takes some time due to the size of CVE/list.
This way not only do we avoid that wait between user inputs, but we
also avoid calling the script and thus parsing CVE/list multiple times.
|
|
|
|
| |
The release argument is a comma-separated list now.
|
|
|
|
|
| |
This will remove 'obsolete' tags for a CVE for a given release
and package if it is being fixed in a security update.
|
|
|
|
|
| |
This can be useful when releasing a DSA that fixes some CVEs that
were previously triaged as no-dsa.
|
|
|
|
|
|
|
| |
As debianutils 5.3-1 deprecates the use of which and will be removed in
a future update, switch to the command shell builtin.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
|
| |
Include in listing the oldstable distribution by enabling the boolean
value "include_oldstable" to true and so enabling the including logic
later on in the script.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
misspelled (or conflated) source package name.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Alioth went away a long time ago, but the UDD database can be queried
from the DD accessible coccia.debian.org.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
And slightly improve the message while at it.
|
| |
|
| |
|
| |
|
|
|
|
| |
tracker_data.py.
|
|
|
|
|
|
|
| |
It had no consequences in security-tracker: the
next-oldstable-point-update.txt file is empty and the
next-point-update.txt CVEs are not used yet for what I can see via this
code path.
|
| |
|
|
|
|
|
| |
It currently supports the necessary annotations to automatically merge
the point release lists.
|
|
|
|
|
|
| |
Although this is probably subject to personal preference, switch to
octal representation directly instead of specifying the mode in decimal
variant. Reading 0o700 makes it immediately clear what is meant.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If ~/.cache does not already exist, then this happens:
$ ./bin/lts-cve-triage.py
Updating ~/.cache/debian_security_tracker.json from https://security-tracker.debian.org/tracker/data/json ...
Traceback (most recent call last):
File "./bin/lts-cve-triage.py", line 94, in <module>
tracker = TrackerData(update_cache=not args.skip_cache_update)
File "/home/roberto/src/freexian/security-tracker.git/bin/tracker_data.py", line 40, in __init__
self.update_cache()
File "/home/roberto/src/freexian/security-tracker.git/bin/tracker_data.py", line 77, in update_cache
with open(self.cached_data_path, 'w') as cache_file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/roberto/.cache/debian_security_tracker.json'
|
| |
|
|
|
|
|
|
|
|
| |
These are all currently unused, so it's a bit hard to test them
when porting them to Python 3. So rather than doing that, let's
explicitly mark them as being Python 2. Before porting them we
may want to check if they are still useful or if they should be
removed instead.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
The one for update-db was dropped in f815d203, whereas tracker_service
has been getting the import from the web_support one. But let's better
be explicit.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All the scripts in bin/ can share the definition. Also
setup_paths.py calls setup_path so one just has to import
that module before importing those from lib/python/.
Additionally this helps some scripts work better under Python 3,
as one variant of setup_paths that we had called string.rfind,
which is not present there.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The file exists in debian-security-support so we need to have it
here too or we will crash.
|
|
|
|
| |
To avoid double newlines.
|
| |
|
|
|
|
| |
If no source package is given, return a 404 error.
|
| |
|
| |
|