summaryrefslogtreecommitdiffstats
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
* Revert "tracker_service: sort releases in CVE pages"Salvatore Bonaccorso2021-11-301-3/+2
| | | | | | | | | | This reverts commit 8795311fe744f6669fdf3da1ae281615aa97450a. This causes issues e.g. on https://security-tracker.debian.org/tracker/CVE-2021-20313. Revert the change for now, but should be re-add once the bug can be fixed.
* tracker_service: sort releases in CVE pagesEmilio Pozuelo Monfort2021-11-251-2/+3
|
* check-new-issues: implement review commentsNeil Williams2021-11-191-2/+2
| | | | Move the print statements inside the conditional.
* Improve check-new-issues for new usersnewissuesNeil Williams2021-11-191-3/+10
| | | | | Print the supported commands before entering interactive mode. Skip if only listing the CVEs
* bin/lts-missing-uploads: drop the .py extensionEmilio Pozuelo Monfort2021-11-101-0/+0
|
* bin/lts-missing-uploads.py: also get contrib & non-freeEmilio Pozuelo Monfort2021-11-101-6/+12
| | | | | Otherwise we will crash if there's a DLA for a package in one of those components.
* gen-DSA: only call remove-cve-dist-tags if there's dist infoEmilio Pozuelo Monfort2021-11-071-1/+3
| | | | | | | | | | When calling gen-DSA without --save, there's no version/release information, so skip the call there to avoid a crash. In those situations, gen-DSA will be called once more when the DSA is ready with the --save argument, and we'll then remove the appropriate CVE tags. Closes #9
* gen-DSA: Hanlde CVE list in DLA/ELA mode as wellSalvatore Bonaccorso2021-11-061-2/+2
| | | | | | | | | | The recent addition of the remove-cve-dist-tags hook in gen-D[SL]A script removes entries from data/CVE/list when they had a no-dsa (or it's substates) which are handled in the update. When gen-DSA script is invoked in DLA mode though, there is a mechanism to automatically commit the changes (and option to push) but that did not take into account the changes in data/CVE/list.
* tracker_data: setup paths before importing local modulesEmilio Pozuelo Monfort2021-11-051-0/+2
|
* gen-DSA: only call remove-cve-dist-tags onceremove-cve-dist-tags-on-DSAEmilio Pozuelo Monfort2021-11-031-1/+5
| | | | | | | | | And do it after we've asked for all the versions. Calling the script after asking for each version and before asking for the next is annoying as the script takes some time due to the size of CVE/list. This way not only do we avoid that wait between user inputs, but we also avoid calling the script and thus parsing CVE/list multiple times.
* bin/remove-cve-dist-tags: accept multiple releasesEmilio Pozuelo Monfort2021-11-031-6/+8
| | | | The release argument is a comma-separated list now.
* gen-DSA: call remove-cve-dist-tagsEmilio Pozuelo Monfort2021-11-031-0/+1
| | | | | This will remove 'obsolete' tags for a CVE for a given release and package if it is being fixed in a security update.
* Add a script to remove dist tags (e.g. postponed) from CVE/listEmilio Pozuelo Monfort2021-11-031-0/+60
| | | | | This can be useful when releasing a DSA that fixes some CVEs that were previously triaged as no-dsa.
* gen-D[LS]A: Replace use of which with command -vSalvatore Bonaccorso2021-08-211-2/+2
| | | | | | | As debianutils 5.3-1 deprecates the use of which and will be removed in a future update, switch to the command shell builtin. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* List packages from oldstable and stable for dsa-needed listSalvatore Bonaccorso2021-08-121-1/+1
| | | | | | | | Include in listing the oldstable distribution by enabling the boolean value "include_oldstable" to true and so enabling the including logic later on in the script. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Not making any changes to a foo-needed.txt file may also indicate a ↵Chris Lamb2021-08-091-1/+1
| | | | misspelled (or conflated) source package name.
* dla: claim openexrSylvain Beucler2021-07-281-1/+1
|
* bin/lts-needs-forward-port: fix lib pathSylvain Beucler2021-07-241-1/+1
|
* Fix report-vuln for Python 3Moritz Mühlenhoff2021-07-011-1/+1
|
* embedded-cleanup: Switch to use coccia.d.o hardcodedSalvatore Bonaccorso2021-06-021-2/+2
| | | | | | | Alioth went away a long time ago, but the UDD database can be queried from the DD accessible coccia.debian.org. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* merge-cve-files: fix variable name in assertion messageEmilio Pozuelo Monfort2021-05-141-1/+1
| | | | And slightly improve the message while at it.
* tracker_service: also sort CVEs on stable-like pagesEmilio Pozuelo Monfort2021-04-301-2/+4
|
* Sort CVEs as versionsSylvain Beucler2021-04-301-4/+4
|
* lts: take glib2.0Emilio Pozuelo Monfort2021-02-181-1/+18
|
* lts-cve-triage.py: Setup paths early due to transitive imports in ↵Chris Lamb2021-02-151-1/+2
| | | | tracker_data.py.
* Fix CVE10k problem for CVE with more than 4 numbersCarles Pina i Estany2021-02-152-22/+19
| | | | | | | It had no consequences in security-tracker: the next-oldstable-point-update.txt file is empty and the next-point-update.txt CVEs are not used yet for what I can see via this code path.
* merge-cve-files: support replacing main (sid) annotationsEmilio Pozuelo Monfort2021-02-031-9/+16
|
* Add a script to merge two CVE filesEmilio Pozuelo Monfort2020-12-211-0/+73
| | | | | It currently supports the necessary annotations to automatically merge the point release lists.
* tracker_data.py: Use explicitly octal mode on mkdir callSalvatore Bonaccorso2020-11-211-2/+2
| | | | | | Although this is probably subject to personal preference, switch to octal representation directly instead of specifying the mode in decimal variant. Reading 0o700 makes it immediately clear what is meant.
* LTS: Ensure ~/.cache exists before writing out tracker data cacheRoberto C. Sánchez2020-11-211-0/+5
| | | | | | | | | | | | | | | If ~/.cache does not already exist, then this happens: $ ./bin/lts-cve-triage.py Updating ~/.cache/debian_security_tracker.json from https://security-tracker.debian.org/tracker/data/json ... Traceback (most recent call last): File "./bin/lts-cve-triage.py", line 94, in <module> tracker = TrackerData(update_cache=not args.skip_cache_update) File "/home/roberto/src/freexian/security-tracker.git/bin/tracker_data.py", line 40, in __init__ self.update_cache() File "/home/roberto/src/freexian/security-tracker.git/bin/tracker_data.py", line 77, in update_cache with open(self.cached_data_path, 'w') as cache_file: FileNotFoundError: [Errno 2] No such file or directory: '/home/roberto/.cache/debian_security_tracker.json'
* gen-DSA: require DEBFULLNAME env variableEmilio Pozuelo Monfort2020-08-311-0/+4
|
* Update hashbang for remaining python2 scriptsEmilio Pozuelo Monfort2020-08-313-3/+3
| | | | | | | | These are all currently unused, so it's a bit hard to test them when porting them to Python 3. So rather than doing that, let's explicitly mark them as being Python 2. Before porting them we may want to check if they are still useful or if they should be removed instead.
* tracker_service.py: Source: more: Link to vendor information via HTTPSSalvatore Bonaccorso2020-08-241-1/+1
|
* tracker_service: use setup_pathsEmilio Pozuelo Monfort2020-08-141-1/+1
|
* tracker_service: reorder importsEmilio Pozuelo Monfort2020-08-141-4/+5
|
* Add missing importsEmilio Pozuelo Monfort2020-08-142-0/+2
| | | | | | The one for update-db was dropped in f815d203, whereas tracker_service has been getting the import from the web_support one. But let's better be explicit.
* secmaster: add executable bitEmilio Pozuelo Monfort2020-08-131-0/+0
|
* secmaster.py: move to bin/Emilio Pozuelo Monfort2020-08-131-0/+60
|
* De-duplicate setup_pathEmilio Pozuelo Monfort2020-08-139-89/+19
| | | | | | | | | | All the scripts in bin/ can share the definition. Also setup_paths.py calls setup_path so one just has to import that module before importing those from lib/python/. Additionally this helps some scripts work better under Python 3, as one variant of setup_paths that we had called string.rfind, which is not present there.
* update-nvd: don't chdirEmilio Pozuelo Monfort2020-08-131-2/+3
|
* inject-embedded-code-copies: switch to Python 3Emilio Pozuelo Monfort2020-08-131-1/+1
|
* lts-needs-forward-port: port to Python 3Emilio Pozuelo Monfort2020-08-131-2/+1
|
* support-ended: encode file as UTF-8Emilio Pozuelo Monfort2020-08-131-2/+1
|
* support-ended: switch to Python 3Emilio Pozuelo Monfort2020-08-131-1/+1
|
* support-ended: add deb11 to the releases listEmilio Pozuelo Monfort2020-08-131-0/+1
| | | | | The file exists in debian-security-support so we need to have it here too or we will crash.
* show-debsecan: strip lines before printing themEmilio Pozuelo Monfort2020-08-131-1/+1
| | | | To avoid double newlines.
* show-debsecan: port to Python 3Emilio Pozuelo Monfort2020-08-131-3/+3
|
* tracker_service: don't crash on /source-package/Emilio Pozuelo Monfort2020-08-111-0/+6
| | | | If no source package is given, return a 404 error.
* tracker_service: use with statementEmilio Pozuelo Monfort2020-08-111-16/+12
|
* Correct a typo in compare-nvd-cveFelix Yan2020-08-081-1/+1
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy