summaryrefslogtreecommitdiffstats
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
...
* tracker_data.py: classify undetermined issues triaged '<ignored>' as 'no-dsa'Sylvain Beucler2019-07-011-0/+3
| | | | | | | | ('<ignored>' precedence over '<undetermined>') e.g. in lts-cve-triage.py, don't classify undermined 2017 jasperreports issues specifically marked '<ignored>' in the 'undetermined' report section (no more triage work needed in that case) (alternate fix would be rewritting history and reclassify those as <end-of-life>)
* tracker_data.py: string form for IssueStatusSylvain Beucler2019-07-011-0/+3
|
* Relax extraction for CVE description from allitems.txt fileSalvatore Bonaccorso2019-06-211-1/+1
| | | | | | | | | | | | | | | MITRE recently did changes on the infrastructure to submit CVE entries and slightly changed as well format of produced files. Recent entries do not seem to contain anymore a strict \n\n\n separation between the CVE description further from other notes attached to the entry. Slightly relax the regular expression but still try to catch correctly the description only in the description() subroutine by still anchoring to two \n\n, and two following \n\n to seperate the description. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* check-new-issues: Adapt path to actually used one on soriano.d.oSalvatore Bonaccorso2019-06-071-2/+2
|
* bin/support-ended.py: Update comment for stretch EOL in LTSSalvatore Bonaccorso2019-04-281-1/+1
|
* Update support end date for jessie in LTSSalvatore Bonaccorso2019-04-281-2/+1
| | | | Update time mapping according to https://wiki.debian.org/LTS/ overview.
* Drop lts-alt-cve-triage.sh scriptSalvatore Bonaccorso2019-04-221-38/+0
| | | | | | | | | | | The script was added as workaround for a security-tracker problem which was tracked as https://bugs.debian.org/919977 where the security-tracker behind CDN returned stale data for the json export. After some changes on the infrastructure done by DSA the problem seem to have gone. As such we do not need two scripts for the same thing as the alternative script really was only added as workaround to keep LTS folks having a working CVE triage script.
* Merge branch 'carnil/security-tracker-report-vuln-wrap-CVE-description'Salvatore Bonaccorso2019-03-241-1/+4
|\
| * Wrap long CVE descrptions for the vulnerability report templateSalvatore Bonaccorso2019-03-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | MITRE changed the layout of the html pages for the CVE entries resulting in long lines for the CVE descpritons not wrapped anymore directly already in the fetched HTML. Switch to use texwrap module to wrap the text in the description lines and to be prefixed with a marker if the description is too long to be hold in one line. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | also parse CVE's enclosed in square bracketsThijs Kinkhorst2019-03-231-1/+1
|/
* Truncate length of description text added to listsSalvatore Bonaccorso2019-03-181-0/+2
| | | | | | | | | | | This is not optimal at this point as it might truncate word in between which in the old schema full words were left because MITRE did not provide the description in one long line and the updatelist was just adding the first line. This still is enough as the tracker will add full description for the webpage and the truncated description was just to keep a "short description" in the CVE list file itself.
* Adapt parsing of MITRE master list according to new layout in htmlSalvatore Bonaccorso2019-03-181-1/+1
|
* Replace file() with open() for Python 3 compatabilityBrian May2019-03-044-4/+4
|
* tracker-service: don't repeat the package linkEmilio Pozuelo Monfort2019-03-011-0/+4
| | | | | ...for non-main packages. For those, emptying pkg_name is not enough, we also need to set title to None.
* Adapt URL to DLA advisories in a https://www.debian.org/security/lts/Salvatore Bonaccorso2019-02-121-1/+1
| | | | | | | | | | | As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be separated in different supages. This needs adaption for the URL referenced in the source fields of the security-tracker for DLAs. v2: Correct URL to actually match the final location under /lts/security. Cf. https://bugs.debian.org/859122#82 Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
* An alternative triage script that works if the json sync is not working.Ola Lundqvist2019-02-101-0/+38
|
* lts; do not unclaim packages matching prefix, but complete package nameAntoine Beaupré2018-11-261-1/+1
|
* add flag to exclude package from reviewAntoine Beaupré2018-11-231-2/+5
|
* look at the latest between update and claimed datesAntoine Beaupré2018-11-221-1/+4
| | | | | | | Previous implementation wouldn't detect updates to the file and only looked at the claimed dates. This was an oversight: the goal was to take into account normal edits to the claimed block as well, so that users can "ping" the claim to extend their claim.
* clarify closing comment: we are editing the fileAntoine Beaupré2018-11-221-1/+1
| | | | | | Previous wording seemed to indicate the user had to make a change by hand, but the --unclaim paramater forcibly makes changes to the file directly.
* inline explanation for why a package is unclaimedAntoine Beaupré2018-11-221-0/+1
| | | | | | | | A little more verbose explanation will help in diagnosing why a specific package was unclaimed. It also shows the exact diff that was used for comparison and the requested delay. Requested-by: Holger Levsen <holger@layer-acht.org>
* do not crash if --unclaim is not specifiedAntoine Beaupré2018-11-191-4/+5
|
* Remove bin/split-by-year as its printfs mangle data (\chars) and safe ↵Daniel Lange2018-11-141-47/+0
| | | | scripts are available in BTS #908678
* add default value for unclaim parameterAntoine Beaupré2018-11-091-2/+4
|
* allow for human-friendly date ranges as wellAntoine Beaupré2018-11-091-3/+15
|
* add --unclaim to remove claimed entries inactive for N secondsAntoine Beaupré2018-11-091-1/+30
|
* add --quiet argument to allow running as a cronjobAntoine Beaupré2018-11-091-6/+10
|
* more pythonic args checkingAntoine Beaupré2018-11-091-8/+3
|
* fix usage help for --verbose flag, obvious copy-paste errorAntoine Beaupré2018-11-091-1/+1
|
* Merge branch 'bam/security-tracker-update_python_haskey'Salvatore Bonaccorso2018-09-153-7/+7
|\
| * Replace "x.has_key(y)" with "y in x" syntaxBrian May2018-08-203-7/+7
| |
* | bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages ↵Mike Gabriel2018-08-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | starting with the same string as the to be removed package. Before this patch (spice was to be removed, spice-gtk got removed, too). ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..a8e6526c01 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,12 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- -spice-gtk (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- suricata (Thorsten Alteholz) -- symfony (Thorsten Alteholz) ``` With this patch (only spice gets removed, spice-gtk stays): ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..c7a975a471 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,9 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- spice-gtk (Mike Gabriel) NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) -- ```
* | Revert "bin/gen-DSA: Fix package removal from the needed_file. Don't remove ↵Mike Gabriel2018-08-311-1/+1
| | | | | | | | | | | | packages starting with the same string as the to be removed package." This reverts commit 774eb447f4302c83e57978af5a429b9cbe306ab3. Because the commit message was incomplete.
* | bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages ↵Mike Gabriel2018-08-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | starting with the same string as the to be removed package. Before this patch (spice was to be removed, spice-gtk got removed, too). ``` diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 106dbb0477..a8e6526c01 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,12 +99,6 @@ qemu (Santiago) -- samba (Holger Levsen) -- -spice (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- -spice-gtk (Mike Gabriel) - NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May) --- suricata (Thorsten Alteholz) -- symfony (Thorsten Alteholz) ``` With this patch (only spice gets removed, spice-gtk stays): ```
* | review-update-needed: also show, when verbose, how many packages are claimed ↵Antoine Beaupré2018-08-281-0/+9
| | | | | | | | per person
* | bin/gen-DSA: Try and avoid duplicated work when generating DLAs and ELAs due ↵Chris Lamb2018-08-201-0/+3
| | | | | | | | to lack of co-ordination in the -needed.txt files.
* | bin/gen-DSA: Use $needed_file.Chris Lamb2018-08-201-2/+2
|/
* Fix print statements for Python 3.6 compatibilityBrian May2018-08-068-23/+26
|
* Replace <> with != for Python 3.6 compatibilityBrian May2018-07-155-11/+11
|
* Update python exception syntax for Python 3.6 compatibilityBrian May2018-07-136-11/+11
|
* Fix check for whether /tracker/data/json needs to be recomputedJulien Cristau2018-07-061-2/+4
| | | | | | | | | | | In commit 49e287d2574ed385e31ce3d36cb3cb19f4c7785f "tracker_service: send a Last-Modified header for /tracker/data/json" I made the json_timestamp update conditional on whether the data had changed. That meant that after a few minutes, we would consider the data to be always stale, and recompute it every single time, as long as it didn't change. To fix this, use separate timestamps for "when did we check last" (json_timestamp) and "when did it change last" (json_last_modified).
* Fix Content-Type for /tracker/data/jsonJulien Cristau2018-07-061-1/+1
|
* Switch json timestamp from datetime.utcnow() to time.time()Julien Cristau2018-07-061-5/+6
|
* tracker_service: send a Last-Modified header for /tracker/data/jsonJulien Cristau2018-07-061-7/+8
|
* bin/gen-DSA: Support ELA for pushing to the repository.Chris Lamb2018-06-261-2/+2
|
* Revert executable bit for two filesEmilio Pozuelo Monfort2018-06-192-0/+0
| | | | | These are python classes used by other scripts, but they are not scripts themselves.
* Make some remaining scripts executableSalvatore Bonaccorso2018-06-194-0/+0
|
* Make bin/update-nvd executableSalvatore Bonaccorso2018-06-191-0/+0
|
* Only list packages for stable for dsa-needed listSalvatore Bonaccorso2018-06-161-1/+1
|
* check-syntax: don't hardcode sourcesEmilio Pozuelo Monfort2018-06-151-19/+21
| | | | | Get them from config.json instead. This also simplifies the parse_* functions as there's just a generic one now.

© 2014-2024 Faster IT GmbH | imprint | privacy policy