Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'distro-config' into 'master' | Salvatore Bonaccorso | 2020-06-04 | 5 | -186/+109 |
|\ | | | | | | | | | Distro config reunification See merge request security-tracker-team/security-tracker!48 | ||||
| * | security_db: don't hardcode the list of supported releases | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -5/+6 |
| | | | | | | | | | | At times there will just be two, so get that list from the config. | ||||
| * | Makefile: don't hardcode Debian releases | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -2/+2 |
| | | |||||
| * | Don't hardcode architecture list in the Makefile | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+5 |
| | | | | | | | | Move it to config.json instead and grab it from there. | ||||
| * | security_db: don't hardcode release names | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+1 |
| | | |||||
| * | debian_support: don't hardcode release names | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -2/+3 |
| | | |||||
| * | config: add a method to get all releases | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+8 |
| | | |||||
| * | security_db: drop squeeze workarounds | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -6/+0 |
| | | |||||
| * | security_db: don't hardcode the testing suite codename | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -8/+11 |
| | | |||||
| * | dist_config.py: remove unused file | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -97/+0 |
| | | |||||
| * | security_db: remove unused getEffectiveVersion method | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -54/+0 |
| | | |||||
| * | security_db: don't hardcode release codenames in _initViews | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+5 |
| | | |||||
| * | security_db: don't hardcode releases in db queries | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -4/+10 |
| | | |||||
| * | security_db: don't hardcode release codenames in calculateDebsecan | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+1 |
| | | |||||
| * | security_db: take the sid value in calculateDebsecan0 | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -4/+2 |
| | | | | | | | | | | When the release is sid, just pass 'sid' rather than the empty string to change that afterwards. | ||||
| * | security_db: don't hardcode codenames in calls to gen_release | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -1/+1 |
| | | |||||
| * | security_db: don't hardcode codenames in calls to _calcTesting() | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -4/+8 |
| | | |||||
| * | config.py: add python module to read config.json | Emilio Pozuelo Monfort | 2020-02-26 | 1 | -0/+52 |
| | | |||||
* | | Add basic Unicode support to the web framework | Florian Weimer | 2020-05-01 | 1 | -20/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As mentioned in Debian bug #959231 ("security-tracker: Proxy Error on CVE-2020-11565 tracker page"): * Florian Weimer: > * Francesco Poli: > >> Please note that the CVE is mentioned in [DSA-4667-1]. >> >> [DSA-4667-1]: <https://lists.debian.org/debian-security-announce/2020/msg00071.html> >> >> What's wrong with that tracker page? > > It's something in the NVD data that breaks the HTML escaping. This patch adds basic Unicode support to the web framework. I'm not sure if it is the right direction to move in, but it fixes the issue. An alternative fix would be to change the NVD importer not to put Unicode strings into the database, by encoding them as byte strings first. [carnil: Slightly rewrite the commit message] BugLink: https://bugs.debian.org/929228 BugLink: https://bugs.debian.org/959231 Signed-off-by: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | | security_db: don't return duplicated advisories | Emilio Pozuelo Monfort | 2020-03-18 | 1 | -1/+1 |
| | | | | | | | | | | | | This is used to build the advisory table in package views, and it makes no sense to list some advisories (e.g. DSAs that fixed both stable and oldstable) twice. | ||||
* | | nvd.py: Fix typo in Parser when issueing error (VAlueError -> ValueError) | Salvatore Bonaccorso | 2020-03-04 | 1 | -1/+1 |
|/ | | | | | Fixes: 966aef0927e2 ("Reimplement (incompletely) simplistic NVD parser to handle JSON feed") Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | Merge branch 'bam/security-tracker-fix_cmp' | Salvatore Bonaccorso | 2020-01-02 | 1 | -1/+2 |
|\ | | | | | | | See merge request security-tracker-team/security-tracker!40 | ||||
| * | Fix list sort | Brian May | 2019-06-17 | 1 | -1/+2 |
| | | |||||
* | | Fix inconsistent leading ident before if statement | Brian May | 2019-12-26 | 1 | -2/+2 |
| | | |||||
* | | Reimplement (incompletely) simplistic NVD parser to handle JSON feed | Salvatore Bonaccorso | 2019-10-20 | 1 | -68/+59 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reimplementation is focused on only the functionality actually strictly required by the security-tracker. This includes fetching the CVE id and corresponding description. All of specific imapct metrics (severity, range, loss attributes) are not implemented. Those will require a database schema version bump and reimplementation as well for the security_db. Closes: #942670 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | | nvd.py: Add missing note that CVE description is returned | Salvatore Bonaccorso | 2019-10-20 | 1 | -0/+1 |
| | | |||||
* | | Drop mips from bullseye architectures | Salvatore Bonaccorso | 2019-08-21 | 1 | -1/+1 |
| | | |||||
* | | Another place where mips needs to be dropped | Raphaël Hertzog | 2019-08-21 | 1 | -1/+1 |
| | | |||||
* | | Don't track mips in sid, it's gone | Raphaël Hertzog | 2019-08-21 | 1 | -1/+1 |
| | | | | | | | | | | As announced in https://lists.debian.org/debian-mips/2019/07/msg00010.html it's now gone from the mirrors. | ||||
* | | Disable fetching of backports | Salvatore Bonaccorso | 2019-07-07 | 1 | -1/+4 |
| | | | | | | | | | | | | | | | | | | | | | | They ship Packages/Sources.gz only and backports is anyway not very good supported in tracker. Until #664866 is fixed backports will anyway not be tracked properly in security-tracker. Temporarily disable until downloadFile can handle multiple situations more gracefully. | ||||
* | | Adjust dist directory on security archives for distribution | Salvatore Bonaccorso | 2019-07-06 | 1 | -0/+8 |
| | | | | | | | | | | | | | | | | | | | | Starting with bullseye the distribution/suite are switched to *-security instead of */updates for consistency through the Debian archives. See: https://lists.debian.org/debian-security/2019/06/msg00015.html for details and the intention to switch. Thanks: Ansgar Burchardt | ||||
* | | lib/debian-releases.mk: Fetch backports suites for $(OLDSTABLE) | Salvatore Bonaccorso | 2019-07-06 | 1 | -1/+1 |
| | | |||||
* | | security_db: Update mappings after buster stable release | Salvatore Bonaccorso | 2019-07-06 | 1 | -16/+16 |
| | | |||||
* | | dist_config: Add support for bullseye release and initial list of supported ↵ | Salvatore Bonaccorso | 2019-07-06 | 1 | -0/+5 |
| | | | | | | | | | | | | | | architectures Add list of currently suported architectures inherited from buster supported architectures. | ||||
* | | debian_support: Add bullseye to supported releases | Salvatore Bonaccorso | 2019-07-06 | 1 | -1/+1 |
|/ | |||||
* | Remove hurd-i386, kfreebsd-{i386,amd64} from architectures in sid | Salvatore Bonaccorso | 2019-05-01 | 1 | -1/+1 |
| | | | | | | As announced in https://lists.debian.org/debian-devel/2019/04/msg00207.html hurd-i386 and kfreebsd-{i386,amd64} are going to be moved to debian-ports instead. | ||||
* | security_db: Make source code comment independent of codename for distribution | Salvatore Bonaccorso | 2019-04-28 | 1 | -2/+2 |
| | |||||
* | lib/debian-releases.mk: Correctly remove $(OLDSTABLE) for backports | Salvatore Bonaccorso | 2019-03-26 | 1 | -1/+1 |
| | |||||
* | Fetch packages files for backports suites only for $(STABLE) | Salvatore Bonaccorso | 2019-03-26 | 1 | -2/+2 |
| | | | | | | Current oldstable does not contains anymore the backports suites as it is the LTS release. As such jessie-backports was removed from the mirrors. | ||||
* | Replace file() with open() for Python 3 compatability | Brian May | 2019-03-04 | 6 | -12/+12 |
| | |||||
* | Replace `abc` with repr(abc) | Brian May | 2019-02-18 | 2 | -7/+7 |
| | |||||
* | lib/python/bugs.py: Use explicit list comprehension; the "lambda (x,)" ↵ | Chris Lamb | 2019-02-11 | 1 | -2/+2 |
| | | | | syntax is not actually valid in Python 3. | ||||
* | lib/python/debian_support.py: Use repr(..) over backticks; they are removed ↵ | Chris Lamb | 2019-02-11 | 1 | -3/+3 |
| | | | | in Python 3.x | ||||
* | CVEExtendFile: treat TEMP-* entries as unique | Emilio Pozuelo Monfort | 2018-12-04 | 1 | -0/+9 |
| | | | | | | Otherwise, they will get rehashed into a different temp name, preventing one to add notes to TEMP entries in an extend file. | ||||
* | Merge branch 'bam/security-tracker-use_pythons_namedtuple' | Salvatore Bonaccorso | 2018-11-11 | 4 | -96/+3 |
|\ | |||||
| * | Use the namedtuple class supplied with Python | Brian May | 2018-08-20 | 4 | -96/+3 |
| | | |||||
* | | Replace "x.has_key(y)" with "y in x" syntax | Brian May | 2018-08-20 | 7 | -16/+16 |
|/ | |||||
* | Fix print statements for Python 3.6 compatibility | Brian May | 2018-08-06 | 8 | -72/+77 |
| | |||||
* | Replace <> with != for Python 3.6 compatibility | Brian May | 2018-07-15 | 6 | -26/+26 |
| | |||||
* | Update python exception syntax for Python 3.6 compatibility | Brian May | 2018-07-13 | 7 | -45/+45 |
| |