Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add basic Unicode support to the web framework | Florian Weimer | 2020-05-01 | 1 | -20/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As mentioned in Debian bug #959231 ("security-tracker: Proxy Error on CVE-2020-11565 tracker page"): * Florian Weimer: > * Francesco Poli: > >> Please note that the CVE is mentioned in [DSA-4667-1]. >> >> [DSA-4667-1]: <https://lists.debian.org/debian-security-announce/2020/msg00071.html> >> >> What's wrong with that tracker page? > > It's something in the NVD data that breaks the HTML escaping. This patch adds basic Unicode support to the web framework. I'm not sure if it is the right direction to move in, but it fixes the issue. An alternative fix would be to change the NVD importer not to put Unicode strings into the database, by encoding them as byte strings first. [carnil: Slightly rewrite the commit message] BugLink: https://bugs.debian.org/929228 BugLink: https://bugs.debian.org/959231 Signed-off-by: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | security_db: don't return duplicated advisories | Emilio Pozuelo Monfort | 2020-03-18 | 1 | -1/+1 |
| | | | | | | This is used to build the advisory table in package views, and it makes no sense to list some advisories (e.g. DSAs that fixed both stable and oldstable) twice. | ||||
* | nvd.py: Fix typo in Parser when issueing error (VAlueError -> ValueError) | Salvatore Bonaccorso | 2020-03-04 | 1 | -1/+1 |
| | | | | | Fixes: 966aef0927e2 ("Reimplement (incompletely) simplistic NVD parser to handle JSON feed") Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | Merge branch 'bam/security-tracker-fix_cmp' | Salvatore Bonaccorso | 2020-01-02 | 1 | -1/+2 |
|\ | | | | | | | See merge request security-tracker-team/security-tracker!40 | ||||
| * | Fix list sort | Brian May | 2019-06-17 | 1 | -1/+2 |
| | | |||||
* | | Fix inconsistent leading ident before if statement | Brian May | 2019-12-26 | 1 | -2/+2 |
| | | |||||
* | | Reimplement (incompletely) simplistic NVD parser to handle JSON feed | Salvatore Bonaccorso | 2019-10-20 | 1 | -68/+59 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reimplementation is focused on only the functionality actually strictly required by the security-tracker. This includes fetching the CVE id and corresponding description. All of specific imapct metrics (severity, range, loss attributes) are not implemented. Those will require a database schema version bump and reimplementation as well for the security_db. Closes: #942670 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | | nvd.py: Add missing note that CVE description is returned | Salvatore Bonaccorso | 2019-10-20 | 1 | -0/+1 |
| | | |||||
* | | Drop mips from bullseye architectures | Salvatore Bonaccorso | 2019-08-21 | 1 | -1/+1 |
| | | |||||
* | | Another place where mips needs to be dropped | Raphaël Hertzog | 2019-08-21 | 1 | -1/+1 |
| | | |||||
* | | Don't track mips in sid, it's gone | Raphaël Hertzog | 2019-08-21 | 1 | -1/+1 |
| | | | | | | | | | | As announced in https://lists.debian.org/debian-mips/2019/07/msg00010.html it's now gone from the mirrors. | ||||
* | | Disable fetching of backports | Salvatore Bonaccorso | 2019-07-07 | 1 | -1/+4 |
| | | | | | | | | | | | | | | | | | | | | | | They ship Packages/Sources.gz only and backports is anyway not very good supported in tracker. Until #664866 is fixed backports will anyway not be tracked properly in security-tracker. Temporarily disable until downloadFile can handle multiple situations more gracefully. | ||||
* | | Adjust dist directory on security archives for distribution | Salvatore Bonaccorso | 2019-07-06 | 1 | -0/+8 |
| | | | | | | | | | | | | | | | | | | | | Starting with bullseye the distribution/suite are switched to *-security instead of */updates for consistency through the Debian archives. See: https://lists.debian.org/debian-security/2019/06/msg00015.html for details and the intention to switch. Thanks: Ansgar Burchardt | ||||
* | | lib/debian-releases.mk: Fetch backports suites for $(OLDSTABLE) | Salvatore Bonaccorso | 2019-07-06 | 1 | -1/+1 |
| | | |||||
* | | security_db: Update mappings after buster stable release | Salvatore Bonaccorso | 2019-07-06 | 1 | -16/+16 |
| | | |||||
* | | dist_config: Add support for bullseye release and initial list of supported ↵ | Salvatore Bonaccorso | 2019-07-06 | 1 | -0/+5 |
| | | | | | | | | | | | | | | architectures Add list of currently suported architectures inherited from buster supported architectures. | ||||
* | | debian_support: Add bullseye to supported releases | Salvatore Bonaccorso | 2019-07-06 | 1 | -1/+1 |
|/ | |||||
* | Remove hurd-i386, kfreebsd-{i386,amd64} from architectures in sid | Salvatore Bonaccorso | 2019-05-01 | 1 | -1/+1 |
| | | | | | | As announced in https://lists.debian.org/debian-devel/2019/04/msg00207.html hurd-i386 and kfreebsd-{i386,amd64} are going to be moved to debian-ports instead. | ||||
* | security_db: Make source code comment independent of codename for distribution | Salvatore Bonaccorso | 2019-04-28 | 1 | -2/+2 |
| | |||||
* | lib/debian-releases.mk: Correctly remove $(OLDSTABLE) for backports | Salvatore Bonaccorso | 2019-03-26 | 1 | -1/+1 |
| | |||||
* | Fetch packages files for backports suites only for $(STABLE) | Salvatore Bonaccorso | 2019-03-26 | 1 | -2/+2 |
| | | | | | | Current oldstable does not contains anymore the backports suites as it is the LTS release. As such jessie-backports was removed from the mirrors. | ||||
* | Replace file() with open() for Python 3 compatability | Brian May | 2019-03-04 | 6 | -12/+12 |
| | |||||
* | Replace `abc` with repr(abc) | Brian May | 2019-02-18 | 2 | -7/+7 |
| | |||||
* | lib/python/bugs.py: Use explicit list comprehension; the "lambda (x,)" ↵ | Chris Lamb | 2019-02-11 | 1 | -2/+2 |
| | | | | syntax is not actually valid in Python 3. | ||||
* | lib/python/debian_support.py: Use repr(..) over backticks; they are removed ↵ | Chris Lamb | 2019-02-11 | 1 | -3/+3 |
| | | | | in Python 3.x | ||||
* | CVEExtendFile: treat TEMP-* entries as unique | Emilio Pozuelo Monfort | 2018-12-04 | 1 | -0/+9 |
| | | | | | | Otherwise, they will get rehashed into a different temp name, preventing one to add notes to TEMP entries in an extend file. | ||||
* | Merge branch 'bam/security-tracker-use_pythons_namedtuple' | Salvatore Bonaccorso | 2018-11-11 | 4 | -96/+3 |
|\ | |||||
| * | Use the namedtuple class supplied with Python | Brian May | 2018-08-20 | 4 | -96/+3 |
| | | |||||
* | | Replace "x.has_key(y)" with "y in x" syntax | Brian May | 2018-08-20 | 7 | -16/+16 |
|/ | |||||
* | Fix print statements for Python 3.6 compatibility | Brian May | 2018-08-06 | 8 | -72/+77 |
| | |||||
* | Replace <> with != for Python 3.6 compatibility | Brian May | 2018-07-15 | 6 | -26/+26 |
| | |||||
* | Update python exception syntax for Python 3.6 compatibility | Brian May | 2018-07-13 | 7 | -45/+45 |
| | |||||
* | Drop powerpc from sid architectures | Raphaël Hertzog | 2018-07-08 | 1 | -1/+1 |
| | | | | It's gone from the main mirror. It now resides on ports.debian.org. | ||||
* | Merge branch 'jcristau/security-tracker-head' | Salvatore Bonaccorso | 2018-07-07 | 1 | -2/+5 |
|\ | |||||
| * | lib: add support for the HEAD HTTP method | Julien Cristau | 2018-07-06 | 1 | -2/+5 |
| | | | | | | | | Fixes security-tracker-team/security-tracker#3 | ||||
* | | Also set Content-Length for HTMLResult | Julien Cristau | 2018-07-06 | 1 | -0/+1 |
|/ | |||||
* | Set Content-Length for BinaryResult | Julien Cristau | 2018-07-06 | 1 | -0/+1 |
| | |||||
* | lib: add "headers" attribute on Result objects | Julien Cristau | 2018-07-06 | 1 | -31/+26 |
| | | | | Make it possible to set arbitrary headers when returning a Result. | ||||
* | Reduce list of supported architectures for jessie under LTS support | Salvatore Bonaccorso | 2018-06-16 | 1 | -1/+1 |
| | |||||
* | sources: add name and path info | Emilio Pozuelo Monfort | 2018-06-15 | 1 | -6/+9 |
| | | | | This avoids having to guess the name from the path. | ||||
* | Rename CVECUSTOMERFile to CVEExtendFile | Emilio Pozuelo Monfort | 2018-06-08 | 1 | -1/+5 |
| | |||||
* | Simplify Extends support | Emilio Pozuelo Monfort | 2018-06-08 | 1 | -44/+20 |
| | | | | | | BugExtend.writeDB() is pretty similar to BugBase's, so update the latter to take extends into account when necessary to avoid unneeded duplicated code. | ||||
* | Add support for CUSTOMER bugs and CVE extends | Bastian Blank | 2018-06-08 | 1 | -1/+36 |
| | |||||
* | Dynamically create announce queries | Emilio Pozuelo Monfort | 2018-06-08 | 1 | -2/+20 |
| | | | | Based on the DSA-like files present in the config file. | ||||
* | Move source list to a config file | Emilio Pozuelo Monfort | 2018-06-08 | 1 | -10/+11 |
| | |||||
* | Merge DLAFile into DSAFile | Emilio Pozuelo Monfort | 2018-06-08 | 2 | -10/+10 |
| | | | | | The only difference is that the regular expressions look for DSA or DLA, but we can just guess that based on the path. | ||||
* | Simplify DLAFile | Emilio Pozuelo Monfort | 2018-06-08 | 1 | -36/+1 |
| | | | | Subclass DSAFile rather than copying it. | ||||
* | Generalize the code to fetch Packages/Sources updates | Raphaël Hertzog | 2018-05-31 | 1 | -0/+39 |
| | | | | | | | | | | It's now easy to extend by adding a supplementary lib/foobar-releases.mk file. I verified that the set of downloaded files are identical with the exception of a bug that got fixed in the process: the update-backports-% rule used to download files for all sections (main, contrib, non-free) but saved them all under the name corresponding to the main section. | ||||
* | Revert changes unrelated to the partclone no-dsa marking | Salvatore Bonaccorso | 2018-05-05 | 2 | -45/+3 |
| | |||||
* | partclone no-dsa on wheezy | Emilio Pozuelo Monfort | 2018-05-05 | 2 | -3/+45 |
| |