Re: heads up: DLA should now be published on the website
On Thu, Feb 21, 2019 at 01:51:07PM -0500, Antoine Beaupré wrote:
> > -> this script is incorrect/broken for DLAs it seems, as
> > https://www.debian.org/lts/security/ does list the DLAs 1677-1681,
> > just DLAs 1682-1685 are missing. And they are called DLA-1234 there,
> > not "DLA 1234-1"...
> Weird. Is your local checkout up to date?
yes
> What if you run in debug mode?
~/Projects/debian-www/cron$ ../cron/parts/10-check-advisories --mode DLA
--debug 2>&1 | head -50
INFO: fetching URL
https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/DLA/list
DEBUG: Starting new HTTPS connection (1): salsa.debian.org
DEBUG: https://salsa.debian.org:443 "GET
/security-tracker-team/security-tracker/raw/master/data/DLA/list HTTP/1.1" 200
47253
INFO: checking DLA-1685-1 (2019)
ERROR: .data or .wml file missing for DLA 1685-1
DEBUG: skipping line: " {CVE-2019-6338}"
DEBUG: skipping line: " [jessie] - drupal7 7.32-1+deb8u15"
INFO: checking DLA-1684-1 (2019)
ERROR: .data or .wml file missing for DLA 1684-1
DEBUG: skipping line: " {CVE-2019-6454}"
DEBUG: skipping line: " [jessie] - systemd 215-17+deb8u10"
INFO: checking DLA-1683-1 (2019)
ERROR: .data or .wml file missing for DLA 1683-1
DEBUG: skipping line: " {CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176
CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181
CVE-2018-20182}"
DEBUG: skipping line: " [jessie] - rdesktop 1.8.4-0+deb8u1"
INFO: checking DLA-1660-2 (2019)
ERROR: .data or .wml file missing for DLA 1660-2
DEBUG: skipping line: " [jessie] - rssh 2.3.4-4+deb8u3"
INFO: checking DLA-1682-1 (2019)
ERROR: .data or .wml file missing for DLA 1682-1
DEBUG: skipping line: " {CVE-2018-20721}"
DEBUG: skipping line: " [jessie] - uriparser 0.8.0.1-2+deb8u2"
INFO: checking DLA-1681-1 (2019)
ERROR: .data or .wml file missing for DLA 1681-1
DEBUG: skipping line: " {CVE-2019-7659}"
DEBUG: skipping line: " [jessie] - gsoap 2.8.17-1+deb8u2"
INFO: checking DLA-1680-1 (2019)
ERROR: .data or .wml file missing for DLA 1680-1
DEBUG: skipping line: " {CVE-2018-17000 CVE-2018-19210 CVE-2019-7663}"
DEBUG: skipping line: " [jessie] - tiff 4.0.3-12.3+deb8u8"
INFO: checking DLA-1679-1 (2019)
ERROR: .data or .wml file missing for DLA 1679-1
DEBUG: skipping line: " [jessie] - php5 5.6.40+dfsg-0+deb8u1"
INFO: checking DLA-1678-1 (2019)
ERROR: .data or .wml file missing for DLA 1678-1
DEBUG: skipping line: " {CVE-2018-18356 CVE-2018-18500 CVE-2018-18501
CVE-2018-18505 CVE-2018-18509 CVE-2019-5785}"
DEBUG: skipping line: " [jessie] - thunderbird 1:60.5.1-1~deb8u1"
INFO: checking DLA-1677-1 (2019)
ERROR: .data or .wml file missing for DLA 1677-1
DEBUG: skipping line: " {CVE-2018-18356 CVE-2019-5785}"
DEBUG: skipping line: " [jessie] - firefox-esr 60.5.1esr-1~deb8u1"
INFO: checking DLA-1676-1 (2019)
ERROR: .data or .wml file missing for DLA 1676-1
DEBUG: skipping line: " {CVE-2017-15105}"
DEBUG: skipping line: " [jessie] - unbound 1.4.22-3+deb8u4"
INFO: checking DLA-1675-1 (2019)
ERROR: .data or .wml file missing for DLA 1675-1
DEBUG: skipping line: " {CVE-2019-6690}"
DEBUG: skipping line: " [jessie] - python-gnupg 0.3.6-1+deb8u1"
INFO: checking DLA-1674-1 (2019)
> > Also, if this merge request would be merged, it would just run it in
> > normal, DSA, mode. Do you have a suggestion how to run it in DLA mode?
> We could simply change the default here:
>
> parser.add_argument('--mode', default='DSA', choices=('DSA', 'DLA'),
> help='which sort of advisory to check (default:
> %(default)s)') # noqa: E501
hmm. (and then, what about missing DSAs?)
--
tschau,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
Re: heads up: DLA should now be published on the website
On 2019-02-21 18:18:06, Holger Levsen wrote:
> Hi Antoine,
>
> On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote:
>> But my little finger tells me there are many DLAs still missing from the
>> website. So even if/when the above MR does get merged, more entries will
>> be missing. So someone will need to make sure to run the check script to
>> make sure no entries are missing regularly, see also:
>> https://salsa.debian.org/webmaster-team/cron/merge_requests/1
>
> I've looked at this script now, it works nicely, just our results are
> not so good yet:
>
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories 2>&1 |wc -l
> 314
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA
> 2>&1 |wc -l
> 1762
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA
> 2>&1 | head -10
> ERROR: .data or .wml file missing for DLA 1685-1
> ERROR: .data or .wml file missing for DLA 1684-1
> ERROR: .data or .wml file missing for DLA 1683-1
> ERROR: .data or .wml file missing for DLA 1660-2
> ERROR: .data or .wml file missing for DLA 1682-1
> ERROR: .data or .wml file missing for DLA 1681-1
> ERROR: .data or .wml file missing for DLA 1680-1
> ERROR: .data or .wml file missing for DLA 1679-1
> ERROR: .data or .wml file missing for DLA 1678-1
> ERROR: .data or .wml file missing for DLA 1677-1
> debian-work:~/Projects/debian-www/webwml$
>
> -> this script is incorrect/broken for DLAs it seems, as
> https://www.debian.org/lts/security/ does list the DLAs 1677-1681,
> just DLAs 1682-1685 are missing. And they are called DLA-1234 there,
> not "DLA 1234-1"...
Weird. Is your local checkout up to date? What if you run in debug mode?
> Also, if this merge request would be merged, it would just run it in
> normal, DSA, mode. Do you have a suggestion how to run it in DLA mode?
We could simply change the default here:
parser.add_argument('--mode', default='DSA', choices=('DSA', 'DLA'),
help='which sort of advisory to check (default:
%(default)s)') # noqa: E501
a.
--
If you have come here to help me, you are wasting our time.
But if you have come because your liberation is bound up with mine, then
let us work together.- Aboriginal activists group, Queensland, 1970s
Re: heads up: DLA should now be published on the website
Hi Antoine, On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote: > But my little finger tells me there are many DLAs still missing from the > website. So even if/when the above MR does get merged, more entries will > be missing. So someone will need to make sure to run the check script to > make sure no entries are missing regularly, see also: > https://salsa.debian.org/webmaster-team/cron/merge_requests/1 I've looked at this script now, it works nicely, just our results are not so good yet: ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories 2>&1 |wc -l 314 ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA 2>&1 |wc -l 1762 ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA 2>&1 | head -10 ERROR: .data or .wml file missing for DLA 1685-1 ERROR: .data or .wml file missing for DLA 1684-1 ERROR: .data or .wml file missing for DLA 1683-1 ERROR: .data or .wml file missing for DLA 1660-2 ERROR: .data or .wml file missing for DLA 1682-1 ERROR: .data or .wml file missing for DLA 1681-1 ERROR: .data or .wml file missing for DLA 1680-1 ERROR: .data or .wml file missing for DLA 1679-1 ERROR: .data or .wml file missing for DLA 1678-1 ERROR: .data or .wml file missing for DLA 1677-1 debian-work:~/Projects/debian-www/webwml$ -> this script is incorrect/broken for DLAs it seems, as https://www.debian.org/lts/security/ does list the DLAs 1677-1681, just DLAs 1682-1685 are missing. And they are called DLA-1234 there, not "DLA 1234-1"... Also, if this merge request would be merged, it would just run it in normal, DSA, mode. Do you have a suggestion how to run it in DLA mode? -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: heads up: DLA should now be published on the website
On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote: > > can you please put that on wiki.d.o/LTS/Development?! > This is now done. I added a new section to the wiki awesome, thank you! > I've done one more mass import, hopefully the last: > https://salsa.debian.org/webmaster-team/webwml/merge_requests/58 merged and pushed, thanks. > But my little finger tells me there are many DLAs still missing from the > website. So even if/when the above MR does get merged, more entries will > be missing. So someone will need to make sure to run the check script to > make sure no entries are missing regularly, see also: > https://salsa.debian.org/webmaster-team/cron/merge_requests/1 I guess I will run this check script weekly (or maybe even daily) on jenkins.debian.net. > Obviously, this workflow is not optimal and could be automated, see also > #859123 (in CC). we'll get there eventually. > Thank you for your time. very much likewise! -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. signature.asc Description: PGP signature
heads up: DLA should now be published on the website
On 2019-02-01 20:58:28, Holger Levsen wrote: > On Fri, Feb 01, 2019 at 01:58:04PM -0500, Antoine Beaupré wrote: [...] > can you please put that on wiki.d.o/LTS/Development?! This is now done. I added a new section to the wiki https://wiki.debian.org/LTS/Development#Publishing_updates_on_the_website The TL;DR: is that you now need to clone the main website and issue a merge request when you publish a DLA. Once you have a clone, it should be as simple as: parse-dla.pl git checkout -b DLA--Y git add 2019 git commit -m'DLA-XXX-Y' git push -u origin salsa mr I've done one more mass import, hopefully the last: https://salsa.debian.org/webmaster-team/webwml/merge_requests/58 But my little finger tells me there are many DLAs still missing from the website. So even if/when the above MR does get merged, more entries will be missing. So someone will need to make sure to run the check script to make sure no entries are missing regularly, see also: https://salsa.debian.org/webmaster-team/cron/merge_requests/1 Obviously, this workflow is not optimal and could be automated, see also #859123 (in CC). Thank you for your time. A. -- Omnis enim ex infirmitate feritas est. All cruelty springs from weakness. - Lucius Annaeus Seneca (58 AD)
