Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to update requests version for security reasons #3145

Closed
2 tasks
SrNetoChan opened this issue Nov 12, 2018 · 2 comments
Closed
2 tasks

Need to update requests version for security reasons #3145

SrNetoChan opened this issue Nov 12, 2018 · 2 comments
Assignees
@rduivenvoorde @SrNetoChan

Comments

@SrNetoChan
Copy link
Member

Description

Message from @rduivenvoorde on the commnunity mailinglist:

On the QGIS-Documentation repository I got a message from github,
telling us we use a component with a security issue ("moderate
severity")in it, pointing to:

https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open
Pointing to
https://nvd.nist.gov/vuln/detail/CVE-2018-18074

It's about the used python requests-module, and tells us:
Upgrade requests to version 2.20.0 or later.
Apparently, we use an older version-nr in our REQUIREMENTS.txt.

Please remind me to do this, or can somebody else try/test.

Checklist
@SrNetoChan
Copy link
Member Author

@rduivenvoorde ,

I changed the requests version to 2.20 in the requirements.txt file and updated my virtualenv to reflect that.

I was able to build html (english only).

I also tried the docker image and everything built without issues, but I am not sure if the requirements are taken in consideration in the docker build (probably not)

I was not able to build any PDF, not sure If I am missing some piece, but I always get the following:

(---)
copying TeX support files...
done
build succeeded, 1 warning.
# Compile the pdf docs for that locale
# we use texi2pdf since latexpdf target is not available via
# sphinx-build which we need to use since we need to pass language flag
mkdir -p output/pdf/en
# need to build 3x to have proper toc and index
# currently texi2pdf has bad exit status. Please ignore errors!!
# prepending the texi2pdf command with - keeps make going instead of quitting
# japanese pdf has problems, when build with texi2pdf
# as alternative we can use platex
# for russian pdf you need package 'texlive-lang-cyrillic' installed
# for japanese pdf you need: 'cmap-adobe-japan1 cmap-adobe-japan2 latex-cjk-all nkf okumura-clsfiles ptex-base ptex-bin texlive-fonts-extra'
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
make: [pdf] Error 1 (ignored)
Makefile:83: recipe for target 'pdf' failed
mv output/latex/en/QGISUserGuide.pdf output/pdf/en/QGIS-testing-UserGuide.pdf
# pyqgis developer cookbook
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
make: [pdf] Error 1 (ignored)
Makefile:83: recipe for target 'pdf' failed
mv output/latex/en/PyQGISDeveloperCookbook.pdf output/pdf/en/QGIS-testing-PyQGISDeveloperCookbook.pdf
# training manual
mv output/latex/en/QGISTrainingManual.pdf output/pdf/en/QGIS-testing-QGISTrainingManual.pdf
# developer guidelines
mv output/latex/en/QGISDevelopersGuide.pdf output/pdf/en/QGIS-testing-QGISDevelopersGuide.pdf

@SrNetoChan
Copy link
Member Author

The issue was fixed here:
9dc6e09

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rduivenvoorde rduivenvoorde

@SrNetoChan SrNetoChan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rduivenvoorde @SrNetoChan