[Qgis-community-team] Security msg from github
Richard Duivenvoorde
rdmailings at duif.net
Mon Nov 12 23:37:37 PST 2018
Hi Alexandre,
You are right, I have to update the docker images too... I think we can
rework the script so it will always create a virtual env with the right
dependencies though.
Errors for building pdf are 'normal',
https://github.com/qgis/QGIS-Documentation/blob/master/Makefile#L98
but it SHOULD end in a pdf though :-)
There are a lot of Tex packages needed though:
https://github.com/qgis/QGIS-Sysadmin/blob/master/docker/sphinx/Dockerfile-pdf
AND all fonts if you want to build non-western languages.
Regards,
Richard
On 11/12/18 11:08 PM, Alexandre Neto wrote:
> Richard,
>
> I changed the requests version to 2.20 in the requirements.txt file and
> updated my virtualenv to reflect that.
>
> I was able to build html (english only).
>
> I also tried the docker image and everything built without issues, but I am
> not sure if the requirements are taken in consideration in the docker build
> (probably not)
>
> I was not able to build any PDF, not sure If I am missing some piece, but I
> always get the following:
>
> usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> /usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> /usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> Makefile:83: recipe for target 'pdf' failed
> mv output/latex/en/QGISUserGuide.pdf
> output/pdf/en/QGIS-testing-UserGuide.pdf
> make: [pdf] Error 1 (ignored)
> # pyqgis developer cookbook
> /usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> /usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> /usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
> make: [pdf] Error 1 (ignored)
> Makefile:83: recipe for target 'pdf' failed
>
>
> On Mon, Nov 12, 2018 at 4:25 PM Alexandre Neto <senhor.neto at gmail.com>
> wrote:
>
>>
>> I have created a ticket for that:
>>
>> https://github.com/qgis/QGIS-Documentation/issues/3145
>>
>> So that we don't forget.
>>
>> Cheers,
>>
>> Alex Neto
>>
>> On Mon, Nov 12, 2018 at 6:58 AM Richard Duivenvoorde <rdmailings at duif.net>
>> wrote:
>>
>>> Hi,
>>>
>>> On the QGIS-Documentation repository I got a message from github,
>>> telling us we use a component with a security issue ("moderate
>>> severity")in it, pointing to:
>>>
>>>
>>> https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open
>>> Pointing to
>>> https://nvd.nist.gov/vuln/detail/CVE-2018-18074
>>>
>>> It's about the used python requests-module, and tells us:
>>> Upgrade requests to version 2.20.0 or later.
>>> Apparently we use an older version-nr in our REQUIREMENTS.txt.
>>>
>>> Please remind me to do this, or can somebody else try/test.
>>>
>>> Regards,
>>>
>>> Richard Duivenvoorde
>>> _______________________________________________
>>> Qgis-community-team mailing list for organizing community resources such
>>> as documentation, translation etc..
>>> Qgis-community-team at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/qgis-community-team
>>
>>
>
>
> _______________________________________________
> Qgis-community-team mailing list for organizing community resources such as documentation, translation etc..
> Qgis-community-team at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-community-team
>
More information about the Qgis-community-team
mailing list