[Qgis-community-team] Security msg from github

Alexandre Neto senhor.neto at gmail.com
Mon Nov 12 14:08:13 PST 2018


Richard,

I changed the requests version to 2.20 in the requirements.txt file and
updated my virtualenv to reflect that.

I was able to build html (english only).

I also tried the docker image and everything built without issues, but I am
not sure if the requirements are taken in consideration in the docker build
(probably not)

I was not able to build any PDF, not sure If I am missing some piece, but I
always get the following:

usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
Makefile:83: recipe for target 'pdf' failed
mv output/latex/en/QGISUserGuide.pdf
output/pdf/en/QGIS-testing-UserGuide.pdf
make: [pdf] Error 1 (ignored)
# pyqgis developer cookbook
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
make: [pdf] Error 1 (ignored)
Makefile:83: recipe for target 'pdf' failed


On Mon, Nov 12, 2018 at 4:25 PM Alexandre Neto <senhor.neto at gmail.com>
wrote:

>
> I have created a ticket for that:
>
> https://github.com/qgis/QGIS-Documentation/issues/3145
>
> So that we don't forget.
>
> Cheers,
>
> Alex Neto
>
> On Mon, Nov 12, 2018 at 6:58 AM Richard Duivenvoorde <rdmailings at duif.net>
> wrote:
>
>> Hi,
>>
>> On the QGIS-Documentation repository I got a message from github,
>> telling us we use a component with a security issue ("moderate
>> severity")in it, pointing to:
>>
>>
>> https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open
>> Pointing to
>> https://nvd.nist.gov/vuln/detail/CVE-2018-18074
>>
>> It's about the used python requests-module, and tells us:
>> Upgrade requests to version 2.20.0 or later.
>> Apparently we use an older version-nr in our REQUIREMENTS.txt.
>>
>> Please remind me to do this, or can somebody else try/test.
>>
>> Regards,
>>
>> Richard Duivenvoorde
>> _______________________________________________
>> Qgis-community-team mailing list for organizing community resources such
>> as documentation, translation etc..
>> Qgis-community-team at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/qgis-community-team
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-community-team/attachments/20181112/d61d0455/attachment.html>


More information about the Qgis-community-team mailing list