Bug 27487

Fixed by Neal in openSUSE in this commit:
https://build.opensuse.org/request/show/839353

Assignee: bugsquad => ngompa13
Status comment: (none) => Fixed upstream in 5.6

I've uploaded a fixed version to updates-testing for Mageia 7. This has been fixed in Cauldron for a while now, so there was nothing to do there...

Suggested advisory:
========================

Updated pagure packages fix security vulnerabilities:

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11556
https://bugzilla.suse.com/show_bug.cgi?id=1176987
https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318
========================

Updated packages in core/updates_testing:
========================
pagure-5.5-1.1.mga7
pagure-theme-pagureio-5.5-1.1.mga7
pagure-theme-srcfpo-5.5-1.1.mga7
pagure-theme-chameleon-5.5-1.1.mga7
pagure-milters-5.5-1.1.mga7
pagure-ev-5.5-1.1.mga7
pagure-webhook-5.5-1.1.mga7
pagure-ci-5.5-1.1.mga7
pagure-logcom-5.5-1.1.mga7
pagure-loadjson-5.5-1.1.mga7
pagure-mirror-5.5-1.1.mga7


Source RPMs: 
pagure-5.5-1.1.mga7.src.rpm

MGA7-64 MATE on Peaq C1011
No installation issues.
No previous updates, so looking for info, found https://pagure.io/pagure.
Seems like a lot of fun for knowleadgable people.
Just tried to launch from CLI, but trouble:
$ pagure-admin 
Using configuration file `/etc/pagure/pagure.cfg`
Error: 'Namespace' object has no attribute 'func'
ERROR:root:Generic error catched:
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/pagure/cli/admin.py", line 1034, in main
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

CC: (none) => herman.viaene

(In reply to Herman Viaene from comment #3)
> MGA7-64 MATE on Peaq C1011
> No installation issues.
> No previous updates, so looking for info, found https://pagure.io/pagure.
> Seems like a lot of fun for knowleadgable people.
> Just tried to launch from CLI, but trouble:
> $ pagure-admin 
> Using configuration file `/etc/pagure/pagure.cfg`
> Error: 'Namespace' object has no attribute 'func'
> ERROR:root:Generic error catched:
> Traceback (most recent call last):
>   File "/usr/lib/python3.7/site-packages/pagure/cli/admin.py", line 1034, in
> main
>     args.func(args)
> AttributeError: 'Namespace' object has no attribute 'func'

Keywords: (none) => feedback
CC: (none) => ouaurelien

Huh, I don't think I've ever tried to run pagure-admin with no arguments before.

It looks like this is an argparse bug where it just fails to correctly handle when no parameters or arguments are passed in.

Cf. https://stackoverflow.com/questions/48648036/python-argparse-args-has-no-attribute-func

I can reproduce this on upstream Pagure and the version shipped in MGA7 GA too.

So that's unrelated to Pagure itself.

If you've followed the quickstart guide to configure a pagure instance, then "pagure-admin -h" should work.

CC: (none) => ngompa13

Thanks Neal.

QA should now have a procedure test.

Note that this upstream bug should also be reported and fixed. Calling pagure-admin without argument should display a help usage... ;)

We will now see to add arguments and see -h switch for help.
$ pagure-admin

CVE: (none) => CVE-2019-11556
Keywords: feedback => (none)

(In reply to Aurelien Oudelet from comment #6)
> Thanks Neal.
> 
> QA should now have a procedure test.
> 
> Note that this upstream bug should also be reported and fixed. Calling
> pagure-admin without argument should display a help usage... ;)
> 

It's a bug in Python, but perhaps there's a way to work around it in Pagure (not sure about that though...).

Running MGA7 Plasma under a VM x86_64.

Updating pagure OK.

$ pagure-admin -h

gives help.


Giving this OK.
Validating.
Advisory in Comment 2.

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0206.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED