Comment 1 Zac Medico 2018-04-09 19:34:13 UTC

I can reproduce the problem by reverting this fix:

https://gitweb.gentoo.org/data/glsa.git/commit/?id=6d341a6c00fd52a41ddaf7e932d941b6c7f9bf88

Comment 2 Aaron Bauman (RETIRED) 2018-04-09 19:35:45 UTC

(In reply to Daniel Pouzzner from comment #0)
> sync -a this morning brought in
> /usr/portage/metadata/glsa/glsa-201804-10.xml, which warns for
> dev-php/ZendFramework, which no longer exists in /usr/portage (which is fine
> and good).  glsa-check apparently can't cope with such a reference (see
> below).
> 
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> 1. emaint sync -a, creating metadata/glsa/glsa-201804-10.xml
> 2. emerge --ask --oneshot =app-portage/gentoolkit-0.4.0
> =sys-apps/portage-2.3.24-r1
>    or
>    emerge --ask --oneshot =app-portage/gentoolkit-0.4.2-r1
> =sys-apps/portage-2.3.28
> 3. glsa-check -t affected
> 
> Actual Results:  
> with app-portage/gentoolkit-0.4.0 and sys-apps/portage-2.3.24-r1 (amd64
> stable):
> 
> -* glsa-check -v -t affected
> Traceback (most recent call last):
>   File "/usr/lib/python-exec/python3.5/glsa-check", line 186, in <module>
>     if myglsa.isVulnerable():
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 683, in isVulnerable
>     or (None != getMinUpgrade([v,], path["unaff_atoms"]))
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in getMinUpgrade
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in <listcomp>
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 347, in match
>     return db.match(atom)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line
> 575, in match
>     origdep, mydb=self, use_cache=use_cache, settings=self.settings)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/dep_expand.py",
> line 35, in dep_expand
>     mydep = Atom(mydep, allow_repo=True)
>   File "/usr/lib64/python3.5/site-packages/portage/dep/__init__.py", line
> 1270, in __init__
>     raise InvalidAtom(self)
> portage.exception.InvalidAtom: >=dev-php/ZendFramework-
> -* glsa-check -v -t affected
> Traceback (most recent call last):
>   File "/usr/lib/python-exec/python3.5/glsa-check", line 186, in <module>
>     if myglsa.isVulnerable():
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 683, in isVulnerable
>     or (None != getMinUpgrade([v,], path["unaff_atoms"]))
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in getMinUpgrade
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in <listcomp>
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 347, in match
>     return db.match(atom)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line
> 575, in match
>     origdep, mydb=self, use_cache=use_cache, settings=self.settings)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/dep_expand.py",
> line 35, in dep_expand
>     mydep = Atom(mydep, allow_repo=True)
>   File "/usr/lib64/python3.5/site-packages/portage/dep/__init__.py", line
> 1270, in __init__
>     raise InvalidAtom(self)
> portage.exception.InvalidAtom: >=dev-php/ZendFramework-
> 
> 
> with app-portage/gentoolkit-0.4.2-r1 and sys-apps/portage-2.3.28 (~amd64):
> 
> -* glsa-check -v -t affected
> Traceback (most recent call last):
>   File "/usr/lib/python-exec/python3.5/glsa-check", line 186, in <module>
>     if myglsa.isVulnerable():
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 683, in isVulnerable
>     or (None != getMinUpgrade([v,], path["unaff_atoms"]))
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in getMinUpgrade
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 411, in <listcomp>
>     u_installed = reduce(operator.add, [match(u, "vartree") for u in
> unaffectedList], [])
>   File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py",
> line 347, in match
>     return db.match(atom)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line
> 576, in match
>     origdep, mydb=self, use_cache=use_cache, settings=self.settings)
>   File "/usr/lib64/python3.5/site-packages/portage/dbapi/dep_expand.py",
> line 35, in dep_expand
>     mydep = Atom(mydep, allow_repo=True)
>   File "/usr/lib64/python3.5/site-packages/portage/dep/__init__.py", line
> 1273, in __init__
>     raise InvalidAtom(self)
> portage.exception.InvalidAtom: >=dev-php/ZendFramework-
> 
> 
> Expected Results:  
> -* glsa-check -v -t affected
> This system is not affected by any of the listed GLSAs
> 
> 
> Expected result achieved by first doing
> 
> mv /usr/portage/metadata/glsa/glsa-201804-10.xml
> /usr/portage/metadata/glsa/glsa-201804-10.xml.hold

The issue is fixed by the commit zmedico is referring too.  Please resync and let us know if you continue to have issues.

Yup, fixed.  Thanks!

Comment 4 Aaron Bauman (RETIRED) 2018-04-09 19:54:43 UTC

My apologies.  Zac intend to look into this.  He has reported that Portage's glsa-check does not encounter the error (possibly silently ignoring it), but gentoolkit glsa-check does.

Yeah that makes sense.  I didn't realize there were two of them (dubious in itself).  Confirmed that behavior:

-* ls -l /usr/lib/portage/python3.5/glsa-check /usr/lib/python-exec/python3.5/glsa-check
-rwxr-xr-x 1 root root 11682 Apr  9 13:16 /usr/lib/portage/python3.5/glsa-check
-rwxr-xr-x 1 root root 13358 Apr  9 12:44 /usr/lib/python-exec/python3.5/glsa-check
-* /usr/lib/portage/python3.5/glsa-check -v -t affected
This system is not affected by any of the listed GLSAs
-* /usr/lib/python-exec/python3.5/glsa-check -v -t affected
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.5/glsa-check", line 186, in <module>
    if myglsa.isVulnerable():
  File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py", line 683, in isVulnerable
    or (None != getMinUpgrade([v,], path["unaff_atoms"]))
  File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py", line 411, in getMinUpgrade
    u_installed = reduce(operator.add, [match(u, "vartree") for u in unaffectedList], [])
  File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py", line 411, in <listcomp>
    u_installed = reduce(operator.add, [match(u, "vartree") for u in unaffectedList], [])
  File "/usr/lib64/python3.5/site-packages/gentoolkit/glsa/__init__.py", line 347, in match
    return db.match(atom)
  File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line 576, in match
    origdep, mydb=self, use_cache=use_cache, settings=self.settings)
  File "/usr/lib64/python3.5/site-packages/portage/dbapi/dep_expand.py", line 35, in dep_expand
    mydep = Atom(mydep, allow_repo=True)
  File "/usr/lib64/python3.5/site-packages/portage/dep/__init__.py", line 1273, in __init__
    raise InvalidAtom(self)
portage.exception.InvalidAtom: >=dev-php/ZendFramework-

Comment 6 Zac Medico 2018-04-09 20:48:22 UTC

(In reply to Daniel Pouzzner from comment #5)
> Yeah that makes sense.  I didn't realize there were two of them (dubious in
> itself).  Confirmed that behavior:
> 
> -* ls -l /usr/lib/portage/python3.5/glsa-check
> /usr/lib/python-exec/python3.5/glsa-check
> -rwxr-xr-x 1 root root 11682 Apr  9 13:16
> /usr/lib/portage/python3.5/glsa-check
> -rwxr-xr-x 1 root root 13358 Apr  9 12:44
> /usr/lib/python-exec/python3.5/glsa-check
> -* /usr/lib/portage/python3.5/glsa-check -v -t affected

That's interesting because I'm not seeing the error here with portage, as though it's being silently ignored, so I need to look into it some more.

bugzilla swallowed the linebreaks, so you may have missed my confirmation that indeed the Portage edition of the script works right, with the same GLSA database that crashes gentoolkit glsa-check:
.
-* /usr/lib/portage/python3.5/glsa-check -v -t affected
This system is not affected by any of the listed GLSAs
.
If you look at the source for the Portage and gentoolkit editions of glsa-check, they obviously have a common origin, but have been evolving independently for some time.  This is clearly not good, but someone will need to take the time to cross-port gentoolkit glsa-check's unique capabilities to the Portage edition before the gentoolkit one can be EOL'd.

FWIW the only command line switch I could identify as unique to gentoolkit was --quiet.  Maybe this will be easy?

(Actually, it wasn't bugzilla that swallowed the line breaks -- they were just missing in the first place.)

Comment 9 Zac Medico 2019-08-19 05:44:48 UTC

glsa-check is included with >=sys-apps/portage-2.3.72 (bug 463952).