| Summary: | glsa-check can't parse glsa-200707-07.xml after todays emerge --sync | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Richard Hartmann <rick4711> |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | gb_about_gnu, kjb-temp-2013, wschlich |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 162493 | ||
| Bug Blocks: | |||
This sucks :-( Can we please either implement automagic filtering of non-ASCII characters in GLSA XML files *before* they get out to our users and break something or even better fix glsa-check? *** Bug 186646 has been marked as a duplicate of this bug. *** [Additional Info from duplicate Bug 186646] I have identified the failing GLSA-database entry: If the file /usr/portage/metadata/glsa/glsa-200707-07.xml is deleted, glsa-check works fine again. I have examined the failing database entry and have not seen anything terribly incorrect. However, there is an UTF-8 encoded Umlaut in line 31. When I replaced it by ö everything works fine again. If there are there any QA-checking scripts involved when releasing new GLSAs, a "glsa-check --list > /dev/null || exit 1" or something should really be added in order to make such trivial problems impossible in the future. I failed to correctly solve this issue, either with ö or ö , i dropped the diaeresis and replaced the 'ö' by a simple 'o'. - XML-checker doesn't like ö - glsa-check doesn't like ö It's in CVS, give it a few minutes/hours to spread through the mirrors. I've only fixed the GLSA but i haven't fixed the checkers. Gentoo XML-QA-checker called. In case of troubles, contact neysx@gentoo.org or pylon@gentoo.org glsa-200707-07.xml:31: parser error : Entity 'ouml' not defined Stefan Cornelius and Reimar Döffinger of Secunia Research discovered ^ XML-Checking glsa-200707-07.xml ... [ failed ] cvs commit: Pre-commit check failed (In reply to comment #4) > I failed to correctly solve this issue, either with ö or ö , i Strange - when I replaced the Umlaut with an "ö" # glsa-check --list as well as # glsa-check --fix affected both worked flawlessly. What locale are you using? Is it a UTF-8 locale? I do. If you are using some single-byte code-page locale, chances are that your text editor might not have removed all traces from the multibyte Umlaut Sequence correctly, thus keeping the XML parser failing. Be sure to double-check the output with a hex viewer, because it's the only way to be sure you removed all non-ASCII sequences from the file. > dropped the diaeresis and replaced the 'ö' by a simple 'o'. Actually, the right transliteration into ASCII would have been "oe". I have first-hand knowledge on that: My first Name is "Günther" - transliterated as "Guenther". :-) But I guess "o" is a good enough approximation for now. (In reply to comment #5) > (In reply to comment #4) > > I failed to correctly solve this issue, either with ö or ö , i > > Strange - when I replaced the Umlaut with an "ö" > > # glsa-check --list > > as well as > > # glsa-check --fix affected > > both worked flawlessly. You haven't read all my comment. The problem is not within glsa-check but in the XML checker, which one you can't access. |
1. Run glsa-check --list Result: 200707-03 [U] Evolution: User-assisted remote execution of arbitrary code ( gnome-extra/evolution-data-server ) 200707-04 [U] GNU C Library: Integer overflow ( sys-libs/glibc ) 200707-05 [U] Webmin, Usermin: Cross-site scripting vulnerabilities ( app-admin/webmin app-admin/usermin ) 200707-06 [U] XnView: Stack-based buffer overflow ( x11-misc/xnview ) Traceback (most recent call last): File "/usr/bin/glsa-check", line 206, in ? sys.exit(summarylist(glsalist)) File "/usr/bin/glsa-check", line 172, in summarylist myglsa = Glsa(myid, glsaconfig) File "/usr/lib/gentoolkit/pym/glsa.py", line 414, in __init__ self.read() File "/usr/lib/gentoolkit/pym/glsa.py", line 432, in read self.parse(urllib.urlopen(myurl)) File "/usr/lib/gentoolkit/pym/glsa.py", line 470, in parse self.description = getText(myroot.getElementsByTagName("description")[0], format="xml") File "/usr/lib/gentoolkit/pym/glsa.py", line 233, in getText return str(rValue) UnicodeEncodeError: 'ascii' codec can't encode character u'\xf6' in position 34: ordinal not in range(128) Solution: Open "glsa-200707-07.xml" and change "... Stefan Cornelius and Reimar Döffinger of Secunia Research" to "... Stefan Cornelius and Reimar Doeffinger of Secunia Research" Are umlauts forbidden in GLSAs or is this bug in glsa-check? glsa-check, version 0.7 Author: Marius Mauch <genone@gentoo.org> This program is licensed under the GPL, version 2 Portage 2.1.2.9 (default-linux/x86/2006.1/desktop, gcc-3.4.6, glibc-2.5-r4, 2.6.22.1 i686) ================================================================= System uname: 2.6.22.1 i686 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 25 Jul 2007 05:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/" LC_ALL="de_DE@euro" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X alsa arts asf berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dri dvd dvdr eds emboss encode esd fam ffmpeg firefox fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ lm_sensors mad midi mikmod mime mmx mp3 mpeg mplayer mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pda pdf perl png ppds pppd python qt3 qt4 quicktime readline reflection sdl session spell spl sse sse2 ssl tcpd truetype truetype-fonts type1-fonts unicode vcd vorbis win32codecs wmp x86 xine xml xorg xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS