Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 599942 - GLSA 201611-05: bad format of the XML, warning in glsa-check?
Summary: GLSA 201611-05: bad format of the XML, warning in glsa-check?
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-16 05:09 UTC by Kalin KOZHUHAROV
Modified: 2016-11-17 06:34 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patch to GLSA 201611-05 (glsa-201611-05.xml.patch,908 bytes, patch)
2016-11-16 05:09 UTC, Kalin KOZHUHAROV 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kalin KOZHUHAROV 2016-11-16 05:09:20 UTC 
Created attachment 453420 [details, diff]
patch to GLSA 201611-05

I started to get warnings in several scripts that monitor GLSAs...

Here is the simplest reproducible command (ran after `emaint sync --all`):

$ /usr/bin/glsa-check -q --verbose -l affected
invalid GLSA: 201611-05 (error message was: (u'Invalid Tag found: ', u'table'))

(note: no errors showed when ran without "--verbose")

$ equery b /usr/bin/glsa-check
 * Searching for /usr/bin/glsa-check ... 
app-portage/gentoolkit-0.3.0.9-r2 (/usr/bin/glsa-check -> ../lib/python-exec/python-exec2)

(that is currently stable)

After some investigation, that GLSA contains <table> element which is not supposed to be there I guess. And its badly formatted anyway (did someone use WYSIWYG editor??)

Here is a quick patch (included).

Also, a good QA practice will be to run a check with `glsa-check --verbose` before commit :-)
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-11-17 06:34:32 UTC 
(In reply to Kalin KOZHUHAROV from comment #0)
> Created attachment 453420 [details, diff] [details, diff]
> patch to GLSA 201611-05
> 
> I started to get warnings in several scripts that monitor GLSAs...
> 
> Here is the simplest reproducible command (ran after `emaint sync --all`):
> 
> $ /usr/bin/glsa-check -q --verbose -l affected
> invalid GLSA: 201611-05 (error message was: (u'Invalid Tag found: ',
> u'table'))
> 
> (note: no errors showed when ran without "--verbose")
> 
> $ equery b /usr/bin/glsa-check
>  * Searching for /usr/bin/glsa-check ... 
> app-portage/gentoolkit-0.3.0.9-r2 (/usr/bin/glsa-check ->
> ../lib/python-exec/python-exec2)
> 
> (that is currently stable)
> 
> After some investigation, that GLSA contains <table> element which is not
> supposed to be there I guess. And its badly formatted anyway (did someone
> use WYSIWYG editor??)
> 
> Here is a quick patch (included).
> 
> Also, a good QA practice will be to run a check with `glsa-check --verbose`
> before commit :-)

No, no one used a WYSIWYG editor.  These are generated from internal tools used by the security team.  

I am not sure why this happened, but we will have infra take a look at GLSAMaker if it continues.