Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 599942 - GLSA 201611-05: bad format of the XML, warning in glsa-check?
Summary: GLSA 201611-05: bad format of the XML, warning in glsa-check?
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-16 05:09 UTC by Kalin KOZHUHAROV
Modified: 2016-11-17 06:34 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch to GLSA 201611-05 (glsa-201611-05.xml.patch,908 bytes, patch)
2016-11-16 05:09 UTC, Kalin KOZHUHAROV
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kalin KOZHUHAROV 2016-11-16 05:09:20 UTC
Created attachment 453420 [details, diff]
patch to GLSA 201611-05

I started to get warnings in several scripts that monitor GLSAs...

Here is the simplest reproducible command (ran after `emaint sync --all`):

$ /usr/bin/glsa-check -q --verbose -l affected
invalid GLSA: 201611-05 (error message was: (u'Invalid Tag found: ', u'table'))

(note: no errors showed when ran without "--verbose")

$ equery b /usr/bin/glsa-check
 * Searching for /usr/bin/glsa-check ... 
app-portage/gentoolkit-0.3.0.9-r2 (/usr/bin/glsa-check -> ../lib/python-exec/python-exec2)

(that is currently stable)

After some investigation, that GLSA contains <table> element which is not supposed to be there I guess. And its badly formatted anyway (did someone use WYSIWYG editor??)

Here is a quick patch (included).

Also, a good QA practice will be to run a check with `glsa-check --verbose` before commit :-)
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-11-17 06:34:32 UTC
(In reply to Kalin KOZHUHAROV from comment #0)
> Created attachment 453420 [details, diff] [details, diff]
> patch to GLSA 201611-05
> 
> I started to get warnings in several scripts that monitor GLSAs...
> 
> Here is the simplest reproducible command (ran after `emaint sync --all`):
> 
> $ /usr/bin/glsa-check -q --verbose -l affected
> invalid GLSA: 201611-05 (error message was: (u'Invalid Tag found: ',
> u'table'))
> 
> (note: no errors showed when ran without "--verbose")
> 
> $ equery b /usr/bin/glsa-check
>  * Searching for /usr/bin/glsa-check ... 
> app-portage/gentoolkit-0.3.0.9-r2 (/usr/bin/glsa-check ->
> ../lib/python-exec/python-exec2)
> 
> (that is currently stable)
> 
> After some investigation, that GLSA contains <table> element which is not
> supposed to be there I guess. And its badly formatted anyway (did someone
> use WYSIWYG editor??)
> 
> Here is a quick patch (included).
> 
> Also, a good QA practice will be to run a check with `glsa-check --verbose`
> before commit :-)

No, no one used a WYSIWYG editor.  These are generated from internal tools used by the security team.  

I am not sure why this happened, but we will have infra take a look at GLSAMaker if it continues.