Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
glsa-check returns a traceback
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
malsumis
n00b
n00b


Joined: 18 Jan 2017
Posts: 2

PostPosted: Wed Jan 18, 2017 12:06 pm    Post subject: glsa-check returns a traceback Reply with quote

Hi!

I hope you can point me in the right direction here. glsa-check dies on certain advisories and returns the following traceback:

Code:
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>
    sys.exit(summarylist(glsalist))
  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__
    self.read()
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read
    self.parse(urlopen(myurl))
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse
    self.count = int(count)
TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'


I narrowed it down to the following adv: 201701-36, ie:

Code:

# glsa-check -l all
201701-25 [U] phpBB: Multiple vulnerabilities ( www-apps/phpBB )
201701-26 [U] BIND: Denial of Service ( net-dns/bind )
201701-27 [U] 7-Zip: Multiple vulnerabilities ( app-arch/p7zip )
201701-28 [U] c-ares: Heap-based buffer overflow ( net-dns/c-ares )
201701-29 [U] Vim, gVim: Remote execution of arbitrary code ( app-editors/gvim  app-editors/vim )
201701-30 [U] vzctl: Security bypass ( sys-cluster/vzctl )
201701-31 [U] flex: Potential insecure code generation ( sys-devel/flex )
201701-32 [U] phpMyAdmin: Multiple vulnerabilities ( dev-db/phpmyadmin )
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

201701-33 [U] PostgreSQL: Multiple vulnerabilities ( dev-db/postgresql )
201701-34 [U] runC: Privilege escalation ( app-emulation/runc )
201701-35 [U] Mozilla SeaMonkey: Multiple vulnerabilities ( www-client/seamonkey  www-client/seamonkey-bin )
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>
    sys.exit(summarylist(glsalist))
  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__
    self.read()
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read
    self.parse(urlopen(myurl))
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse
    self.count = int(count)
TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'


And then if you do:

Code:

# glsa-check -l 201701-36
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>
    sys.exit(summarylist(glsalist))
  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__
    self.read()
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read
    self.parse(urlopen(myurl))
  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse
    self.count = int(count)
TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'


and then if you try and all adv. that come after "36" are working:
Code:

# glsa-check -l 201701-37
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

201701-37 [U] libxml2: Multiple vulnerabilities ( dev-libs/libxml2 )


Suprisingly, this works perfectly on my own pc, so I guess theres some misconfiguration, but I'm stuck.

Thansk for any tips!
Back to top
View user's profile Send private message
malsumis
n00b
n00b


Joined: 18 Jan 2017
Posts: 2

PostPosted: Wed Jan 18, 2017 12:19 pm    Post subject: Reply with quote

Hi again!

It's kind of stupid to reply to myself, but I have found the difference here, I'll try to file a bug.

Code:

mj glsa # diff glsa-201701-36.xml.bad glsa-201701-36.xml.good
10c10
<   <revised count="2">2017-01-17</revised>
---
>   <revised>2017-01-17: 02</revised>
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Wed Jan 18, 2017 3:12 pm    Post subject: Reply with quote

malsumis ...

to confirm, similarly with python2.7

glsa-check -l all:
[...]
201701-35 [U] Mozilla SeaMonkey: Multiple vulnerabilities ( www-client/seamonkey  www-client/seamonkey-bin )
Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/glsa-check", line 260, in <module>
    sys.exit(summarylist(glsalist))
  File "/usr/lib/python-exec/python2.7/glsa-check", line 216, in summarylist
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__
    self.read()
  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 527, in read
    self.parse(urlopen(myurl))
  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse
    self.count = int(count)
AttributeError: Attr instance has no attribute '__trunc__'

emerge -pvq app-portage/gentoolkit:
[ebuild   R   ] app-portage/gentoolkit-0.3.2-r1  PYTHON_TARGETS="python2_7 (-pypy) -python3_4 (-python3_5)"

best ... khay
Back to top
View user's profile Send private message
Leio
Developer
Developer


Joined: 27 Feb 2003
Posts: 480
Location: Estonia

PostPosted: Thu Jan 19, 2017 4:18 am    Post subject: Reply with quote

https://bugs.gentoo.org/show_bug.cgi?id=605612
https://bugs.gentoo.org/show_bug.cgi?id=606120

GLSAmaker was changed to output technically more correct XML per DTD, but which breaks existing glsa-check as apparently that codepath was never tested all these years and not before making the change either. It's hard to always remember to modify them by hand before putting them in git, so it slipped in once after the first one identified the issue.
_________________
GNOME team lead; GStreamer; MIPS/ARM64
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum