# glsa-check returns a traceback

## malsumis

Hi!

I hope you can point me in the right direction here. glsa-check dies on certain advisories and returns the following traceback:

```
Traceback (most recent call last):

  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>

    sys.exit(summarylist(glsalist))

  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist

    myglsa = Glsa(myid, glsaconfig)

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__

    self.read()

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read

    self.parse(urlopen(myurl))

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse

    self.count = int(count)

TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'
```

I narrowed it down to the following adv: 201701-36, ie:

```

# glsa-check -l all

201701-25 [U] phpBB: Multiple vulnerabilities ( www-apps/phpBB )

201701-26 [U] BIND: Denial of Service ( net-dns/bind )

201701-27 [U] 7-Zip: Multiple vulnerabilities ( app-arch/p7zip )

201701-28 [U] c-ares: Heap-based buffer overflow ( net-dns/c-ares )

201701-29 [U] Vim, gVim: Remote execution of arbitrary code ( app-editors/gvim  app-editors/vim )

201701-30 [U] vzctl: Security bypass ( sys-cluster/vzctl )

201701-31 [U] flex: Potential insecure code generation ( sys-devel/flex )

201701-32 [U] phpMyAdmin: Multiple vulnerabilities ( dev-db/phpmyadmin )

[A] means this GLSA was marked as applied (injected),

[U] means the system is not affected and

[N] indicates that the system might be affected.

201701-33 [U] PostgreSQL: Multiple vulnerabilities ( dev-db/postgresql )

201701-34 [U] runC: Privilege escalation ( app-emulation/runc )

201701-35 [U] Mozilla SeaMonkey: Multiple vulnerabilities ( www-client/seamonkey  www-client/seamonkey-bin )

Traceback (most recent call last):

  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>

    sys.exit(summarylist(glsalist))

  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist

    myglsa = Glsa(myid, glsaconfig)

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__

    self.read()

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read

    self.parse(urlopen(myurl))

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse

    self.count = int(count)

TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'

```

And then if you do: 

```

# glsa-check -l 201701-36

[A] means this GLSA was marked as applied (injected),

[U] means the system is not affected and

[N] indicates that the system might be affected.

Traceback (most recent call last):

  File "/usr/lib/python-exec/python3.4/glsa-check", line 260, in <module>

    sys.exit(summarylist(glsalist))

  File "/usr/lib/python-exec/python3.4/glsa-check", line 216, in summarylist

    myglsa = Glsa(myid, glsaconfig)

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__

    self.read()

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 527, in read

    self.parse(urlopen(myurl))

  File "/usr/lib64/python3.4/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse

    self.count = int(count)

TypeError: int() argument must be a string, a bytes-like object or a number, not 'Attr'

```

and then if you try and all adv. that come after "36" are working:

```

# glsa-check -l 201701-37

[A] means this GLSA was marked as applied (injected),

[U] means the system is not affected and

[N] indicates that the system might be affected.

201701-37 [U] libxml2: Multiple vulnerabilities ( dev-libs/libxml2 )

```

Suprisingly, this works perfectly on my own pc, so I guess theres some misconfiguration, but I'm stuck.

Thansk for any tips!

----------

## malsumis

Hi again!

It's kind of stupid to reply to myself, but I have found the difference here, I'll try to file a bug.

```

mj glsa # diff glsa-201701-36.xml.bad glsa-201701-36.xml.good

10c10

<   <revised count="2">2017-01-17</revised>

---

>   <revised>2017-01-17: 02</revised>

```

----------

## khayyam

malsumis ...

to confirm, similarly with python2.7

```
[...]

201701-35 [U] Mozilla SeaMonkey: Multiple vulnerabilities ( www-client/seamonkey  www-client/seamonkey-bin )

Traceback (most recent call last):

  File "/usr/lib/python-exec/python2.7/glsa-check", line 260, in <module>

    sys.exit(summarylist(glsalist))

  File "/usr/lib/python-exec/python2.7/glsa-check", line 216, in summarylist

    myglsa = Glsa(myid, glsaconfig)

  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 509, in __init__

    self.read()

  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 527, in read

    self.parse(urlopen(myurl))

  File "/usr/lib/python2.7/site-packages/gentoolkit/glsa/__init__.py", line 574, in parse

    self.count = int(count)

AttributeError: Attr instance has no attribute '__trunc__'
```

```
[ebuild   R   ] app-portage/gentoolkit-0.3.2-r1  PYTHON_TARGETS="python2_7 (-pypy) -python3_4 (-python3_5)"
```

best ... khay

----------

## Leio

https://bugs.gentoo.org/show_bug.cgi?id=605612

https://bugs.gentoo.org/show_bug.cgi?id=606120

GLSAmaker was changed to output technically more correct XML per DTD, but which breaks existing glsa-check as apparently that codepath was never tested all these years and not before making the change either. It's hard to always remember to modify them by hand before putting them in git, so it slipped in once after the first one identified the issue.

----------

