oops, forgot to commit
authorgenone <genone@gentoo.org>
Wed, 17 Mar 2004 11:56:00 +0000 (11:56 -0000)
committergenone <genone@gentoo.org>
Wed, 17 Mar 2004 11:56:00 +0000 (11:56 -0000)
svn path=/; revision=92

trunk/src/glsa-check/Makefile [new file with mode: 0644]
trunk/src/glsa-check/glsa-check [new file with mode: 0644]
trunk/src/glsa-check/glsa.py [new file with mode: 0644]

diff --git a/trunk/src/glsa-check/Makefile b/trunk/src/glsa-check/Makefile
new file mode 100644 (file)
index 0000000..126425c
--- /dev/null
@@ -0,0 +1,18 @@
+# Copyright 2003 Karl Trygve Kalleberg <karltk@gentoo.org>
+# Copyright 2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+#
+# $Header$
+
+include ../../makedefs.mak
+
+all:
+       echo "YADDLETHORPE (vb.) (Of offended pooves.) To exit huffily from a boutique."
+
+dist:
+       mkdir -p ../../$(distdir)/src/glsa-check/
+       cp {Makefile,glsa.py,glsa-check} ../../$(distdir)/src/glsa-check/
+
+install:
+       install -m 0755 glsa-check $(bindir)/
+       install -m 0644 glsa.py $(DESTDIR)/usr/lib/gentoolkit/pym/
diff --git a/trunk/src/glsa-check/glsa-check b/trunk/src/glsa-check/glsa-check
new file mode 100644 (file)
index 0000000..d59ec08
--- /dev/null
@@ -0,0 +1,205 @@
+#!/usr/bin/python
+
+# $Header$
+# This program is licensed under the GPL, version 2
+
+import os,string,sys
+from getopt import getopt,GetoptError
+
+__program__ = "glsa-check"
+__author__ = "Marius Mauch <genone@gentoo.org>"
+__version__ = "0.4"
+
+optionmap = [
+["-l", "--list", "list all unapplied GLSA"],
+["-d", "--dump", "--print", "show all information about the given GLSA"],
+["-t", "--test", "test if this system is affected by the given GLSA"],
+["-p", "--pretend", "show the necessary commands to apply this GLSA"],
+["-f", "--fix", "try to auto-apply this GLSA (experimental)"],
+["-i", "--inject", "inject the given GLSA into the checkfile"],
+["-h", "--help", "show this help message"],
+["-v", "--version", "some information about this tool"]
+]
+
+# print a warning as this is beta code
+sys.stderr.write("WARNING: This tool is completely new and not very tested, so it should not be\n")
+sys.stderr.write("used on production systems. It's mainly a test tool for the new GLSA release\n")
+sys.stderr.write("and distribution system, it's functionality will later be merged into emerge\n")
+sys.stderr.write("and equery.\n")
+sys.stderr.write("Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml\n")
+sys.stderr.write("before using this tool AND before reporting a bug.\n\n")
+
+# option parsing
+args = []
+params = []
+try:
+       args, params = getopt(sys.argv[1:], "dplfchivt", \
+               ["dump", "print", "list", "pretend", "fix", "inject", "help", "info", "version", "test"])
+       args = [a for a,b in args]
+       
+       # sanity checking
+       if len(args) <= 0:
+               print "no option given: what should I do ?"
+               mode="help"
+       elif len(args) > 1:
+               print "please use only one option per call"
+               mode = "help"
+       else:
+               # in what mode are we ?
+               args = args[0]
+               for m in optionmap:
+                       if args in [o for o in m[:-1]]:
+                               mode = m[1][2:]
+except GetoptError:
+       print "unknown option given"
+       mode = "help"
+
+# we need a set of glsa for most operation modes
+if len(params) <= 0 and mode in ["fix", "test", "pretend", "dump", "inject"]:
+       print
+       print "no GLSA given, so we'll do nothing for now. "
+       print "If you want to run on all GLSA please tell me so "
+       print "(specify \"all\" as parameter)"
+       print
+       mode = "help"
+elif len(params) <= 0 and mode == "list":
+       params.append("new")
+       
+# show help message
+if mode == "help":
+       print
+       print "Syntax: glsa-check <option> [glsa-list]"
+       print
+       for m in optionmap:
+               print m[0] + "\t" + m[1] + "   \t: " + m[-1]
+               for o in m[2:-1]:
+                       print "\t" + o
+       print
+       print "glsa-list can contain an arbitrary number of GLSA ids "
+       print "or the special identifiers 'all' and 'new'"
+       print
+       sys.exit(1)
+
+# we need root priviledges for write access
+if mode in ["fix", "inject"] and os.geteuid() != 0:
+       print
+       print "This tool needs root access to "+mode+" this GLSA"
+       print
+       sys.exit(2)
+
+# show version and copyright information
+if mode == "version":
+       print
+       print __program__ + ", version " + __version__
+       print "Author: " + __author__
+       print "This program is licensed under the GPL, version 2"
+       print
+       sys.exit(0)
+
+# delay this for speed increase
+sys.path.insert(0, "/usr/lib/gentoolkit/pym")
+from glsa import *
+
+glsaconfig = checkconfig(portage.config(clone=portage.settings))
+
+# build glsa lists
+completelist = get_glsa_list(glsaconfig["GLSA_DIR"], glsaconfig)
+
+if os.access(glsaconfig["CHECKFILE"], os.R_OK):
+       checklist = [line.strip() for line in open(glsaconfig["CHECKFILE"], "r").readlines()]
+else:
+       checklist = []
+todolist = [e for e in completelist if e not in checklist]
+
+glsalist = []
+if "new" in params:
+       glsalist = todolist
+       params.remove("new")
+if "all" in params:
+       glsalist = completelist
+       params.remove("all")
+glsalist.extend([g for g in params if g not in glsalist])
+
+# list short information for given or new GLSA
+if mode == "list":
+       print "[A] means this GLSA was already applied,"
+       print "[U] means the system is not affected and"
+       print "[N] indicates that the system might be affected."
+       print
+       for myid in glsalist:
+               try:
+                       myglsa = Glsa(myid, glsaconfig)
+               except GlsaTypeException, e:
+                       #print "invalid GLSA: %s (error message was: %s)" % (myid, e)
+                       continue
+               if myglsa.isApplied():
+                       status = "[A]"
+               elif myglsa.isVulnerable():
+                       status = "[N]"
+               else:
+                       status = "[U]"
+               print myglsa.nr, status, myglsa.title, "(", 
+               for pkg in myglsa.packages.keys()[:3]:
+                       print pkg,
+               if len(myglsa.packages) > 3:
+                       print "...",
+               print ")"
+       sys.exit(0)
+
+# dump, fix, inject and fix are nearly the same code, only the glsa method call differs
+if mode in ["dump", "fix", "inject", "pretend"]:
+       for myid in glsalist:
+               myglsa = Glsa(myid, glsaconfig)
+               if mode == "dump":
+                       myglsa.dump()
+               elif mode == "fix":
+                       print "fixing "+myid
+                       mergelist = myglsa.getMergeList()
+                       for pkg in mergelist:
+                               print ">>> merging "+pkg
+                               # using emerge for the actual merging as it contains the dependency
+                               # code and we want to be consistent in behaviour. Also this functionality
+                               # will be integrated in emerge later, so it shouldn't hurt much.
+                               exitcode = os.system("emerge ="+pkg)
+                               if exitcode:
+                                       sys.exit(exitcode)
+                       myglsa.inject()
+               elif mode == "pretend":
+                       mergelist = myglsa.getMergeList()
+                       print "The following updates will be performed for this GLSA:"
+                       for pkg in mergelist:
+                               # we simplify a bit here
+                               oldver = portage.db["/"]["vartree"].dbapi.match(portage.dep_getkey(pkg))[-1]
+                               oldver = oldver[len(portage.dep_getkey(oldver))+1:]
+                               print "    ", pkg, "("+oldver+")"
+               elif mode == "inject":
+                       print "injecting " + myid
+                       myglsa.inject()
+               if glsalist[-1] != myid:
+                       print 
+                       print 70*'*'
+                       print
+       sys.exit(0)
+
+# test is a bit different as Glsa.test() produces no output
+if mode == "test":
+       outputlist = []
+       for myid in glsalist:
+               try:
+                       myglsa = Glsa(myid, glsaconfig)
+               except GlsaTypeException, e:
+                       #print "invalid GLSA: %s (error message was: %s)" % (myid, e)
+                       continue
+               if myglsa.isVulnerable():
+                       outputlist.append(myglsa.nr)
+       if len(outputlist) > 0:
+               print "This system is affected by the following GLSA:"
+               for g in outputlist:
+                       print g
+       else:
+               print "This system is not affected by any of the listed GLSA"
+       sys.exit(0)
+       
+# something wrong here, all valid paths are covered with sys.exit()
+print "nothing more to do"
+sys.exit(2)
diff --git a/trunk/src/glsa-check/glsa.py b/trunk/src/glsa-check/glsa.py
new file mode 100644 (file)
index 0000000..4848a89
--- /dev/null
@@ -0,0 +1,520 @@
+# $Header$
+
+# This program is licensed under the GPL, version 2
+
+# WARNING: this code is only tested by a few people and should NOT be used
+# on production systems at this stage. There are possible security holes and probably
+# bugs in this code. If you test it please report ANY success or failure to
+# me (genone@gentoo.org).
+
+# The following planned features are currently on hold:
+# - getting GLSAs from http/ftp servers (not really useful without the fixed ebuilds)
+# - GPG signing/verification (until key policy is clear)
+
+__author__ = "Marius Mauch <genone@gentoo.org>"
+
+import os, sys, urllib, time, string, portage, codecs, re
+import xml.dom.minidom
+
+sys.path.insert(0, "/usr/lib/portage/pym")     # to find portage.py
+
+opMapping = {"le": "<=", "lt": "<", "eq": "=", "gt": ">", "ge": ">="}
+NEWLINE_ESCAPE = "!;\\n"       # some random string to mark newlines that should be preserved
+
+def center(text, width):
+       """
+       Returns a string containing I{text} that is padded with spaces on both
+       sides. If C{len(text) >= width} I{text} is returned unchanged.
+       
+       @type   text: String
+       @param  text: the text to be embedded
+       @type   width: Integer
+       @param  width: the minimum length of the returned string
+       @rtype:         String
+       @return:        the expanded string or I{text}
+       """
+       if len(text) >= width:
+               return text
+       margin = (width-len(text))/2
+       rValue = " "*margin
+       rValue += text
+       if 2*margin + len(text) == width:
+               rValue += " "*margin
+       elif 2*margin + len(text) + 1 == width:
+               rValue += " "*(margin+1)
+       return rValue
+
+
+def wrap(text, width, caption=""):
+       """
+       Wraps the given text at column I{width}, optionally indenting
+       it so that no text is under I{caption}. It's possible to encode 
+       hard linebreaks in I{text} with L{NEWLINE_ESCAPE}.
+       
+       @type   text: String
+       @param  text: the text to be wrapped
+       @type   width: Integer
+       @param  width: the column at which the text should be wrapped
+       @type   caption: String
+       @param  caption: this string is inserted at the beginning of the 
+                                        return value and the paragraph is indented up to
+                                        C{len(caption)}.
+       @rtype:         String
+       @return:        the wrapped and indented paragraph
+       """
+       rValue = ""
+       line = caption
+       words = text.split()
+       indentLevel = len(caption)+1
+       for w in words:
+               if len(line)+len(w)+1 > width:
+                       rValue += line+"\n"
+                       line = " "*indentLevel+w
+               elif w.find(NEWLINE_ESCAPE) >= 0:
+                       if len(line.strip()) > 0:
+                               rValue += line+" "+w.replace(NEWLINE_ESCAPE, "\n")
+                       else:
+                               rValue += line+w.replace(NEWLINE_ESCAPE, "\n")
+                       line = " "*indentLevel
+               else:
+                       if len(line.strip()) > 0:
+                               line += " "+w
+                       else:
+                               line += w
+       if len(line) > 0:
+               rValue += line.replace(NEWLINE_ESCAPE, "\n")
+       return rValue
+
+def checkconfig(myconfig):
+       """
+       takes a portage.config instance and adds GLSA specific keys if
+       they are not present. TO-BE-REMOVED (should end up in make.*)
+       """
+       mysettings = {
+               "GLSA_DIR": portage.settings["PORTDIR"]+"/metadata/glsa/",
+               "GLSA_PREFIX": "glsa-",
+               "GLSA_SUFFIX": ".xml",
+               "CHECKFILE": "/var/cache/edb/glsa",
+               "GLSA_SERVER": "www.gentoo.org/security/en/glsa/",      # not completely implemented yet
+               "CHECKMODE": "local",                                                           # not completely implemented yet
+               "PRINTWIDTH": "76"
+       }
+       for k in mysettings.keys():
+               if not myconfig.has_key(k):
+                       myconfig[k] = mysettings[k]
+       return myconfig
+
+def get_glsa_list(repository, myconfig):
+       """
+       Returns a list of all available GLSAs in the given repository
+       by comparing the filelist there with the pattern described in
+       the config.
+       
+       @type   repository: String
+       @param  repository: The directory or an URL that contains GLSA files
+                                               (Note: not implemented yet)
+       @type   myconfig: portage.config
+       @param  myconfig: a GLSA aware config instance (see L{checkconfig})
+       
+       @rtype:         List of Strings
+       @return:        a list of GLSA IDs in this repository
+       """
+       # TODO: remote fetch code for listing
+
+       rValue = []
+
+       if not os.access(repository, os.R_OK):
+               return []
+       dirlist = os.listdir(repository)
+       prefix = myconfig["GLSA_PREFIX"]
+       suffix = myconfig["GLSA_SUFFIX"]
+       
+       for f in dirlist:
+               try:
+                       if f[:len(prefix)] == prefix:
+                               rValue.append(f[len(prefix):-1*len(suffix)])
+               except IndexError:
+                       pass
+       return rValue
+
+def getListElements(listnode):
+       """
+       Get all <li> elements for a given <ol> or <ul> node.
+       
+       @type   listnode: xml.dom.Node
+       @param  listnode: <ul> or <ol> list to get the elements for
+       @rtype:         List of Strings
+       @return:        a list that contains the value of the <li> elements
+       """
+       rValue = []
+       if not listnode.nodeName in ["ul", "ol"]:
+               raise GlsaFormatException("Invalid function call: listnode is not <ul> or <ol>")
+       for li in listnode.childNodes:
+               rValue.append(getText(li, format="strip"))
+       return rValue
+
+def getText(node, format):
+       """
+       This is the main parser function. It takes a node and traverses
+       recursive over the subnodes, getting the text of each (and the
+       I{link} attribute for <uri> and <mail>). Depending on the I{format}
+       parameter the text might be formatted by adding/removing newlines,
+       tabs and spaces. This function is only useful for the GLSA DTD,
+       it's not applicable for other DTDs.
+       
+       @type   node: xml.dom.Node
+       @param  node: the root node to start with the parsing
+       @type   format: String
+       @param  format: this should be either I{strip}, I{keep} or I{xml}
+                                       I{keep} just gets the text and does no formatting.
+                                       I{strip} replaces newlines and tabs with spaces and
+                                       replaces multiple spaces with one space.
+                                       I{xml} does some more formatting, depending on the
+                                       type of the encountered nodes.
+       @rtype:         String
+       @return:        the (formatted) content of the node and its subnodes
+       """
+       rValue = ""
+       if format in ["strip", "keep"]:
+               if node.nodeName in ["uri", "mail"]:
+                       rValue += node.childNodes[0].data+": "+node.getAttribute("link")
+               else:
+                       for subnode in node.childNodes:
+                               if subnode.nodeName == "#text":
+                                       rValue += subnode.data
+                               else:
+                                       rValue += getText(subnode, format)
+       else:
+               for subnode in node.childNodes:
+                       if subnode.nodeName == "p":
+                               for p_subnode in subnode.childNodes:
+                                       if p_subnode.nodeName == "#text":
+                                               rValue += p_subnode.data
+                                       elif p_subnode.nodeName in ["uri", "mail"]:
+                                               rValue += p_subnode.childNodes[0].data
+                                               rValue += " ( "+p_subnode.getAttribute("link")+" )"
+                               rValue += NEWLINE_ESCAPE
+                       elif subnode.nodeName == "ul":
+                               for li in getListElements(subnode):
+                                       rValue += "- "+li+NEWLINE_ESCAPE+" "
+                       elif subnode.nodeName == "ol":
+                               i = 0
+                               for li in getListElements(subnode):
+                                       i = i+1
+                                       rValue += str(i)+". "+li+NEWLINE_ESCAPE+" "
+                       elif subnode.nodeName == "code":
+                               rValue += getText(subnode, format="keep").replace("\n", NEWLINE_ESCAPE)
+                       elif subnode.nodeName == "#text":
+                               rValue += subnode.data
+                       else:
+                               raise GlsaFormatException("Invalid Tag found: ", subnode.nodeName)
+       if format == "strip":
+               rValue = rValue.strip(" \n\t")
+               rValue = re.sub("[\s]{2,}", " ", rValue)
+       return rValue
+
+def getMultiTagsText(rootnode, tagname, format):
+       """
+       Returns a list with the text of all subnodes of type I{tagname}
+       under I{rootnode} (which itself is not parsed) using the given I{format}.
+       
+       @type   rootnode: xml.dom.Node
+       @param  rootnode: the node to search for I{tagname}
+       @type   tagname: String
+       @param  tagname: the name of the tags to search for
+       @type   format: String
+       @param  format: see L{getText}
+       @rtype:         List of Strings
+       @return:        a list containing the text of all I{tagname} childnodes
+       """
+       rValue = []
+       for e in rootnode.getElementsByTagName(tagname):
+               rValue.append(getText(e, format))
+       return rValue
+
+def makeAtom(pkgname, versionNode):
+       """
+       creates from the given package name and information in the 
+       I{versionNode} a (syntactical) valid portage atom.
+       
+       @type   pkgname: String
+       @param  pkgname: the name of the package for this atom
+       @type   versionNode: xml.dom.Node
+       @param  versionNode: a <vulnerable> or <unaffected> Node that
+                                                contains the version information for this atom
+       @rtype:         String
+       @return:        the portage atom
+       """
+       return opMapping[versionNode.getAttribute("range")] \
+                       +pkgname \
+                       +"-"+getText(versionNode, format="strip")
+
+def makeVersion(versionNode):
+       """
+       creates from the information in the I{versionNode} a 
+       version string (format <op><version>).
+       
+       @type   versionNode: xml.dom.Node
+       @param  versionNode: a <vulnerable> or <unaffected> Node that
+                                                contains the version information for this atom
+       @rtype:         String
+       @return:        the version string
+       """
+       return opMapping[versionNode.getAttribute("range")] \
+                       +getText(versionNode, format="strip")
+
+def getMinUpgrade(vulnerableList, unaffectedList):
+       """
+       Checks if the systemstate is matching an atom in
+       I{vulnerableList} and returns string describing
+       the lowest version for the package that matches an atom in 
+       I{unaffectedList} and is greater than the currently installed
+       version or None if the system is not affected. Both
+       I{vulnerableList} and I{unaffectedList} should have the
+       same base package.
+       
+       @type   vulnerableList: List of Strings
+       @param  vulnerableList: atoms matching vulnerable package versions
+       @type   unaffectedList: List of Strings
+       @param  unaffectedList: atoms matching unaffected package versions
+       @rtype:         String | None
+       @return:        the lowest unaffected version that is greater than
+                               the installed version.
+       """
+       rValue = None
+       for v in vulnerableList:
+               installed = portage.db["/"]["vartree"].dbapi.match(v)
+               if not installed:
+                       continue
+               for u in unaffectedList:
+                       for c in portage.db["/"]["porttree"].dbapi.match(u):
+                               c_pv = portage.catpkgsplit(c)
+                               i_pv = portage.catpkgsplit(portage.best(installed))
+                               if portage.pkgcmp(c_pv[1:], i_pv[1:]) > 0 and (rValue == None or portage.pkgcmp(c_pv[1:], rValue) < 0):
+                                       rValue = c_pv[0]+"/"+c_pv[1]+"-"+c_pv[2]
+                                       if c_pv[3] != "r0":             # we don't like -r0 for display
+                                               rValue += "-"+c_pv[3]
+       return rValue
+
+# simple Exception classes to catch specific errors
+class GlsaTypeException(Exception):
+       def __init__(self, doctype):
+               Exception.__init__(self, "wrong DOCTYPE: %s" % doctype)
+
+class GlsaFormatExceptio(Exception):
+       pass
+                               
+# GLSA xml data wrapper class
+class Glsa:
+       """
+       This class is a wrapper for the XML data and provides methods to access
+       and display the contained data.
+       """
+       def __init__(self, myid, myconfig):
+               """
+               Simple constructor to set the ID, store the config and gets the 
+               XML data by calling C{self.read()}.
+               
+               @type   myid: String
+               @param  myid: String describing the id for the GLSA object (standard
+                                         GLSAs have an ID of the form YYYYMM-nn)
+               @type   myconfig: portage.config
+               @param  myconfig: the config that should be used for this object.
+               """
+               self.nr = myid
+               self.config = myconfig
+               self.read()
+
+       def read(self):
+               """
+               Here we build the filename from the config and the ID and pass
+               it to urllib to fetch it from the filesystem or a remote server.
+               
+               @rtype:         None
+               @return:        None
+               """
+               if self.config["CHECKMODE"] == "local":
+                       repository = "file://" + self.config["GLSA_DIR"]
+               else:
+                       repository = self.config["GLSA_SERVER"]
+               myurl = repository + self.config["GLSA_PREFIX"] + str(self.nr) + self.config["GLSA_SUFFIX"]
+               self.parse(urllib.urlopen(myurl))
+               return None
+
+       def parse(self, myfile):
+               """
+               This method parses the XML file and sets up the internal data 
+               structures by calling the different helper functions in this
+               module.
+               
+               @type   myfile: String
+               @param  myfile: Filename to grab the XML data from
+               @rtype:         None
+               @returns:       None
+               """
+               self.DOM = xml.dom.minidom.parse(myfile)
+               if not self.DOM.doctype:
+                       raise GlsaTypeException(None)
+               elif self.DOM.doctype.systemId != "http://www.gentoo.org/dtd/glsa.dtd":
+                       raise GlsaTypeException(self.DOM.doctype.systemId)
+               myroot = self.DOM.getElementsByTagName("glsa")[0]
+               if myroot.getAttribute("id") != self.nr:
+                       raise GlsaFormatException("filename and internal id don't match:" + myroot.getAttribute("id") + " != " + self.nr)
+
+               # the simple (single, required, top-level, #PCDATA) tags first
+               self.title = getText(myroot.getElementsByTagName("title")[0], format="strip")
+               self.synopsis = getText(myroot.getElementsByTagName("synopsis")[0], format="strip")
+               self.announced = getText(myroot.getElementsByTagName("announced")[0], format="strip")
+               self.revised = getText(myroot.getElementsByTagName("revised")[0], format="strip")
+               
+               # now the optional and 0-n toplevel, #PCDATA tags and references
+               try:
+                       self.access = getText(myroot.getElementsByTagName("access")[0], format="strip")
+               except IndexError:
+                       self.access = ""
+               self.bugs = getMultiTagsText(myroot, "bug", format="strip")
+               self.references = getMultiTagsText(myroot.getElementsByTagName("references")[0], "uri", format="keep")
+               
+               # and now the formatted text elements
+               self.description = getText(myroot.getElementsByTagName("description")[0], format="xml")
+               self.workaround = getText(myroot.getElementsByTagName("workaround")[0], format="xml")
+               self.resolution = getText(myroot.getElementsByTagName("resolution")[0], format="xml")
+               self.impact_text = getText(myroot.getElementsByTagName("impact")[0], format="xml")
+               self.impact_type = myroot.getElementsByTagName("impact")[0].getAttribute("type")
+               try:
+                       self.background = getText(myroot.getElementsByTagName("background")[0], format="xml")
+               except IndexError:
+                       self.background = ""                                    
+
+               # finally the interesting tags (product, affected, package)
+               self.glsatype = myroot.getElementsByTagName("product")[0].getAttribute("type")
+               self.product = getText(myroot.getElementsByTagName("product")[0], format="strip")
+               self.affected = myroot.getElementsByTagName("affected")[0]
+               self.packages = {}
+               for p in self.affected.getElementsByTagName("package"):
+                       name = p.getAttribute("name")
+                       self.packages[name] = {}
+                       self.packages[name]["arch"] = p.getAttribute("arch")
+                       self.packages[name]["auto"] = (p.getAttribute("auto") == "yes")
+                       self.packages[name]["vul_vers"] = [makeVersion(v) for v in p.getElementsByTagName("vulnerable")]
+                       self.packages[name]["unaff_vers"] = [makeVersion(v) for v in p.getElementsByTagName("unaffected")]
+                       self.packages[name]["vul_atoms"] = [makeAtom(name, v) for v in p.getElementsByTagName("vulnerable")]
+                       self.packages[name]["unaff_atoms"] = [makeAtom(name, v) for v in p.getElementsByTagName("unaffected")]
+               # TODO: services aren't really used yet
+               self.services = self.affected.getElementsByTagName("service")
+               return None
+
+       def dump(self, outfile="/dev/stdout", encoding="latin1"):
+               """
+               Dumps a plaintext representation of this GLSA to I{outfile} or 
+               B{stdout} if it is ommitted. You can specify an alternate
+               I{encoding} if needed (default is latin1).
+               
+               @type   outfile: String
+               @param  outfile: Filename to dump the output in 
+                                                (defaults to "/dev/stdout")
+               @type   encoding: The encoding that should be used when writing 
+                                                 to I{outfile}.
+               """
+               myfile = codecs.open(outfile, "w", encoding)
+               width = int(self.config["PRINTWIDTH"])
+               myfile.write(center("GLSA %s: %s" % (self.nr, self.title), width)+"\n")
+               myfile.write((width*"=")+"\n")
+               myfile.write(wrap(self.synopsis, width, caption="Synopsis:         ")+"\n")
+               myfile.write("Announced on:      %s\n" % self.announced)
+               myfile.write("Last revised on:   %s\n\n" % self.revised)
+               if self.glsatype == "ebuild":
+                       for pkg in self.packages.keys():
+                               vul_vers = string.join(self.packages[pkg]["vul_vers"])
+                               unaff_vers = string.join(self.packages[pkg]["unaff_vers"])
+                               myfile.write("Affected package:  %s\n" % pkg)
+                               myfile.write("Affected archs:    ")
+                               if self.packages[pkg]["arch"] == "*":
+                                       myfile.write("All\n")
+                               else:
+                                       myfile.write("%s\n" % self.packages[pkg]["arch"])
+                               myfile.write("Vulnerable:        %s\n" % vul_vers)
+                               myfile.write("Unaffected:        %s\n\n" % unaff_vers)
+               elif self.glsatype == "infrastructure":
+                       pass
+               if len(self.bugs) > 0:
+                       myfile.write("\nRelated bugs:      ")
+                       for i in range(0, len(self.bugs)):
+                               myfile.write(self.bugs[i])
+                               if i < len(self.bugs)-1:
+                                       myfile.write(", ")
+                               else:
+                                       myfile.write("\n")                              
+               if self.background:
+                       myfile.write("\n"+wrap(self.background, width, caption="Background:       "))
+               myfile.write("\n"+wrap(self.description, width, caption="Description:      "))
+               myfile.write("\n"+wrap(self.impact_text, width, caption="Impact:           "))
+               myfile.write("\n"+wrap(self.workaround, width, caption="Workaround:       "))
+               myfile.write("\n"+wrap(self.resolution, width, caption="Resolution:       "))
+               myfile.write("\nReferences:        ")
+               for r in self.references:
+                       myfile.write(r+"\n"+19*" ")
+               myfile.write("\n")
+               myfile.close()
+       
+       def isVulnerable(self):
+               """
+               Tests if the system is affected by this GLSA by checking if any
+               vulnerable package versions are installed. Also checks for affected
+               architectures.
+               
+               @rtype:         Boolean
+               @returns:       True if the system is affected, False if not
+               """
+               vList = []
+               rValue = False
+               for k in self.packages.keys():
+                       pkg = self.packages[k]
+                       if pkg["arch"] == "*" or self.config["ARCH"] in pkg["arch"].split():
+                               vList += pkg["vul_atoms"]
+               for v in vList:
+                       rValue = rValue or len(portage.db["/"]["vartree"].dbapi.match(v)) > 0
+               return rValue
+       
+       def isApplied(self):
+               """
+               Looks if the GLSA IDis in the GLSA checkfile to check if this
+               GLSA was already applied.
+               
+               @rtype:         Boolean
+               @returns:       True if the GLSA was applied, False if not
+               """
+               aList = portage.grabfile(self.config["CHECKFILE"])
+               return (self.nr in aList)
+
+       def inject(self):
+               """
+               Puts the ID of this GLSA into the GLSA checkfile, so it won't
+               show up on future checks. Should be called after a GLSA is 
+               applied or on explicit user request.
+
+               @rtype:         None
+               @returns:       None
+               """
+               if not self.isApplied():
+                       checkfile = open(self.config["CHECKFILE"], "a+")
+                       checkfile.write(self.nr+"\n")
+                       checkfile.close()
+               return None
+       
+       def getMergeList(self):
+               """
+               Returns the list of package-versions that have to be merged to
+               apply this GLSA properly. The versions are as low as possible 
+               while avoiding downgrades (see L{getMinUpgrade}).
+               
+               @rtype:         List of Strings
+               @return:        list of package-versions that have to be merged
+               """
+               rValue = []
+               for pkg in self.packages.keys():
+                       update = getMinUpgrade(self.packages[pkg]["vul_atoms"],
+                                                                       self.packages[pkg]["unaff_atoms"])
+                       if update:
+                               rValue.append(update)
+               return rValue