Bug 1444047

Summary: [5.8] errata in custom channel synced from same repo in 2 different organizations lists packages from other organization
Product: Red Hat Satellite 5 Reporter: Jan Hutař <jhutar>
Component: WebUIAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Radovan Drazny <rdrazny>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 580CC: ggainey, mdekan, mmraka, rdrazny, tkasparek, tlestach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: satellite-schema-5.8.0.27-1-sat spacewalk-schema-2.5.1-45-sat spacewalk-backend-2.5.3-120-sat spacewalk-java-2.5.14-89-sat Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1451088 (view as bug list) Environment:
Last Closed: 2017-06-21 12:10:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1340444, 1451088    

Description Jan Hutař 2017-04-20 13:27:37 UTC 
Description of problem:
Errata in custom channel synced from same repo in 2 different organizations lists packages from other organization


Version-Release number of selected component (if applicable):
spacewalk-java-2.3.8-96.el6sat.noarch
satellite-schema-5.7.0.27-1.el6sat.noarch
spacewalk-backend-2.3.3-23.el6sat.noarch


How reproducible:
always


Steps to Reproduce:
1. Create channel A and repo http://dl.fedoraproject.org/pub/epel/6Server/x86_64/ (with filter set to "+freealut*" to make sync faster)
2. Create channel B and sync if from repo with same url&filter but in different organization now
3. Check errata in the synced channel


Actual results:
Errata (in channel management -> errata -> list) contains 8 instead of 4 packages. These 4 additional leads to "Permission error".


Expected results:
These links should not be there at all


Additional info:
Is it OK that in org 1 we have channel A, in org 2 we have channel B, it org 1 we have some packages and in org 2 we have different packages, but errata is same in both org 1 and 2.
Comment 2 Jan Hutař 2017-04-20 13:29:57 UTC 
Forgot to mention that above reproducer works both with and without trust among org 1 and 2 defined.
Comment 3 Jan Hutař 2017-04-20 13:30:38 UTC 
Adding Michal as he was debugging with me.
Comment 4 Jan Hutař 2017-04-20 13:53:23 UTC 
Related to bug 1444072.
Comment 6 Michael Mráka 2017-05-02 08:23:14 UTC 
Fixed in upstream spacewalk git by
commit 1c5300c6882e6063513397817f12a63e86ebbd3b
    1444047 - remove links between errata and files from different orgs
commit 356d7ccf20684d6afada2646193cd160eab9e14e
    1444047 - look only for errata from the same org
Comment 7 Michael Mráka 2017-05-02 08:42:33 UTC 
Fixed in SATELLITE-5.8 by
commit 7a3ae6ac39f20a3499fcc3f594bf4bcd26b9cd50
    1444047, 1444519 - reference spacewalk upgrade scripts
commit 51a5f7f3ed358446fb60c2d1a460036b7025aa2a
    1444047 - remove links between errata and files from different orgs
commit fb66462718339e899722ef792e6e2c8f356bf654
    1444047 - look only for errata from the same org
Comment 10 Michael Mráka 2017-05-03 14:23:51 UTC 
NULL org issue fixed in spacewalk
commit d833fe9ab614799e25d6f358afa0c9ed99d12e4f
    1444047 - fix errata lookup for NULL org
Comment 11 Michael Mráka 2017-05-03 14:33:38 UTC 
NULL org issue backported to SATELLITE-5.8
commit a16ab9bee8b240ddbaa7544e303b99348be2e99f
    1444047 - fix errata lookup for NULL org
Comment 13 Grant Gainey 2017-05-15 18:24:47 UTC 
Making it clear that this BZ tracks the the 5.8 fix for this issue - see BZ#1451088 for the 5.7 backport
Comment 14 Radovan Drazny 2017-05-30 13:44:27 UTC 
Tested on:
satellite-schema-5.8.0.31-1.el6sat
spacewalk-schema-2.5.1-48.el6sat
spacewalk-backend-2.5.3-137.el6sat

Used the reproducer from the initial report, including the package filter. 
Create a new channel with custom repo, sync the channel, create a new org, a new channel and identical repo, sync the other channel.
Look at the synced errata for channels in both orgs, there is all errata (4095 items). 
Filter out the freealut one (FEDORA-EPEL-2011-0073).
Check the package list for the erratum. There are 4 packages, two for x86_64, two for i686). So far so good. There is no duplicity.
There is still a problem when checking the package details. There is a property "Available Architectures" listing the arch of displayed package, and a link in form of a button, pointing to other available archs for the given package. There should be one button pointing to x86_64 version of the package (in case you are currently looking at i686 version). There are two buttons instead - one of them points to correct package, the other one ends with Permission Error page. The pid of the erroneous one belongs to the package in the other org.

There is following error in the catalina.out log:
2017-05-30 09:39:54,187 [TP-Processor9] ERROR com.redhat.rhn.common.errors.PermissionExceptionHandler - Permission Error
com.redhat.rhn.common.security.PermissionException: Invalid pid
        at com.redhat.rhn.frontend.action.rhnpackage.PackageDetailsAction.execute(PackageDetailsAction.java:71)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
        at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
        at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:127)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
        at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:785)
Comment 15 Michael Mráka 2017-05-31 11:09:57 UTC 
Available Architectures fixed in upstream spacewalk git by
commit 77a66a889c56308250f0969264d144045308d691
    1444047 - display alternative archs only from the same org
Comment 16 Michael Mráka 2017-05-31 11:11:45 UTC 
Available Architectures fix backported to SATELLITE-5.8 as
commit 72b73ff1b3fc9c7076223718017d5d6cbfe37edd
    1444047 - display alternative archs only from the same org
Comment 18 Radovan Drazny 2017-06-01 12:26:05 UTC 
Verified on:
spacewalk-schema-2.5.1-49.el6sat.noarch
spacewalk-backend-2.5.3-138.el6sat.noarch
spacewalk-java-2.5.14-89.el6sat.noarch
satellite-schema-5.8.0.31-1.el6sat.noarch

Same steps as in comment #14. List of alternative archs in the package details contains only one button this time, and it points to the correct package. No permissions problems. 

VERIFIED