Bug 428819
| Summary: | unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Jan Hutař <jhutar> |
| Component: | Client | Assignee: | Pradeep Kilambi <pkilambi> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | John Matthews <jmatthew> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 501 | CC: | akarlsso, bbuckingham, cperry, james.antill, monkeys_typing, rvandolson, tao, will.darton, xdmoon |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sat530 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-10 20:23:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 456985, 469732, 470932, 470933, 471466 | ||
Per Prad, this fix also covers '<' and '>' -
...
def text_filter(text):
# do & first
s = text.replace('&', '&')
s = s.replace('<', '<')
s = s.replace('>', '>')
return s
...
Hello, please check http://wiki.python.org/moin/EscapingXml An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html Description of Problem
While testing yum-security plugin against Satellite 5.4, receive traceback messages.
Versions:
yum-updatesd-0.9-2.el5
yum-3.2.22-26.el5_5.1
yum-metadata-parser-1.1.2-3.el5
yum-rhn-plugin-0.5.4-13.el5
yum-security-1.1.16-13.el5_4.1
Satellite 5.4.0
Steps to reproduce:
1. yum list-security
Actual Results:
# yum list-security
Loaded plugins: rhnplugin, security
prod-pci-rhel-x86_64-server-5 | 1.3 kB 00:00
prod-pci-rhel-x86_64-server-5/primary | 3.7 MB 00:00
prod-pci-rhel-x86_64-server-5 10310/10310
prod-pci-rhn-tools-rhel-x86_64-server-5 | 1.1 kB 00:00
prod-pci-rhn-tools-rhel-x86_64-server-5/primary | 38 kB 00:00
prod-pci-rhn-tools-rhel-x86_64-server-5 459/459
prod-pci-rhel-x86_64-server-5/updateinfo | 1.3 MB 00:00
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 178, in main
result, resultmsgs = base.doCommands()
File "/usr/share/yum-cli/cli.py", line 349, in doCommands
return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds)
File "/usr/lib/yum-plugins/security.py", line 203, in doCommand
md_info = ysp_gen_metadata(self.repos.listEnabled())
File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata
md_info.add(repo)
File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 376, in add
for event, elem in iterparse(infile):
File "<string>", line 64, in __iter__
SyntaxError: not well-formed (invalid token): line 820, column 52
Expected results:
Security sensitive updates listed
I have checked the file /var/cache/yum/prod-pci-rhel-x86_64-server-5/updateinfo.xml.gz
Issue appears to be similar
* two minor fixes were performed in the php substr_compare and substr_count
820 functions to correct integer overflows. (BZ#469807 & BZ#470971)
|
Description of problem: While testing yum-security against Satellite 5.0.1, I was getting traceback attached below. I believe it is because of unescaped '&' in updateinfo.xml Version-Release number of selected component (if applicable): yum-3.0.1-5.el5.noarch yum-security-1.0.4-3.el5.noarch Satellite 5.0.1 How reproducible: always Steps to Reproduce: 1. yum list-security Actual results: # yum list-security Loading "rhnplugin" plugin Loading "security" plugin Setting up repositories rhel-i386-server-cluster- 100% |=========================| 1.4 kB 00:00 rhel-i386-server-5 100% |=========================| 1.4 kB 00:00 rhel-i386-server-vt-5 100% |=========================| 1.4 kB 00:00 rhel-i386-server-cluster- 100% |=========================| 1.4 kB 00:00 rhel-i386-server-suppleme 100% |=========================| 1.2 kB 00:00 rhn-tools-rhel-i386-serve 100% |=========================| 1.2 kB 00:00 Reading repository metadata in from local files Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.main(sys.argv[1:]) File "/usr/share/yum-cli/yummain.py", line 102, in main result, resultmsgs = do() File "/usr/share/yum-cli/cli.py", line 359, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 193, in doCommand md_info = ysp_gen_metadata(self) File "/usr/lib/yum-plugins/security.py", line 58, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 235, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: not well-formed (invalid token): line 767, column 15 Expected results: Security sensitive updates listed Additional info: I have checked file /var/cache/yum/rhel-i386-server-cluster-storage-5/ updateinfo.xml.gz and found out, that problem is with advisory 2007:0576: Line 767 from satelite 5.0.1: <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=218134" id="218134" type="bugzilla"> ['GFS & GFS2: umount while busy gives bogus error message'] </reference> Similar line from rhn.redhat.stage: <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=218134" id="218134" type="bugzilla"> GFS & GFS2: umount while busy gives bogus error message </reference>