Bug 428819
Summary: | unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Jan Hutař <jhutar> |
Component: | Client | Assignee: | Pradeep Kilambi <pkilambi> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | John Matthews <jmatthew> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 501 | CC: | akarlsso, bbuckingham, cperry, james.antill, monkeys_typing, rvandolson, tao, will.darton, xdmoon |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sat530 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-10 20:23:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 456985, 469732, 470932, 470933, 471466 |
Description
Jan Hutař
2008-01-15 13:40:43 UTC
Per Prad, this fix also covers '<' and '>' - ... def text_filter(text): # do & first s = text.replace('&', '&') s = s.replace('<', '<') s = s.replace('>', '>') return s ... Hello, please check http://wiki.python.org/moin/EscapingXml An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html Description of Problem While testing yum-security plugin against Satellite 5.4, receive traceback messages. Versions: yum-updatesd-0.9-2.el5 yum-3.2.22-26.el5_5.1 yum-metadata-parser-1.1.2-3.el5 yum-rhn-plugin-0.5.4-13.el5 yum-security-1.1.16-13.el5_4.1 Satellite 5.4.0 Steps to reproduce: 1. yum list-security Actual Results: # yum list-security Loaded plugins: rhnplugin, security prod-pci-rhel-x86_64-server-5 | 1.3 kB 00:00 prod-pci-rhel-x86_64-server-5/primary | 3.7 MB 00:00 prod-pci-rhel-x86_64-server-5 10310/10310 prod-pci-rhn-tools-rhel-x86_64-server-5 | 1.1 kB 00:00 prod-pci-rhn-tools-rhel-x86_64-server-5/primary | 38 kB 00:00 prod-pci-rhn-tools-rhel-x86_64-server-5 459/459 prod-pci-rhel-x86_64-server-5/updateinfo | 1.3 MB 00:00 Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 178, in main result, resultmsgs = base.doCommands() File "/usr/share/yum-cli/cli.py", line 349, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 203, in doCommand md_info = ysp_gen_metadata(self.repos.listEnabled()) File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 376, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: not well-formed (invalid token): line 820, column 52 Expected results: Security sensitive updates listed I have checked the file /var/cache/yum/prod-pci-rhel-x86_64-server-5/updateinfo.xml.gz Issue appears to be similar * two minor fixes were performed in the php substr_compare and substr_count 820 functions to correct integer overflows. (BZ#469807 & BZ#470971) |