Bug 499079

Summary: Bad EVR
Product: Red Hat Enterprise Linux 5 Reporter: Lubomir Rintel <lkundrak>
Component: java-1.6.0-openjdkAssignee: Lillian Angel <langel>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: low    
Version: 5.4CC: bressers, dennis, dgilmore, dgregor, langel, lkundrak, mastahnke, mishu, mjw, noa, patrickm, rbiba, rdieter, syeghiay, thoger
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 498967 Environment:
Last Closed: 2009-08-06 21:15:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 504189    

Description Lubomir Rintel 2009-05-05 06:27:01 UTC 
Your initial EVR was smaller than one of EPEL packages. Needless to say, the EPEL package is EOL-ed, is unsupported by you and doesn't get regularly updated for security fixes anymore.

+++ This bug was initially created as a clone of Bug #498967 +++

RHEL contains java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5 which contains recent security patches, but EPEL contains java-1.6.0-openjdk-1.6.0.0-1.0.b12.el5.2, which is newer according to yum, but hasn't been updated since October last year.
Comment 1 Noa Resare 2009-05-20 14:04:25 UTC 
For all you bugzilla lurkers out there, a band aid solution to this repository incompatibility is to add

exclude=java-1.6.0*

to the [epel] segment of your /etc/yum.repos.d/epel.repo
Comment 2 Michael Stahnke 2009-06-05 14:38:29 UTC 
Ping?  This is a real problem and RH should release a new package with a new NVR to fix it.  The EPEL community has tried to communicate and work with RH here. 

Please advise.
Comment 3 Lillian Angel 2009-06-08 17:06:19 UTC 
it will be fixed with the next update.
Comment 4 Dennis Gilmore 2009-07-01 19:43:01 UTC 
Lillian according to the list of packages in 5.4 beta this is not fixed.  Please make it fixed.
Comment 5 Dennis Gilmore 2009-07-01 19:57:24 UTC 
This needs fixing in 5.4  and can not wait for 5.5 its been broken since 5.3 was released. It poses a real security risk for users who have the epel package installed.
Comment 13 errata-xmlrpc 2009-08-06 21:15:12 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1201.html
Comment 14 Noa Resare 2009-08-10 08:45:46 UTC 
I can confirm that this issue is resolved with the java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5 errata package (Advisory RHSA-2009:1201-1)

This means that there is no longer any need for the exclude line in epel.repo