Bug 663403
Summary: | unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Martin Poole <mpoole> | ||||
Component: | Server | Assignee: | Tomas Lestach <tlestach> | ||||
Status: | CLOSED ERRATA | QA Contact: | Šimon Lukašík <slukasik> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 540 | CC: | alexsa, bnater, brunowolff, cperry, gbock, james.antill, jhutar, slukasik, syeghiay, tlestach, uwe.menges, xdmoon, ysm-si | ||||
Target Milestone: | --- | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
Cause
updateinfo.xml not escaped
Consequence
client yum failed, when updateinfo.xml contains (unescaped) '&', '<', '>'
Fix
updateinfo.info gets correctly escaped
Result
client yum doesn't fail
|
Story Points: | --- | ||||
Clone Of: | 462374 | Environment: | |||||
Last Closed: | 2011-03-17 14:10:47 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 470142 | ||||||
Bug Blocks: | 646488 | ||||||
Attachments: |
|
Comment 1
Martin Poole
2010-12-15 17:29:10 UTC
Current fail is being triggered by incorrect encoding of subject of BZ481706 "SELinux is preventing automount (automount_t) "signal" to <Unknown> (mount_t)." Could this be what is triggering: bug 663378 ? *** Bug 663786 has been marked as a duplicate of this bug. *** If I close the pirut pop-up window (having the error traceback) and by hand apply "yum update" under root - this works. But the next day pirut produces the same error. Any idea how to make pirut working again? YS, pirut needs a working updateinfo yum doesn't (unless you specify --security or use update-minimal). If I close the pirut pop-up window (having the error traceback) and by hand apply "yum update" under root - this works. But the next day pirut produces the same error. Any idea how to make pirut working again? James, so how can I get/tune updateinfo for purit locally? Does the satellite server needs to be updated or another solution? *** Bug 666073 has been marked as a duplicate of this bug. *** YS, satellite needs to be fixed to generate good updateinfo ... there isn't much that you can easily do from the client (it might be possible to do a plugin which made yum think there was no updateinfo). *** Bug 660303 has been marked as a duplicate of this bug. *** Created attachment 472301 [details]
spacewalk-java-1.2.39-fix-updateinfoxml.patch
In the meantime customer submitted a proposed fix for java code (thanks!) which looks sane to me...
We agreed we do not want to use the patch attached in Comment#19. Fixing the issue by using XMLSerializer for the UpdateInfoWriter. spacewalk.git: 27348921f2fa804d578038a38e56e39ad5c9ea8a Patch from comment #19 was only intended as a temporary workaround. Changes from spacewalk.git: 27348921f2fa804d578038a38e56e39ad5c9ea8a appear to be working fine. Sample traceback for this bug looks like the following: [root@dep ~]# yum list-security Loaded plugins: rhnplugin, security Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 178, in main result, resultmsgs = base.doCommands() File "/usr/share/yum-cli/cli.py", line 349, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 203, in doCommand md_info = ysp_gen_metadata(self.repos.listEnabled()) File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 376, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: mismatched tag: line 240, column 1388 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause updateinfo.xml not escaped Consequence client yum failed, when updateinfo.xml contains (unescaped) '&', '<', '>' Fix updateinfo.info gets correctly escaped Result client yum doesn't fail Taking QA contact. Changing to VERIFIED: Testing procedure: Automated test. Verified against: spacewalk-java-1.2.39-37 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0362.html Guys, I update my satellite server but my rhel5 clients persists to fail when I run yum list-security, like reported on comment #26. My satellite is satellite-embedded-oracle-5.4.0 on RHEL 5.5 uname -r 2.6.18-238.12.1.el5 rpm -qa | grep spacewalk-java spacewalk-java-lib-1.2.39-45.el5sat spacewalk-java-config-1.2.39-45.el5sat spacewalk-java-1.2.39-45.el5sat spacewalk-java-oracle-1.2.39-45.el5sa Thanks for any help Bruno, I cannot see the problem on my setup. Could you please remove affected updateinfo file? And then wait for Satellite to regenerate a fresh one? The updateinfo.xml is located on the client in: /var/cache/yum/<channel>/updateinfo.xml.gz On the Satellite it is located in: /var/cache/rhn/repodata/<channel>/updateinfo.xml.gz If the problem persist even with a freshly generated updateinfo, please open a new ticket with a detailed description, or consult with support. Thank You. Simon, just to you know... After recreate the updateinfo file on my satellite server and my rhel client, the message changed Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 178, in main result, resultmsgs = base.doCommands() File "/usr/share/yum-cli/cli.py", line 349, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 203, in doCommand md_info = ysp_gen_metadata(self.repos.listEnabled()) File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 424, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: not well-formed (invalid token): line 98, column 28 As you advised me, I'm going to open a new ticket. Thanks a lot. *** Bug 695699 has been marked as a duplicate of this bug. *** |