Bug 828696

Summary: Certain code paths put yum in python infinite loop (Eg. some usage of yum --sec-severity).
Product: Red Hat Enterprise Linux 5 Reporter: Karel Srot <ksrot>
Component: yumAssignee: packaging-team-maint
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.8CC: james.antill, lmiksik, tcallawa, zpavlas
Target Milestone: beta   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 804120 Environment:
Last Closed: 2013-12-10 15:45:26 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 1049888    

Description Karel Srot 2012-06-05 04:20:29 EDT
same bug seems to be present also in rhel5.8

+++ This bug was initially created as a clone of Bug #804120 +++

Description of problem:

Running certain code paths of: yum --security --sec-severity=Critical upgrade result in the plugin running:

'severity' not in notice

...but their was no explicit support for that in the class, and the default way python implements it works like:

1. Can I have element 1.
2. Can I have element 2.
2. Can I have element 3.
2. Can I have element 4.
[...]

...and this will go on forever.

 Quick test, from ipython:

In [2]: import yum.update_md

In [3]: x = yum.update_md.UpdateNotice()

In [4]: 'foo' in x

...fix is a one liner in yum.

--- Additional comment from ksrot@redhat.com on 2012-03-16 12:04:10 EDT ---
Comment 1 RHEL Product and Program Management 2012-06-11 21:22:33 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 2 James Antill 2013-04-05 09:50:57 EDT
 The fix is really simple, so I'll ACK this one, but I'm not sure how useful it is given the lateness of RHEL-5 (and that it was discovered internally, and has no customers behind it).

commit 6549b355f93473e7adc8ae177bb65ad2c0ba2dfc
Author: James Antill <james@and.org>
Date:   Fri Mar 16 11:12:59 2012 -0400

    Fix UpdateNotice.getitem when asked for iteration, add contains. BZ 804120
Comment 3 RHEL Product and Program Management 2013-05-01 02:45:37 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 4 James Antill 2013-12-10 15:45:26 EST
 Might as well close this, given no customer desire to get it fixed and how we are very late in RHEL-5.
 At least the early versions of RHEL-6 yum could be rebuilt on RHEL-5, so if any customer really needs this then the fixed version in rhel-6 is a viable path.