Description of problem: Related to https://bugzilla.redhat.com/show_bug.cgi?id=1171278 But if an errata is in multiple repositories, applicability generation calculates whether the errata is applicable based on all the packages in the errata, not based on whether the packages are actually in the repository that the system is bound to. Version-Release number of selected component (if applicable): 2.4.1 How reproducible: Always Steps to Reproduce: 1. Sync RHEL 5 2. Sync RHEL 6 3. Bind a rhel 5 and a rhel 6 system to their respective repos 4. Generate, fetch, and note applicability 5. Update both systems fully 6. Generate, fetch and note applicability again Actual results: On either step 4 or 6, the appliability will be wrong. You may see errata not show up that should show up, or you may see errata show up as applicable when they are not. Additional info: The description is a bit vague, because it is complicated by https://bugzilla.redhat.com/show_bug.cgi?id=1171278 The solution to that bz may solve this issue by itself, or it may not.
Here is how I repro'd, from a fresh 2.4.4 beta install: * sync rhel 6 * sync rhel 7 * bind a consumer to rhel 6 * generate applicability using "test_applicability_generation.py" playpen script (you'll need to modify it to specify your consumer id) * make a POST call to /pulp/api/v2/consumers/content/applicability/ with the following json: { "criteria": { "filters": {"id": {"$in": ["<your_consumer_id>"]}} }, "content_types": ["erratum"] } At this point, the RHEL6 system will have IDs for both RHEL6 and RHEL7 errata listed.
https://github.com/pulp/pulp_rpm/pull/611
Fixed in 2.4.4-0.3.beta.
verified [root@mgmt6 ~]# rpm -qa pulp-server pulp-server-2.4.4-0.3.beta.el6.noarch [root@mgmt6 ~]# synced rhel6 & 7 repos and bound rhel6 consumer to the rhel6 repo. [root@mgmt6 ~]# curl -k -X POST -d @./post-data.json "https://admin:admin@localhost/pulp/api/v2/consumers/content/applicability/" | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 105 1819 101 1819 0 88 8439 408 --:--:-- --:--:-- --:--:-- 13629 [ { "applicability": { "erratum": [ "9141ad51-48bc-4008-8aed-58d17186f781", "2c1da98a-b88a-40f1-b95c-ef11ec5a1980", "fd642c0b-a94b-4abc-9313-d6b054cda30c", "b49bda4e-4fde-46fa-b5d2-b50fb6630309", "be6239e7-1ec2-464e-8d01-f58df7551f4b", "0fab0683-3b7b-4e4c-a947-d449f047e28f", "dd41e416-984e-450c-bf00-3c01acec7634", "0adb7ea9-fa72-4a2e-a778-e7b2a9b16619", "7c75a29c-3f29-44da-a877-dff82ea7398b", "ee5cfb82-f896-4517-9843-123d94229b1e", "9200d89b-a2ba-4446-9760-7238be98b7b2", "c4ca3032-86b1-4e58-b132-a663b4db3693", "5966bc62-34e8-4eee-aa43-47dd84e21954", "197ae0b9-d666-4272-ab9d-d27dba129492", "7efa44f4-48b4-4150-8205-f7758f92d59c", "c5177d6a-6501-4ff5-ade6-564aa9782e84", "27d1d0d1-6d1d-4633-aea1-84a383bd5d45", "4fcc5416-4726-4d6a-a0ef-983cd830503e", "7333cb28-9de3-4eb9-b837-b8125a48a5ff", "db7c49f0-646e-4082-8b7e-cefee955bf44", "98a7f333-a721-4f71-854e-2865bcd8c797", "7a4d2451-03a3-4557-99ed-0cbb099d73a9", "3ecc73d4-48fb-4378-b89a-8ba0f2f10607", "4c80e4ff-7390-4b1d-932d-98a281daa909", "e4218b0e-b5e4-498b-b6e8-1b8bf9420abd", "cc0e5bf6-c8ca-4874-8734-1bd0d89b12e6", "f6b205c7-22cb-492b-b792-282cd470725b", "c70f879f-d757-41c9-9323-5b85745cbc21", "9a5815c2-976f-43bb-b0c1-98bf0ef730ad", "290e59b5-326b-4bf1-bbd4-df5750c76c9b", "660a2ea2-4e76-41a6-864d-ce12e16adfa3", "0a63dfb7-435f-4ed2-baa5-1b32fe9644a0", "4a8c757d-251f-4c0d-bb65-1a203a48e640", "902bb671-d758-4ab1-8c2a-5cc78974db99", "ec43b0f2-61cb-4496-87e8-db9dcb704aa8", "a848a374-090e-4eb2-8ddb-b46fd1ac363c", "9085a919-dde1-4b7a-8ca4-3f7cdf00cc2f", "dedb614a-860a-428d-b0bf-d654fea7559c", "6bc5a081-a5ed-423e-97a0-d48d74664518", "0115fb62-f467-45d7-8a25-f3ac4ae76868", "0e7686ce-1b4c-4823-a3a1-1e78dc2cdac6", "f78fd99b-f720-4962-86fd-6c9528051edd", "987aee9e-e221-47da-8689-28917f457c8c", "884a06a4-0861-4d17-9e69-313e94ea0905" ] }, "consumers": [ "pepper" ] } ] [root@mgmt6 ~]# [root@mgmt6 ~]# pulp-admin rpm repo content errata --repo-id rhel7 --erratum-id RHSA-2014:1976 +----------------------------------------------------------------------+ Erratum: RHSA-2014:1976 +----------------------------------------------------------------------+ Id: RHSA-2014:1976 Title: Important: rpm security update Summary: Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description: The RPM Package Manager (RPM) is a powerful command line driven packagemanagement system capable of installing, uninstalling, verifying, querying,and updating software packages. Each software package consists of anarchive of files along with information about the package such as itsversion, description, and other information. It was found that RPM wrote file contents to the target installationdirectory under a temporary name, and verified its cryptographic signatureonly after the temporary file has been written completely. Under certainconditions, the system interprets the unverified temporary file contentsand extracts commands from it. This could allow an attacker to modifysigned RPM files in such a way that they would execute code chosen by theattacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to astack-based buffer overflow, while parsing a crafted CPIO header in thepayload section of an RPM file. This could allow an attacker to modifysigned RPM files in such a way that they would execute code chosen by theattacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. All runningapplications linked against the RPM library must be restarted for thisupdate to take effect. Severity: Important Type: security Issued: 2014-12-09 00:00:00 Updated: 2014-12-09 00:00:00 Version: 1 Release: Status: final Reboot Suggested: No Updated Packages: rpm-devel-0:4.11.1-18.el7_0.x86_64 rpm-python-0:4.11.1-18.el7_0.x86_64 rpm-libs-0:4.11.1-18.el7_0.i686 rpm-libs-0:4.11.1-18.el7_0.x86_64 rpm-sign-0:4.11.1-18.el7_0.x86_64 rpm-build-0:4.11.1-18.el7_0.x86_64 rpm-devel-0:4.11.1-18.el7_0.i686 rpm-build-libs-0:4.11.1-18.el7_0.x86_64 rpm-0:4.11.1-18.el7_0.x86_64 rpm-build-libs-0:4.11.1-18.el7_0.i686 References: ID: None Type: self Link: https://rhn.redhat.com/errata/RHSA-2014-1976.html ID: 1039811 Type: bugzilla Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1039811 ID: 1168715 Type: bugzilla Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1168715 ID: CVE-2013-6435 Type: cve Link: https://www.redhat.com/security/data/cve/CVE-2013-6435.html ID: CVE-2014-8118 Type: cve Link: https://www.redhat.com/security/data/cve/CVE-2014-8118.html ID: None Type: other Link: https://access.redhat.com/security/updates/classification/#important > db.units_erratum.findOne({"id": "RHSA-2014:1976"}, {"id":1}) { "_id" : "d08003e9-536c-47cf-93fe-09f75063f881", "id" : "RHSA-2014:1976" } >
We will not be releasing a 2.4.4, but according to git, pulp-rpm-2.5.2-1 was the first release to contain this fix. I am adjusting the target release to 2.5.2 and closing this bug. [0] $ git tag --contains 494ed13