Description of problem: While testing yum-security against Satellite 5.0.1, I was getting traceback attached below. I believe it is because of unescaped '&' in updateinfo.xml Version-Release number of selected component (if applicable): yum-3.0.1-5.el5.noarch yum-security-1.0.4-3.el5.noarch Satellite 5.0.1 How reproducible: always Steps to Reproduce: 1. yum list-security Actual results: # yum list-security Loading "rhnplugin" plugin Loading "security" plugin Setting up repositories rhel-i386-server-cluster- 100% |=========================| 1.4 kB 00:00 rhel-i386-server-5 100% |=========================| 1.4 kB 00:00 rhel-i386-server-vt-5 100% |=========================| 1.4 kB 00:00 rhel-i386-server-cluster- 100% |=========================| 1.4 kB 00:00 rhel-i386-server-suppleme 100% |=========================| 1.2 kB 00:00 rhn-tools-rhel-i386-serve 100% |=========================| 1.2 kB 00:00 Reading repository metadata in from local files Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.main(sys.argv[1:]) File "/usr/share/yum-cli/yummain.py", line 102, in main result, resultmsgs = do() File "/usr/share/yum-cli/cli.py", line 359, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 193, in doCommand md_info = ysp_gen_metadata(self) File "/usr/lib/yum-plugins/security.py", line 58, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 235, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: not well-formed (invalid token): line 767, column 15 Expected results: Security sensitive updates listed Additional info: I have checked file /var/cache/yum/rhel-i386-server-cluster-storage-5/ updateinfo.xml.gz and found out, that problem is with advisory 2007:0576: Line 767 from satelite 5.0.1: <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=218134" id="218134" type="bugzilla"> ['GFS & GFS2: umount while busy gives bogus error message'] </reference> Similar line from rhn.redhat.stage: <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=218134" id="218134" type="bugzilla"> GFS & GFS2: umount while busy gives bogus error message </reference>
Per Prad, this fix also covers '<' and '>' - ... def text_filter(text): # do & first s = text.replace('&', '&') s = s.replace('<', '<') s = s.replace('>', '>') return s ...
Hello, please check http://wiki.python.org/moin/EscapingXml
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html
Description of Problem While testing yum-security plugin against Satellite 5.4, receive traceback messages. Versions: yum-updatesd-0.9-2.el5 yum-3.2.22-26.el5_5.1 yum-metadata-parser-1.1.2-3.el5 yum-rhn-plugin-0.5.4-13.el5 yum-security-1.1.16-13.el5_4.1 Satellite 5.4.0 Steps to reproduce: 1. yum list-security Actual Results: # yum list-security Loaded plugins: rhnplugin, security prod-pci-rhel-x86_64-server-5 | 1.3 kB 00:00 prod-pci-rhel-x86_64-server-5/primary | 3.7 MB 00:00 prod-pci-rhel-x86_64-server-5 10310/10310 prod-pci-rhn-tools-rhel-x86_64-server-5 | 1.1 kB 00:00 prod-pci-rhn-tools-rhel-x86_64-server-5/primary | 38 kB 00:00 prod-pci-rhn-tools-rhel-x86_64-server-5 459/459 prod-pci-rhel-x86_64-server-5/updateinfo | 1.3 MB 00:00 Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 178, in main result, resultmsgs = base.doCommands() File "/usr/share/yum-cli/cli.py", line 349, in doCommands return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds) File "/usr/lib/yum-plugins/security.py", line 203, in doCommand md_info = ysp_gen_metadata(self.repos.listEnabled()) File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata md_info.add(repo) File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 376, in add for event, elem in iterparse(infile): File "<string>", line 64, in __iter__ SyntaxError: not well-formed (invalid token): line 820, column 52 Expected results: Security sensitive updates listed I have checked the file /var/cache/yum/prod-pci-rhel-x86_64-server-5/updateinfo.xml.gz Issue appears to be similar * two minor fixes were performed in the php substr_compare and substr_count 820 functions to correct integer overflows. (BZ#469807 & BZ#470971)