Red Hat Bugzilla – Bug 441677
yum-security plugin needs to pull in non-security dependancies
Last modified: 2008-11-26 05:56:09 EST
Description of problem:
Using yum --security, if a package has a dependency that is being excluded
(because its not a security package), the rpm install fails. Instead, any
security packages and all dependencies should be installed (even if they're not
security updates themselves)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Have above xine packages installed
2. Ensure that the updated 22.214.171.124-1 RPMs are available (both local and livna
3. yum --security -y update
Packages download, but install fails with:
ERROR with rpm_check_debug vs depsolve:
Package xine-lib-extras-nonfree needs xine-lib = 1.1.11, this is not available.
xine-lib-extras-nonfree is downloaded as well and installed to meet dependancies
- Debug (-d 5) attached
- yum update xine-lib (without --security) does work, so all the metadata on my
mirror is definitely OK.
Created attachment 301805 [details]
Can you try this patch:
Also, if that doesn't work ... can you add the output for the "yum -d 5 update
Created attachment 301830 [details]
debug output with patch (specifying package name)
Well, sort of. With 'yum --security update xine-lib' it works.
However, if I don't specify a package name it fails. The new output says that
its updating 3 of 4 packages (the old one said 1 of 2), but it still doesn't
pull in the dep.
This debug is specifying the package name; the following one will be without
Created attachment 301831 [details]
Without the package name
Both those attachments were with the patch manually applied.
Ok, I'm pretty sure I've fixed this. Here's an updated security plugin:
...just copy over the old one, I've only tested with 3.2.14 ... but it should
That works, thanks. It does still say:
Needed 3 of 4 packages, for security
Ok, thanks. I'll leave this BZ open at least until the fix is in rawhide.
The message is intentional ... and is saying it removed 1 package from a normal
"yum update" (i.e. it needed 3 of the 4 available packages, due to security).
But there are only 2 available packages, only one of which is a security
issue... Without the patch it said 1 of 2; it should say either 1/2 or 2/2
(making sure not to overcount if the extra package wasn't an update but was an
Right, I've also changed it upstream to say "transactional packages" which is
kind of what it is counting.
The extra numbers are because it's counting the old xine-lib packages you have
installed (which are being removed as part of the transaction).
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '8'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 8's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 8 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
Fixed for F10 (and was earlier pushed to F8 as an update, IIRC)