Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 470932

Summary: unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin
Product: Red Hat Satellite 5 Reporter: Xixi <xdmoon>
Component: ClientAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED ERRATA QA Contact: Preethi Thomas <pthomas>
Severity: high Docs Contact:
Priority: high    
Version: 502CC: cperry, dev, james.antill, monkeys_typing, pthomas, rvandolson, steve.siano, tao, xdmoon
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-08 22:01:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 428819    
Bug Blocks: 459673    

Comment 2 Xixi 2008-11-10 22:43:56 UTC 
This bug is for backport of fix for original bug 428819 into 5.0.x satellite
Comment 5 Issue Tracker 2008-11-11 15:02:06 UTC 
Xixi, Prad:

So the customer tried the raw patch and restarted the Satellite server,
but, it didn't appear to clear anything up.  The only way he was able to
get past this was to:

Update the system via yum.
Clear the yum cache (yum clean all).

Once he did that, the pup GUI started working again because it now
downloaded a new updateinfo.xml without the kernel information in it,
which apparently allowed pup to work.


I also tried the raw patch this morning, restarted Satellite services, and
pup indeed failed again with the same error as yesterday.  I also tried
running a "yum clean all" then fired up pup again...same problem.

So, right now, the only way to clear this up is to still run yum update
from the command line first....


This event sent from IssueTracker by kbaxley 
 issue 238010
Comment 11 Issue Tracker 2008-11-11 16:40:40 UTC 
client versions are all RHEL5.2 with yum-3.2.8-9.el5_2.1,  
yum-rhn-plugin-0.5.3, 
yum-security-1.1.10-9.el5, 
yum-metadata-parser-1.1.2-2.el5, 
and pirut-1.3.28-13.el5 ...is that what you are looking for?


This event sent from IssueTracker by kbaxley 
 issue 238010
Comment 16 Issue Tracker 2008-11-11 20:50:35 UTC 
Prad,

Ok. Here's what we've got now from the customer:

Something is better than before I patched the Satellite. Machines that
register with the satellite now (i.e. new ones) get the correct xml data
from the satellite and seem to be acting normal.  

I was able to install a new machine and use pup to update the machine. 
New machines registering with a satellite were broken before the patches
and flushing of the cache.

On machines that have already failed one using pup I now get a different
error.  This is after doing a yum list for the distro and even after
running yum clean all.  It looks like the client still has some cache or
something local that is still having problems with a mismatch or checksum
or something on the satellite and the local client is not ablel to deal
with it.  Here is the error from pup.


$ cat pup.error 
Component: pirut
Summary: TB04230791 rhnplugin.py:299:_getFile:RepoError: failed to
retrieve repodata/updateinfo.xml.gz from rhel-x86_64-client-5
error was [Errno -1] Metadata file does not match checksum

Traceback (most recent call last):
  File "/usr/sbin/pup", line 617, in ?
    main()
  File "/usr/sbin/pup", line 613, in main
    pup.run()
  File "/usr/sbin/pup", line 451, in run
    self.doRefresh()
  File "/usr/sbin/pup", line 291, in doRefresh
    self.populateUpdates()
  File "/usr/sbin/pup", line 347, in populateUpdates
    self.updateMetadata.add(repo)
  File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 265, in
add
    md = obj.retrieveMD(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 867, in
retrieveMD
    cache=self.http_caching == 'all')
  File "/usr/lib/yum-plugins/rhnplugin.py", line 299, in _getFile
    raise yum.Errors.RepoError, \
RepoError: failed to retrieve repodata/updateinfo.xml.gz from
rhel-x86_64-client-5
error was [Errno -1] Metadata file does not match checksum

Local variables in innermost frame:
e: [Errno -1] Metadata file does not match checksum
url: None
text: None
self: rhel-x86_64-client-5
cache: False
reget: None
relative: repodata/updateinfo.xml.gz
start: None
checkfunc: (<bound method RhnRepo.checkMD of <rhnplugin.RhnRepo object at
0x126eb710>>, ('updateinfo',), {})
copy_local: 1
end: None
local: //var/cache/yum/rhel-x86_64-client-5/updateinfo.xml.gz



This event sent from IssueTracker by kbaxley 
 issue 238010
Comment 18 Issue Tracker 2008-11-11 21:21:37 UTC 
They had indeed cleared all the cache out of /var/cache/rhn/repomd*, but,
they're thinking that someone may have had cache locked on the server when
they tried to clear it out.  They're going to stop the satellite services
(to keep people off of it), clean the cache out, start up satellite
services and try again.


This event sent from IssueTracker by kbaxley 
 issue 238010
Comment 20 Issue Tracker 2008-11-12 21:25:43 UTC 
Prad,

Looks like we're back in business...thanks for your help!

Are the fixes for this issue already included in Satellite 5.2?  Customer
is going to consider upgrading to 5.2 in the next couple of months (which
is way sooner than I expected) and they wanted to know if they'll get
bitten by this again.

Thanks, again, for the help!


This event sent from IssueTracker by kbaxley 
 issue 238010
Comment 25 Preethi Thomas 2008-11-19 19:31:29 UTC 
before update
[root@rlx-0-10 ~]# pup
Loading "rhnplugin" plugin
Component: pirut
Summary: TB9536d0ca <string>:64:__iter__:SyntaxError: mismatched tag: line 41637, column 8

Traceback (most recent call last):
  File "/usr/sbin/pup", line 617, in ?
    main()
  File "/usr/sbin/pup", line 613, in main
    pup.run()
  File "/usr/sbin/pup", line 451, in run
    self.doRefresh()
  File "/usr/sbin/pup", line 291, in doRefresh
    self.populateUpdates()
  File "/usr/sbin/pup", line 347, in populateUpdates
    self.updateMetadata.add(repo)
  File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 272, in add
    for event, elem in iterparse(infile):
  File "<string>", line 64, in __iter__
SyntaxError: mismatched tag: line 41637, column 8

after upgrade

[root@rlx-0-10 ~]# yum list-security
Loading "rhnplugin" plugin
Loading "security" plugin
rhel-i386-server-5        100% |=========================| 1.4 kB    00:00     
primary.xml.gz            100% |=========================| 1.6 MB    00:00     
rhel-i386-: ################################################## 4398/4398
updateinfo.xml.gz         100% |=========================| 431 kB    00:00     
RHBA-2008:0551-3 bugfix   Deployment_Guide-en-US - 5.2-11.noarch
RHBA-2008:0909-4 bugfix   OpenIPMI - 2.0.6-6.el5_2.2.i386
RHBA-2008:0909-4 bugfix   OpenIPMI-libs - 2.0.6-6.el5_2.2.i386
RHSA-2008:0533-3 security bind-libs - 30:9.3.4-6.0.2.P1.el5_2.i386
RHSA-2008:0533-3 security bind-utils - 30:9.3.4-6.0.2.P1.el5_2.i386
RHSA-2008:0581-5 security bluez-libs - 3.7-1.1.i386
RHSA-2008:0581-5 security bluez-utils - 3.7-2.2.i386
RHSA-2008:0893-2 security bzip2 - 1.0.3-4.el5_2.i386
RHSA-2008:0893-2 security bzip2-libs - 1.0.3-4.el5_2.i386
RHSA-2008:0937-3 security cups - 1:1.2.4-11.18.el5_2.2.i386
RHSA-2008:0937-3 security cups-libs - 1:1.2.4-11.18.el5_2.2.i386
RHBA-2008:0647-3 bugfix   dhcpv6-client - 1.0.10-4.el5_2.3.i386
RHSA-2008:0946-3 security ed - 0.2-39.el5_2.i386
RHSA-2008:0556-8 security freetype - 2.2.1-20.el5_2.i386
RHSA-2008:0489-5 security gnutls - 1.4.1-3.el5_1.i386
RHBA-2008:0933-2 bugfix   initscripts - 8.45.19.1.EL-1.i386
RHSA-2008:0849-5 security ipsec-tools - 0.6.5-9.el5_2.3.i386
RHSA-2008:0885-10 security kernel - 2.6.18-92.1.13.el5.i686
RHBA-2008:0902-2 bugfix   krb5-libs - 1.6.1-25.el5_2.1.i386
RHBA-2008:0902-2 bugfix   krb5-workstation - 1.6.1-25.el5_2.1.i386
RHSA-2008:0847-8 security libtiff - 3.8.2-7.el5_2.2.i386
RHSA-2008:0884-3 security libxml2 - 2.6.26-2.1.2.6.i386
RHSA-2008:0884-3 security libxml2-python - 2.6.26-2.1.2.6.i386
RHSA-2008:0529-4 security net-snmp-libs - 1:5.3.1-24.el5_2.1.i386
RHSA-2008:0486-4 security nfs-utils - 1:1.0.9-35z.el5_2.i386
RHBA-2008:0557-2 bugfix   nspr - 4.7.1-1.el5.i386
RHSA-2008:0879-6 security nss - 3.12.1.1-1.el5.i386
RHSA-2008:0879-6 security nss-tools - 3.12.1.1-1.el5.i386
RHBA-2008:0611-3 bugfix   nss_ldap - 253-13.el5_2.1.i386
RHSA-2008:0583-4 security openldap - 2.3.27-8.el5_2.4.i386
RHSA-2008:0907-2 security pam_krb5 - 2.2.14-1.el5_2.1.i386
RHBA-2008:0876-3 bugfix   perl - 4:5.8.8-15.el5_2.1.i386
RHBA-2008:0278-5 bugfix   redhat-release-notes - 5Server-15.i386
RHSA-2008:0533-3 security selinux-policy - 2.4.6-137.1.el5_2.noarch
RHSA-2008:0533-3 security selinux-policy-targeted - 2.4.6-137.1.el5_2.noarch
RHBA-2008:0639-3 bugfix   sos - 1.7-9.2.el5_2.2.noarch
RHEA-2008:0941-4 enhancement tzdata - 2008f-3.el5.noarch
RHBA-2008:0487-2 bugfix   yum - 3.2.8-9.el5_2.1.noarch
RHSA-2008:0815-7 security yum-rhn-plugin - 0.5.3-12.el5_2.9.noarch
list-security done
Comment 30 Preethi Thomas 2008-12-05 19:15:13 UTC 
release pending
Comment 31 errata-xmlrpc 2008-12-08 22:01:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-1005.html
Comment 33 Steve Siano 2009-12-20 00:29:48 UTC 
I experienced the error on Dec. 19, 2009.  The advisory (http://rhn.redhat.com/errata/RHBA-2008-1005.html) was not helpful.  Both 'up2date rhns* and 'yum update rhns*' did nothing.  Instead, the problem was fixed by running 'yum clean metatdata'.