Description of problem: I used "yum --security update" in 5.2. After upgrading to 5.3 I noticed "yum --security update" would not update the openlib package, even though it was marked as "critical." I had to run "yum update" to upgrade openlib. Today there are two critical updates, which won't install with "yum --security update": nss and nss-tools. So it appears as though yum isn't working with yum-security anymore. Version-Release number of selected component (if applicable): yum-3.2.19-18.el5 yum-security-1.1.16-13.el5 How reproducible: Every time. Steps to Reproduce: 1. Make sure a package is marked as critical. 2. Run "yum --security update" 3. Actual results: No update is performed. Expected results: I expect the package to be upgraded with "yum --security update" and packages with bugs to be ignored. Additional info:
How are you deciding that there are security updates available? https://rhn.redhat.com/errata/rhel-server-errata.html ...doesn't show anything recent. What does "yum list-security" say?
Ok, it's the one labeled firefox: https://rhn.redhat.com/errata/RHSA-2009-0256.html
I'm looking at my RHN dashboard which shows two critical updates: https://rhn.redhat.com/network/software/packages/details.pxt?pid=471618 https://rhn.redhat.com/network/software/packages/details.pxt?pid=471619 Which are listed as: https://rhn.redhat.com/rhn/errata/details/Details.do?eid=8266 which makes no sense..... https://rhn.redhat.com/errata/rhel-server-errata.html shows a critical firefox update. Kent
That isn't nss or nss-tools though, just the -devel packages ... and the RHSA-2009-0256 errata isn't in the updateinfo.xml data I get for Server 5.
My RHN panel shows 20 RHEL 5 boxes with critical updates needing to be installed. I ran "rhn-profile-sync" on one of the boxes and RHN is still reporting the critical update. If the nss and nss-tools aren't critical updates, and RHN is showing nss and nss-tools as RHSA-2009:0256-6, then maybe RHN is just mislabeling? At any rate all my RHEL5 boxes are trying to update nss and nss-tools when I run "yum update" even though nss and nss-tools isn't listed in https://rhn.redhat.com/rhn/errata/details/Details.do?eid=8266 Kent
Ok, 2009-0256 is in the data I see now ... just spelled 2009:0256, trying to see what's happening on the yum side.
Ok, here's the problem ... the metadata has: <package name="nss" version="3.12.2.0" release="4.el5" epoch="0" arch="rpm" src="nss-3.12.2.0-4.el5.src.rpm"> ...and arch="rpm" means that the plugin filters everything out as not an applicable arch.
# xmllint --format /var/cache/yum/rhel-x86_64-server-5/updateinfo.xml.gz | fgrep 'arch="rpm"' | nl 1 <package name="sysstat" version="7.0.2" release="3.el5" epoch="0 " arch="rpm" src="sysstat-7.0.2-3.el5.src.rpm"> [...] 3902 <package name="freetype-demos" version="2.2.1" release="19.el5" epoch="0" arch="rpm" src="freetype-2.2.1-19.el5.src.rpm">
An update to the RHN metadata generation code to correct this issue is currently being tested. The current plan is to deploy this update as soon as possible after it passes the QA process.
It is worth noting that internal testing has confirmed that older versions of yum-security are not affected by this bug, because they do not look at the arch information in the updateinfo data. So downgrading yum-security is a viable workaround.
This was addressed by an update made to RHN live on Friday (6th Feb). Metadata being served today looks good. kbrede, please reopen this ticket if you still encounter any problems.