My package's new updateinfo.xml shows up in the yum cache, but isn't displayed as a security update by yum...
I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.
Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.
$ yum updateinfo MYAPP
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.atlanticmetro.net
* extras: mirror.atlanticmetro.net
* updates: mirror.atlanticmetro.net
updateinfo info done
Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.
The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.
<updates>
<update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
<id>MYAPP</id>
<title>MYAPP</title>
<release>MYAPP</release>
<issued date="2018-12-05 00:00:00"/>
<references>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
</references>
<description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
<pkglist>
<collection short="F8">
<name>MYAPP</name>
<package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
<filename>MYAPP-MYAPPVERSION.rpm</filename>
<reboot_suggested>True</reboot_suggested>
</package>
</collection>
</pkglist>
</update>
</updates>
any help appreciated. Thanks!
linux centos fedora yum
asked Dec 6 at 0:31
J. Doe
1
add a comment |
I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.
Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.
$ yum updateinfo MYAPP
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.atlanticmetro.net
* extras: mirror.atlanticmetro.net
* updates: mirror.atlanticmetro.net
updateinfo info done
Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.
The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.
<updates>
<update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
<id>MYAPP</id>
<title>MYAPP</title>
<release>MYAPP</release>
<issued date="2018-12-05 00:00:00"/>
<references>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
</references>
<description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
<pkglist>
<collection short="F8">
<name>MYAPP</name>
<package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
<filename>MYAPP-MYAPPVERSION.rpm</filename>
<reboot_suggested>True</reboot_suggested>
</package>
</collection>
</pkglist>
</update>
</updates>
any help appreciated. Thanks!
linux centos fedora yum
asked Dec 6 at 0:31
J. Doe
1
add a comment |
I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.
Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.
$ yum updateinfo MYAPP
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.atlanticmetro.net
* extras: mirror.atlanticmetro.net
* updates: mirror.atlanticmetro.net
updateinfo info done
Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.
The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.
<updates>
<update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
<id>MYAPP</id>
<title>MYAPP</title>
<release>MYAPP</release>
<issued date="2018-12-05 00:00:00"/>
<references>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
</references>
<description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
<pkglist>
<collection short="F8">
<name>MYAPP</name>
<package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
<filename>MYAPP-MYAPPVERSION.rpm</filename>
<reboot_suggested>True</reboot_suggested>
</package>
</collection>
</pkglist>
</update>
</updates>
any help appreciated. Thanks!
linux centos fedora yum
asked Dec 6 at 0:31
J. Doe
1
I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.
Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.
$ yum updateinfo MYAPP
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.atlanticmetro.net
* extras: mirror.atlanticmetro.net
* updates: mirror.atlanticmetro.net
updateinfo info done
Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.
The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.
<updates>
<update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
<id>MYAPP</id>
<title>MYAPP</title>
<release>MYAPP</release>
<issued date="2018-12-05 00:00:00"/>
<references>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
</references>
<description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
<pkglist>
<collection short="F8">
<name>MYAPP</name>
<package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
<filename>MYAPP-MYAPPVERSION.rpm</filename>
<reboot_suggested>True</reboot_suggested>
</package>
</collection>
</pkglist>
</update>
</updates>
any help appreciated. Thanks!
linux centos fedora yum
linux centos fedora yum
asked Dec 6 at 0:31
J. Doe
1
asked Dec 6 at 0:31
J. Doe
1
asked Dec 6 at 0:31
J. Doe
1
asked Dec 6 at 0:31
J. Doe
1
asked Dec 6 at 0:31
J. Doe
1
1
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.
answered Dec 7 at 14:41
J. Doe
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381188%2fmy-packages-new-updateinfo-xml-shows-up-in-the-yum-cache-but-isnt-displayed-a%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.
answered Dec 7 at 14:41
J. Doe
1
add a comment |
The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.
answered Dec 7 at 14:41
J. Doe
1
add a comment |
The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.
answered Dec 7 at 14:41
J. Doe
1
The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.
answered Dec 7 at 14:41
J. Doe
1
answered Dec 7 at 14:41
J. Doe
1
answered Dec 7 at 14:41
J. Doe
1
answered Dec 7 at 14:41
J. Doe
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381188%2fmy-packages-new-updateinfo-xml-shows-up-in-the-yum-cache-but-isnt-displayed-a%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
