My package's new updateinfo.xml shows up in the yum cache, but isn't displayed as a security update by yum...












0














I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.



Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.




$ yum updateinfo MYAPP
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.atlanticmetro.net
* extras: mirror.atlanticmetro.net
* updates: mirror.atlanticmetro.net
updateinfo info done



Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.



The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.




<updates>
<update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
<id>MYAPP</id>
<title>MYAPP</title>
<release>MYAPP</release>
<issued date="2018-12-05 00:00:00"/>
<references>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
</references>
<description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
<pkglist>
<collection short="F8">
<name>MYAPP</name>
<package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
<filename>MYAPP-MYAPPVERSION.rpm</filename>
<reboot_suggested>True</reboot_suggested>
</package>
</collection>
</pkglist>
</update>
</updates>



any help appreciated. Thanks!






linux centos fedora yum







share|improve this question



























    0














    I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.



    Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.




    $ yum updateinfo MYAPP
    Loaded plugins: fastestmirror, ovl
    Loading mirror speeds from cached hostfile
    * base: mirror.atlanticmetro.net
    * extras: mirror.atlanticmetro.net
    * updates: mirror.atlanticmetro.net
    updateinfo info done



    Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.



    The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.




    <updates>
    <update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
    <id>MYAPP</id>
    <title>MYAPP</title>
    <release>MYAPP</release>
    <issued date="2018-12-05 00:00:00"/>
    <references>
    <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
    <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
    </references>
    <description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
    <pkglist>
    <collection short="F8">
    <name>MYAPP</name>
    <package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
    <filename>MYAPP-MYAPPVERSION.rpm</filename>
    <reboot_suggested>True</reboot_suggested>
    </package>
    </collection>
    </pkglist>
    </update>
    </updates>



    any help appreciated. Thanks!






    linux centos fedora yum







    share|improve this question

























      0












      0








      0







      I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.



      Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.




      $ yum updateinfo MYAPP
      Loaded plugins: fastestmirror, ovl
      Loading mirror speeds from cached hostfile
      * base: mirror.atlanticmetro.net
      * extras: mirror.atlanticmetro.net
      * updates: mirror.atlanticmetro.net
      updateinfo info done



      Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.



      The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.




      <updates>
      <update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
      <id>MYAPP</id>
      <title>MYAPP</title>
      <release>MYAPP</release>
      <issued date="2018-12-05 00:00:00"/>
      <references>
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
      </references>
      <description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
      <pkglist>
      <collection short="F8">
      <name>MYAPP</name>
      <package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
      <filename>MYAPP-MYAPPVERSION.rpm</filename>
      <reboot_suggested>True</reboot_suggested>
      </package>
      </collection>
      </pkglist>
      </update>
      </updates>



      any help appreciated. Thanks!






      linux centos fedora yum







      share|improve this question













      I have a package I want to release a security update for. So I added an updateinfo.xml and used modifyrepo to add it to the files listed by repomd.xml. When I test with the baseurl of the yum repo config pointed locally, I can verify that yum does download the new updateinfo.xml: it shows up in /var/cache/yum/x86_64/7/MYAPP/gen/updateinfo.xml.



      Additionally, since I bumped the version number, running yum install MYAPP says there's a version update waiting. But I've tried the following commands and none of them list any security updates, even though the updateinfo.xml has type=security in the update tag.




      $ yum updateinfo MYAPP
      Loaded plugins: fastestmirror, ovl
      Loading mirror speeds from cached hostfile
      * base: mirror.atlanticmetro.net
      * extras: mirror.atlanticmetro.net
      * updates: mirror.atlanticmetro.net
      updateinfo info done



      Note that my package is not in these mirrors; it is a local repo specified in /etc/yum.repos.d/MYAPP.repo.



      The updateinfo.xml is as follows. I used https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo as an example (and fixed some xml syntax errors) so some of the text is not updated yet.




      <updates>
      <update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
      <id>MYAPP</id>
      <title>MYAPP</title>
      <release>MYAPP</release>
      <issued date="2018-12-05 00:00:00"/>
      <references>
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="cve"/>
      </references>
      <description>THIS update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP imag</description>
      <pkglist>
      <collection short="F8">
      <name>MYAPP</name>
      <package arch="x84_64" name="MYAPP" release="MYAPPVERSION" src="">
      <filename>MYAPP-MYAPPVERSION.rpm</filename>
      <reboot_suggested>True</reboot_suggested>
      </package>
      </collection>
      </pkglist>
      </update>
      </updates>



      any help appreciated. Thanks!






      linux centos fedora yum




      linux centos fedora yum






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 6 at 0:31









      J. Doe

      1




      1






















          1 Answer
          1






          active

          oldest

          votes


















          0














          The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381188%2fmy-packages-new-updateinfo-xml-shows-up-in-the-yum-cache-but-isnt-displayed-a%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.






            share|improve this answer


























              0














              The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.






              share|improve this answer
























                0












                0








                0






                The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.






                share|improve this answer












                The problem was a misunderstanding with the pkglist. I had to specify the versions that fixed the problem (the new version), not the old one.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 7 at 14:41









                J. Doe

                1




                1






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381188%2fmy-packages-new-updateinfo-xml-shows-up-in-the-yum-cache-but-isnt-displayed-a%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Сан-Квентин

                    Image
                    Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но...
                    Read more

                    8-я гвардейская общевойсковая армия

                    Image
                    8-я гвардейская общевойсковая ордена Ленина армия Награды: Войска: РККА → Советская армия → СВ России Род войск: Формирование: 1943 Расформирование (преобразование): 1992 Предшественник: 62-я армия (1942—43) → 8-я гвардейская общевойсковая армия (1943—92) → 8-й гвардейский армейский корпус (1992—98) Боевой путь Изюм-Барвенковская операция Донбасская операция Запорожская операция Битва за Днепр Днепропетровская операция Березнеговато-Снигирёвская операция Одесская операция Люблин-Брестская операция Варшавско-Познанская операция Восточно-Померанская операция Берлинская наступательная операция У этого термина существуют и другие значения, см. 8-я армия. Фотография Гвардейского Красного Знамени (лицевая сторона) 8-й гвардейской армии , образца 1943 года. Фотография Гвардейского Красного Знамени (оборотная сторона) 8-й гвардейской армии , образца 1943 года. 8-я гвардейская общевойсковая ордена Ленина армия  — гвардейское фор...
                    Read more

                    Алькесар

                    Image
                    Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове...
                    Read more