Skip to navigation

Bug Fix Advisory yum bug fix update

Advisory: RHBA-2011:1060-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated yum package that fixes several bugs is now available for Red Hat
Enterprise Linux 5.

Yum is a utility that can check for and automatically download and install
updated RPM packages. Dependencies are obtained and downloaded automatically,
prompting the user for permission as necessary.

This update fixes the following bugs:

* When accessing mirror lists, a number of yum configuration options was not
correctly recognized by the yum utility or associated modules such as
URLGrabber. As a consequence, many configured parameters were not taken into
account during yum operation; for example, the timeout option was ignored,
causing unpredictable timeouts. This bug has been fixed, and the yum
configuration is now properly processed by yum and associated modules.
(BZ#647134)

* Previously, when one of the repository baseurl addresses caused an HTTP error
code to be issued, the "yum repolist" command failed to produce the list of
available repositories. This bug has been fixed and the repository list is now
properly returned even if an error occurs. (BZ#697087)

* Previously, the repodiff utility used a stale metadata cache in subsequent
runs. When two repodiff commands were executed in succession, the second run
reused cached data from the first. This bug has been fixed and repodiff now
properly validates the metadata if a connection cannot be established or the
cached data are about to be reused. (BZ#709972)

* One of the arguments in the ssl_ctx_load_verify_locations() function was of
the wrong type. As a consequence, under specific conditions, any yum command
could terminate with a traceback. A patch has been provided to address this
issue, and the yum utility no longer crashes in the described scenario.
(BZ#712896)

Users of yum are advised to upgrade to this updated package, which fixes these
bugs.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
yum-3.2.22-37.el5.src.rpm
File outdated by:  RHBA-2012:1117
    MD5: 90612bb2c827b2e2e76465c7f5cab430
SHA-256: 3f90cb475e6d65194526fe4efb7f560fa5e49b1777fb79f3e3f1f98e6a83d689
 
IA-32:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
IA-64:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
PPC:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
s390x:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
x86_64:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
yum-3.2.22-37.el5.src.rpm
File outdated by:  RHBA-2012:1117
    MD5: 90612bb2c827b2e2e76465c7f5cab430
SHA-256: 3f90cb475e6d65194526fe4efb7f560fa5e49b1777fb79f3e3f1f98e6a83d689
 
IA-32:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
x86_64:
yum-3.2.22-37.el5.noarch.rpm
File outdated by:  RHBA-2012:1117
    MD5: c8c92aead37d48d57a824a15929acc96
SHA-256: 62734b6daabb78b893dfbb7e2631287c9ecb327559b4ca53b2fc6e616dcb9bdb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

647134 - yum does not honour timeout=x for mirrorlists
697087 - yum repolist is not producing a list when one of the repo baseurl causes a forbidden 403
709972 - repodiff uses stale metadata cache in subsequent runs
712896 - yum regression: in method 'ssl_ctx_load_verify_locations', argument 2 of type 'char const *'



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/