RHBA-2009:0176 - Bug Fix Advisory

Topic

Updated yum packages that update yum to version 3.2.19 and resolve several
issues are now available.

Description

Yum is a utility that can check for and automatically download and install
updated RPM packages. Dependencies are obtained and downloaded
automatically, prompting the user as necessary.

This update re-bases yum to upstream version 3.2.19, which applies several
fixes, most notably:

• A byte conversion bug that prevented the 'ascii' codec from decoding some

bytes correctly is now fixed. In previous releases, using 'yum info' on
some packages could result in a traceback error if the package information
contained improper UTF-8 characters. To prevent this, yum now uses the
function to_unicode() to process characters.

• When using Ctrl-C to switch mirrors during a transaction, yum will now

finish installing any packages it has downloaded successfully. In previous
releases, yum did not install any downloaded packages if a user switched
mirrors before the entire transaction ended.

• Package globbing inversion now works properly during kickstart. As such,

you can now exclude packages from installation through globbing by adding a
minus (-) switch to a name glob in the %packages section of the kickstart file.

• The checkSignals call in yum now uses "sys.exit". In previous releases,

checkSignals used "exit", which caused yum to produce a traceback instead
of exiting as expected in some cases.

• 'yum whatprovides' no longer matches the given string against all

filenames. Instead, proper globbing is now required to produce meaningful
results. For example, instead of 'yum whatprovides ooffice', the more
appropriate statement should be 'yum whatprovides */ooffice'.

• Given a choice between an arch-specific package and a newer, "noarch"

version, yum will now install the newer version. In previous releases, yum
preferred arch-specific packages over newer, "noarch" versions when
choosing which one to install.

• yum can now use configuration files accessible through http; for example,

users can now run 'yum -c http://<URL to config file> <subcommands>'. In
previous releases, yum processed the http URL as a regular filepath, which
prevented yum from retrieving the config file properly.

• When a package installation in a 'yum groupinstall' attempt fails, yum

will now correctly report an error. In previous releases, yum continued
installing and reported a "success" if this occurred.

• When an exception occurs in the RPMTransaction callback during an upgrade

transaction, rpm will no longer delete the old package if the newer package
was not installed first. In some cases during previous releases, rpm would
continue to delete an old package even if the new package failed to install.

• In a previous release, the 'yum remove <package>' command could cause any

future attempts to install the removed package to fail. This was caused by
an optimization code enhancement which allowed users to remove packages
without updating all repository metadata. This issue is now fixed in this
release.

• yum no longer outputs text during 'quiet' mode. In a previous release,

yum incorrectly generated RPM callback text even in 'quiet' mode.

• 'yum list' now provides complete channel names. In previous releases,

'yum list' truncated its output, which removed important details from the
channel names.

• When 'yum -R' and 'yum -d' are used with no arguments, yum exits and

correctly informs the user that an argument is required.

• The 'repo list' yum shell command is now documented correctly in the yum

man page.

• yum can now associate SSL CA certifications with specific repositories.

This provides yum with enhanced SSL support for better functionality with RHN.

This update also reduces the memory usage of yum significantly. In
addition, yum can now process large exclusion lists more efficiently. All
yum users are advised to upgrade to this update, in order to apply these
fixes and enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 240138 - ctrl-c/SIGINT yum vs. rpm, checkSignals() in rpm kills yum
• BZ - 240617 - yum groupinstall not failing when package in group fails
• BZ - 319331 - yum list truncates channel names making them mostly useless
• BZ - 426660 - [RFE] Package globbing inversion in %packages does not remove packages from list.
• BZ - 440307 - missing args should be reported correctly
• BZ - 447271 - yum dies when using an http config url
• BZ - 447619 - Recursive obsoletes causes yum traceback
• BZ - 448955 - RFE: Fixup yum whatprovides output
• BZ - 452739 - yum prefers arch-specific package over rpm-newer noarch package on install
• BZ - 453037 - yum-updatesd leaves a lot of stale locks on RPMDB when auto-installing
• BZ - 454882 - Rebase to upstream 3.2.18
• BZ - 460098 - SELinux AVCs when updating from RHEL-5.2-Z repo
• BZ - 462086 - yum is much slower for _many_ excludes
• BZ - 462784 - checkSignals uses exit instead of sys.exit, thus. causing a traceback
• BZ - 463447 - If yum gets an exception in it's rpm callbacks ... rpm can go insane killing the machine
• BZ - 466911 - Text is output when in "quiet" mode
• BZ - 468754 - echo 'remove X\ninstall X' | yum shell fails
• BZ - 469271 - yum ia64 no longer supports i386/i686/etc.

CVEs

(none)

References

(none)