CEFS: CentOS Errata for Spacewalk

This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into your Spacewalk-Server.
For security announcements details from Red Hat (RHSA) can be imported optionally.

CENTOS 7 HAS NOW REACHED END-OF-LIFE

As of June 30th 2024, CentOS 7 has reached its end of life. I do not expect further updates to be released but will keep monitoring the repositories. At the end of the year, this project will shut down. Rocky Linux and Alma Linux 8 provide errata out of the box, so my work is done :-)

News

2012-05-04: The errata-import script has been updated. It is now capable to import descriptions from Red Hat's OVAL file (Trent Johnson suggested this on the Spacewalk Mailing-List, thanks)

2012-05-20: Added missing Security Announcements from CentOS 5.8

2012-06-10: Added a command-line option to publish errata after creation. Added options to select type of errata (Security, Bug Fix, Enhancement)

2012-06-19: Added missing Product Enhancement Announcements from CentOS 5.8

2012-07-18: Added missing Bug Fix Announcements from CentOS 5.8

2012-09-17: The errata-import script has been updated. I fixed the --publish option to work as expected. CVEs are now added to Security Advisories.

2012-09-22: The errata-import script has been updated. It now checks the users permissions before publishing.

2012-09-25: Checksums are now available as SHA1 and MD5

2012-09-26: The errata-import script has been updated. User permission check has been improved.

2012-10-05: Errata XML generation has been fully automated.

2012-10-20: Errata XML is now also available in compressed formats: gzip and bzip2

2013-01-14: The errata-import script has been updated. Removed patched Frontier-Client.pm.

2013-02-11: You can now flattr this website.

2013-02-18: The errata-import script has been updated to support Debian Advisories

2013-03-01: The errata-import script and XML have been updated to support the reboot_suggested keyword.

2013-03-13: The errata-import script has been updated to work with API version 12 in Spacewalk 1.9 (Thanks, James)

2013-03-23: The errata-import script has been updated to add packages to existing Errata (new feature)

2013-03-26: Errata XML now contains issue_date and severity fields. It no longer contains advisories from 2006 and before.

2013-09-09: The errata-import script has been updated to work with API version 13 in Spacewalk 2.0 (Thanks, Alex)

2013-11-21: Added missing Announcements from CentOS 5.10

2013-12-08: Errata XML now contains information from the cr-announce-list (Thanks, Kris)

2013-12-10: The addition of the CR Errata broke the parsing for the last two days. Should be fixed now. Sorry. (Thanks, Shawn)

2013-12-13: The errata-import script has been updated to include a --quiet option (Thanks, Aron)

2014-03-11: The errata-import script has been updated to work with API version 14 in Spacewalk 2.1 (Thanks, Rolf)

2014-03-16: Fixed support for API version 14 (Thanks, Christian)

2014-07-11: Errata XML now contains CentOS 7 announcements. And also: Happy Birthday, Mom!

2014-07-23: Errata XML now contains proper announcements for Xen4CentOS (Thanks, Scott)

2014-07-24: The errata-import script has been update to work with API version 15. A --ignore-api-version has been added. (Thanks, Martin and Christian)

2014-08-25: Errata XML now contains CentOS unique announcements (e.g. CEBA-2014:C001)

2014-09-04: To further improve the Errata quality I have started some semi-automated QA. You may therefore see old Errata being added/updated where RPM file names had been incorrect and now fixed.

2014-09-30: The errata-import script has been updated to support exclusion of errata (--exclude-errata)

2014-10-02: There seems to be an issue with importing errata into Spacewalk 2.2. If you experience it, please let me know and report it on the Spacewalk Mailing List

2014-10-02: The errata-import script has been updated to fix the new exclude errata feature

2014-10-07: The errata-import script has been updated to support Satellite 5.6. Satellite apparently uses slightly different API version strings (Thanks, Christian)

2014-11-21: The XML update process had failed for the past two weeks. This is now fixed and everything should be back to normal.

2015-01-05: The first XML update of 2015 is now available, so Happy New Year!

2015-04-20: The errata-import script has been updated to support Spacewalk 2.3 (Thanks, Ugur and Bren)

2015-06-30: The errata-import script has been updated to fix a wrong error message when missing modules

2015-07-19: The errata-import script has been updated to satisfy Perl::Critic on level 4

2015-07-31: The errata-import script has been updated to set the issue date of errata

2015-09-03: The errata-import script has been updated to fix a bug with setting the issue data (Thanks, Tom!)

2015-09-04: The XML update process had failed since August 28th after lists.centos.org had turned TLS on. This is now fixed. (Thanks, Joao)

2015-10-11: The errata-import script has been updated to support Spacewalk 2.4

2015-12-08: Thanks to Lets Encrypt this site is now available via SSL.

2015-12-11: Since this site has not received a single Flattr click, I have removed the link to Flattr.

2016-02-19: The XML file is now pushed to GitHub. I have set up a redirect from my download URL to GitHub.

2016-03-09: Added a link to centos-package-cron in the Links section and expanded the FAQ.

2016-03-17: The errata-import script has been updated to fix a bug that removed packages it should not have. Upgrading is recommended. (Thanks, Helmut and Martin)

2016-10-28: The errata for "Dirty COW" (CVE-2016-5195) are CESA-2016:2124 (CentOS 5.x), CESA-2016:2105 (CentOS 6.x) and CESA-2016:2110 (CentOS 7.x). Happy patching!

2016-12-11: This site has moved to a new server. This may have caused some missing files or incorrect checksums, sorry.

2016-12-18: The errata-import script has been updated to support Spacewalk 2.6 and better handle HTML encoding (for Debian advisories).

2016-12-20: The errata-import script has been updated to fix an issue introduced in the previous update (Thanks, Robert)

2016-12-21: The errata-import script has been updated to fix warning regarding missing issue_date on Debian errata

2017-01-01: Happy New Year! The XML no longer contains errata for CentOS 4 (and below) only. For the digital archeologists, the latest commit including these can be found on GitHub

2017-02-12: The errata-import script has been updated to fix an issue with HTML enconding for Debian again. (Thanks, Bernhard)

2017-02-23: There is a new local root exploit that will need patching: CVE-2017-6074.

2017-03-27: As CentOS 5 will reach its EOL on March 31st, I will remove errata for CentOS 5 and older on May 1st.

2017-04-09: The page layout has been updated using Bootstrap.

2017-05-01: As announced, Errata for CentOS 5 and older have been removed. The last version containing them can be found on GitHub

2017-06-21: There are some reports (Icinga2) that the packages from CESA-2017:1484 are causing issues. You may want to postpone upgrading for now.

2017-07-23: I have made some changes to the webserver configuration. HEAD requests are now served directly, GET requests are still redirected to GitHub. Let me know if you encounter any issues.

2017-07-28: Fixed an error in the webserver configuration. All files should download fine again (Thanks, Christopher)

2017-09-30: The errata-import script has been updated to support Spacewalk 2.7

2017-10-08: If you don't have Spacewalk, you can now use my updateinfo repository to get errata information into yum.

2017-10-19: After enabling two-factor authentication on my GitHub account 'git push' no longer worked. This is now fixed.

2018-01-01: Happy New Year! As a new year is a good opportunity for a retrospect, I have done so and found an off-by-one bug in the mailing-list parser. This bug caused some postings to the mailing-list to be ignored when they should not have been. Therefore, many errata are updated and also some newly created (that only have one RPM associated). Sorry for any inconvenience this may have caused.

2018-03-06: The errata-import script has been updated to fix Issue #4

2018-04-19: The errata-import script has been updated to support Spacewalk 2.8 and set the newly added severity field

2018-05-09: I am currently testing BunnyCDN to deliver the uncompressed XML file instead of linking to GitHub. Let me know if you encounter any problems.

2018-05-23: The XML file delivered through the CDN is now limited to the last 180 days, due to size. The bz2 compressed version (see below) and the GitHub repository still contain all data should you need it.

2018-05-23: Issue #10, related to the CDN, has been fixed.

2018-05-26: After reducing the XML file to 180 days of content, the checksums (MD5/SHA1) were incorrect. This has been fixed. (Thanks, Andrew)

2018-05-31: There was an issue with uploading the XML to the CDN. This is now fixed.

2018-07-10: There seems to have been an issue with the CDN delivering an old version of the XML. This should now be fixed.

2018-12-17: As the year comes to a close, I use my spare time to futher improve data quality. Merry Christmas to everybody!

2019-01-25: The errata-import script has been updated to support Spacewalk 2.9 (see Issue #15)

2019-02-11: This page is now hosted on AWS CloudFront

2019-04-26: An Apache configuration error may have temporarily made this site inaccessible.

2019-12-27: Today's update contains a lot of changes since the CentOS Archive website was redesigned.

Show older news...

2020-01-02: Happy New Year! 2020 starts with a bunch of fresh errata for CentOS 8.

2020-01-06: The errata-import script has been updated to fix Issue #21

2020-03-19: Maybe due to Covid-19, CentOS has recently published updates without sending errata information to the mailing list. For this reason, the data is currently slightly out-of-date. If this continues, I may update it manually.

2020-03-22: The errata-import script has been updated to support Spacewalk 2.10. Please note that this is the last official release. You may want to consider migrating to Katello, which is the upstream of RedHat Satellite 6.

2020-03-26: Today the missing announcements from CentOS arrived, so the XML is up-to-date again.

2020-07-05: Today's commit contains a big update on CentOS 8 with 350 errata. CentOS 8 support remains in BETA.

2020-07-10: The errata-import script has been updated to include a Pull Requests from SuSE for compatibility with Uyuni.

2020-08-07: The errata-import script has been updated to include a Pull Request to fix a rare 'Errata already exists' error.

2020-10-15: I have added a new tool to the repository: yum-history-html.pl. It turns the YUM history into a nice HTML page, enriched with errata information. Could be very useful for audits. Let me know if you find this helpful.

2020-10-20: The errata-import script has been updated to include a Pull Request to add the --recent option.

2020-10-23: The errata-import script has been updated to fix Issue #31

2020-12-03: Today's update should include the final set of CentOS 6 errata, which has reached EOL. CentOS 6 errata will be removed on January 1st, 2021 as they will no longer be relevant.

2021-02-01: Happy New Year! As announced, CentOS 6 errata have now been removed. The last commit to include them can be found here.

2021-03-03: The errata-import script has been updated to support API version 25 in Uyuni 2021.02.

2021-05-01: The errata-import script has been updated to support a new Errata attribute (advisory_status), which was recently introduced. See Issue #33 for details.

2021-08-03: This week CentOS issued a few errata with wrong references and also seems to be missing some. I have added manual fixes to the data.

2021-10-15: Something is fishy with the recent libxml2 updates. It seems that CentOS is lagging one commit behind Red Hat and also Scientific Linux. I have reported this to the mailing list.

2021-10-26: CentOS has fixed the libxml2 issue yesterday.

2021-10-27: It seems that Red Hat is no longer serving their OVAL data as uncompressed XML and redirect to the bzip2-compressed version instead. You will need to adapt your download script to deal with that as Perl can not read bzip2 without creating new dependencies.

2021-12-20: The errata-import script has been updated to provide a better error message when encountering a compressed OVAL file.

2022-01-02: Today brings what is probably the last update for CentOS 8 errata as it has reached EOL. This project will continue providing errata information for CentOS 7 until its EOL in mid 2024. Happy New Year!

2022-04-05: The errata-import script has been updated to support API version 26 in Uyuni 2022.03.

2023-07-09: A quick reminder that there are now 12 months left until the end-of-life for CentOS 7. If you haven't started migration plans already, now is the time. This project will continue until the EOL date.

2023-07-11: Red Hat has changed their distribution mechanism for OVAL data. The com.redhat.rhsa-all.xml seems to no longer be available. The rhel-7.oval.xml.bz2 is hopefully a replacement. I haven't tested this though, so any feedback is welcome.

Usage

Download the latest errata XML file HERE (uncompressed) or bz2 compressed (last updated: June 23, 2024)

Download the latest Red Hat OVAL file HERE (optional)

Download the errata-import.tar script HERE or the included script HERE

Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)

Make the main script executeable (chmod 755 errata-import.pl)

Run the script and follow the instructions (./errata-import.pl)

Notes

Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)

All errata are created but not published so you can review them (Hint: look at --publish)

You can publish errata via the Web and/or API

Frequently Asked Questions (FAQ)

How (often) is the XML file generated?

The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.

Can I download the file regularly?

Yes, of course. If you use wget please use -N to download only if it has changed.

Can I get the script that generates the XML file?

No.

Something isn't working. Where can I get help?

Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.

How do I set username and password for the script?

Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:

export SPACEWALK_USER='admin'
export SPACEWALK_PASS='supersecret'

I get a "500 read timeout" error when importing errata. Why?

Your server is likely underpowered. Spacewalk runs a webserver, an application server and a database, all of which need RAM and I/O resources. Check the prerequisites section in the Spacewalk Wiki.

I get "Authentication FAILED" errors but the password is correct?

Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.

I don't have Spacewalk. Can I still use this?

Yes, you actually can. I have recently (October 2017) created a designated yum repository that includes the errata information.
You can find more information about this repository here.

Can I use this with Spacewalk 6 / Katello?

I have received feedback that pulp_centos_errata_import does the trick. I have not tried this myself nor do I have any experience with these tools.
A user has also reported that katello-centos-errata-import works for him.

Will you support CentOS 8?

CentOS 8 is supported.

Will you support CentOS 8-Stream?

No. ~~If it gets off the ground, I may support Rocky Linux.~~Rocky Linux is publishing errata directly and they are integrated into the repositories~~.~~

Can I use this with Uyuni?

I have recevied feedback that importing the Errata into Uyuni 4.02 works with no changes.

Feedback

I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de

If you find this tool helpful and would like to show your appreciation you can do so via PayPal:

Alternatively, you can donate Bitcoin to 1DftUtWs8XRNqmWwq6ENXfGUbwEDMneTYs.

Links

A good blog entry describing CEFS (in german AND english)

A bachelor thesis on Spacewalk that mentions CEFS

A python script that can be used without Spacewalk to generate update emails

An article on how to use CEFS with Katello