How are RPM packages marked as “security” updates?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?



For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?







share|improve this question






















  • If you're building your own packages, you could also put all the security updates in a dedicated repository.
    – Cristian Ciupitu
    Apr 10 at 3:20














up vote
1
down vote

favorite












If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?



For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?







share|improve this question






















  • If you're building your own packages, you could also put all the security updates in a dedicated repository.
    – Cristian Ciupitu
    Apr 10 at 3:20












up vote
1
down vote

favorite









up vote
1
down vote

favorite











If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?



For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?







share|improve this question














If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?



For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?









share|improve this question













share|improve this question




share|improve this question








edited Apr 10 at 1:42

























asked Apr 10 at 1:22









user1529891

1,84752042




1,84752042











  • If you're building your own packages, you could also put all the security updates in a dedicated repository.
    – Cristian Ciupitu
    Apr 10 at 3:20
















  • If you're building your own packages, you could also put all the security updates in a dedicated repository.
    – Cristian Ciupitu
    Apr 10 at 3:20















If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20




If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20










1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).



When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.



When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.



The update_md.py file from yum package contains described upper functionality:



$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py


P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f436661%2fhow-are-rpm-packages-marked-as-security-updates%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote



    accepted










    yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).



    When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.



    When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.



    The update_md.py file from yum package contains described upper functionality:



    $ rpm -ql yum|grep update_md
    /usr/lib/python2.7/site-packages/yum/update_md.py


    P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.






    share|improve this answer
























      up vote
      1
      down vote



      accepted










      yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).



      When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.



      When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.



      The update_md.py file from yum package contains described upper functionality:



      $ rpm -ql yum|grep update_md
      /usr/lib/python2.7/site-packages/yum/update_md.py


      P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.






      share|improve this answer






















        up vote
        1
        down vote



        accepted







        up vote
        1
        down vote



        accepted






        yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).



        When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.



        When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.



        The update_md.py file from yum package contains described upper functionality:



        $ rpm -ql yum|grep update_md
        /usr/lib/python2.7/site-packages/yum/update_md.py


        P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.






        share|improve this answer












        yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).



        When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.



        When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.



        The update_md.py file from yum package contains described upper functionality:



        $ rpm -ql yum|grep update_md
        /usr/lib/python2.7/site-packages/yum/update_md.py


        P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Apr 13 at 15:56









        Yurij Goncharuk

        2,2582521




        2,2582521






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f436661%2fhow-are-rpm-packages-marked-as-security-updates%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?