Bug 104552

Summary: yum backend: bugzilla_urls and cve_urls contains non-URLs
Product: PackageKit Reporter: Martin Pitt <martin.pitt>
Component: backend-yumAssignee: Richard Hughes <richard>
Status: RESOLVED NOTABUG QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Martin Pitt 2018-01-09 11:28:54 UTC 
On RHEL, PackageKit's [UpdateDetail signal](https://www.freedesktop.org/software/PackageKit/gtk-doc/Transaction.html#Transaction::UpdateDetail) has `bugzilla_urls` which confusingly are not just URLs, but include the bug title:


Details about the update:
 Package: selinux-policy-3.13.1-166.el7_4.7.noarch
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1500697, SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1500813, keepalived 1.3.5 requires setpgid permission [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1513075, selinux inhibits pacemaker's logging policy [rhel-7.4.z]

This is rather confusing for API clients, as these need to be filtered out usually. It's not clear whether one can actually rely on the order here (first the bug URL, then the corresponding title).

Apparently these are being generated from the `title="..."` field in the _updateinfo XML, like this:

<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1500697" id="1500697" title="SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z]" type="bugzilla" />
Comment 1 Martin Pitt 2018-01-11 21:54:10 UTC 
This also affects cve_urls:

$ pkcon get-update-detail [...]
 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-123456, CVE-2014-123456
Comment 2 Richard Hughes 2018-08-21 15:52:32 UTC 
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
 
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.