Bug 104552 - yum backend: bugzilla_urls and cve_urls contains non-URLs
Summary: yum backend: bugzilla_urls and cve_urls contains non-URLs
Alias: None
Product: PackageKit
Classification: Unclassified
Component: backend-yum (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Richard Hughes
QA Contact:
Depends on:
Reported: 2018-01-09 11:28 UTC by Martin Pitt
Modified: 2018-08-21 15:52 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Martin Pitt 2018-01-09 11:28:54 UTC
On RHEL, PackageKit's [UpdateDetail signal](https://www.freedesktop.org/software/PackageKit/gtk-doc/Transaction.html#Transaction::UpdateDetail) has `bugzilla_urls` which confusingly are not just URLs, but include the bug title:

Details about the update:
 Package: selinux-policy-3.13.1-166.el7_4.7.noarch
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1500697, SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1500813, keepalived 1.3.5 requires setpgid permission [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1513075, selinux inhibits pacemaker's logging policy [rhel-7.4.z]

This is rather confusing for API clients, as these need to be filtered out usually. It's not clear whether one can actually rely on the order here (first the bug URL, then the corresponding title).

Apparently these are being generated from the `title="..."` field in the _updateinfo XML, like this:

<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1500697" id="1500697" title="SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z]" type="bugzilla" />
Comment 1 Martin Pitt 2018-01-11 21:54:10 UTC
This also affects cve_urls:

$ pkcon get-update-detail [...]
 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-123456, CVE-2014-123456
Comment 2 Richard Hughes 2018-08-21 15:52:32 UTC
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.