View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008516Rocky-Linux-9Generalpublic2024-12-09 23:552024-12-10 00:11
ReporterStewart Smith Assigned ToLouis Abel  
PriorityhighSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Summary0008516: updateinfo.xml contains duplicate description for each update
DescriptionI am working to standardize the updateinfo.xml repository metadata format as part of https://github.com/rpm-software-management/rpm-metadata so that tools can work with a common understanding of what the metadata means. There is an existing permissive XML Schema that covers all known updateinfo.xml variants - https://github.com/rpm-software-management/rpm-metadata/blob/main/updateinfo/updateinfo-permissive.xsd - and I will shortly publish a transitional and strict schema.

Each <update> has an <id>, <title> etc, but *only* Rocky Linux's updateinfo.xml have two copies of the <description>. All other updateinfo.xml files that I can find that have ever been produced contain only one <description>.

This is an issue as it presents a challenge for tooling parsing updateinfo (for example `dnf` or third party security tooling) as there is now ambiguity as to what to present to the user.

A fix would be to ensure that only one <description> is present for each <update> in Rocky's updateinfo.xml.

My plan is to enforce the single <description> in the transitional and strict schemas for updateinfo.xml
Steps To ReproduceLook at updateinfo.xml in any Rocky Linux package repository.
Additional InformationExample from Rocky 9 repo:

  <update from="releng@rockylinux.org" status="final" type="bugfix" version="2">
    <id>RLBA-2022:8785</id>
    <title>tzdata bug fix and enhancement update</title>
    <description>The tzdata packages contain data files with rules for various time zones.

The tzdata packages have been updated to version 2022g, which addresses recent
time zone changes. Notably:

* On November 30, 2022, the northern edge of the Mexican state of Chihuahua has changed time zone to agree with the nearby US locations.

* A new Zone America/Ciudad_Juarez that splits from America/Ojinaga has been added.</description>
    <issued date="2022-12-05 15:37:20" />
    <updated date="2023-02-02 12:54:11" />
    <rights>Copyright 2024 Rocky Enterprise Software Foundation</rights>
    <release>Rocky Linux 9</release>
    <pushcount>1</pushcount>
    <severity>None</severity>
    <summary>An update is available for tzdata.
This update affects Rocky Linux 8, Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list</summary>
    <description>The tzdata packages contain data files with rules for various time zones.

The tzdata packages have been updated to version 2022g, which addresses recent
time zone changes. Notably:

* On November 30, 2022, the northern edge of the Mexican state of Chihuahua has changed time zone to agree with the nearby US locations.

* A new Zone America/Ciudad_Juarez that splits from America/Ojinaga has been added.</description>
    <solution />
    <references>
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=2149413" id="2149413" type="bugzilla" title="" />
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=2149414" id="2149414" type="bugzilla" title="" />
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=2149476" id="2149476" type="bugzilla" title="" />
      <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=2149479" id="2149479" type="bugzilla" title="" />
      <reference href="https://errata.rockylinux.org/RLBA-2022:8785" id="RLBA-2022:8785" type="self" title="RLBA-2022:8785" />
    </references>
    <pkglist>
      <collection short="rocky-linux-9-x86-64-appstream-rpms">
        <name>rocky-linux-9-x86-64-appstream-rpms</name>
        <package name="tzdata-java" arch="noarch" epoch="0" version="2022g" release="1.el9_1" src="tzdata-2022g-1.el9_1.src.rpm">
          <filename>tzdata-java-2022g-1.el9_1.noarch.rpm</filename>
          <sum type="sha256">ff69047c3082c3e0a940ee04ef561126d256c588b86fc17cca3a5da1f7b8851a</sum>
        </package>
      </collection>
    </pkglist>
  </update>
TagsNo tags attached.

Activities

Louis Abel

Louis Abel

2024-12-10 00:03

administrator   ~0009044

Thank you for the report. I've cloned your report here: https://github.com/resf/distro-tools/issues/31
Stewart Smith

Stewart Smith

2024-12-10 00:11

reporter   ~0009045

Issue filed on GitHub for the tooling https://github.com/resf/distro-tools/issues/32 along with a PR with a (probable) fix: https://github.com/resf/distro-tools/pull/33

Issue History

Date Modified Username Field Change
2024-12-09 23:55 Stewart Smith New Issue
2024-12-10 00:03 Louis Abel Assigned To => Louis Abel
2024-12-10 00:03 Louis Abel Status new => acknowledged
2024-12-10 00:03 Louis Abel Note Added: 0009044
2024-12-10 00:11 Stewart Smith Note Added: 0009045