Description of problem: 'dnf updateinfo --info' provides incorrect output when there are more advisories, namely it * provides "mixed" info of more advisories * does not provide info about some advisories * provides incorrect info about advisories (marks advisory as installed when it is not installed) Version-Release number of selected component (if applicable): dnf-2.8.5-0.101g0f20917d.fc26.noarch How reproducible: always Steps to Reproduce: 1. use the upstream test updateinfo-2.feature for the settings of advisories (it defines 5 advisories, a package from one of them is installed) 2. run 'dnf updateinfo --info all security' 3. run 'dnf updateinfo --info all' or 'dnf updateinfo --info' 4. compare the results of steps 2. and 3. with the same commands using --summary instead of --info (--summary works OK) Actual results: step 2.: Incorrect output here is a mixture of 2 advisories. They both have the same title but different IDs (RHSA-2999:004 is missing here). The problem does not appear when the titles are different. # dnf updateinfo --info all security Last metadata expiration check: 0:59:11 ago on Tue Feb 6 08:36:10 2018. =============================================================================== TestB security update =============================================================================== Update ID : RHSA-2999:001 Type : security Updated : 2017-01-01 00:00:01 Bugs : 444 - BZ444 : 222 - BZ222 CVEs : CVE-2999-0001 : CVE-2999-0002 Description : Security Advisory Severity : Moderate Installed : true # dnf updateinfo --summary all security Last metadata expiration check: 1:02:38 ago on Tue Feb 6 08:36:10 2018. Updates Information Summary: all 2 Security notice(s) 1 Critical Security notice(s) 1 Moderate Security notice(s) step 3.: There is missing info about 2 advisories here (RHSA-2999:001, RHSA-2999:004). Advisory RHBA-2999:002-02 is not installed although it is marked as installed. Note: output of 'dnf updateinfo --info' is the same. # dnf updateinfo --info all Last metadata expiration check: 1:11:06 ago on Tue Feb 6 08:36:10 2018. =============================================================================== TestA bugfix =============================================================================== Update ID : RHBA-2999:002-02 Type : bugfix Updated : 2017-01-01 00:00:01 Bugs : 111 - BZ111 Description : Bugfix Advisory Severity : Low Installed : true =============================================================================== TestA TestB bugfix =============================================================================== Update ID : FEDORA-2999:0003 Type : bugfix Updated : 2017-01-01 00:00:01 Bugs : 333 - BZ333 Description : Default description of FEDORA-2999:0003 Severity : Low Installed : false =============================================================================== TestA enhancement =============================================================================== Update ID : RHEA-2999:005 Type : enhancement Updated : 2017-01-01 00:00:01 Description : Default description of RHEA-2999:005 Severity : Low Installed : false # dnf updateinfo --summary all Last metadata expiration check: 1:14:51 ago on Tue Feb 6 08:36:10 2018. Updates Information Summary: all 2 Security notice(s) 1 Critical Security notice(s) 1 Moderate Security notice(s) 2 Bugfix notice(s) 1 Enhancement notice(s) Expected results: 'dnf updateinfo --info' provides correct info Additional info: More useful outputs: list of all advisories and relevant installed packages: # dnf updateinfo --list all Last metadata expiration check: 0:00:51 ago on Tue Feb 6 10:01:12 2018. RHBA-2999:002-02 bugfix TestA-2-1.noarch FEDORA-2999:0003 bugfix TestA-3-1.noarch RHEA-2999:005 enhancement TestA-4-1.noarch i RHSA-2999:001 Moderate/Sec. TestB-2-1.noarch FEDORA-2999:0003 bugfix TestB-3-1.noarch RHSA-2999:004 Critical/Sec. TestB-4-1.noarch # rpm -qa | grep Test TestB-2-1.noarch TestA-1-1.noarch
It seems that I have encountered similar problem. For example it says that 'avahi' package update is available, but I do not have it installed. I only have the libraries installed (and they have updates available). $ dnf updateinfo --info updates | grep 'avahi-0' -A 8 -B 1 =============================================================================== avahi-0.7-11.fc27 =============================================================================== Update ID : FEDORA-2018-9183a1d9a9 Type : bugfix Updated : 2018-04-10 15:36:40 Bugs : 1564059 - avahi-discover is missing "gi" module Description : Add dependency to ensure avahi-discover works as expected. Severity : Moderate $ dnf list installed | grep avahi avahi-glib.x86_64 0.7-3.fc27 @fedora avahi-libs.x86_64 0.7-3.fc27 @fedora
There was a bigger refactoring of updateinfo command lately (PR https://github.com/rpm-software-management/dnf/pull/1035) This change is already part of our nightly builds. If you want to, you can try to install dnf from our copr repo https://copr.fedorainfracloud.org/coprs/rpmsoftwaremanagement/dnf-nightly/ and see if this solves your issue.
I looked into F27 updates repo updateinfo.xml and there is this (shortened): <update from="updates" status="testing" type="bugfix" version="2.0"> <id>FEDORA-2018-9183a1d9a9</id> <title>avahi-0.7-11.fc27</title> . . <pkglist> <package name="avahi-glib" version="0.7" release="11.fc27" epoch="0" arch="x86_64" src="https://download.fedoraproject.org/pub/fedora/linux/updates/testing/27/x86_64/a/avahi-glib-0.7-11.fc27.x86_64.rpm"> <filename>avahi-glib-0.7-11.fc27.x86_64.rpm</filename> </package> . . So it looks like this advisory affects also avahi-glib package and this is the reason why it is listed.
PR https://github.com/rpm-software-management/dnf/pull/1063 fixes issue.
This message is a reminder that Fedora 26 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '26'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 26 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 26 changed to end-of-life (EOL) status on 2018-05-29. Fedora 26 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
The issue is solved by dnf-3.0.1-1 that was released into rawhide.