RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1804234 - yum false positive advisory if module enabled
Summary: yum false positive advisory if module enabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: yum
Version: 8.1
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: 8.0
Assignee: Jaroslav Mracek
QA Contact: Jan Blazek
URL:
Whiteboard:
: 1791843 1870131 1884169 1926342 2004748 (view as bug list)
Depends On: 1951409
Blocks: 1654708 1825061 1873006
TreeView+ depends on / blocked
 
Reported: 2020-02-18 14:03 UTC by Jan Jansky
Modified: 2023-12-15 17:22 UTC (History)
24 users (show)

Fixed In Version: libdnf-0.63.0-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1873006 (view as bug list)
Environment:
Last Closed: 2021-11-09 19:52:16 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4922461 0 None None None 2020-03-23 17:55:39 UTC
Red Hat Product Errata RHSA-2021:4464 0 None None None 2021-11-09 19:52:27 UTC

Description Jan Jansky 2020-02-18 14:03:37 UTC
Description of problem: If i will enable module 'perl-DBD-SQLite' there is always in 'yum list-sec' multiple times 'RHBA-2019:3337' which is not applicable.


Version-Release number of selected component (if applicable):
# rpm -qa | grep -e yum -e dnf
python3-dnf-4.2.7-7.el8_1.noarch
python3-dnf-plugins-core-4.0.8-3.el8.noarch
dnf-plugins-core-4.0.8-3.el8.noarch
dnf-data-4.2.7-7.el8_1.noarch
dnf-4.2.7-7.el8_1.noarch
dnf-plugin-subscription-manager-1.25.17-1.el8.x86_64
dnf-plugin-spacewalk-2.8.5-11.module+el8.1.0+3455+3ddf2832.noarch
yum-4.2.7-7.el8_1.noarch
python3-dnf-plugin-spacewalk-2.8.5-11.module+el8.1.0+3455+3ddf2832.noarch
libdnf-0.35.1-9.el8_1.x86_64
python3-libdnf-0.35.1-9.el8_1.x86_64


How reproducible: Always


Steps to Reproduce:
1. yum module enable perl-DBD-SQLite
2. yum list-sec
3. yum update --advisory=RHBA-2019:3337

Actual results:
# yum update --advisory=RHBA-2019:3337
Failed to set locale, defaulting to C.UTF-8
Updating Subscription Management repositories.
Red Hat Satellite Tools 6.5 for RHEL 8 x86_64 (RPMs)                                                                                                                                                           13 kB/s | 2.1 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                                                                                                                                                       11 kB/s | 2.8 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                                                                                                                                                          13 kB/s | 2.4 kB     00:00    
No security updates needed, but 50 updates available
Dependencies resolved.
Nothing to do.            <<<<<<<<<<<<<<<<<<<<
Complete!


Expected results:
Apply errata or even better not show it in list-sec


Additional info:
If i disable module this errata disappear again.

Comment 2 Jaroslav Mracek 2020-02-27 08:53:55 UTC
The problem is triggered by unique structure of RHBA-2019:3337 advisory.In past all advisories have a single section <pkglist> with only one <collection> inside. With modules in section <collection> information about modules <module> appeared to specify if advissory is applicable.
 
But from 77 modular advisories 3 advisories have a different structure. They have multiple <collection> (RHBA-2019:3337 with 15 collections, RHBA-2020:0347 with 2 collections, RHBA-2019:3416 with 2 collections) in <pkglist> and each collection have different modules there. It means that we are not talking about applicability of advisory but about applicability of collection and only packages described in that collection.

The present structure in libsolv puts all packages from advisory into a single list and all modules described in advisory also in list. Then there is no relation between modules and collection and package and collection.

There are only two ways how to resolve the issue and both are very painful. Make new structure inside libsolv => incompatible change or change generation of advisory.

Additionally - even after resolvement of this issue false positive detection of advisory will be still present in multicontext modules due data redundancy in advisory.

Comment 5 Jaroslav Mracek 2020-04-06 06:45:10 UTC
I created two simplified reproducers - https://github.com/j-mracek/module_repos/tree/master/advisories.

Comment 6 Jaroslav Mracek 2020-04-29 07:30:39 UTC
*** Bug 1791843 has been marked as a duplicate of this bug. ***

Comment 12 amatej 2020-09-14 10:15:00 UTC
*** Bug 1870131 has been marked as a duplicate of this bug. ***

Comment 14 amatej 2020-10-06 09:51:01 UTC
*** Bug 1884169 has been marked as a duplicate of this bug. ***

Comment 17 Jaroslav Mracek 2021-03-03 14:14:43 UTC
I created a patch https://github.com/rpm-software-management/libdnf/pull/1151 that will resolve the final part of the issue.

To resolve the issue it requires libdolv-0.7.17 and https://github.com/rpm-software-management/libdnf/pull/1082, 

First part of tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/909

Comment 18 Jaroslav Mracek 2021-03-04 12:40:47 UTC
The second part of CI tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/968

Comment 21 smcdowel 2021-04-22 14:43:18 UTC
*** Bug 1926342 has been marked as a duplicate of this bug. ***

Comment 28 Jaroslav Mracek 2021-09-21 06:54:43 UTC
*** Bug 2004748 has been marked as a duplicate of this bug. ***

Comment 30 errata-xmlrpc 2021-11-09 19:52:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: dnf security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4464


Note You need to log in before you can comment on or make changes to this bug.