[yum-utils] Update to latest HEAD
Zdeněk Pavlas
zpavlas at fedoraproject.org
Fri Dec 13 11:06:46 UTC 2013
commit d1b6ea59a7ccb1c8673c286dbc800c2b87315a7f
Author: Zdenek Pavlas <zpavlas at redhat.com>
Date: Fri Dec 13 12:06:13 2013 +0100
Update to latest HEAD
- Don't remove pkgs which are already removals (Eg. via. updates). BZ 1013475.
- remove yum-plugin-security. BZ 1002491
- repoquery: handle MiscError. BZ 808500
- repoquery: handle Yum exceptions on .conf setup. BZ 996027, 982043
- needs-restarting: don't trigger abrt on repo errors. BZ 1017600
- repoquery --whatrequires/--whatprovides: handle MiscError. BZ 1024783
- fastestmirror: Less verbose mirror filtering. BZ 1036121
- Remove -v from repoquery man page.
- repoquery -i: Add License. BZ 1040478
yum-utils-HEAD.patch | 1437 ++++++++++++++++++++++++++++++++++++++++++++------
yum-utils.spec | 36 +-
2 files changed, 1275 insertions(+), 198 deletions(-)
---
diff --git a/yum-utils-HEAD.patch b/yum-utils-HEAD.patch
index 79f2b2f..879f5a4 100644
--- a/yum-utils-HEAD.patch
+++ b/yum-utils-HEAD.patch
@@ -194,10 +194,10 @@ index 177c6c3..0f026f1 100755
# but I'm not sure of a better way of doing it
if not self.no_debuginfo_plugin and self.tsInfo:
diff --git a/docs/Makefile b/docs/Makefile
-index d01c1e4..acb8559 100644
+index d01c1e4..481f0f3 100644
--- a/docs/Makefile
+++ b/docs/Makefile
-@@ -1,7 +1,9 @@
+@@ -1,9 +1,11 @@
DOCS = repoquery package-cleanup repo-rss yumdownloader yum-builddep yum-changelog reposync \
yum-list-data yum-filter-data yum-verify yum-utils yum-aliases yum-debug-dump yum-versionlock \
yum-groups-manager debuginfo-install repodiff yum-fs-snapshot \
@@ -206,8 +206,11 @@ index d01c1e4..acb8559 100644
+ find-repos-of-install needs-restarting repo-graph repoclosure \
+ repomanage repotrack verifytree yum-config-manager
DOCS5 = yum-changelog.conf yum-versionlock.conf yum-fs-snapshot.conf
- DOCS8 = yum-security yum-complete-transaction yumdb
+-DOCS8 = yum-security yum-complete-transaction yumdb
++DOCS8 = yum-complete-transaction yumdb
+ all:
+ echo "Nothing to do"
diff --git a/docs/debuginfo-install.1 b/docs/debuginfo-install.1
index a47e28a..a829869 100644
--- a/docs/debuginfo-install.1
@@ -601,7 +604,7 @@ index 0000000..4d336a5
+See the Authors file included with this program.
+.fi
diff --git a/docs/repoquery.1 b/docs/repoquery.1
-index f5a8c5d..30fda8a 100644
+index f5a8c5d..85b0047 100644
--- a/docs/repoquery.1
+++ b/docs/repoquery.1
@@ -1,11 +1,11 @@
@@ -618,7 +621,12 @@ index f5a8c5d..30fda8a 100644
.SH "DESCRIPTION"
.PP
\fBrepoquery\fP is a program for querying information from YUM repositories
-@@ -18,7 +18,7 @@ List valid queryformat tags and exit..
+@@ -14,11 +14,11 @@ similarly to rpm queries.
+ .SH "GENERAL OPTIONS"
+ .IP "\fB\-\-querytags\fP"
+ List valid queryformat tags and exit..
+-.IP "\fB\-v, \-\-version\fP"
++.IP "\fB\-\-version\fP"
Report program version and exit.
.IP "\fB\-\-repoid=<repo>\fP"
Specify which repository to query. Using this option disables all repositories
@@ -1457,118 +1465,201 @@ index d855104..a5477d6 100644
To list ranges of the sizes of packages installed or available, use:
.IP
diff --git a/docs/yum-security.8 b/docs/yum-security.8
-index 7e260b0..c7d9c8b 100644
+deleted file mode 100644
+index 7e260b0..0000000
--- a/docs/yum-security.8
-+++ b/docs/yum-security.8
-@@ -6,13 +6,13 @@ yum security plugin
- \fByum\fP [options] [command] [package ...]
- .SH "DESCRIPTION"
- .PP
++++ /dev/null
+@@ -1,190 +0,0 @@
+-.\" yum security plugin
+-.TH "yum-security" "8" "12 April 2007" "James Antill" ""
+-.SH "NAME"
+-yum security plugin
+-.SH "SYNOPSIS"
+-\fByum\fP [options] [command] [package ...]
+-.SH "DESCRIPTION"
+-.PP
-This plugin extends \fByum\fP to allow lists and updates to be limited using security relevant criteria
-+This plugin extends \fByum\fP to allow lists and updates to be limited using security relevant criteria.
- .PP
+-.PP
-added yum \fIcommand\fPs are:
-+Added yum \fIcommand\fPs are:
- .br
- .I \fR yum update-minimal
- .PP
+-.br
+-.I \fR yum update-minimal
+-.PP
-This works like the update command, but if you have the the package foo-1
-+This works like the update command, but if you have the package foo-1
- installed and have foo-2 and foo-3 available with updateinfo.xml then
- update-minimal will update you to foo-3.
- .br
-@@ -22,7 +22,7 @@ update-minimal will update you to foo-3.
- .br
- .I \fR yum updateinfo summary
- .PP
+-installed and have foo-2 and foo-3 available with updateinfo.xml then
+-update-minimal will update you to foo-3.
+-.br
+-.I \fR yum updateinfo info
+-.br
+-.I \fR yum updateinfo list
+-.br
+-.I \fR yum updateinfo summary
+-.PP
-all of the last three take these \fIsub-command\fPs:
-+All of the last three take these \fIsub-command\fPs:
- .br
- .I \fR yum updateinfo * all
- .br
-@@ -108,40 +108,40 @@ distribution.
- .SH "GENERAL OPTIONS"
- There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:
- .PP
+-.br
+-.I \fR yum updateinfo * all
+-.br
+-.I \fR yum updateinfo * available
+-.br
+-.I \fR yum updateinfo * installed
+-.br
+-.I \fR yum updateinfo * updates
+-.PP
+-and then:
+-.br
+-.I \fR * <advisory> [advisory...]
+-.br
+-.I \fR * <package>
+-.br
+-.I \fR * bugzillas
+-.br
+-.I \fR * cves
+-.br
+-.I \fR * enhancement
+-.br
+-.I \fR * security
+-.br
+-.I \fR * new-packages
+-.br
+-.br
+-.PP
+-.IP "\fBall\fP"
+-Is used to display information about both install and available advisories.
+-.PP
+-.IP "\fBavailable\fP"
+-Is used to display information about just available advisories. This is the
+-default.
+-.PP
+-.IP "\fBinstalled\fP"
+-Is used to display information about just install advisories.
+-.PP
+-.IP "\fBupdates\fP"
+-This is mostly the same as "available" but it only shows advisory information
+-for packages that can be updated to.
+-.PP
+-.IP "\fB<advisory> [advisory...]\fP"
+-Is used to display information about one or more advisories.
+-.PP
+-.IP "\fB<package> [package...]\fP"
+-Is used to display information about one or more packages.
+-.PP
+-.IP "\fBlist\fP"
+-Is used to list all of the relevant errata notice information, from the
+-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
+-new.
+-.PP
+-.IP "\fBinfo\fP"
+-Is used to show all the errata notice information, from the
+-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
+-new.
+-.PP
+-.IP "\fBlist\fP"
+-Is used to list all of the relevant errata notice information, from the
+-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
+-new.
+-.IP
+-.IP "\fBbugzillas / bzs\fP"
+-Is the subset of the updateinfo information, pertaining to the bugzillas.
+-.IP
+-.IP "\fBcves\fP"
+-Is the subset of the updateinfo information, pertaining to the CVEs.
+-.IP
+-.IP "\fBsecurity / sec\fP"
+-Is the subset of the updateinfo information, pertaining to security.
+-.IP "\fBbugfix\fP"
+-Is the subset of the updateinfo information, pertaining to bugfixes.
+-.IP "\fBenhancement\fP"
+-Is the subset of the updateinfo information, pertaining to enhancements.
+-.IP "\fBrecommended\fP"
+-Is the subset of the updateinfo information, pertaining to recommended updates.
+-.IP "\fBnew-packages\fP"
+-Is the subset of the updateinfo information, pertaining to new packages. These
+-are packages which weren't available at the initial release of your
+-distribution.
+-.IP
+-.PP
+-.SH "GENERAL OPTIONS"
+-There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:
+-.PP
-.IP "\fB\--advisory\fP"
-This option includes packages coresponding to the advisory ID, Eg. FEDORA-2201-123.
-.IP "\fB\--bz\fP"
-+.IP "\fB\-\-advisory\fP"
-+This option includes packages corresponding to the advisory ID, Eg. FEDORA-2201-123.
-+.IP "\fB\-\-bz\fP"
- This option includes packages that say they fix a Bugzilla ID, Eg. 123.
+-This option includes packages that say they fix a Bugzilla ID, Eg. 123.
-.IP "\fB\--cve\fP"
-+.IP "\fB\-\-cve\fP"
- This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
+-This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
-.IP "\fB\--bugfixes\fP"
-+.IP "\fB\-\-bugfixes\fP"
- This option includes packages that say they fix a bugfix issue.
+-This option includes packages that say they fix a bugfix issue.
-.IP "\fB\--security\fP"
-+.IP "\fB\-\-security\fP"
- This option includes packages that say they fix a security issue.
- .PP
- .PP
-
- .SH "EXAMPLES"
- .PP
+-This option includes packages that say they fix a security issue.
+-.PP
+-.PP
+-
+-.SH "EXAMPLES"
+-.PP
-To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
-+To list all updates that are security relevant, and get a return code on whether there are security updates use:
- .IP
+-.IP
-yum --security check-update
-+yum \-\-security check-update
- .PP
- To upgrade packages that have security errata (upgrades to the latest
- available package) use:
- .IP
+-.PP
+-To upgrade packages that have security errata (upgrades to the latest
+-available package) use:
+-.IP
-yum --security update
-+yum \-\-security update
- .PP
- To upgrade packages that have security errata (upgrades to the last
- security errata package) use:
- .IP
+-.PP
+-To upgrade packages that have security errata (upgrades to the last
+-security errata package) use:
+-.IP
-yum --security update-minimal
-+yum \-\-security update-minimal
- .PP
- To get a list of all BZs that are fixed for packages you have installed use:
- .IP
- yum updateinfo list bugzillas
- .PP
+-.PP
+-To get a list of all BZs that are fixed for packages you have installed use:
+-.IP
+-yum updateinfo list bugzillas
+-.PP
-To get a list of all security advisoryies, including the ones you have already
-+To get a list of all security advisories, including the ones you have already
- installed use:
- .IP
- yum updateinfo list all security
-@@ -152,15 +152,15 @@ yum updateinfo info FEDORA-2707-4567
- .PP
- To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
- .IP
+-installed use:
+-.IP
+-yum updateinfo list all security
+-.PP
+-To get the information on advisory FEDORA-2707-4567 use:
+-.IP
+-yum updateinfo info FEDORA-2707-4567
+-.PP
+-To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
+-.IP
-yum --bz 123 --bz 456 --bz 789 --security update
-+yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update
- .PP
- To update to the packages which just update Bugzillas 123, 456 and 789; and all security updates use:
- .IP
+-.PP
+-To update to the packages which just update Bugzillas 123, 456 and 789; and all security updates use:
+-.IP
-yum --bz 123 --bz 456 --bz 789 --security update-minimal
-+yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update-minimal
- .PP
- To get an info list of the latest packages which contain fixes for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:
- .IP
+-.PP
+-To get an info list of the latest packages which contain fixes for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:
+-.IP
-yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
-+yum \-\-bz 123 \-\-cve CVE-2207-0123 \-\-cve CVE-2207-3210 \-\-advisory FEDORA-2707-4567 \-\-advisory FEDORA-2707-7654 info updates
- .PP
- To get a list of packages which are "new".
- .IP
-@@ -183,8 +183,8 @@ James Antill <james.antill at redhat.com>.
- .fi
-
- .SH "BUGS"
+-.PP
+-To get a list of packages which are "new".
+-.IP
+-yum updateinfo list new
+-.PP
+-To get a summary of advisories you haven't installed yet use:
+-.IP
+-yum updateinfo summary
+-
+-
+-.SH "SEE ALSO"
+-.nf
+-.I yum (8)
+-.I yum.conf (5)
+-.fi
+-
+-.SH "AUTHORS"
+-.nf
+-James Antill <james.antill at redhat.com>.
+-.fi
+-
+-.SH "BUGS"
-The update-minimal command ignores the --obsoletes flag.
-+The update-minimal command ignores the \-\-obsoletes flag.
-
+-
-The update-minimal command can only directly affect things atm., so if you update pkgA minimally but that requires an update to pkgB then pkgB will be updated to the newest version by the depsolver. Also the above will happen even if you've also minimally updated pkgB, if either the direct (minimal) update for pkgB happens after or if the minimal update for pkgB doesn't satisy the requirements of pkgA.
-+The update-minimal command can only directly affect things atm., so if you update pkgA minimally but that requires an update to pkgB then pkgB will be updated to the newest version by the depsolver. Also the above will happen even if you've also minimally updated pkgB, if either the direct (minimal) update for pkgB happens after or if the minimal update for pkgB doesn't satisfy the requirements of pkgA.
-
+-
-The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "--bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.
-+The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "\-\-bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.
diff --git a/docs/yum-utils.1 b/docs/yum-utils.1
index fa830b6..3f858a8 100644
--- a/docs/yum-utils.1
@@ -1745,7 +1836,7 @@ index 0578295..aac29ea 100644
import sys
diff --git a/needs-restarting.py b/needs-restarting.py
-index 6bc883f..a6946b0 100755
+index 6bc883f..d92cd46 100755
--- a/needs-restarting.py
+++ b/needs-restarting.py
@@ -8,11 +8,11 @@
@@ -1763,7 +1854,7 @@ index 6bc883f..a6946b0 100755
# Copyright 2009 Red Hat Inc
# written by Seth Vidal
-@@ -40,6 +40,7 @@
+@@ -40,9 +40,11 @@
import sys
import os
import yum
@@ -1771,14 +1862,19 @@ index 6bc883f..a6946b0 100755
import glob
import stat
from optparse import OptionParser
-@@ -76,18 +77,18 @@ def get_open_files(pid):
++from yum.Errors import RepoError
+
+ def parseargs(args):
+ usage = """
+@@ -76,18 +78,18 @@ def get_open_files(pid):
files = []
smaps = '/proc/%s/smaps' % pid
try:
- maps = open(smaps, 'r')
+ maps = open(smaps, 'r').readlines()
except (IOError, OSError), e:
- print "Could not open %s" % smaps
+- print "Could not open %s" % smaps
++ print >>sys.stderr, "Could not open %s" % smaps
return files
- for line in maps.readlines():
@@ -1795,7 +1891,7 @@ index 6bc883f..a6946b0 100755
filename = filename.strip()
if filename not in files:
files.append(filename)
-@@ -106,7 +107,7 @@ def main(args):
+@@ -106,7 +108,7 @@ def main(args):
if opts.useronly:
myuid = os.getuid()
@@ -1804,7 +1900,7 @@ index 6bc883f..a6946b0 100755
for pid in return_running_pids(uid=myuid):
try:
-@@ -117,12 +118,43 @@ def main(args):
+@@ -117,17 +119,48 @@ def main(args):
for fn in get_open_files(pid):
if found_match:
break
@@ -1851,6 +1947,22 @@ index 6bc883f..a6946b0 100755
for pid in needing_restart:
try:
cmdline = open('/proc/' +pid+ '/cmdline', 'r').read()
+ except OSError, e:
+- print "Couldn't access process information for %s: %s" % (pid, str(e))
++ print >>sys.stderr, "Couldn't access process information for %s: %s" % (pid, str(e))
+ continue
+ # proc cmdline is null-delimited so clean that up
+ cmdline = cmdline.replace('\000', ' ')
+@@ -136,4 +169,8 @@ def main(args):
+ return 0
+
+ if __name__ == "__main__":
+- sys.exit(main(sys.argv))
++ try:
++ sys.exit(main(sys.argv))
++ except RepoError, e:
++ print >>sys.stderr, e
++ sys.exit(1)
diff --git a/package-cleanup.py b/package-cleanup.py
index 4794369..acad9f2 100755
--- a/package-cleanup.py
@@ -2068,6 +2180,28 @@ index 8486bb0..0000000
- # Don't die on errors, or we'll never see them.
- if not conduit.getErrors() and opts.dlonly:
- raise PluginYumExit('exiting because --downloadonly specified ')
+diff --git a/plugins/fastestmirror/fastestmirror.py b/plugins/fastestmirror/fastestmirror.py
+index 364b90d..fe79629 100644
+--- a/plugins/fastestmirror/fastestmirror.py
++++ b/plugins/fastestmirror/fastestmirror.py
+@@ -216,7 +216,7 @@ def postreposetup_hook(conduit):
+ def includeCheck(mirror):
+ if filter(lambda exp: re.search(exp, host(mirror)),
+ include_only.replace(',', ' ').split()):
+- conduit.info(2, "Including mirror: %s" % host(mirror))
++ conduit.info(3, "Including mirror: %s" % host(mirror))
+ return True
+ return False
+ repomirrors[str(repo)] = filter(includeCheck,repomirrors[str(repo)])
+@@ -225,7 +225,7 @@ def postreposetup_hook(conduit):
+ def excludeCheck(mirror):
+ if filter(lambda exp: re.search(exp, host(mirror)),
+ exclude.replace(',', ' ').split()):
+- conduit.info(2, "Excluding mirror: %s" % host(mirror))
++ conduit.info(3, "Excluding mirror: %s" % host(mirror))
+ return False
+ return True
+ repomirrors[str(repo)] = filter(excludeCheck,repomirrors[str(repo)])
diff --git a/plugins/fedorakmod/fedorakmod.py b/plugins/fedorakmod/fedorakmod.py
index b3aed61..82a43d5 100644
--- a/plugins/fedorakmod/fedorakmod.py
@@ -2344,6 +2478,912 @@ index 202c203..ce98583 100644
def _pkglist_to_dict(pl, priority, addArch = False):
out = dict()
+diff --git a/plugins/security/security.conf b/plugins/security/security.conf
+deleted file mode 100644
+index 8e4d76c..0000000
+--- a/plugins/security/security.conf
++++ /dev/null
+@@ -1,2 +0,0 @@
+-[main]
+-enabled=1
+diff --git a/plugins/security/security.py b/plugins/security/security.py
+deleted file mode 100755
+index a60cf9b..0000000
+--- a/plugins/security/security.py
++++ /dev/null
+@@ -1,892 +0,0 @@
+-#! /usr/bin/python -tt
+-# This program is free software; you can redistribute it and/or modify
+-# it under the terms of the GNU General Public License as published by
+-# the Free Software Foundation; either version 2 of the License, or
+-# (at your option) any later version.
+-#
+-# This program is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-# GNU Library General Public License for more details.
+-#
+-# You should have received a copy of the GNU General Public License
+-# along with this program; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+-#
+-#
+-# Copyright Red Hat Inc. 2007, 2008
+-#
+-# Author: James Antill <james.antill at redhat.com>
+-#
+-# Examples:
+-#
+-# yum --security info updates
+-# yum --security list updates
+-# yum --security check-update
+-# yum --security update
+-#
+-# yum --cve CVE-2007-1667 <cmd>
+-# yum --bz 235374 --bz 234688 <cmd>
+-# yum --advisory FEDORA-2007-420 --advisory FEDORA-2007-346 <cmd>
+-#
+-# yum list-updateinfo
+-# yum list-updateinfo bugzillas / bzs
+-# yum list-updateinfo cves
+-# yum list-updateinfo security / sec
+-# yum list-updateinfo new
+-#
+-# yum summary-updateinfo
+-#
+-# yum update-minimal --security
+-
+-import yum
+-import fnmatch
+-from yum.plugins import TYPE_INTERACTIVE
+-from yum.update_md import UpdateMetadata
+-import logging # for commands
+-
+-from yum.constants import *
+-
+-import rpmUtils.miscutils
+-
+-requires_api_version = '2.5'
+-plugin_type = (TYPE_INTERACTIVE,)
+-__package_name__ = "yum-plugin-security"
+-
+-# newpackages is weird, in that we'll never display that because we filter to
+-# things relevant to installed pkgs...
+-__update_info_types__ = ("security", "bugfix", "enhancement",
+- "recommended", "newpackage")
+-
+-def _rpm_tup_vercmp(tup1, tup2):
+- """ Compare two "std." tuples, (n, a, e, v, r). """
+- return rpmUtils.miscutils.compareEVR((tup1[2], tup1[3], tup1[4]),
+- (tup2[2], tup2[3], tup2[4]))
+-
+-class CliError(yum.Errors.YumBaseError):
+-
+- """
+- Command line interface related Exception.
+- """
+-
+- def __init__(self, args=''):
+- yum.Errors.YumBaseError.__init__(self)
+- self.args = args
+-
+-def ysp_gen_metadata(repos):
+- """ Generate the info. from the updateinfo.xml files. """
+- md_info = UpdateMetadata()
+- for repo in repos:
+- if not repo.enabled:
+- continue
+-
+- try: # attempt to grab the updateinfo.xml.gz from the repodata
+- md_info.add(repo)
+- except yum.Errors.RepoMDError:
+- continue # No metadata found for this repo
+- return md_info
+-
+-def ysp__safe_refs(refs):
+- """ Sometimes refs == None, if so return the empty list here.
+- So we don't have to check everywhere. """
+- if refs == None:
+- return []
+- return refs
+-
+-def _match_sec_cmd(sec_cmds, pkgname, notice):
+- for i in sec_cmds:
+- if fnmatch.fnmatch(pkgname, i):
+- return i
+- if notice['update_id'] == i:
+- return i
+- return None
+-
+-def _has_id(used_map, refs, ref_type, ref_ids):
+- ''' Check if the given ID is a match. '''
+- for ref in ysp__safe_refs(refs):
+- if ref['type'] != ref_type:
+- continue
+- if ref['id'] not in ref_ids:
+- continue
+- used_map[ref_type][ref['id']] = True
+- return ref
+- return None
+-
+-def ysp_should_filter_pkg(opts, pkgname, notice, used_map):
+- """ Do the package filtering for should_show and should_keep. """
+-
+- rcmd = _match_sec_cmd(opts.sec_cmds, pkgname, notice)
+- if rcmd:
+- used_map['cmd'][rcmd] = True
+- return True
+- elif opts.advisory and notice['update_id'] in opts.advisory:
+- used_map['id'][notice['update_id']] = True
+- return True
+- elif (opts.severity and notice['type'] == 'security' and
+- notice['severity'] in opts.severity):
+- used_map['sev'][notice['severity']] = True
+- return True
+- elif opts.cve and _has_id(used_map, notice['references'], "cve", opts.cve):
+- return True
+- elif opts.bz and _has_id(used_map, notice['references'],"bugzilla",opts.bz):
+- return True
+- # FIXME: Add opts for enhancement/etc.? -- __update_info_types__
+- elif (opts.security and notice['type'] == 'security' and
+- (not opts.severity or 'severity' not in notice or
+- not notice['severity'])):
+- return True
+- elif opts.bugfixes and notice['type'] == 'bugfix':
+- return True
+- elif not (opts.advisory or opts.cve or opts.bz or
+- opts.security or opts.bugfixes or opts.sec_cmds or opts.severity):
+- return True # This is only possible from should_show_pkg
+- return False
+-
+-def ysp_has_info_md(rname, md):
+- if rname in __update_info_types__:
+- if md['type'] == rname:
+- return md
+- for ref in ysp__safe_refs(md['references']):
+- if ref['type'] != rname:
+- continue
+- return md
+-
+-def ysp_gen_used_map(opts):
+- used_map = {'bugzilla' : {}, 'cve' : {}, 'id' : {}, 'cmd' : {}, 'sev' : {}}
+- for i in opts.sec_cmds:
+- used_map['cmd'][i] = False
+- for i in opts.advisory:
+- used_map['id'][i] = False
+- for i in opts.bz:
+- used_map['bugzilla'][i] = False
+- for i in opts.cve:
+- used_map['cve'][i] = False
+- for i in opts.severity:
+- used_map['sev'][i] = False
+- return used_map
+-
+-def ysp_chk_used_map(used_map, msg):
+- for i in used_map['cmd']:
+- if not used_map['cmd'][i]:
+- msg('No update information found for \"%s\"' % i)
+- for i in used_map['id']:
+- if not used_map['id'][i]:
+- msg('Advisory \"%s\" not found applicable for this system' % i)
+- for i in used_map['bugzilla']:
+- if not used_map['bugzilla'][i]:
+- msg('BZ \"%s\" not found applicable for this system' % i)
+- for i in used_map['cve']:
+- if not used_map['cve'][i]:
+- msg('CVE \"%s\" not found applicable for this system' % i)
+- for i in used_map['sev']:
+- if not used_map['sev'][i]:
+- msg('Severity \"%s\" not found applicable for this system' % i)
+-
+-class UpdateinfoCommand:
+- # Old command names...
+- direct_cmds = {'list-updateinfo' : 'list',
+- 'list-security' : 'list',
+- 'list-sec' : 'list',
+- 'info-updateinfo' : 'info',
+- 'info-security' : 'info',
+- 'info-sec' : 'info',
+- 'summary-updateinfo' : 'summary'}
+-
+- # Note that this code (instead of using inheritance and multiple
+- # cmd classes) means that "yum help" only displays the updateinfo command.
+- # Which is what we want, because the other commands are just backwards
+- # compatible gunk we don't want the user using).
+- def getNames(self):
+- return ['updateinfo'] + sorted(self.direct_cmds.keys())
+-
+- def getUsage(self):
+- return "[info|list|...] [security|...] [installed|available|all] [pkgs|id]"
+-
+- def getSummary(self):
+- return "Acts on repository update information"
+-
+- def doCheck(self, base, basecmd, extcmds):
+- pass
+-
+- def list_show_pkgs(self, base, md_info, list_type, show_type,
+- iname2tup, data, msg):
+- n_maxsize = 0
+- r_maxsize = 0
+- t_maxsize = 0
+- for (notice, pkgtup, pkg) in data:
+- n_maxsize = max(len(notice['update_id']), n_maxsize)
+- tn = notice['type']
+- if tn == 'security' and notice['severity']:
+- tn = notice['severity'] + '/Sec.'
+- t_maxsize = max(len(tn), t_maxsize)
+- if show_type:
+- for ref in ysp__safe_refs(notice['references']):
+- if ref['type'] != show_type:
+- continue
+- r_maxsize = max(len(str(ref['id'])), r_maxsize)
+-
+- for (notice, pkgtup, pkg) in data:
+- mark = ''
+- if list_type == 'all':
+- mark = ' '
+- if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
+- mark = 'i '
+- tn = notice['type']
+- if tn == 'security' and notice['severity']:
+- tn = notice['severity'] + '/Sec.'
+-
+- if show_type and ysp_has_info_md(show_type, notice):
+- for ref in ysp__safe_refs(notice['references']):
+- if ref['type'] != show_type:
+- continue
+- msg("%s %-*s %-*s %s" % (mark, r_maxsize, str(ref['id']),
+- t_maxsize, tn, pkg))
+- elif hasattr(pkg, 'name'):
+- print base.fmtKeyValFill("%s: " % pkg.name,
+- base._enc(pkg.summary))
+- else:
+- msg("%s%-*s %-*s %s" % (mark, n_maxsize, notice['update_id'],
+- t_maxsize, tn, pkg))
+-
+- def info_show_pkgs(self, base, md_info, list_type, show_type,
+- iname2tup, data, msg):
+- show_pkg_info_done = {}
+- for (notice, pkgtup, pkg) in data:
+- if notice['update_id'] in show_pkg_info_done:
+- continue
+- show_pkg_info_done[notice['update_id']] = notice
+-
+- if hasattr(notice, 'text'):
+- debug_log_lvl = yum.logginglevels.DEBUG_3
+- vlog = logging.getLogger("yum.verbose.main")
+- if vlog.isEnabledFor(debug_log_lvl):
+- obj = notice.text(skip_data=[])
+- else:
+- obj = notice.text()
+- else:
+- # Python-2.4.* doesn't understand str(x) returning unicode
+- obj = notice.__str__()
+-
+- if list_type == 'all':
+- if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
+- obj = obj + "\n Installed : true"
+- else:
+- obj = obj + "\n Installed : false"
+- msg(obj)
+-
+- def summary_show_pkgs(self, base, md_info, list_type, show_type,
+- iname2tup, data, msg):
+- def _msg(x):
+- print x
+- counts = {}
+- sev_counts = {}
+- show_pkg_info_done = {}
+- for (notice, pkgtup, pkg) in data:
+- if notice['update_id'] in show_pkg_info_done:
+- continue
+- show_pkg_info_done[notice['update_id']] = notice
+- counts[notice['type']] = counts.get(notice['type'], 0) + 1
+- if notice['type'] == 'security':
+- sev = notice['severity']
+- if sev is None:
+- sev = ''
+- sev_counts[sev] = sev_counts.get(sev, 0) + 1
+-
+- maxsize = 0
+- for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
+- if T not in counts:
+- continue
+- size = len(str(counts[T]))
+- if maxsize < size:
+- maxsize = size
+- if not maxsize:
+- _check_running_kernel(base, md_info, _msg)
+- return
+-
+- outT = {'newpackage' : 'New Package',
+- 'security' : 'Security',
+- 'bugfix' : 'Bugfix',
+- 'enhancement' : 'Enhancement'}
+- print "Updates Information Summary:", list_type
+- for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
+- if T not in counts:
+- continue
+- n = outT[T]
+- if T == 'security' and len(sev_counts) == 1:
+- sn = sev_counts.keys()[0]
+- if sn != '':
+- n = sn + " " + n
+- print " %*u %s notice(s)" % (maxsize, counts[T], n)
+- if T == 'security' and len(sev_counts) != 1:
+- def _sev_sort_key(key):
+- # We want these in order, from "highest" to "lowest".
+- # Anything unknown is "higher". meh.
+- return {'Critical' : "zz1",
+- 'Important': "zz2",
+- 'Moderate' : "zz3",
+- 'Low' : "zz4",
+- }.get(key, key)
+-
+- for sn in sorted(sev_counts, key=_sev_sort_key):
+- args = (maxsize, sev_counts[sn],sn or '?', outT['security'])
+- print " %*u %s %s notice(s)" % args
+- _check_running_kernel(base, md_info, _msg)
+- self.show_pkg_info_done = {}
+-
+- def _get_new_pkgs(self, md_info):
+- for notice in md_info.notices:
+- if notice['type'] != "newpackage":
+- continue
+- for upkg in notice['pkglist']:
+- for pkg in upkg['packages']:
+- pkgtup = (pkg['name'], pkg['arch'], pkg['epoch'] or '0',
+- pkg['version'], pkg['release'])
+- yield (notice, pkgtup)
+-
+- _cmd2filt = {"bugzillas" : "bugzilla",
+- "bugzilla" : "bugzilla",
+- "bzs" : "bugzilla",
+- "bz" : "bugzilla",
+-
+- "sec" : "security",
+-
+- "cves" : "cve",
+- "cve" : "cve",
+-
+- "newpackages" : "newpackage",
+- "new-packages" : "newpackage",
+- "newpackage" : "newpackage",
+- "new-package" : "newpackage",
+- "new" : "newpackage"}
+- for filt_type in __update_info_types__:
+- _cmd2filt[filt_type] = filt_type
+-
+- def doCommand(self, base, basecmd, extcmds):
+- if basecmd in self.direct_cmds:
+- subcommand = self.direct_cmds[basecmd]
+- elif extcmds and extcmds[0] in ('list', 'info', 'summary'):
+- subcommand = extcmds[0]
+- extcmds = extcmds[1:]
+- elif extcmds and extcmds[0] in self._cmd2filt:
+- subcommand = 'list'
+- elif extcmds:
+- subcommand = 'info'
+- else:
+- subcommand = 'summary'
+-
+- if subcommand == 'list':
+- return self.doCommand_li(base, 'updateinfo list', extcmds,
+- self.list_show_pkgs)
+- if subcommand == 'info':
+- return self.doCommand_li(base, 'updateinfo info', extcmds,
+- self.info_show_pkgs)
+-
+- if subcommand == 'summary':
+- return self.doCommand_li(base, 'updateinfo summary', extcmds,
+- self.summary_show_pkgs)
+-
+- def doCommand_li_new(self, base, list_type, extcmds, md_info, msg,
+- show_pkgs):
+- done_pkgs = set()
+- data = []
+- for (notice, pkgtup) in sorted(self._get_new_pkgs(md_info),
+- key=lambda x: x[1][0]):
+- if extcmds and not _match_sec_cmd(extcmds, pkgtup[0], notice):
+- continue
+- n = pkgtup[0]
+- if n in done_pkgs:
+- continue
+- ipkgs = list(reversed(sorted(base.rpmdb.searchNames([n]))))
+- if list_type in ('installed', 'updates') and not ipkgs:
+- done_pkgs.add(n)
+- continue
+- if list_type == 'available' and ipkgs:
+- done_pkgs.add(n)
+- continue
+-
+- pkgs = base.pkgSack.searchPkgTuple(pkgtup)
+- if not pkgs:
+- continue
+- if list_type == "updates" and pkgs[0].verLE(ipkgs[0]):
+- done_pkgs.add(n)
+- continue
+- done_pkgs.add(n)
+- data.append((notice, pkgtup, pkgs[0]))
+- show_pkgs(base, md_info, list_type, None, {}, data, msg)
+-
+- def _parse_extcmds(self, extcmds):
+- filt_type = None
+- show_type = None
+- if len(extcmds) >= 1:
+- filt_type = None
+-
+- if extcmds[0] in self._cmd2filt:
+- filt_type = self._cmd2filt[extcmds.pop(0)]
+- show_type = filt_type
+- if filt_type and filt_type in __update_info_types__:
+- show_type = None
+- return extcmds, show_type, filt_type
+-
+- def doCommand_li(self, base, basecmd, extcmds, show_pkgs):
+- self.repos = base.repos
+- md_info = ysp_gen_metadata(self.repos.listEnabled())
+- def msg(x):
+- # Don't use: logger.log(logginglevels.INFO_2, x)
+- # or -q deletes everything.
+- print x
+-
+- opts, cmdline = base.plugins.cmdline
+- extcmds, show_type, filt_type = self._parse_extcmds(extcmds)
+-
+- list_type = "available"
+- if extcmds and extcmds[0] in ("updates","available","installed", "all"):
+- list_type = extcmds.pop(0)
+-
+- if filt_type == "newpackage":
+- # No filtering here, as we want what isn't installed...
+- self.doCommand_li_new(base, list_type, extcmds, md_info, msg,
+- show_pkgs)
+- return 0, [basecmd + ' new done']
+-
+- opts.sec_cmds = extcmds
+- used_map = ysp_gen_used_map(opts)
+- iname2tup = {}
+- if False: pass
+- elif list_type in ('installed', 'all'):
+- name2tup = _get_name2allpkgtup(base)
+- iname2tup = _get_name2instpkgtup(base)
+- elif list_type == 'updates':
+- name2tup = _get_name2oldpkgtup(base)
+- elif list_type == 'available':
+- name2tup = _get_name2instpkgtup(base)
+-
+- def _show_pkgtup(pkgtup):
+- name = pkgtup[0]
+- notices = reversed(md_info.get_applicable_notices(pkgtup))
+- for (pkgtup, notice) in notices:
+- if filt_type and not ysp_has_info_md(filt_type, notice):
+- continue
+-
+- if list_type == 'installed':
+- # Remove any that are newer than what we have installed
+- if _rpm_tup_vercmp(iname2tup[name], pkgtup) < 0:
+- continue
+-
+- if ysp_should_filter_pkg(opts, name, notice, used_map):
+- yield (pkgtup, notice)
+-
+- data = []
+- for pkgname in sorted(name2tup):
+- for (pkgtup, notice) in _show_pkgtup(name2tup[pkgname]):
+- d = {}
+- (d['n'], d['a'], d['e'], d['v'], d['r']) = pkgtup
+- if d['e'] == '0':
+- d['epoch'] = ''
+- else:
+- d['epoch'] = "%s:" % d['e']
+- data.append((notice, pkgtup,
+- "%(n)s-%(epoch)s%(v)s-%(r)s.%(a)s" % d))
+- show_pkgs(base, md_info, list_type, show_type, iname2tup, data, msg)
+-
+- ysp_chk_used_map(used_map, msg)
+-
+- return 0, [basecmd + ' done']
+-
+-
+-# "Borrowed" from yumcommands.py
+-def yumcommands_checkRootUID(base):
+- """
+- Verify that the program is being run by the root user.
+-
+- @param base: a YumBase object.
+- """
+- if base.conf.uid != 0:
+- base.logger.critical('You need to be root to perform this command.')
+- raise CliError
+-def yumcommands_checkGPGKey(base):
+- if not base.gpgKeyCheck():
+- for repo in base.repos.listEnabled():
+- if repo.gpgcheck != 'false' and repo.gpgkey == '':
+- msg = """
+-You have enabled checking of packages via GPG keys. This is a good thing.
+-However, you do not have any GPG public keys installed. You need to download
+-the keys for packages you wish to install and install them.
+-You can do that by running the command:
+- rpm --import public.gpg.key
+-
+-
+-Alternatively you can specify the url to the key you would like to use
+-for a repository in the 'gpgkey' option in a repository section and yum
+-will install it for you.
+-
+-For more information contact your distribution or package provider.
+-"""
+- base.logger.critical(msg)
+- raise CliError
+-
+-def _get_name2pkgtup(base, pkgtups):
+- name2tup = {}
+- for pkgtup in pkgtups:
+- # Get the latest "old" pkgtups
+- if (pkgtup[0] in name2tup and
+- _rpm_tup_vercmp(name2tup[pkgtup[0]], pkgtup) > 0):
+- continue
+- name2tup[pkgtup[0]] = pkgtup
+- return name2tup
+-def _get_name2oldpkgtup(base):
+- """ Get the pkgtups for all installed pkgs. which have an update. """
+- oupdates = map(lambda x: x[1], base.up.getUpdatesTuples())
+- return _get_name2pkgtup(base, oupdates)
+-def _get_name2instpkgtup(base):
+- """ Get the pkgtups for all installed pkgs. """
+- return _get_name2pkgtup(base, base.rpmdb.simplePkgList())
+-def _get_name2allpkgtup(base):
+- """ Get the pkgtups for all installed pkgs. and munge that to be the
+- first possible pkgtup. """
+- ofirst = [(pt[0], pt[1], '0','0','0') for pt in base.rpmdb.simplePkgList()]
+- return _get_name2pkgtup(base, ofirst)
+-
+-
+-
+-class SecurityUpdateCommand:
+- def getNames(self):
+- return ['update-minimal']
+-
+- def getUsage(self):
+- return "[PACKAGE-wildcard]"
+-
+- def getSummary(self):
+- return "Works like update, but goes to the 'newest' package match which fixes a problem that affects your system"
+-
+- def doCheck(self, base, basecmd, extcmds):
+- yumcommands_checkRootUID(base)
+- yumcommands_checkGPGKey(base)
+-
+- def doCommand(self, base, basecmd, extcmds):
+- if hasattr(base, 'run_with_package_names'):
+- base.run_with_package_names.add(__package_name__)
+- md_info = ysp_gen_metadata(base.repos.listEnabled())
+- opts = base.plugins.cmdline[0]
+- opts.sec_cmds = []
+- used_map = ysp_gen_used_map(opts)
+-
+- ndata = not (opts.security or opts.bugfixes or
+- opts.advisory or opts.bz or opts.cve or opts.severity)
+-
+- # NOTE: Not doing obsoletes processing atm. ... maybe we should? --
+- # Also worth pointing out we don't go backwards for obsoletes in the:
+- # update --security case etc.
+-
+- # obsoletes = base.up.getObsoletesTuples(newest=False)
+- # for (obsoleting, installed) in sorted(obsoletes, key=lambda x: x[0]):
+- # pass
+-
+- # Tuples == (n, a, e, v, r)
+- oupdates = map(lambda x: x[1], base.up.getUpdatesTuples())
+- for oldpkgtup in sorted(oupdates):
+- data = md_info.get_applicable_notices(oldpkgtup)
+- if ndata: # No options means pick the oldest update
+- data.reverse()
+-
+- for (pkgtup, notice) in data:
+- name = pkgtup[0]
+- if extcmds and not _match_sec_cmd(extcmds, name, notice):
+- continue
+- if (not ndata and
+- not ysp_should_filter_pkg(opts, name, notice, used_map)):
+- continue
+- base.update(name=pkgtup[0], arch=pkgtup[1], epoch=pkgtup[2],
+- version=pkgtup[3], release=pkgtup[4])
+- break
+-
+- if len(base.tsInfo) > 0:
+- msg = '%d packages marked for minimal Update' % len(base.tsInfo)
+- return 2, [msg]
+- else:
+- return 0, ['No Packages marked for minimal Update']
+-
+-def config_hook(conduit):
+- '''
+- Yum Plugin Config Hook:
+- Setup the option parser with the '--advisory', '--bz', '--cve',
+- '--security' and '--severity' command line options. Also the 'updateinfo'
+- and 'update-minimal' commands.
+- '''
+-
+- parser = conduit.getOptParser()
+- if not parser:
+- return
+-
+- if hasattr(parser, 'plugin_option_group'):
+- parser = parser.plugin_option_group
+-
+- conduit.registerCommand(UpdateinfoCommand())
+- conduit.registerCommand(SecurityUpdateCommand())
+- def osec(opt, key, val, parser):
+- # CVE is a subset of --security on RHEL, but not on Fedora
+- parser.values.security = True
+- def obug(opt, key, val, parser):
+- parser.values.bugfixes = True
+- def ocve(opt, key, val, parser):
+- parser.values.cve.extend(val.split(','))
+- def obz(opt, key, val, parser):
+- parser.values.bz.append(str(val))
+- def oadv(opt, key, val, parser):
+- parser.values.advisory.extend(val.split(','))
+- def osev(opt, key, val, parser):
+- parser.values.severity.extend(val.split(','))
+-
+- parser.add_option('--security', action="callback",
+- callback=osec, dest='security', default=False,
+- help='Include security relevant packages')
+- parser.add_option('--bugfixes', action="callback",
+- callback=obug, dest='bugfixes', default=False,
+- help='Include bugfix relevant packages')
+- parser.add_option('--cve', action="callback", type="string",
+- callback=ocve, dest='cve', default=[],
+- help='Include packages needed to fix the given CVE')
+- parser.add_option('--bz', action="callback",
+- callback=obz, dest='bz', default=[], type="int",
+- help='Include packages needed to fix the given BZ')
+- parser.add_option('--sec-severity', action="callback",
+- callback=osev, dest='severity', default=[], type="string",
+- help='Include security relevant packages, of this severity')
+- parser.add_option('--advisory', action="callback",
+- callback=oadv, dest='advisory', default=[], type="string",
+- help='Include packages needed to fix the given advisory')
+-
+-# You might think we'd just use the exclude_hook, and call delPackage
+-# and indeed that works for list updates etc.
+-#
+-# __but__ that doesn't work for dependancies on real updates
+-#
+-# So to fix deps. we need to do it at the preresolve stage and take the
+-# "transaction package list" and then remove packages from that.
+-#
+-# __but__ that doesn't work for lists ... so we do it two ways
+-#
+-def ysp_should_keep_pkg(opts, pkgtup, md_info, used_map):
+- """ Do we want to keep this package to satisfy the security limits. """
+- name = pkgtup[0]
+- for (pkgtup, notice) in md_info.get_applicable_notices(pkgtup):
+- if ysp_should_filter_pkg(opts, name, notice, used_map):
+- return True
+- return False
+-
+-def ysp_check_func_enter(conduit):
+- """ Stuff we need to do in both list and update modes. """
+-
+- opts, args = conduit.getCmdLine()
+-
+- ndata = not (opts.security or opts.bugfixes or
+- opts.advisory or opts.bz or opts.cve or opts.severity)
+-
+- ret = None
+- if len(args) >= 2:
+- if ((args[0] == "list") and (args[1] in ("obsoletes", "updates"))):
+- ret = {"skip": ndata, "list_cmd": True}
+- if ((args[0] == "info") and (args[1] in ("obsoletes", "updates"))):
+- ret = {"skip": ndata, "list_cmd": True}
+- if len(args):
+-
+- # All the args. stuff is done in our command:
+- if (args[0] == "update-minimal"):
+- return (opts, {"skip": True, "list_cmd": False, "msg": True})
+-
+- if (args[0] == "check-update"):
+- ret = {"skip": ndata, "list_cmd": True}
+- if (args[0] in ["update", "upgrade"]):
+- ret = {"skip": ndata, "list_cmd": False}
+- if args[0] == 'updateinfo':
+- return (opts, {"skip": True, "list_cmd": True})
+- if (args[0] in UpdateinfoCommand.direct_cmds):
+- return (opts, {"skip": True, "list_cmd": True})
+-
+- if ret:
+- return (opts, ret)
+-
+- if not ndata:
+- conduit.error(2, 'Skipping security plugin, other command')
+- return (opts, {"skip": True, "list_cmd": False, "msg": True})
+-
+-def exclude_hook(conduit):
+- '''
+- Yum Plugin Exclude Hook:
+- Check and remove packages that don\'t align with the security config.
+- '''
+-
+- opts, info = ysp_check_func_enter(conduit)
+- if info["skip"]:
+- return
+-
+- if not info["list_cmd"]:
+- return
+-
+- if hasattr(conduit, 'registerPackageName'):
+- conduit.registerPackageName(__package_name__)
+- conduit.info(2, 'Limiting package lists to security relevant ones')
+-
+- md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
+-
+- def ysp_del_pkg(pkg):
+- """ Deletes a package from all trees that yum knows about """
+- conduit.info(3," --> %s from %s excluded (non-security)" %
+- (pkg,pkg.repoid))
+- conduit.delPackage(pkg)
+-
+- opts.sec_cmds = []
+- used_map = ysp_gen_used_map(opts)
+-
+- # The official API is:
+- #
+- # pkgs = conduit.getPackages()
+- #
+- # ...however that is _extremely_ slow, deleting all packages. So we ask
+- # for the list of update packages, which is all we care about.
+- upds = conduit._base.doPackageLists(pkgnarrow='updates')
+- pkgs = upds.updates
+- # In theory we don't need to do this in some cases, but meh.
+- upds = conduit._base.doPackageLists(pkgnarrow='obsoletes')
+- pkgs += upds.obsoletes
+-
+- name2tup = _get_name2oldpkgtup(conduit._base)
+-
+- tot = 0
+- cnt = 0
+- for pkg in pkgs:
+- tot += 1
+- name = pkg.name
+- if (name not in name2tup or
+- not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
+- ysp_del_pkg(pkg)
+- continue
+- cnt += 1
+-
+- ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
+- if cnt:
+- conduit.info(2, '%d package(s) needed for security, out of %d available' % (cnt, tot))
+- else:
+- conduit.info(2, 'No packages needed for security; %d packages available' % tot)
+-
+- _check_running_kernel(conduit._base, md_info, lambda x: conduit.info(2, x))
+-
+-def _check_running_kernel(yb, md_info, msg):
+- if not hasattr(yum.misc, 'get_running_kernel_pkgtup'):
+- return # Back compat.
+-
+- kern_pkgtup = yum.misc.get_running_kernel_pkgtup(yb.ts)
+- if kern_pkgtup[0] is None:
+- return
+-
+- found_sec = False
+- for (pkgtup, notice) in md_info.get_applicable_notices(kern_pkgtup):
+- if found_sec or notice['type'] != 'security':
+- continue
+- found_sec = True
+- ipkg = yb.rpmdb.searchPkgTuple(pkgtup)
+- if not ipkg:
+- continue # Not installed
+- ipkg = ipkg[0]
+-
+- e = ''
+- if kern_pkgtup[2] != '0':
+- e = '%s:' % kern_pkgtup[2]
+- rpkg = '%s-%s%s-%s.%s' % (kern_pkgtup[0], e,
+- kern_pkgtup[3], kern_pkgtup[4],
+- kern_pkgtup[1])
+-
+- msg('Security: %s is an installed security update' % ipkg)
+- msg('Security: %s is the currently running version' % rpkg)
+- break
+-
+-
+-def preresolve_hook(conduit):
+- '''
+- Yum Plugin PreResolve Hook:
+- Check and remove packages that don\'t align with the security config.
+- '''
+-
+- opts, info = ysp_check_func_enter(conduit)
+- if info["skip"]:
+- return
+-
+- if info["list_cmd"]:
+- return
+-
+- if hasattr(conduit, 'registerPackageName'):
+- conduit.registerPackageName(__package_name__)
+- conduit.info(2, 'Limiting packages to security relevant ones')
+-
+- md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
+-
+- def ysp_del_pkg(tspkg):
+- """ Deletes a package within a transaction. """
+- conduit.info(3," --> %s from %s excluded (non-security)" %
+- (tspkg.po,tspkg.po.repoid))
+- tsinfo.remove(tspkg.pkgtup)
+-
+- tot = 0
+- cnt = 0
+- opts.sec_cmds = []
+- used_map = ysp_gen_used_map(opts)
+- tsinfo = conduit.getTsInfo()
+- tspkgs = tsinfo.getMembers()
+- # Ok, here we keep any pkgs that pass "ysp" tests, then we keep all
+- # related pkgs ... Ie. "installed" version marked for removal.
+- keep_pkgs = set()
+-
+- count_states = set(TS_INSTALL_STATES + [TS_ERASE])
+- count_pkgs = set()
+- for tspkg in tspkgs:
+- if tspkg.output_state in count_states:
+- count_pkgs.add(tspkg.po)
+-
+- name2tup = _get_name2oldpkgtup(conduit._base)
+- for tspkg in tspkgs:
+- if tspkg.output_state in count_states:
+- tot += 1
+- name = tspkg.po.name
+- if (name not in name2tup or
+- not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
+- continue
+- if tspkg.output_state in count_states:
+- cnt += 1
+- keep_pkgs.add(tspkg.po)
+-
+- scnt = cnt
+- mini_depsolve_again = True
+- while mini_depsolve_again:
+- mini_depsolve_again = False
+-
+- for tspkg in tspkgs:
+- if tspkg.po in keep_pkgs:
+- # Find any related pkgs, and add them:
+- for (rpkg, reason) in tspkg.relatedto:
+- if rpkg not in keep_pkgs:
+- if rpkg in count_pkgs:
+- cnt += 1
+- keep_pkgs.add(rpkg)
+- mini_depsolve_again = True
+- else:
+- # If related to any keep pkgs, add us
+- for (rpkg, reason) in tspkg.relatedto:
+- if rpkg in keep_pkgs:
+- if rpkg in count_pkgs:
+- cnt += 1
+- keep_pkgs.add(tspkg.po)
+- mini_depsolve_again = True
+- break
+-
+- for tspkg in tspkgs:
+- if tspkg.po not in keep_pkgs:
+- ysp_del_pkg(tspkg)
+-
+- ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
+-
+- if cnt:
+- conduit.info(2, '%d package(s) needed (+%d related) for security, out of %d available' % (scnt, cnt - scnt, tot))
+- else:
+- conduit.info(2, 'No packages needed for security; %d packages available' % tot)
+-
+-if __name__ == '__main__':
+- print "This is a plugin that is supposed to run from inside YUM"
diff --git a/plugins/tmprepo/tmprepo.py b/plugins/tmprepo/tmprepo.py
index e60dd4d..ec51f5b 100644
--- a/plugins/tmprepo/tmprepo.py
@@ -2432,10 +3472,10 @@ index 40756b2..dfe4dd3 100644
return 0, ['versionlock deleted: ' + str(count)]
diff --git a/po/POTFILES.in b/po/POTFILES.in
-index 581da0a..d85030c 100644
+index 581da0a..2f12118 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
-@@ -28,7 +28,6 @@ plugins/ps/ps.py
+@@ -28,14 +28,12 @@ plugins/ps/ps.py
plugins/auto-update-debuginfo/auto-update-debuginfo.py
plugins/show-leaves/show-leaves.py
plugins/list-data/list-data.py
@@ -2443,6 +3483,13 @@ index 581da0a..d85030c 100644
plugins/allowdowngrade/allowdowngrade.py
plugins/tsflags/tsflags.py
plugins/merge-conf/merge-conf.py
+ plugins/aliases/aliases.py
+ plugins/protectbase/protectbase.py
+ plugins/versionlock/versionlock.py
+-plugins/security/security.py
+ plugins/nofsync/nofsync.py
+ plugins/tmprepo/tmprepo.py
+ plugins/priorities/priorities.py
diff --git a/repo-check.py b/repo-check.py
index 7c4ae77..2aa8bde 100755
--- a/repo-check.py
@@ -2818,7 +3865,7 @@ index ff77e0d..bef3b03 100755
# (c) Copyright Seth Vidal 2004
diff --git a/repoquery.py b/repoquery.py
-index a3bb111..64976ec 100755
+index a3bb111..2390e79 100755
--- a/repoquery.py
+++ b/repoquery.py
@@ -8,11 +8,11 @@
@@ -2844,7 +3891,15 @@ index a3bb111..64976ec 100755
import urlparse
from optparse import OptionParser
-@@ -74,6 +73,15 @@ querytags = [ 'name', 'version', 'release', 'epoch', 'arch', 'summary',
+@@ -62,6 +61,7 @@ Size : %{installedsize}
+ Packager : %{packager}
+ Group : %{group}
+ URL : %{url}
++License : %{license}
+ Repository : %{repoid}
+ Summary : %{summary}
+ Source : %{sourcerpm}
+@@ -74,6 +74,15 @@ querytags = [ 'name', 'version', 'release', 'epoch', 'arch', 'summary',
'installedsize', 'archivesize', 'packagesize', 'repoid',
'requires', 'provides', 'conflicts', 'obsoletes',
'relativepath', 'hdrstart', 'hdrend', 'id',
@@ -2860,7 +3915,7 @@ index a3bb111..64976ec 100755
]
def sec2isodate(timestr):
-@@ -114,7 +122,7 @@ convertmap = { 'date': sec2date,
+@@ -114,7 +123,7 @@ convertmap = { 'date': sec2date,
'h': size2h,
}
@@ -2869,7 +3924,7 @@ index a3bb111..64976ec 100755
def __init__(self, value=None):
Exception.__init__(self)
self.value = value
-@@ -316,12 +324,13 @@ class pkgQuery:
+@@ -316,12 +325,13 @@ class pkgQuery:
print "%s%s [%s]" % (indent, str(req), str(val))
# These are common helpers for the --tree-* options...
@@ -2886,7 +3941,7 @@ index a3bb111..64976ec 100755
def _tree_pkg2uniq(self, pkg):
""" Turn a pkg into a "unique" req."""
if self.yb and self.yb.conf.showdupesfromrepos:
-@@ -365,6 +374,7 @@ class pkgQuery:
+@@ -365,6 +375,7 @@ class pkgQuery:
kw['dot'] = DotPlot()
elif 'dot' not in kw.keys() or kw['dot'] is None:
kw['dot'] = None
@@ -2894,7 +3949,7 @@ index a3bb111..64976ec 100755
if str(kw['tree_level']).lower() != 'all':
try:
-@@ -375,6 +385,15 @@ class pkgQuery:
+@@ -375,6 +386,15 @@ class pkgQuery:
if not 'output' in kw.keys():
kw['output'] = 'ascii-tree'
@@ -2910,7 +3965,7 @@ index a3bb111..64976ec 100755
__req2pkgs = {}
def req2pkgs(ignore, req):
req = str(req)
-@@ -406,6 +425,8 @@ class pkgQuery:
+@@ -406,6 +426,8 @@ class pkgQuery:
providers = matches.keys()
@@ -2919,7 +3974,7 @@ index a3bb111..64976ec 100755
except yum.Errors.YumBaseError, err:
print >>sys.stderr, "No package provides %s" % req
return []
-@@ -413,14 +434,9 @@ class pkgQuery:
+@@ -413,14 +435,9 @@ class pkgQuery:
__req2pkgs[req] = providers
return providers
@@ -2935,7 +3990,7 @@ index a3bb111..64976ec 100755
dot.addPackage(pkg, rpkgs)
lim = level + 2
nlevel = level + 1
-@@ -449,6 +465,7 @@ class pkgQuery:
+@@ -449,6 +466,7 @@ class pkgQuery:
def fmt_tree_obsoletes(self, **kw):
pkg = kw.get('pkg', self.pkg)
@@ -2943,7 +3998,7 @@ index a3bb111..64976ec 100755
level = kw.get('level', 0)
all_reqs = kw.get('all_reqs', {})
-@@ -457,6 +474,7 @@ class pkgQuery:
+@@ -457,6 +475,7 @@ class pkgQuery:
kw['dot'] = DotPlot()
elif 'dot' not in kw.keys() or kw['dot'] is None:
kw['dot'] = None
@@ -2951,7 +4006,7 @@ index a3bb111..64976ec 100755
if str(kw['tree_level']).lower() != 'all':
try:
-@@ -467,6 +485,15 @@ class pkgQuery:
+@@ -467,6 +486,15 @@ class pkgQuery:
if not 'output' in kw.keys():
kw['output'] = 'ascii-tree'
@@ -2967,7 +4022,7 @@ index a3bb111..64976ec 100755
def obs2pkgs():
if self.yb is None:
return []
-@@ -496,10 +523,7 @@ class pkgQuery:
+@@ -496,10 +524,7 @@ class pkgQuery:
else:
reason = 'cmd line'
rpkgs = obs2pkgs()
@@ -2979,7 +4034,7 @@ index a3bb111..64976ec 100755
dot.addPackage(pkg, rpkgs)
lim = level + 2
all_reqs[pkg] = None
-@@ -514,6 +538,7 @@ class pkgQuery:
+@@ -514,6 +539,7 @@ class pkgQuery:
self._tree_print_req(rpkg, '', nlevel)
continue
self.fmt_tree_obsoletes(pkg=rpkg, level=nlevel, all_reqs=all_reqs,
@@ -2987,7 +4042,7 @@ index a3bb111..64976ec 100755
tree_level = kw['tree_level'],
output = kw['output'],
dot = dot)
-@@ -527,6 +552,7 @@ class pkgQuery:
+@@ -527,6 +553,7 @@ class pkgQuery:
if kw['output'].lower() == 'dot-tree':
if 'dot' not in kw.keys() or kw['dot'] is None:
kw['dot'] = DotPlot()
@@ -2995,7 +4050,7 @@ index a3bb111..64976ec 100755
if str(kw['tree_level']).lower() != 'all':
try:
-@@ -537,6 +563,15 @@ class pkgQuery:
+@@ -537,6 +564,15 @@ class pkgQuery:
if not 'output' in kw.keys():
kw['output'] = 'ascii-tree'
@@ -3011,7 +4066,7 @@ index a3bb111..64976ec 100755
__prov2pkgs = {}
def prov2pkgs(prov, ignore):
if str(prov) in __prov2pkgs:
-@@ -562,6 +597,8 @@ class pkgQuery:
+@@ -562,6 +598,8 @@ class pkgQuery:
arequirers = [pkg for pkg in areqs
if pkg.pkgtup not in skip]
@@ -3020,7 +4075,7 @@ index a3bb111..64976ec 100755
except yum.Errors.YumBaseError, err:
print >>sys.stderr, "No package provides %s" % str(prov)
return []
-@@ -575,12 +612,8 @@ class pkgQuery:
+@@ -575,12 +613,8 @@ class pkgQuery:
tups = pkg.provides + filetupes
rpkgs, loc_reqs = self._tree_maybe_add_pkgs(all_reqs, tups, prov2pkgs)
@@ -3034,7 +4089,7 @@ index a3bb111..64976ec 100755
dot.addPackage(pkg, rpkgs)
lim = level + 2
nlevel = level + 1
-@@ -719,13 +752,13 @@ class groupQuery:
+@@ -719,13 +753,13 @@ class groupQuery:
raise queryError("Invalid group query: %s" % method)
# XXX temporary hack to make --group -a query work
@@ -3051,7 +4106,7 @@ index a3bb111..64976ec 100755
pkgs = []
for t in self.grouppkgs.split(','):
if t == "mandatory":
-@@ -741,10 +774,10 @@ class groupQuery:
+@@ -741,10 +775,10 @@ class groupQuery:
return pkgs
@@ -3064,16 +4119,7 @@ index a3bb111..64976ec 100755
return ["%s:\n\n%s\n" % (self.name, self.group.description)]
-@@ -826,6 +859,8 @@ class YumBaseQuery(yum.YumBase):
- pkgs = self.pkgSack.returnNewestByNameArch(**kwargs)
- except yum.Errors.PackageSackError:
- pkgs = []
-+ except yum.Errors.RepoError, e:
-+ raise queryError(e)
- else:
- what = self.options.pkgnarrow
- ygh = self.doPackageLists(what, **kwargs)
-@@ -848,6 +883,8 @@ class YumBaseQuery(yum.YumBase):
+@@ -848,6 +882,8 @@ class YumBaseQuery(yum.YumBase):
matches = yum.YumBase.searchPackageProvides(self, [str(depstring)])
provider = matches.keys()
# provider.extend(yum.YumBase.returnPackagesByDep(self, depstring))
@@ -3082,7 +4128,7 @@ index a3bb111..64976ec 100755
except yum.Errors.YumBaseError, err:
self.logger.error("No package provides %s" % depstring)
return self.queryPkgFactory(provider)
-@@ -1008,12 +1045,12 @@ class YumBaseQuery(yum.YumBase):
+@@ -1008,12 +1044,12 @@ class YumBaseQuery(yum.YumBase):
def fmt_whatrequires(self, name, **kw):
pkgs = {}
@@ -3097,7 +4143,7 @@ index a3bb111..64976ec 100755
provs = [name]
-@@ -1054,10 +1091,21 @@ class YumBaseQuery(yum.YumBase):
+@@ -1054,10 +1090,21 @@ class YumBaseQuery(yum.YumBase):
def fmt_requires(self, name, **kw):
pkgs = {}
@@ -3120,7 +4166,7 @@ index a3bb111..64976ec 100755
return pkgs.values()
def fmt_location(self, name):
-@@ -1070,6 +1118,44 @@ class YumBaseQuery(yum.YumBase):
+@@ -1070,6 +1117,44 @@ class YumBaseQuery(yum.YumBase):
loc.append("%s/%s" % (repo.urls[0], pkg['relativepath']))
return loc
@@ -3165,7 +4211,7 @@ index a3bb111..64976ec 100755
def main(args):
-@@ -1198,6 +1284,10 @@ def main(args):
+@@ -1198,6 +1283,10 @@ def main(args):
parser.add_option("--search-fields", action="append", dest="searchfields",
default=[],
help="search fields to search using --search")
@@ -3176,7 +4222,7 @@ index a3bb111..64976ec 100755
(opts, regexs) = parser.parse_args()
-@@ -1261,9 +1351,10 @@ def main(args):
+@@ -1261,9 +1350,10 @@ def main(args):
if opts.srpm:
needsource = 1
if opts.whatrequires:
@@ -3188,7 +4234,7 @@ index a3bb111..64976ec 100755
if opts.whatprovides:
sackops.append("whatprovides")
if opts.whatobsoletes:
-@@ -1280,7 +1371,6 @@ def main(args):
+@@ -1280,7 +1370,6 @@ def main(args):
needgroup = 1
if opts.installed:
opts.pkgnarrow = 'installed'
@@ -3196,7 +4242,7 @@ index a3bb111..64976ec 100755
if opts.nevra:
pkgops.append("nevra")
-@@ -1303,6 +1393,13 @@ def main(args):
+@@ -1303,6 +1392,13 @@ def main(args):
repoq = YumBaseQuery(pkgops, sackops, opts)
@@ -3210,7 +4256,7 @@ index a3bb111..64976ec 100755
# silence initialisation junk from modules etc unless verbose mode
initnoise = (not opts.quiet) * 2
repoq.preconf.releasever = opts.releasever
-@@ -1312,7 +1409,26 @@ def main(args):
+@@ -1312,7 +1408,26 @@ def main(args):
repoq.preconf.fn = opts.conffile
repoq.preconf.debuglevel = initnoise
repoq.preconf.init_plugins = opts.plugins
@@ -3218,7 +4264,7 @@ index a3bb111..64976ec 100755
+ repoq.preconf.root = opts.installroot
+ try:
+ repoq.conf
-+ except YumBaseError, e:
++ except yum.Errors.YumBaseError, e:
+ repoq.logger.error(e)
+ sys.exit(1)
+
@@ -3238,7 +4284,7 @@ index a3bb111..64976ec 100755
if opts.repofrompath:
# setup the fake repos
-@@ -1327,8 +1443,13 @@ def main(args):
+@@ -1327,8 +1442,13 @@ def main(args):
else:
baseurl = repopath
@@ -3254,7 +4300,7 @@ index a3bb111..64976ec 100755
if not opts.quiet:
repoq.logger.info( "Added %s repo from %s" % (repoid,repopath))
-@@ -1359,6 +1480,13 @@ def main(args):
+@@ -1359,6 +1479,13 @@ def main(args):
if opts.show_dupes:
repoq.conf.showdupesfromrepos = True
@@ -3268,7 +4314,7 @@ index a3bb111..64976ec 100755
if opts.repoid:
found_repos = set()
for repo in repoq.repos.findRepos('*'):
-@@ -1380,6 +1508,14 @@ def main(args):
+@@ -1380,6 +1507,14 @@ def main(args):
for repo in repoq.repos.findRepos(repo_match):
repo.enable()
@@ -3283,17 +4329,15 @@ index a3bb111..64976ec 100755
try:
if not hasattr(repoq, 'arch'):
repoq.doSackSetup(archlist=archlist)
-@@ -1396,10 +1532,15 @@ def main(args):
+@@ -1396,10 +1531,12 @@ def main(args):
except (yum.Errors.RepoError, yum.Errors.GroupsError), e:
repoq.logger.error(e)
sys.exit(1)
+
try:
repoq.runQuery(regexs)
-+ except yum.Errors.RepoError, e:
-+ repoq.logger.error(e)
-+ sys.exit(1)
- except queryError, e:
+- except queryError, e:
++ except (yum.Errors.RepoError, yum.Errors.MiscError, queryError), e:
repoq.logger.error(e)
+ sys.exit(1)
@@ -3851,7 +4895,7 @@ index d7a37c3..b9e682a 100755
for d in rpm.ds(spec.sourceHeader, 'requires'):
buildreqs.append(d.DNEVR()[2:])
diff --git a/yum-complete-transaction.py b/yum-complete-transaction.py
-index c5074ab..3a9f305 100755
+index c5074ab..6b01e4e 100755
--- a/yum-complete-transaction.py
+++ b/yum-complete-transaction.py
@@ -8,11 +8,11 @@
@@ -3869,7 +4913,15 @@ index c5074ab..3a9f305 100755
import sys
sys.path.insert(0,'/usr/share/yum-cli')
-@@ -93,7 +93,7 @@ except ImportError:
+@@ -21,6 +21,7 @@ import yum
+ from yum.misc import setup_locale
+
+ from utils import YumUtilBase
++from yum.constants import TS_REMOVE_STATES
+
+ import logging
+ import os
+@@ -93,7 +94,7 @@ except ImportError:
return to_complete_items
class YumCompleteTransaction(YumUtilBase):
@@ -3878,7 +4930,7 @@ index c5074ab..3a9f305 100755
VERSION = '1.0'
USAGE = """
yum-complete-transaction: completes unfinished yum transactions which occur due to error, failure
-@@ -115,7 +115,8 @@ class YumCompleteTransaction(YumUtilBase):
+@@ -115,7 +116,8 @@ class YumCompleteTransaction(YumUtilBase):
else:
self.optparser_grp = self.optparser
self.addCmdOptions()
@@ -3888,6 +4940,19 @@ index c5074ab..3a9f305 100755
def clean_up_ts_files(self, timestamp, path, disable=False):
+@@ -203,6 +205,12 @@ class YumCompleteTransaction(YumUtilBase):
+ if action == 'erase':
+ (e, m, u) = self.rpmdb.matchPackageNames([pkgspec])
+ for pkg in e:
++ pkgtuple = (pkg.name, pkg.arch, pkg.epoch, pkg.ver, pkg.rel)
++ # Skip processing if already marked as the one to be removed.
++ # This will elimate issue with tx_member removal when package
++ # marked as: 'ud' out of of "install" journal's entry
++ if self.tsInfo.getMembersWithState(pkgtuple, TS_REMOVE_STATES):
++ continue
+ self.remove(po=pkg)
+
+
diff --git a/yum-config-manager.py b/yum-config-manager.py
index 50f5123..08c17db 100755
--- a/yum-config-manager.py
@@ -4285,7 +5350,7 @@ index 1d37231..65bff76 100644
# mode: shell-script
# sh-basic-offset: 4
diff --git a/yum-utils.spec b/yum-utils.spec
-index ce7fb64..6d6d699 100644
+index ce7fb64..de6fbfd 100644
--- a/yum-utils.spec
+++ b/yum-utils.spec
@@ -1,4 +1,11 @@
@@ -4345,7 +5410,28 @@ index ce7fb64..6d6d699 100644
%package -n yum-plugin-merge-conf
Summary: Yum plugin to merge configuration changes when installing packages
-@@ -290,7 +288,7 @@ This plugin allows the user to run arbitrary actions immediately following a
+@@ -157,20 +155,6 @@ This yum plugin adds the "--merge-conf" command line option. With this option,
+ Yum will ask you what to do with config files which have changed on updating a
+ package.
+
+-%package -n yum-plugin-security
+-Summary: Yum plugin to enable security filters
+-Group: System Environment/Base
+-Provides: yum-security = %{version}-%{release}
+-Obsoletes: yum-security < 1.1.20-0
+-Conflicts: yum-security < 1.1.20-0
+-Requires: yum >= 3.2.18
+-
+-%description -n yum-plugin-security
+-This plugin adds the options --security, --cve, --bz and --advisory flags
+-to yum and the list-security and info-security commands.
+-The options make it possible to limit list/upgrade of packages to specific
+-security relevant ones. The commands give you the security information.
+-
+ %package -n yum-plugin-upgrade-helper
+ Summary: Yum plugin to help upgrades to the next distribution version
+ Group: System Environment/Base
+@@ -290,7 +274,7 @@ This plugin allows the user to run arbitrary actions immediately following a
transaction when specified packages are changed.
%package -n yum-NetworkManager-dispatcher
@@ -4354,7 +5440,7 @@ index ce7fb64..6d6d699 100644
Group: System Environment/Base
Requires: yum >= 3.2.17
-@@ -352,6 +350,7 @@ repo. removes it (and can thus. be reinstalled/downgraded/etc.).
+@@ -352,6 +336,7 @@ repo. removes it (and can thus. be reinstalled/downgraded/etc.).
Summary: Yum plugin to automatically snapshot your filesystems during updates
Group: System Environment/Base
Requires: yum >= 3.2.22
@@ -4362,7 +5448,7 @@ index ce7fb64..6d6d699 100644
%description -n yum-plugin-fs-snapshot
When this plugin is installed it will automatically snapshot any
-@@ -395,9 +394,7 @@ plugins="\
+@@ -395,11 +380,8 @@ plugins="\
protectbase \
versionlock \
tsflags \
@@ -4370,9 +5456,11 @@ index ce7fb64..6d6d699 100644
priorities \
- refresh-updatesd \
merge-conf \
- security \
+- security \
upgrade-helper \
-@@ -418,14 +415,20 @@ plugins="\
+ aliases \
+ list-data \
+@@ -418,14 +400,20 @@ plugins="\
puppetverify \
"
@@ -4396,7 +5484,7 @@ index ce7fb64..6d6d699 100644
done
install -m 644 aliases/aliases $RPM_BUILD_ROOT/%{_sysconfdir}/yum/aliases.conf
install -m 644 versionlock/versionlock.list $RPM_BUILD_ROOT/%{_sysconfdir}/yum/pluginconf.d/
-@@ -469,8 +472,8 @@ fi
+@@ -469,8 +457,8 @@ fi
%{_bindir}/yum-builddep
%{_bindir}/yum-config-manager
%{_bindir}/yum-debug-dump
@@ -4406,7 +5494,7 @@ index ce7fb64..6d6d699 100644
%{_bindir}/show-installed
%{_bindir}/show-changed-rco
%{_sbindir}/yum-complete-transaction
-@@ -487,10 +490,19 @@ fi
+@@ -487,10 +475,19 @@ fi
%{_mandir}/man1/show-installed.1.*
%{_mandir}/man1/yum-builddep.1.*
%{_mandir}/man1/yum-debug-dump.1.*
@@ -4426,7 +5514,7 @@ index ce7fb64..6d6d699 100644
%files -n yum-updateonboot
%defattr(-, root, root)
-@@ -502,7 +514,7 @@ fi
+@@ -502,7 +499,7 @@ fi
%defattr(-, root, root)
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/changelog.conf
%doc COPYING
@@ -4435,7 +5523,7 @@ index ce7fb64..6d6d699 100644
%{_mandir}/man1/yum-changelog.1.*
%{_mandir}/man5/yum-changelog.conf.5.*
-@@ -510,20 +522,20 @@ fi
+@@ -510,20 +507,20 @@ fi
%defattr(-, root, root)
%doc COPYING
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/fastestmirror.conf
@@ -4459,7 +5547,7 @@ index ce7fb64..6d6d699 100644
%{_mandir}/man1/yum-versionlock.1.*
%{_mandir}/man5/yum-versionlock.conf.5.*
-@@ -531,85 +543,81 @@ fi
+@@ -531,85 +528,74 @@ fi
%defattr(-, root, root)
%doc COPYING
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/tsflags.conf
@@ -4493,15 +5581,14 @@ index ce7fb64..6d6d699 100644
%doc COPYING
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/merge-conf.conf
-/usr/lib/yum-plugins/merge-conf.*
-+%{pluginhome}/merge-conf.*
-
- %files -n yum-plugin-security
- %defattr(-, root, root)
- %doc COPYING
- %config(noreplace) %{_sysconfdir}/yum/pluginconf.d/security.conf
+-
+-%files -n yum-plugin-security
+-%defattr(-, root, root)
+-%doc COPYING
+-%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/security.conf
-/usr/lib/yum-plugins/security.*
-+%{pluginhome}/security.*
- %{_mandir}/man8/yum-security.8.*
+-%{_mandir}/man8/yum-security.8.*
++%{pluginhome}/merge-conf.*
%files -n yum-plugin-upgrade-helper
%defattr(-, root, root)
@@ -4559,7 +5646,7 @@ index ce7fb64..6d6d699 100644
%files -n yum-NetworkManager-dispatcher
%defattr(-, root, root)
-@@ -619,13 +627,13 @@ fi
+@@ -619,13 +605,13 @@ fi
%files -n yum-plugin-remove-with-leaves
%defattr(-, root, root)
%doc COPYING
@@ -4575,7 +5662,7 @@ index ce7fb64..6d6d699 100644
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/post-transaction-actions.conf
%doc plugins/post-transaction-actions/sample.action
# Default *.action file dropping dir.
-@@ -634,19 +642,19 @@ fi
+@@ -634,19 +620,19 @@ fi
%files -n yum-plugin-rpm-warm-cache
%defattr(-, root, root)
%doc COPYING
@@ -4598,7 +5685,7 @@ index ce7fb64..6d6d699 100644
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/show-leaves.conf
%files -n yum-plugin-local
-@@ -654,13 +662,13 @@ fi
+@@ -654,13 +640,13 @@ fi
%doc COPYING
%ghost %{_sysconfdir}/yum.repos.d/_local.repo
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/local.conf
@@ -4614,7 +5701,7 @@ index ce7fb64..6d6d699 100644
%{_mandir}/man1/yum-fs-snapshot.1.*
%{_mandir}/man5/yum-fs-snapshot.conf.5.*
-@@ -668,13 +676,13 @@ fi
+@@ -668,13 +654,13 @@ fi
%defattr(-, root, root)
%doc COPYING
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/ps.conf
diff --git a/yum-utils.spec b/yum-utils.spec
index ffa44e6..0bfb765 100644
--- a/yum-utils.spec
+++ b/yum-utils.spec
@@ -10,7 +10,7 @@
Summary: Utilities based around the yum package manager
Name: yum-utils
Version: 1.1.31
-Release: 18%{?dist}
+Release: 19%{?dist}
License: GPLv2+
Group: Development/Tools
Source: http://yum.baseurl.org/download/yum-utils/%{name}-%{version}.tar.gz
@@ -155,20 +155,6 @@ This yum plugin adds the "--merge-conf" command line option. With this option,
Yum will ask you what to do with config files which have changed on updating a
package.
-%package -n yum-plugin-security
-Summary: Yum plugin to enable security filters
-Group: System Environment/Base
-Provides: yum-security = %{version}-%{release}
-Obsoletes: yum-security < 1.1.20-0
-Conflicts: yum-security < 1.1.20-0
-Requires: yum >= 3.2.18
-
-%description -n yum-plugin-security
-This plugin adds the options --security, --cve, --bz and --advisory flags
-to yum and the list-security and info-security commands.
-The options make it possible to limit list/upgrade of packages to specific
-security relevant ones. The commands give you the security information.
-
%package -n yum-plugin-upgrade-helper
Summary: Yum plugin to help upgrades to the next distribution version
Group: System Environment/Base
@@ -396,7 +382,6 @@ plugins="\
tsflags \
priorities \
merge-conf \
- security \
upgrade-helper \
aliases \
list-data \
@@ -565,13 +550,6 @@ fi
%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/merge-conf.conf
%{pluginhome}/merge-conf.*
-%files -n yum-plugin-security
-%defattr(-, root, root)
-%doc COPYING
-%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/security.conf
-%{pluginhome}/security.*
-%{_mandir}/man8/yum-security.8.*
-
%files -n yum-plugin-upgrade-helper
%defattr(-, root, root)
%doc COPYING
@@ -685,6 +663,18 @@ fi
%{pluginhome}/puppetverify.*
%changelog
+* Fri Dec 13 2013 Zdenek Pavlas <zpavlas at redhat.com> - 1.1.31-19
+- Update to latest HEAD
+- Don't remove pkgs which are already removals (Eg. via. updates). BZ 1013475.
+- remove yum-plugin-security. BZ 1002491
+- repoquery: handle MiscError. BZ 808500
+- repoquery: handle Yum exceptions on .conf setup. BZ 996027, 982043
+- needs-restarting: don't trigger abrt on repo errors. BZ 1017600
+- repoquery --whatrequires/--whatprovides: handle MiscError. BZ 1024783
+- fastestmirror: Less verbose mirror filtering. BZ 1036121
+- Remove -v from repoquery man page.
+- repoquery -i: Add License. BZ 1040478
+
* Fri Sep 27 2013 Zdenek Pavlas <zpavlas at redhat.com> - 1.1.31-18
- Update to latest HEAD
- repoquery: handle Yum exceptions on .conf setup. BZ 996027
More information about the scm-commits
mailing list