From 66a37245e82c60b972ee35879f9c29c27466a27b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 25 Jul 2022 12:44:17 +0200
Subject: [PATCH] Don't include resolved advisories for obsoletes with sec.
 filters (RhBug:2101421)

This makes the obsoletes security filters consistent with upgrade
security filters.

This API is used from check-update and from Info and List commands.
- For check-update we don't want to include resolved advisories to have
  identical result to the actual update. That is bz2101421 use case.
- For Info and List commands the --obsoletes switch: "List packages
  installed on the system that are obsoleted by packages in any known
  repository." Given this specification in makes sense not to
  consider resolved advisories when we also use security filters.

There is still a general case when someone uses the API or any potential
future use and I think it is best to have the behavior unified for
"upgrades" and "obsoletes".

= changelog =
msg:           Don't include resolved advisories for obsoletes filtering with security filters
type:          bugfix
resolves:      https://bugzilla.redhat.com/show_bug.cgi?id=2101421

Tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/1134
---
 dnf/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnf/base.py b/dnf/base.py
index e606d9fa..e623d98e 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1565,7 +1565,7 @@ class Base(object):
             obsoletes = query_for_repo(
                 self.sack.query()).filter(obsoletes_by_priority=inst)
             # reduce a query to security upgrades if they are specified
-            obsoletes = self._merge_update_filters(obsoletes, warning=False)
+            obsoletes = self._merge_update_filters(obsoletes, warning=False, upgrade=True)
             obsoletesTuples = []
             for new in obsoletes:
                 obsoleted_reldeps = new.obsoletes
-- 
2.37.1