Blame SOURCES/BZ-1002491-remove-security-plugin.patch

745899
commit a5c7a3011bb9d2497c980791111389d226445281
745899
Author: Zdenek Pavlas <zpavlas@redhat.com>
745899
Date:   Thu Oct 3 14:15:11 2013 +0200
745899
745899
    remove yum-plugin-security. BZ 1002491
745899
    
745899
    This functionality is now implemented in core (yum updateinfo).
745899
745899
diff --git a/docs/Makefile b/docs/Makefile
745899
index acb8559..481f0f3 100644
745899
--- a/docs/Makefile
745899
+++ b/docs/Makefile
745899
@@ -5,7 +5,7 @@ DOCS = repoquery package-cleanup repo-rss yumdownloader yum-builddep yum-changel
745899
        find-repos-of-install needs-restarting repo-graph repoclosure \
745899
        repomanage repotrack verifytree yum-config-manager
745899
 DOCS5 = yum-changelog.conf yum-versionlock.conf yum-fs-snapshot.conf
745899
-DOCS8 = yum-security yum-complete-transaction yumdb
745899
+DOCS8 = yum-complete-transaction yumdb
745899
 
745899
 all:
745899
 	echo "Nothing to do"
745899
diff --git a/docs/yum-security.8 b/docs/yum-security.8
745899
deleted file mode 100644
745899
index c7d9c8b..0000000
745899
--- a/docs/yum-security.8
745899
+++ /dev/null
745899
@@ -1,190 +0,0 @@
745899
-.\" yum security plugin
745899
-.TH "yum-security" "8" "12 April 2007" "James Antill" ""
745899
-.SH "NAME"
745899
-yum security plugin
745899
-.SH "SYNOPSIS"
745899
-\fByum\fP [options] [command] [package ...]
745899
-.SH "DESCRIPTION"
745899
-.PP 
745899
-This plugin extends \fByum\fP to allow lists and updates to be limited using security relevant criteria.
745899
-.PP 
745899
-Added yum \fIcommand\fPs are:
745899
-.br 
745899
-.I \fR yum update-minimal
745899
-.PP 
745899
-This works like the update command, but if you have the package foo-1
745899
-installed and have foo-2 and foo-3 available with updateinfo.xml then
745899
-update-minimal will update you to foo-3.
745899
-.br 
745899
-.I \fR yum updateinfo info
745899
-.br 
745899
-.I \fR yum updateinfo list
745899
-.br 
745899
-.I \fR yum updateinfo summary
745899
-.PP 
745899
-All of the last three take these \fIsub-command\fPs:
745899
-.br 
745899
-.I \fR yum updateinfo * all
745899
-.br 
745899
-.I \fR yum updateinfo * available
745899
-.br 
745899
-.I \fR yum updateinfo * installed
745899
-.br 
745899
-.I \fR yum updateinfo * updates
745899
-.PP 
745899
-and then:
745899
-.br 
745899
-.I \fR * <advisory> [advisory...]
745899
-.br 
745899
-.I \fR * <package>
745899
-.br 
745899
-.I \fR * bugzillas
745899
-.br 
745899
-.I \fR * cves
745899
-.br 
745899
-.I \fR * enhancement
745899
-.br 
745899
-.I \fR * security
745899
-.br 
745899
-.I \fR * new-packages
745899
-.br 
745899
-.br 
745899
-.PP
745899
-.IP "\fBall\fP"
745899
-Is used to display information about both install and available advisories.
745899
-.PP
745899
-.IP "\fBavailable\fP"
745899
-Is used to display information about just available advisories. This is the
745899
-default.
745899
-.PP
745899
-.IP "\fBinstalled\fP"
745899
-Is used to display information about just install advisories.
745899
-.PP
745899
-.IP "\fBupdates\fP"
745899
-This is mostly the same as "available" but it only shows advisory information
745899
-for packages that can be updated to.
745899
-.PP
745899
-.IP "\fB<advisory> [advisory...]\fP"
745899
-Is used to display information about one or more advisories.
745899
-.PP 
745899
-.IP "\fB<package> [package...]\fP"
745899
-Is used to display information about one or more packages.
745899
-.PP 
745899
-.IP "\fBlist\fP"
745899
-Is used to list all of the relevant errata notice information, from the
745899
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
745899
-new.
745899
-.PP 
745899
-.IP "\fBinfo\fP"
745899
-Is used to show all the errata notice information, from the
745899
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
745899
-new.
745899
-.PP 
745899
-.IP "\fBlist\fP"
745899
-Is used to list all of the relevant errata notice information, from the
745899
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
745899
-new.
745899
-.IP 
745899
-.IP "\fBbugzillas / bzs\fP"
745899
-Is the subset of the updateinfo information, pertaining to the bugzillas.
745899
-.IP 
745899
-.IP "\fBcves\fP"
745899
-Is the subset of the updateinfo information, pertaining to the CVEs.
745899
-.IP 
745899
-.IP "\fBsecurity / sec\fP"
745899
-Is the subset of the updateinfo information, pertaining to security.
745899
-.IP "\fBbugfix\fP"
745899
-Is the subset of the updateinfo information, pertaining to bugfixes.
745899
-.IP "\fBenhancement\fP"
745899
-Is the subset of the updateinfo information, pertaining to enhancements.
745899
-.IP "\fBrecommended\fP"
745899
-Is the subset of the updateinfo information, pertaining to recommended updates.
745899
-.IP "\fBnew-packages\fP"
745899
-Is the subset of the updateinfo information, pertaining to new packages. These
745899
-are packages which weren't available at the initial release of your
745899
-distribution.
745899
-.IP
745899
-.PP
745899
-.SH "GENERAL OPTIONS"
745899
-There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:
745899
-.PP 
745899
-.IP "\fB\-\-advisory\fP"
745899
-This option includes packages corresponding to the advisory ID, Eg. FEDORA-2201-123.
745899
-.IP "\fB\-\-bz\fP"
745899
-This option includes packages that say they fix a Bugzilla ID, Eg. 123.
745899
-.IP "\fB\-\-cve\fP"
745899
-This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
745899
-.IP "\fB\-\-bugfixes\fP"
745899
-This option includes packages that say they fix a bugfix issue.
745899
-.IP "\fB\-\-security\fP"
745899
-This option includes packages that say they fix a security issue.
745899
-.PP
745899
-.PP
745899
-
745899
-.SH "EXAMPLES"
745899
-.PP
745899
-To list all updates that are security relevant, and get a return code on whether there are security updates use:
745899
-.IP
745899
-yum \-\-security check-update
745899
-.PP
745899
-To upgrade packages that have security errata (upgrades to the latest
745899
-available package) use:
745899
-.IP
745899
-yum \-\-security update
745899
-.PP
745899
-To upgrade packages that have security errata (upgrades to the last
745899
-security errata package) use:
745899
-.IP
745899
-yum \-\-security update-minimal
745899
-.PP
745899
-To get a list of all BZs that are fixed for packages you have installed use:
745899
-.IP
745899
-yum updateinfo list bugzillas
745899
-.PP
745899
-To get a list of all security advisories, including the ones you have already
745899
-installed use:
745899
-.IP
745899
-yum updateinfo list all security
745899
-.PP
745899
-To get the information on advisory FEDORA-2707-4567 use:
745899
-.IP
745899
-yum updateinfo info FEDORA-2707-4567
745899
-.PP
745899
-To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
745899
-.IP
745899
-yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update
745899
-.PP
745899
-To update to the packages which just update Bugzillas 123, 456 and 789; and all security updates use:
745899
-.IP
745899
-yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update-minimal
745899
-.PP
745899
-To get an info list of the latest packages which contain fixes for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:
745899
-.IP
745899
-yum \-\-bz 123 \-\-cve CVE-2207-0123 \-\-cve CVE-2207-3210 \-\-advisory FEDORA-2707-4567 \-\-advisory FEDORA-2707-7654 info updates
745899
-.PP
745899
-To get a list of packages which are "new".
745899
-.IP
745899
-yum updateinfo list new
745899
-.PP
745899
-To get a summary of advisories you haven't installed yet use:
745899
-.IP
745899
-yum updateinfo summary
745899
-
745899
-
745899
-.SH "SEE ALSO"
745899
-.nf
745899
-.I yum (8)
745899
-.I yum.conf (5)
745899
-.fi
745899
-
745899
-.SH "AUTHORS"
745899
-.nf
745899
-James Antill <james.antill@redhat.com>.
745899
-.fi
745899
-
745899
-.SH "BUGS"
745899
-The update-minimal command ignores the \-\-obsoletes flag.
745899
-
745899
-The update-minimal command can only directly affect things atm., so if you update pkgA minimally but that requires an update to pkgB then pkgB will be updated to the newest version by the depsolver. Also the above will happen even if you've also minimally updated pkgB, if either the direct (minimal) update for pkgB happens after or if the minimal update for pkgB doesn't satisfy the requirements of pkgA.
745899
-
745899
-The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "\-\-bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.
745899
diff --git a/plugins/security/security.conf b/plugins/security/security.conf
745899
deleted file mode 100644
745899
index 8e4d76c..0000000
745899
--- a/plugins/security/security.conf
745899
+++ /dev/null
745899
@@ -1,2 +0,0 @@
745899
-[main]
745899
-enabled=1
745899
diff --git a/plugins/security/security.py b/plugins/security/security.py
745899
deleted file mode 100755
745899
index a60cf9b..0000000
745899
--- a/plugins/security/security.py
745899
+++ /dev/null
745899
@@ -1,892 +0,0 @@
745899
-#! /usr/bin/python -tt
745899
-# This program is free software; you can redistribute it and/or modify
745899
-# it under the terms of the GNU General Public License as published by
745899
-# the Free Software Foundation; either version 2 of the License, or
745899
-# (at your option) any later version.
745899
-#
745899
-# This program is distributed in the hope that it will be useful,
745899
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
745899
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
745899
-# GNU Library General Public License for more details.
745899
-#
745899
-# You should have received a copy of the GNU General Public License
745899
-# along with this program; if not, write to the Free Software
745899
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
745899
-#
745899
-#
745899
-# Copyright Red Hat Inc. 2007, 2008
745899
-#
745899
-# Author: James Antill <james.antill@redhat.com>
745899
-#
745899
-# Examples:
745899
-#
745899
-#  yum --security info updates
745899
-#  yum --security list updates
745899
-#  yum --security check-update
745899
-#  yum --security update
745899
-#
745899
-# yum --cve CVE-2007-1667      <cmd>
745899
-# yum --bz  235374 --bz 234688 <cmd>
745899
-# yum --advisory FEDORA-2007-420 --advisory FEDORA-2007-346 <cmd>
745899
-#
745899
-# yum list-updateinfo
745899
-# yum list-updateinfo bugzillas / bzs
745899
-# yum list-updateinfo cves
745899
-# yum list-updateinfo security / sec
745899
-# yum list-updateinfo new
745899
-#
745899
-# yum summary-updateinfo
745899
-#
745899
-# yum update-minimal --security
745899
-
745899
-import yum
745899
-import fnmatch
745899
-from yum.plugins import TYPE_INTERACTIVE
745899
-from yum.update_md import UpdateMetadata
745899
-import logging # for commands
745899
-
745899
-from yum.constants import *
745899
-
745899
-import rpmUtils.miscutils
745899
-
745899
-requires_api_version = '2.5'
745899
-plugin_type = (TYPE_INTERACTIVE,)
745899
-__package_name__ = "yum-plugin-security"
745899
-
745899
-# newpackages is weird, in that we'll never display that because we filter to
745899
-# things relevant to installed pkgs...
745899
-__update_info_types__ = ("security", "bugfix", "enhancement",
745899
-                         "recommended", "newpackage")
745899
-
745899
-def _rpm_tup_vercmp(tup1, tup2):
745899
-    """ Compare two "std." tuples, (n, a, e, v, r). """
745899
-    return rpmUtils.miscutils.compareEVR((tup1[2], tup1[3], tup1[4]),
745899
-                                         (tup2[2], tup2[3], tup2[4]))
745899
-
745899
-class CliError(yum.Errors.YumBaseError):
745899
-
745899
-    """
745899
-    Command line interface related Exception.
745899
-    """
745899
-
745899
-    def __init__(self, args=''):
745899
-        yum.Errors.YumBaseError.__init__(self)
745899
-        self.args = args
745899
-
745899
-def ysp_gen_metadata(repos):
745899
-    """ Generate the info. from the updateinfo.xml files. """
745899
-    md_info = UpdateMetadata()
745899
-    for repo in repos:
745899
-        if not repo.enabled:
745899
-            continue
745899
-        
745899
-        try: # attempt to grab the updateinfo.xml.gz from the repodata
745899
-            md_info.add(repo)
745899
-        except yum.Errors.RepoMDError:
745899
-            continue # No metadata found for this repo
745899
-    return md_info
745899
-
745899
-def ysp__safe_refs(refs):
745899
-    """ Sometimes refs == None, if so return the empty list here. 
745899
-        So we don't have to check everywhere. """
745899
-    if refs == None:
745899
-        return []
745899
-    return refs
745899
-
745899
-def _match_sec_cmd(sec_cmds, pkgname, notice):
745899
-    for i in sec_cmds:
745899
-        if fnmatch.fnmatch(pkgname, i):
745899
-            return i
745899
-        if notice['update_id'] == i:
745899
-            return i
745899
-    return None
745899
-
745899
-def _has_id(used_map, refs, ref_type, ref_ids):
745899
-    ''' Check if the given ID is a match. '''
745899
-    for ref in ysp__safe_refs(refs):
745899
-        if ref['type'] != ref_type:
745899
-            continue
745899
-        if ref['id'] not in ref_ids:
745899
-            continue
745899
-        used_map[ref_type][ref['id']] = True
745899
-        return ref
745899
-    return None
745899
-    
745899
-def ysp_should_filter_pkg(opts, pkgname, notice, used_map):
745899
-    """ Do the package filtering for should_show and should_keep. """
745899
-    
745899
-    rcmd = _match_sec_cmd(opts.sec_cmds, pkgname, notice)
745899
-    if rcmd:
745899
-        used_map['cmd'][rcmd] = True
745899
-        return True
745899
-    elif opts.advisory and notice['update_id'] in opts.advisory:
745899
-        used_map['id'][notice['update_id']] = True
745899
-        return True
745899
-    elif (opts.severity and notice['type'] == 'security' and
745899
-          notice['severity'] in opts.severity):
745899
-        used_map['sev'][notice['severity']] = True
745899
-        return True
745899
-    elif opts.cve and _has_id(used_map, notice['references'], "cve", opts.cve):
745899
-        return True
745899
-    elif opts.bz and _has_id(used_map, notice['references'],"bugzilla",opts.bz):
745899
-        return True
745899
-    # FIXME: Add opts for enhancement/etc.? -- __update_info_types__
745899
-    elif (opts.security and notice['type'] == 'security' and
745899
-          (not opts.severity or 'severity' not in notice or
745899
-           not notice['severity'])):
745899
-        return True
745899
-    elif opts.bugfixes and notice['type'] == 'bugfix':
745899
-        return True
745899
-    elif not (opts.advisory or opts.cve or opts.bz or
745899
-              opts.security or opts.bugfixes or opts.sec_cmds or opts.severity):
745899
-        return True # This is only possible from should_show_pkg
745899
-    return False
745899
-
745899
-def ysp_has_info_md(rname, md):
745899
-    if rname in __update_info_types__:
745899
-        if md['type'] == rname:
745899
-            return md
745899
-    for ref in ysp__safe_refs(md['references']):
745899
-        if ref['type'] != rname:
745899
-            continue
745899
-        return md
745899
-
745899
-def ysp_gen_used_map(opts):
745899
-    used_map = {'bugzilla' : {}, 'cve' : {}, 'id' : {}, 'cmd' : {}, 'sev' : {}}
745899
-    for i in opts.sec_cmds:
745899
-        used_map['cmd'][i] = False
745899
-    for i in opts.advisory:
745899
-        used_map['id'][i] = False
745899
-    for i in opts.bz:
745899
-        used_map['bugzilla'][i] = False
745899
-    for i in opts.cve:
745899
-        used_map['cve'][i] = False
745899
-    for i in opts.severity:
745899
-        used_map['sev'][i] = False
745899
-    return used_map
745899
-
745899
-def ysp_chk_used_map(used_map, msg):
745899
-    for i in used_map['cmd']:
745899
-        if not used_map['cmd'][i]:
745899
-            msg('No update information found for \"%s\"' % i)
745899
-    for i in used_map['id']:
745899
-        if not used_map['id'][i]:
745899
-            msg('Advisory \"%s\" not found applicable for this system' % i)
745899
-    for i in used_map['bugzilla']:
745899
-        if not used_map['bugzilla'][i]:
745899
-            msg('BZ \"%s\" not found applicable for this system' % i)
745899
-    for i in used_map['cve']:
745899
-        if not used_map['cve'][i]:
745899
-            msg('CVE \"%s\" not found applicable for this system' % i)
745899
-    for i in used_map['sev']:
745899
-        if not used_map['sev'][i]:
745899
-            msg('Severity \"%s\" not found applicable for this system' % i)
745899
-
745899
-class UpdateinfoCommand:
745899
-    # Old command names...
745899
-    direct_cmds = {'list-updateinfo'    : 'list',
745899
-                   'list-security'      : 'list',
745899
-                   'list-sec'           : 'list',
745899
-                   'info-updateinfo'    : 'info',
745899
-                   'info-security'      : 'info',
745899
-                   'info-sec'           : 'info',
745899
-                   'summary-updateinfo' : 'summary'}
745899
-
745899
-    #  Note that this code (instead of using inheritance and multiple
745899
-    # cmd classes) means that "yum help" only displays the updateinfo command.
745899
-    # Which is what we want, because the other commands are just backwards
745899
-    # compatible gunk we don't want the user using).
745899
-    def getNames(self):
745899
-        return ['updateinfo'] + sorted(self.direct_cmds.keys())
745899
-
745899
-    def getUsage(self):
745899
-        return "[info|list|...] [security|...] [installed|available|all] [pkgs|id]"
745899
-
745899
-    def getSummary(self):
745899
-        return "Acts on repository update information"
745899
-
745899
-    def doCheck(self, base, basecmd, extcmds):
745899
-        pass
745899
-
745899
-    def list_show_pkgs(self, base, md_info, list_type, show_type,
745899
-                       iname2tup, data, msg):
745899
-        n_maxsize = 0
745899
-        r_maxsize = 0
745899
-        t_maxsize = 0
745899
-        for (notice, pkgtup, pkg) in data:
745899
-            n_maxsize = max(len(notice['update_id']), n_maxsize)
745899
-            tn = notice['type']
745899
-            if tn == 'security' and notice['severity']:
745899
-                tn = notice['severity'] + '/Sec.'
745899
-            t_maxsize = max(len(tn),                  t_maxsize)
745899
-            if show_type:
745899
-                for ref in ysp__safe_refs(notice['references']):
745899
-                    if ref['type'] != show_type:
745899
-                        continue
745899
-                    r_maxsize = max(len(str(ref['id'])), r_maxsize)
745899
-
745899
-        for (notice, pkgtup, pkg) in data:
745899
-            mark = ''
745899
-            if list_type == 'all':
745899
-                mark = '  '
745899
-                if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
745899
-                    mark = 'i '
745899
-            tn = notice['type']
745899
-            if tn == 'security' and notice['severity']:
745899
-                tn = notice['severity'] + '/Sec.'
745899
-
745899
-            if show_type and ysp_has_info_md(show_type, notice):
745899
-                for ref in ysp__safe_refs(notice['references']):
745899
-                    if ref['type'] != show_type:
745899
-                        continue
745899
-                    msg("%s %-*s %-*s %s" % (mark, r_maxsize, str(ref['id']),
745899
-                                             t_maxsize, tn, pkg))
745899
-            elif hasattr(pkg, 'name'):
745899
-                print base.fmtKeyValFill("%s: " % pkg.name,
745899
-                                         base._enc(pkg.summary))
745899
-            else:
745899
-                msg("%s%-*s %-*s %s" % (mark, n_maxsize, notice['update_id'],
745899
-                                        t_maxsize, tn, pkg))
745899
-
745899
-    def info_show_pkgs(self, base, md_info, list_type, show_type,
745899
-                       iname2tup, data, msg):
745899
-        show_pkg_info_done = {}
745899
-        for (notice, pkgtup, pkg) in data:
745899
-            if notice['update_id'] in show_pkg_info_done:
745899
-                continue
745899
-            show_pkg_info_done[notice['update_id']] = notice
745899
-
745899
-            if hasattr(notice, 'text'):
745899
-                debug_log_lvl = yum.logginglevels.DEBUG_3
745899
-                vlog = logging.getLogger("yum.verbose.main")
745899
-                if vlog.isEnabledFor(debug_log_lvl):
745899
-                    obj = notice.text(skip_data=[])
745899
-                else:
745899
-                    obj = notice.text()
745899
-            else:
745899
-                # Python-2.4.* doesn't understand str(x) returning unicode
745899
-                obj = notice.__str__()
745899
-
745899
-            if list_type == 'all':
745899
-                if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
745899
-                    obj = obj + "\n  Installed : true"
745899
-                else:
745899
-                    obj = obj + "\n  Installed : false"
745899
-            msg(obj)
745899
-
745899
-    def summary_show_pkgs(self, base, md_info, list_type, show_type,
745899
-                          iname2tup, data, msg):
745899
-        def _msg(x):
745899
-            print x
745899
-        counts = {}
745899
-        sev_counts = {}
745899
-        show_pkg_info_done = {}
745899
-        for (notice, pkgtup, pkg) in data:
745899
-            if notice['update_id'] in show_pkg_info_done:
745899
-                continue
745899
-            show_pkg_info_done[notice['update_id']] = notice
745899
-            counts[notice['type']] = counts.get(notice['type'], 0) + 1
745899
-            if notice['type'] == 'security':
745899
-                sev = notice['severity']
745899
-                if sev is None:
745899
-                    sev = ''
745899
-                sev_counts[sev] = sev_counts.get(sev, 0) + 1
745899
-
745899
-        maxsize = 0
745899
-        for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
745899
-            if T not in counts:
745899
-                continue
745899
-            size = len(str(counts[T]))
745899
-            if maxsize < size:
745899
-                maxsize = size
745899
-        if not maxsize:
745899
-            _check_running_kernel(base, md_info, _msg)
745899
-            return
745899
-
745899
-        outT = {'newpackage' : 'New Package',
745899
-                'security' : 'Security',
745899
-                'bugfix' : 'Bugfix',
745899
-                'enhancement' : 'Enhancement'}
745899
-        print "Updates Information Summary:", list_type
745899
-        for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
745899
-            if T not in counts:
745899
-                continue
745899
-            n = outT[T]
745899
-            if T == 'security' and len(sev_counts) == 1:
745899
-                sn = sev_counts.keys()[0]
745899
-                if sn != '':
745899
-                    n = sn + " " + n
745899
-            print "    %*u %s notice(s)" % (maxsize, counts[T], n)
745899
-            if T == 'security' and len(sev_counts) != 1:
745899
-                def _sev_sort_key(key):
745899
-                    # We want these in order, from "highest" to "lowest".
745899
-                    # Anything unknown is "higher". meh.
745899
-                    return {'Critical' : "zz1",
745899
-                            'Important': "zz2",
745899
-                            'Moderate' : "zz3",
745899
-                            'Low'      : "zz4",
745899
-                            }.get(key, key)
745899
-
745899
-                for sn in sorted(sev_counts, key=_sev_sort_key):
745899
-                    args = (maxsize, sev_counts[sn],sn or '?', outT['security'])
745899
-                    print "        %*u %s %s notice(s)" % args
745899
-        _check_running_kernel(base, md_info, _msg)
745899
-        self.show_pkg_info_done = {}
745899
-
745899
-    def _get_new_pkgs(self, md_info):
745899
-        for notice in md_info.notices:
745899
-            if notice['type'] != "newpackage":
745899
-                continue
745899
-            for upkg in notice['pkglist']:
745899
-                for pkg in upkg['packages']:
745899
-                    pkgtup = (pkg['name'], pkg['arch'], pkg['epoch'] or '0',
745899
-                              pkg['version'], pkg['release'])
745899
-                    yield (notice, pkgtup)
745899
-
745899
-    _cmd2filt = {"bugzillas" : "bugzilla",
745899
-                 "bugzilla" : "bugzilla",
745899
-                 "bzs" : "bugzilla",
745899
-                 "bz" : "bugzilla",
745899
-
745899
-                 "sec" : "security",
745899
-
745899
-                 "cves" : "cve",
745899
-                 "cve" : "cve",
745899
-
745899
-                 "newpackages" : "newpackage",
745899
-                 "new-packages" : "newpackage",
745899
-                 "newpackage" : "newpackage",
745899
-                 "new-package" : "newpackage",
745899
-                 "new" : "newpackage"}
745899
-    for filt_type in __update_info_types__:
745899
-        _cmd2filt[filt_type] = filt_type
745899
-
745899
-    def doCommand(self, base, basecmd, extcmds):
745899
-        if basecmd in self.direct_cmds:
745899
-            subcommand = self.direct_cmds[basecmd]
745899
-        elif extcmds and extcmds[0] in ('list', 'info', 'summary'):
745899
-            subcommand = extcmds[0]
745899
-            extcmds = extcmds[1:]
745899
-        elif extcmds and extcmds[0] in self._cmd2filt:
745899
-            subcommand = 'list'
745899
-        elif extcmds:
745899
-            subcommand = 'info'
745899
-        else:
745899
-            subcommand = 'summary'
745899
-
745899
-        if subcommand == 'list':
745899
-            return self.doCommand_li(base, 'updateinfo list', extcmds,
745899
-                                     self.list_show_pkgs)
745899
-        if subcommand == 'info':
745899
-            return self.doCommand_li(base, 'updateinfo info', extcmds,
745899
-                                     self.info_show_pkgs)
745899
-
745899
-        if subcommand == 'summary':
745899
-            return self.doCommand_li(base, 'updateinfo summary', extcmds,
745899
-                                     self.summary_show_pkgs)
745899
-
745899
-    def doCommand_li_new(self, base, list_type, extcmds, md_info, msg,
745899
-                         show_pkgs):
745899
-        done_pkgs = set()
745899
-        data = []
745899
-        for (notice, pkgtup) in sorted(self._get_new_pkgs(md_info),
745899
-                                       key=lambda x: x[1][0]):
745899
-            if extcmds and not _match_sec_cmd(extcmds, pkgtup[0], notice):
745899
-                continue
745899
-            n = pkgtup[0]
745899
-            if n in done_pkgs:
745899
-                continue
745899
-            ipkgs = list(reversed(sorted(base.rpmdb.searchNames([n]))))
745899
-            if list_type in ('installed', 'updates') and not ipkgs:
745899
-                done_pkgs.add(n)
745899
-                continue
745899
-            if list_type == 'available' and ipkgs:
745899
-                done_pkgs.add(n)
745899
-                continue
745899
-
745899
-            pkgs = base.pkgSack.searchPkgTuple(pkgtup)
745899
-            if not pkgs:
745899
-                continue
745899
-            if list_type == "updates" and pkgs[0].verLE(ipkgs[0]):
745899
-                done_pkgs.add(n)
745899
-                continue
745899
-            done_pkgs.add(n)
745899
-            data.append((notice, pkgtup, pkgs[0]))
745899
-        show_pkgs(base, md_info, list_type, None, {}, data, msg)
745899
-
745899
-    def _parse_extcmds(self, extcmds):
745899
-        filt_type = None
745899
-        show_type = None
745899
-        if len(extcmds) >= 1:
745899
-            filt_type = None
745899
-            
745899
-            if extcmds[0] in self._cmd2filt:
745899
-                filt_type = self._cmd2filt[extcmds.pop(0)]
745899
-            show_type = filt_type
745899
-            if filt_type and filt_type in __update_info_types__:
745899
-                show_type = None
745899
-        return extcmds, show_type, filt_type
745899
-
745899
-    def doCommand_li(self, base, basecmd, extcmds, show_pkgs):
745899
-        self.repos = base.repos
745899
-        md_info = ysp_gen_metadata(self.repos.listEnabled())
745899
-        def msg(x):
745899
-            #  Don't use: logger.log(logginglevels.INFO_2, x)
745899
-            # or -q deletes everything.
745899
-            print x
745899
-
745899
-        opts, cmdline = base.plugins.cmdline
745899
-        extcmds, show_type, filt_type = self._parse_extcmds(extcmds)
745899
-
745899
-        list_type = "available"
745899
-        if extcmds and extcmds[0] in ("updates","available","installed", "all"):
745899
-            list_type = extcmds.pop(0)
745899
-
745899
-        if filt_type == "newpackage":
745899
-            # No filtering here, as we want what isn't installed...
745899
-            self.doCommand_li_new(base, list_type, extcmds, md_info, msg,
745899
-                                  show_pkgs)
745899
-            return 0, [basecmd + ' new done']
745899
-
745899
-        opts.sec_cmds = extcmds
745899
-        used_map = ysp_gen_used_map(opts)
745899
-        iname2tup = {}
745899
-        if False: pass
745899
-        elif list_type in ('installed', 'all'):
745899
-            name2tup = _get_name2allpkgtup(base)
745899
-            iname2tup = _get_name2instpkgtup(base)
745899
-        elif list_type == 'updates':
745899
-            name2tup = _get_name2oldpkgtup(base)
745899
-        elif list_type == 'available':
745899
-            name2tup = _get_name2instpkgtup(base)
745899
-
745899
-        def _show_pkgtup(pkgtup):
745899
-            name = pkgtup[0]
745899
-            notices = reversed(md_info.get_applicable_notices(pkgtup))
745899
-            for (pkgtup, notice) in notices:
745899
-                if filt_type and not ysp_has_info_md(filt_type, notice):
745899
-                    continue
745899
-
745899
-                if list_type == 'installed':
745899
-                    # Remove any that are newer than what we have installed
745899
-                    if _rpm_tup_vercmp(iname2tup[name], pkgtup) < 0:
745899
-                        continue
745899
-
745899
-                if ysp_should_filter_pkg(opts, name, notice, used_map):
745899
-                    yield (pkgtup, notice)
745899
-
745899
-        data = []
745899
-        for pkgname in sorted(name2tup):
745899
-            for (pkgtup, notice) in _show_pkgtup(name2tup[pkgname]):
745899
-                d = {}
745899
-                (d['n'], d['a'], d['e'], d['v'], d['r']) = pkgtup
745899
-                if d['e'] == '0':
745899
-                    d['epoch'] = ''
745899
-                else:
745899
-                    d['epoch'] = "%s:" % d['e']
745899
-                data.append((notice, pkgtup,
745899
-                            "%(n)s-%(epoch)s%(v)s-%(r)s.%(a)s" % d))
745899
-        show_pkgs(base, md_info, list_type, show_type, iname2tup, data, msg)
745899
-
745899
-        ysp_chk_used_map(used_map, msg)
745899
-
745899
-        return 0, [basecmd + ' done']
745899
-            
745899
-
745899
-# "Borrowed" from yumcommands.py
745899
-def yumcommands_checkRootUID(base):
745899
-    """
745899
-    Verify that the program is being run by the root user.
745899
-
745899
-    @param base: a YumBase object.
745899
-    """
745899
-    if base.conf.uid != 0:
745899
-        base.logger.critical('You need to be root to perform this command.')
745899
-        raise CliError
745899
-def yumcommands_checkGPGKey(base):
745899
-    if not base.gpgKeyCheck():
745899
-        for repo in base.repos.listEnabled():
745899
-            if repo.gpgcheck != 'false' and repo.gpgkey == '':
745899
-                msg = """
745899
-You have enabled checking of packages via GPG keys. This is a good thing. 
745899
-However, you do not have any GPG public keys installed. You need to download
745899
-the keys for packages you wish to install and install them.
745899
-You can do that by running the command:
745899
-    rpm --import public.gpg.key
745899
-
745899
-
745899
-Alternatively you can specify the url to the key you would like to use
745899
-for a repository in the 'gpgkey' option in a repository section and yum 
745899
-will install it for you.
745899
-
745899
-For more information contact your distribution or package provider.
745899
-"""
745899
-                base.logger.critical(msg)
745899
-                raise CliError
745899
-
745899
-def _get_name2pkgtup(base, pkgtups):
745899
-    name2tup = {}
745899
-    for pkgtup in pkgtups:
745899
-        # Get the latest "old" pkgtups
745899
-        if (pkgtup[0] in name2tup and
745899
-            _rpm_tup_vercmp(name2tup[pkgtup[0]], pkgtup) > 0):
745899
-            continue
745899
-        name2tup[pkgtup[0]] = pkgtup
745899
-    return name2tup
745899
-def _get_name2oldpkgtup(base):
745899
-    """ Get the pkgtups for all installed pkgs. which have an update. """
745899
-    oupdates = map(lambda x: x[1], base.up.getUpdatesTuples())
745899
-    return _get_name2pkgtup(base, oupdates)
745899
-def _get_name2instpkgtup(base):
745899
-    """ Get the pkgtups for all installed pkgs. """
745899
-    return _get_name2pkgtup(base, base.rpmdb.simplePkgList())
745899
-def _get_name2allpkgtup(base):
745899
-    """ Get the pkgtups for all installed pkgs. and munge that to be the
745899
-        first possible pkgtup. """
745899
-    ofirst = [(pt[0], pt[1], '0','0','0') for pt in base.rpmdb.simplePkgList()]
745899
-    return _get_name2pkgtup(base, ofirst)
745899
-
745899
-
745899
-
745899
-class SecurityUpdateCommand:
745899
-    def getNames(self):
745899
-        return ['update-minimal']
745899
-
745899
-    def getUsage(self):
745899
-        return "[PACKAGE-wildcard]"
745899
-
745899
-    def getSummary(self):
745899
-        return "Works like update, but goes to the 'newest' package match which fixes a problem that affects your system"
745899
-
745899
-    def doCheck(self, base, basecmd, extcmds):
745899
-        yumcommands_checkRootUID(base)
745899
-        yumcommands_checkGPGKey(base)
745899
-
745899
-    def doCommand(self, base, basecmd, extcmds):
745899
-        if hasattr(base, 'run_with_package_names'):
745899
-            base.run_with_package_names.add(__package_name__)
745899
-        md_info       = ysp_gen_metadata(base.repos.listEnabled())
745899
-        opts          = base.plugins.cmdline[0]
745899
-        opts.sec_cmds = []
745899
-        used_map      = ysp_gen_used_map(opts)
745899
-
745899
-        ndata = not (opts.security or opts.bugfixes or
745899
-                     opts.advisory or opts.bz or opts.cve or opts.severity)
745899
-
745899
-        # NOTE: Not doing obsoletes processing atm. ... maybe we should? --
745899
-        # Also worth pointing out we don't go backwards for obsoletes in the:
745899
-        # update --security case etc.
745899
-
745899
-        # obsoletes = base.up.getObsoletesTuples(newest=False)
745899
-        # for (obsoleting, installed) in sorted(obsoletes, key=lambda x: x[0]):
745899
-        #   pass
745899
-
745899
-        # Tuples == (n, a, e, v, r)
745899
-        oupdates  = map(lambda x: x[1], base.up.getUpdatesTuples())
745899
-        for oldpkgtup in sorted(oupdates):
745899
-            data = md_info.get_applicable_notices(oldpkgtup)
745899
-            if ndata: # No options means pick the oldest update
745899
-                data.reverse()
745899
-
745899
-            for (pkgtup, notice) in data:
745899
-                name = pkgtup[0]
745899
-                if extcmds and not _match_sec_cmd(extcmds, name, notice):
745899
-                    continue
745899
-                if (not ndata and
745899
-                    not ysp_should_filter_pkg(opts, name, notice, used_map)):
745899
-                    continue
745899
-                base.update(name=pkgtup[0], arch=pkgtup[1], epoch=pkgtup[2],
745899
-                            version=pkgtup[3], release=pkgtup[4])
745899
-                break
745899
-
745899
-        if len(base.tsInfo) > 0:
745899
-            msg = '%d packages marked for minimal Update' % len(base.tsInfo)
745899
-            return 2, [msg]
745899
-        else:
745899
-            return 0, ['No Packages marked for minimal Update']
745899
-
745899
-def config_hook(conduit):
745899
-    '''
745899
-    Yum Plugin Config Hook: 
745899
-    Setup the option parser with the '--advisory', '--bz', '--cve',
745899
-    '--security' and '--severity' command line options. Also the 'updateinfo'
745899
-    and 'update-minimal' commands.
745899
-    '''
745899
-
745899
-    parser = conduit.getOptParser()
745899
-    if not parser:
745899
-        return
745899
-
745899
-    if hasattr(parser, 'plugin_option_group'):
745899
-        parser = parser.plugin_option_group
745899
-
745899
-    conduit.registerCommand(UpdateinfoCommand())
745899
-    conduit.registerCommand(SecurityUpdateCommand())
745899
-    def osec(opt, key, val, parser):
745899
-         # CVE is a subset of --security on RHEL, but not on Fedora
745899
-        parser.values.security = True
745899
-    def obug(opt, key, val, parser):
745899
-        parser.values.bugfixes = True
745899
-    def ocve(opt, key, val, parser):
745899
-        parser.values.cve.extend(val.split(','))
745899
-    def obz(opt, key, val, parser):
745899
-        parser.values.bz.append(str(val))
745899
-    def oadv(opt, key, val, parser):
745899
-        parser.values.advisory.extend(val.split(','))
745899
-    def osev(opt, key, val, parser):
745899
-        parser.values.severity.extend(val.split(','))
745899
-            
745899
-    parser.add_option('--security', action="callback",
745899
-                      callback=osec, dest='security', default=False,
745899
-                      help='Include security relevant packages')
745899
-    parser.add_option('--bugfixes', action="callback",
745899
-                      callback=obug, dest='bugfixes', default=False,
745899
-                      help='Include bugfix relevant packages')
745899
-    parser.add_option('--cve', action="callback", type="string",
745899
-                      callback=ocve, dest='cve', default=[],
745899
-                      help='Include packages needed to fix the given CVE')
745899
-    parser.add_option('--bz', action="callback",
745899
-                      callback=obz, dest='bz', default=[], type="int",
745899
-                      help='Include packages needed to fix the given BZ')
745899
-    parser.add_option('--sec-severity', action="callback",
745899
-                      callback=osev, dest='severity', default=[], type="string",
745899
-                      help='Include security relevant packages, of this severity')
745899
-    parser.add_option('--advisory', action="callback",
745899
-                      callback=oadv, dest='advisory', default=[], type="string",
745899
-                      help='Include packages needed to fix the given advisory')
745899
-
745899
-#  You might think we'd just use the exclude_hook, and call delPackage
745899
-# and indeed that works for list updates etc.
745899
-#
745899
-# __but__ that doesn't work for dependancies on real updates
745899
-#
745899
-#  So to fix deps. we need to do it at the preresolve stage and take the
745899
-# "transaction package list" and then remove packages from that.
745899
-#
745899
-# __but__ that doesn't work for lists ... so we do it two ways
745899
-#
745899
-def ysp_should_keep_pkg(opts, pkgtup, md_info, used_map):
745899
-    """ Do we want to keep this package to satisfy the security limits. """
745899
-    name = pkgtup[0]
745899
-    for (pkgtup, notice) in md_info.get_applicable_notices(pkgtup):
745899
-        if ysp_should_filter_pkg(opts, name, notice, used_map):
745899
-            return True
745899
-    return False
745899
-
745899
-def ysp_check_func_enter(conduit):
745899
-    """ Stuff we need to do in both list and update modes. """
745899
-    
745899
-    opts, args = conduit.getCmdLine()
745899
-
745899
-    ndata = not (opts.security or opts.bugfixes or
745899
-                 opts.advisory or opts.bz or opts.cve or opts.severity)
745899
-    
745899
-    ret = None
745899
-    if len(args) >= 2:
745899
-        if ((args[0] == "list") and (args[1] in ("obsoletes", "updates"))):
745899
-            ret = {"skip": ndata, "list_cmd": True}
745899
-        if ((args[0] == "info") and (args[1] in ("obsoletes", "updates"))):
745899
-            ret = {"skip": ndata, "list_cmd": True}
745899
-    if len(args):
745899
-
745899
-        # All the args. stuff is done in our command:
745899
-        if (args[0] == "update-minimal"):
745899
-            return (opts, {"skip": True, "list_cmd": False, "msg": True})
745899
-            
745899
-        if (args[0] == "check-update"):
745899
-            ret = {"skip": ndata, "list_cmd": True}
745899
-        if (args[0] in ["update", "upgrade"]):
745899
-            ret = {"skip": ndata, "list_cmd": False}
745899
-        if args[0] == 'updateinfo':
745899
-            return (opts, {"skip": True, "list_cmd": True})
745899
-        if (args[0] in UpdateinfoCommand.direct_cmds):
745899
-            return (opts, {"skip": True, "list_cmd": True})
745899
-
745899
-    if ret:
745899
-        return (opts, ret)
745899
-    
745899
-    if not ndata:
745899
-        conduit.error(2, 'Skipping security plugin, other command')
745899
-    return (opts, {"skip": True, "list_cmd": False, "msg": True})
745899
-
745899
-def exclude_hook(conduit):
745899
-    '''
745899
-    Yum Plugin Exclude Hook:
745899
-    Check and remove packages that don\'t align with the security config.
745899
-    '''
745899
-    
745899
-    opts, info = ysp_check_func_enter(conduit)
745899
-    if info["skip"]:
745899
-        return
745899
-
745899
-    if not info["list_cmd"]:
745899
-        return
745899
-    
745899
-    if hasattr(conduit, 'registerPackageName'):
745899
-        conduit.registerPackageName(__package_name__)
745899
-    conduit.info(2, 'Limiting package lists to security relevant ones')
745899
-    
745899
-    md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
745899
-
745899
-    def ysp_del_pkg(pkg):
745899
-        """ Deletes a package from all trees that yum knows about """
745899
-        conduit.info(3," --> %s from %s excluded (non-security)" %
745899
-                     (pkg,pkg.repoid))
745899
-        conduit.delPackage(pkg)
745899
-
745899
-    opts.sec_cmds = []
745899
-    used_map = ysp_gen_used_map(opts)
745899
-
745899
-    # The official API is:
745899
-    #
745899
-    # pkgs = conduit.getPackages()
745899
-    #
745899
-    # ...however that is _extremely_ slow, deleting all packages. So we ask
745899
-    # for the list of update packages, which is all we care about.    
745899
-    upds = conduit._base.doPackageLists(pkgnarrow='updates')
745899
-    pkgs = upds.updates
745899
-    # In theory we don't need to do this in some cases, but meh.
745899
-    upds = conduit._base.doPackageLists(pkgnarrow='obsoletes')
745899
-    pkgs += upds.obsoletes
745899
-
745899
-    name2tup = _get_name2oldpkgtup(conduit._base)
745899
-    
745899
-    tot = 0
745899
-    cnt = 0
745899
-    for pkg in pkgs:
745899
-        tot += 1
745899
-        name = pkg.name
745899
-        if (name not in name2tup or
745899
-            not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
745899
-            ysp_del_pkg(pkg)
745899
-            continue
745899
-        cnt += 1
745899
-
745899
-    ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
745899
-    if cnt:
745899
-        conduit.info(2, '%d package(s) needed for security, out of %d available' % (cnt, tot))
745899
-    else:
745899
-        conduit.info(2, 'No packages needed for security; %d packages available' % tot)
745899
-
745899
-    _check_running_kernel(conduit._base, md_info, lambda x: conduit.info(2, x))
745899
-
745899
-def _check_running_kernel(yb, md_info, msg):
745899
-    if not hasattr(yum.misc, 'get_running_kernel_pkgtup'):
745899
-        return # Back compat.
745899
-
745899
-    kern_pkgtup = yum.misc.get_running_kernel_pkgtup(yb.ts)
745899
-    if kern_pkgtup[0] is None:
745899
-        return
745899
-
745899
-    found_sec = False
745899
-    for (pkgtup, notice) in md_info.get_applicable_notices(kern_pkgtup):
745899
-        if found_sec or notice['type'] != 'security':
745899
-            continue
745899
-        found_sec = True
745899
-        ipkg = yb.rpmdb.searchPkgTuple(pkgtup)
745899
-        if not ipkg:
745899
-            continue # Not installed
745899
-        ipkg = ipkg[0]
745899
-
745899
-        e = ''
745899
-        if kern_pkgtup[2] != '0':
745899
-            e = '%s:' % kern_pkgtup[2]
745899
-        rpkg = '%s-%s%s-%s.%s' % (kern_pkgtup[0], e,
745899
-                                  kern_pkgtup[3], kern_pkgtup[4],
745899
-                                  kern_pkgtup[1])
745899
-
745899
-        msg('Security: %s is an installed security update' % ipkg)
745899
-        msg('Security: %s is the currently running version' % rpkg)
745899
-        break
745899
-
745899
-
745899
-def preresolve_hook(conduit):
745899
-    '''
745899
-    Yum Plugin PreResolve Hook:
745899
-    Check and remove packages that don\'t align with the security config.
745899
-    '''
745899
-
745899
-    opts, info = ysp_check_func_enter(conduit)
745899
-    if info["skip"]:
745899
-        return
745899
-
745899
-    if info["list_cmd"]:
745899
-        return
745899
-    
745899
-    if hasattr(conduit, 'registerPackageName'):
745899
-        conduit.registerPackageName(__package_name__)
745899
-    conduit.info(2, 'Limiting packages to security relevant ones')
745899
-
745899
-    md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
745899
-
745899
-    def ysp_del_pkg(tspkg):
745899
-        """ Deletes a package within a transaction. """
745899
-        conduit.info(3," --> %s from %s excluded (non-security)" %
745899
-                     (tspkg.po,tspkg.po.repoid))
745899
-        tsinfo.remove(tspkg.pkgtup)
745899
-
745899
-    tot = 0
745899
-    cnt = 0
745899
-    opts.sec_cmds = []
745899
-    used_map = ysp_gen_used_map(opts)
745899
-    tsinfo = conduit.getTsInfo()
745899
-    tspkgs = tsinfo.getMembers()
745899
-    #  Ok, here we keep any pkgs that pass "ysp" tests, then we keep all
745899
-    # related pkgs ... Ie. "installed" version marked for removal.
745899
-    keep_pkgs = set()
745899
-
745899
-    count_states = set(TS_INSTALL_STATES + [TS_ERASE])
745899
-    count_pkgs = set()
745899
-    for tspkg in tspkgs:
745899
-        if tspkg.output_state in count_states:
745899
-            count_pkgs.add(tspkg.po)
745899
-
745899
-    name2tup = _get_name2oldpkgtup(conduit._base)
745899
-    for tspkg in tspkgs:
745899
-        if tspkg.output_state in count_states:
745899
-            tot += 1
745899
-        name = tspkg.po.name
745899
-        if (name not in name2tup or
745899
-            not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
745899
-            continue
745899
-        if tspkg.output_state in count_states:
745899
-            cnt += 1
745899
-        keep_pkgs.add(tspkg.po)
745899
-
745899
-    scnt = cnt
745899
-    mini_depsolve_again = True
745899
-    while mini_depsolve_again:
745899
-        mini_depsolve_again = False
745899
-
745899
-        for tspkg in tspkgs:
745899
-            if tspkg.po in keep_pkgs:
745899
-                # Find any related pkgs, and add them:
745899
-                for (rpkg, reason) in tspkg.relatedto:
745899
-                    if rpkg not in keep_pkgs:
745899
-                        if rpkg in count_pkgs:
745899
-                            cnt += 1
745899
-                        keep_pkgs.add(rpkg)
745899
-                        mini_depsolve_again = True
745899
-            else:
745899
-                # If related to any keep pkgs, add us
745899
-                for (rpkg, reason) in tspkg.relatedto:
745899
-                    if rpkg in keep_pkgs:
745899
-                        if rpkg in count_pkgs:
745899
-                            cnt += 1
745899
-                        keep_pkgs.add(tspkg.po)
745899
-                        mini_depsolve_again = True
745899
-                        break
745899
-
745899
-    for tspkg in tspkgs:
745899
-        if tspkg.po not in keep_pkgs:
745899
-            ysp_del_pkg(tspkg)
745899
-
745899
-    ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
745899
-    
745899
-    if cnt:
745899
-        conduit.info(2, '%d package(s) needed (+%d related) for security, out of %d available' % (scnt, cnt - scnt, tot))
745899
-    else:
745899
-        conduit.info(2, 'No packages needed for security; %d packages available' % tot)
745899
-
745899
-if __name__ == '__main__':
745899
-    print "This is a plugin that is supposed to run from inside YUM"
745899
diff --git a/po/POTFILES.in b/po/POTFILES.in
745899
index d85030c..2f12118 100644
745899
--- a/po/POTFILES.in
745899
+++ b/po/POTFILES.in
745899
@@ -34,7 +34,6 @@ plugins/merge-conf/merge-conf.py
745899
 plugins/aliases/aliases.py
745899
 plugins/protectbase/protectbase.py
745899
 plugins/versionlock/versionlock.py
745899
-plugins/security/security.py
745899
 plugins/nofsync/nofsync.py
745899
 plugins/tmprepo/tmprepo.py
745899
 plugins/priorities/priorities.py
745899
diff --git a/yum-utils.spec b/yum-utils.spec
745899
index 6d6d699..de6fbfd 100644
745899
--- a/yum-utils.spec
745899
+++ b/yum-utils.spec
745899
@@ -155,20 +155,6 @@ This yum plugin adds the "--merge-conf" command line option. With this option,
745899
 Yum will ask you what to do with config files which have changed on updating a
745899
 package.
745899
 
745899
-%package -n yum-plugin-security
745899
-Summary: Yum plugin to enable security filters
745899
-Group: System Environment/Base
745899
-Provides: yum-security = %{version}-%{release}
745899
-Obsoletes: yum-security < 1.1.20-0
745899
-Conflicts: yum-security < 1.1.20-0
745899
-Requires: yum >= 3.2.18
745899
-
745899
-%description -n yum-plugin-security
745899
-This plugin adds the options --security, --cve, --bz and --advisory flags
745899
-to yum and the list-security and info-security commands.
745899
-The options make it possible to limit list/upgrade of packages to specific
745899
-security relevant ones. The commands give you the security information.
745899
-
745899
 %package -n yum-plugin-upgrade-helper
745899
 Summary: Yum plugin to help upgrades to the next distribution version
745899
 Group: System Environment/Base
745899
@@ -396,7 +382,6 @@ plugins="\
745899
  tsflags \
745899
  priorities \
745899
  merge-conf \
745899
- security \
745899
  upgrade-helper \
745899
  aliases \
745899
  list-data \
745899
@@ -565,13 +550,6 @@ fi
745899
 %config(noreplace) %{_sysconfdir}/yum/pluginconf.d/merge-conf.conf
745899
 %{pluginhome}/merge-conf.*
745899
 
745899
-%files -n yum-plugin-security
745899
-%defattr(-, root, root)
745899
-%doc COPYING
745899
-%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/security.conf
745899
-%{pluginhome}/security.*
745899
-%{_mandir}/man8/yum-security.8.*
745899
-
745899
 %files -n yum-plugin-upgrade-helper
745899
 %defattr(-, root, root)
745899
 %doc COPYING