From 102e924cfc7ca621e18c68f99e83aea31ec7ab67 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:33:25 +0000 Subject: import yum-3.4.3-158.el7 --- diff --git a/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch b/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch new file mode 100644 index 0000000..b6e7487 --- /dev/null +++ b/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch @@ -0,0 +1,22 @@ +commit 9115c850c9fda46c26dcc0f2f627b7483aa39435 +Author: Michal Domonkos +Date: Wed Jun 14 18:38:03 2017 +0200 + + Don't require enabled repos for URL installs. BZ 1175315 + + This makes the check consistent with installPkgs() (cli.py:979). + +diff --git a/yumcommands.py b/yumcommands.py +index 502bcb3..1be1051 100644 +--- a/yumcommands.py ++++ b/yumcommands.py +@@ -253,7 +253,8 @@ def checkEnabledRepo(base, possible_local_files=[]): + return + + for lfile in possible_local_files: +- if lfile.endswith(".rpm") and os.path.exists(lfile): ++ if lfile.endswith(".rpm") and (yum.misc.re_remote_url(lfile) or ++ os.path.exists(lfile)): + return + + # runs prereposetup (which "most" plugins currently use to add repos.) diff --git a/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch b/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch new file mode 100644 index 0000000..c1ff787 --- /dev/null +++ b/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch @@ -0,0 +1,243 @@ +diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5 +--- yum-3.4.3/docs/yum.conf.5.orig 2017-11-24 20:52:02.648462776 +0100 ++++ yum-3.4.3/docs/yum.conf.5 2017-11-24 20:52:18.483380945 +0100 +@@ -1016,6 +1016,15 @@ If set to False, 'yum update' will fail + names (package, group, rpm file). It will also fail if the provided name is a package + which is available, but not installed. Boolean (1, 0, True, False, yes, no). Defaults to True. + ++.IP ++\fBshell_exit_status\fR ++Determines the exit status that should be returned by `yum shell' when it ++terminates after reading the `exit' command or EOF. ++Possible values are: 0, ?. ++If ? is set, the exit status is that of the last command executed before `exit' ++(bash-like behavior). ++Defaults to 0. ++ + .SH "[repository] OPTIONS" + .LP + The repository section(s) take the following form: +diff -up yum-3.4.3/docs/yum-shell.8.orig yum-3.4.3/docs/yum-shell.8 +--- yum-3.4.3/docs/yum-shell.8.orig 2011-06-28 22:27:22.000000000 +0200 ++++ yum-3.4.3/docs/yum-shell.8 2017-11-24 20:52:18.483380945 +0100 +@@ -31,6 +31,12 @@ information. There are a few additional + reset: reset (zero-out) the transaction + solve: run the dependency solver on the transaction + run: run the transaction ++.IP ++.IP "\fBexit\fP" ++ Causes the shell to exit, setting the exit status as specified by the ++ \fBshell_exit_status\fR option in \fIyum.conf(5)\fR. ++ This command is also triggered when EOF is read (usually the C-d keystroke ++ or end of script). + + .PP + .SH "Examples" +diff -up yum-3.4.3/shell.py.orig yum-3.4.3/shell.py +--- yum-3.4.3/shell.py.orig 2017-11-24 20:52:02.580463129 +0100 ++++ yum-3.4.3/shell.py 2017-11-24 20:52:18.483380945 +0100 +@@ -126,6 +126,7 @@ class YumShell(cmd.Cmd): + + :param line: the next line of input + """ ++ self.result = 0 + if len(line) > 0 and line.strip()[0] == '#': + pass + else: +@@ -150,7 +151,8 @@ class YumShell(cmd.Cmd): + except Errors.YumBaseError: + pass + else: +- self.base.doCommands() ++ result, _ = self.base.doCommands() ++ self.result = result + + def emptyline(self): + """Do nothing on an empty line of input.""" +@@ -211,13 +213,14 @@ class YumShell(cmd.Cmd): + self.base.shellUsage() + + self.verbose_logger.info(msg) ++ self.result = 0 + + def do_EOF(self, line): + """Exit the shell when EOF is reached. + + :param line: unused + """ +- self.resultmsgs = ['Leaving Shell'] ++ self.do_exit(line) + return True + + def do_quit(self, line): +@@ -225,7 +228,7 @@ class YumShell(cmd.Cmd): + + :param line: unused + """ +- self.resultmsgs = ['Leaving Shell'] ++ self.do_exit(line) + return True + + def do_exit(self, line): +@@ -233,6 +236,9 @@ class YumShell(cmd.Cmd): + + :param line: unused + """ ++ # Make sure we don't go onto the next stage in yummain (result == 2) ++ if self.base.conf.shell_exit_status == '0' or self.result == 2: ++ self.result = 0 + self.resultmsgs = ['Leaving Shell'] + return True + +@@ -254,6 +260,7 @@ class YumShell(cmd.Cmd): + :param line: the remainder of the line, containing the name of + a subcommand. If no subcommand is given, run the list subcommand. + """ ++ self.result = 0 + (cmd, args, line) = self.parseline(line) + if cmd in ['list', None]: + self.verbose_logger.log(logginglevels.INFO_2, +@@ -267,11 +274,13 @@ class YumShell(cmd.Cmd): + (code, msgs) = self.base.buildTransaction() + except Errors.YumBaseError, e: + self.logger.critical('Error building transaction: %s', e) ++ self.result = 1 + return False + + if code == 1: + for msg in msgs: + self.logger.critical('Error: %s', msg) ++ self.result = 1 + else: + self.verbose_logger.log(logginglevels.INFO_2, + 'Success resolving dependencies') +@@ -292,6 +301,7 @@ class YumShell(cmd.Cmd): + value is given, print the current value. If a value is + supplied, set the option to the given value. + """ ++ self.result = 0 + (cmd, args, line) = self.parseline(line) + # logs + if cmd in ['debuglevel', 'errorlevel']: +@@ -305,6 +315,7 @@ class YumShell(cmd.Cmd): + val = int(val) + except ValueError: + self.logger.critical('Value %s for %s cannot be made to an int', val, cmd) ++ self.result = 1 + return + setattr(self.base.conf, cmd, val) + if cmd == 'debuglevel': +@@ -321,6 +332,7 @@ class YumShell(cmd.Cmd): + value = opts[0] + if value.lower() not in BOOLEAN_STATES: + self.logger.critical('Value %s for %s is not a Boolean', value, cmd) ++ self.result = 1 + return False + value = BOOLEAN_STATES[value.lower()] + setattr(self.base.conf, cmd, value) +@@ -363,6 +375,7 @@ class YumShell(cmd.Cmd): + a subcommand and other parameters if required. If no + subcommand is given, run the list subcommand. + """ ++ self.result = 0 + (cmd, args, line) = self.parseline(line) + if cmd in ['list', None]: + # Munge things to run the repolist command +@@ -380,7 +393,8 @@ class YumShell(cmd.Cmd): + except Errors.YumBaseError: + pass + else: +- self.base.doCommands() ++ result, _ = self.base.doCommands() ++ self.result = result + + elif cmd == 'enable': + repos = self._shlex_split(args) +@@ -392,8 +406,10 @@ class YumShell(cmd.Cmd): + changed = self.base.repos.enableRepo(repo) + except Errors.ConfigError, e: + self.logger.critical(e) ++ self.result = 1 + except Errors.RepoError, e: + self.logger.critical(e) ++ self.result = 1 + + else: + for repo in changed: +@@ -402,6 +418,7 @@ class YumShell(cmd.Cmd): + except Errors.RepoError, e: + self.logger.critical('Disabling Repository') + self.base.repos.disableRepo(repo) ++ self.result = 1 + return False + + self.base.up = None +@@ -413,8 +430,10 @@ class YumShell(cmd.Cmd): + offrepos = self.base.repos.disableRepo(repo) + except Errors.ConfigError, e: + self.logger.critical(e) ++ self.result = 1 + except Errors.RepoError, e: + self.logger.critical(e) ++ self.result = 1 + + else: + # close the repos, too +@@ -432,36 +451,45 @@ class YumShell(cmd.Cmd): + print cmd + print args + print line ++ self.result = 0 + + def do_run(self, line): + """Run the transaction. + + :param line: unused + """ ++ self.result = 0 + if len(self.base.tsInfo) > 0: + try: + (code, msgs) = self.base.buildTransaction() + if code == 1: + for msg in msgs: + self.logger.critical('Error: %s', msg) ++ self.result = 1 + return False + + returnval = self.base.doTransaction() + except Errors.YumBaseError, e: + self.logger.critical('Error: %s', e) ++ self.result = 1 + except KeyboardInterrupt, e: + self.logger.critical('\n\nExiting on user cancel') ++ self.result = 1 + except IOError, e: + if e.errno == 32: + self.logger.critical('\n\nExiting on Broken Pipe') ++ self.result = 1 + else: + if returnval not in [0,1,-1]: + self.verbose_logger.info('Transaction encountered a serious error.') ++ self.result = 1 + else: + if returnval == 1: + self.verbose_logger.info('There were non-fatal errors in the transaction') ++ self.result = 1 + elif returnval == -1: + self.verbose_logger.info("Transaction didn't start") ++ self.result = 1 + self.verbose_logger.log(logginglevels.INFO_2, + 'Finished Transaction') + self.base.closeRpmDB() +diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py +--- yum-3.4.3/yum/config.py.orig 2017-11-24 20:52:02.648462776 +0100 ++++ yum-3.4.3/yum/config.py 2017-11-24 20:52:18.484380940 +0100 +@@ -931,6 +931,8 @@ class YumConf(StartupConf): + + usr_w_check = BoolOption(True) + ++ shell_exit_status = SelectionOption('0', ('0', '?')) ++ + _reposlist = [] + + def dump(self): diff --git a/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch b/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch new file mode 100644 index 0000000..62e690b --- /dev/null +++ b/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch @@ -0,0 +1,83 @@ +diff -up yum-3.4.3/yum/Errors.py.orig yum-3.4.3/yum/Errors.py +--- yum-3.4.3/yum/Errors.py.orig 2017-09-14 18:42:26.740558383 +0200 ++++ yum-3.4.3/yum/Errors.py 2017-09-14 18:42:30.371541754 +0200 +@@ -99,6 +99,11 @@ class ConfigError(YumBaseError): + class MiscError(YumBaseError): + pass + ++class FIPSNonCompliantError(MiscError): ++ def __init__(self, sumtype): ++ MiscError.__init__( ++ self, '%s algorithm is not FIPS compliant' % sumtype) ++ + class GroupsError(YumBaseError): + pass + +diff -up yum-3.4.3/yum/misc.py.orig yum-3.4.3/yum/misc.py +--- yum-3.4.3/yum/misc.py.orig 2017-09-14 18:42:26.794558135 +0200 ++++ yum-3.4.3/yum/misc.py 2017-09-14 18:42:30.372541749 +0200 +@@ -58,11 +58,20 @@ except ImportError: + raise ValueError, "Bad checksum type" + + # some checksum types might be disabled ++_fips_noncompliant = set() + for ctype in list(_available_checksums): + try: + hashlib.new(ctype) +- except: +- print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype) ++ except Exception as e: ++ # Print an error unless this is due to FIPS mode (in which case it's ++ # not really an error and we don't want to pollute the output ++ # needlessly; if someone actually tries to instantiate a Checksum with ++ # a FIPS non-compliant ctype, we'll raise an explanatory exception ++ # anyway). ++ if isinstance(e, ValueError) and str(e).endswith('disabled for fips'): ++ _fips_noncompliant.add(ctype) ++ else: ++ print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype) + _available_checksums.remove(ctype) + for ctype in 'sha256', 'sha1': + if ctype in _available_checksums: +@@ -71,7 +80,7 @@ for ctype in 'sha256', 'sha1': + else: + raise ImportError, 'broken hashlib' + +-from Errors import MiscError ++from Errors import MiscError, FIPSNonCompliantError + # These are API things, so we can't remove them even if they aren't used here. + # pylint: disable-msg=W0611 + from i18n import to_utf8, to_unicode +@@ -271,6 +280,8 @@ class Checksums: + sumalgo = hashlib.new(sumtype) + elif ignore_missing: + continue ++ elif sumtype in _fips_noncompliant: ++ raise FIPSNonCompliantError(sumtype) + else: + raise MiscError, 'Error Checksumming, bad checksum type %s' % sumtype + done.add(sumtype) +diff -up yum-3.4.3/yum/yumRepo.py.orig yum-3.4.3/yum/yumRepo.py +--- yum-3.4.3/yum/yumRepo.py.orig 2017-09-14 18:42:26.879557746 +0200 ++++ yum-3.4.3/yum/yumRepo.py 2017-09-14 18:43:23.422298802 +0200 +@@ -497,7 +497,10 @@ class YumRepository(Repository, config.R + except (Errors.MiscError, EnvironmentError), e: + if checksum_can_fail: + return None +- raise Errors.RepoError, 'Error opening file for checksum: %s' % e ++ msg = 'Error opening file for checksum: %s' % e ++ if isinstance(e, Errors.FIPSNonCompliantError): ++ msg = str(e) ++ raise Errors.RepoError(msg) + + def dump(self): + output = '[%s]\n' % self.id +@@ -1799,7 +1802,7 @@ Insufficient space in download directory + except Errors.RepoError, e: + if check_can_fail: + return None +- raise URLGrabError(-3, 'Error performing checksum') ++ raise URLGrabError(-3, 'Error performing checksum: %s' % e) + + if l_csum == r_csum: + _xattr_set_chksum(file, r_ctype, l_csum) diff --git a/SOURCES/BZ-1358492-installonly-kernel.patch b/SOURCES/BZ-1358492-installonly-kernel.patch new file mode 100644 index 0000000..91c9070 --- /dev/null +++ b/SOURCES/BZ-1358492-installonly-kernel.patch @@ -0,0 +1,11 @@ +diff -up yum-3.4.3/yum/config.py.old yum-3.4.3/yum/config.py +--- yum-3.4.3/yum/config.py.old 2017-10-06 13:24:25.014855429 +0200 ++++ yum-3.4.3/yum/config.py 2017-10-06 13:36:38.602637131 +0200 +@@ -755,6 +755,7 @@ class YumConf(StartupConf): + username = Option() + password = Option() + installonlypkgs = ListOption(['kernel', 'kernel-bigmem', ++ 'installonlypkg(kernel)', + 'installonlypkg(kernel-module)', + 'installonlypkg(vm)', + 'kernel-enterprise','kernel-smp', 'kernel-debug', diff --git a/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch b/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch new file mode 100644 index 0000000..3420181 --- /dev/null +++ b/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch @@ -0,0 +1,63 @@ +diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5 +--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-31 17:11:01.730922455 +0100 ++++ yum-3.4.3/docs/yum.conf.5 2017-10-31 17:14:00.544379686 +0100 +@@ -221,6 +221,18 @@ List of package names that are kernels. + updating of kernel packages and should be removed out in the yum 2.1 series. + + .IP ++\fBexactarchlist\fR ++List of packages that should never change archs in an update. ++That means, if a package has a newer version available which is for a different ++compatible arch, yum will not consider that version an update if the package ++name is in this list. ++For example, on x86_64, foo-1.x86_64 won't be updated to foo-2.i686 if foo is ++in this list. ++Kernels in particular fall into this category. ++Shell globs using wildcards (eg. * and ?) are allowed. ++Default is an empty list. ++ ++.IP + \fBshowdupesfromrepos\fR + Either `0' or `1'. Set to `1' if you wish to show any duplicate packages from + any repository, from package listings like the info or list commands. Set +diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py +--- yum-3.4.3/yum/config.py.orig 2017-10-31 17:11:01.729922458 +0100 ++++ yum-3.4.3/yum/config.py 2017-10-31 17:12:46.513604398 +0100 +@@ -42,6 +42,7 @@ import rpmUtils.miscutils + import Errors + import types + from misc import get_uuid, read_in_items_from_dot_dir ++import fnmatch + + # Alter/patch these to change the default checking... + __pkgs_gpgcheck_default__ = False +@@ -284,6 +285,20 @@ class UrlListOption(ListOption): + return out + + ++class WildListOption(ListOption): ++ """An option containing a list of strings that supports shell-style ++ wildcard matching in membership test operations.""" ++ ++ def parse(self, s): ++ class WildList(list): ++ def __contains__(self, item): ++ if not isinstance(item, basestring): ++ return False ++ return any(fnmatch.fnmatch(item, p) for p in self) ++ patterns = super(WildListOption, self).parse(s) ++ return WildList(patterns) ++ ++ + class IntOption(Option): + """An option representing an integer value.""" + +@@ -769,7 +784,7 @@ class YumConf(StartupConf): + names_of_0=["0", ""]) + kernelpkgnames = ListOption(['kernel','kernel-smp', 'kernel-enterprise', + 'kernel-bigmem', 'kernel-BOOT', 'kernel-PAE', 'kernel-PAE-debug']) +- exactarchlist = ListOption(__exactarchlist_default__) ++ exactarchlist = WildListOption(__exactarchlist_default__) + tsflags = ListOption() + override_install_langs = Option() + diff --git a/SOURCES/BZ-1386597-obsoletes-man-page.patch b/SOURCES/BZ-1386597-obsoletes-man-page.patch new file mode 100644 index 0000000..ec6f0fc --- /dev/null +++ b/SOURCES/BZ-1386597-obsoletes-man-page.patch @@ -0,0 +1,19 @@ +commit e9c88f76e0594d5c52ebb08f4c68003cad2c6e67 +Author: Jaroslav Mracek +Date: Wed Oct 19 11:28:01 2016 +0200 + + Minor fix in doc of check command + +diff --git a/docs/yum.8 b/docs/yum.8 +index efaa061..a4b953d 100644 +--- a/docs/yum.8 ++++ b/docs/yum.8 +@@ -784,7 +784,7 @@ included so you can easily see the space used/saved and any other changes. + .IP + .IP "\fBcheck\fP" + Checks the local rpmdb and produces information on any problems it finds. You +-can pass the check command the arguments "dependencies", "duplicates", "obsoletes" or "provides", ++can pass the check command the arguments "dependencies", "duplicates", "obsoleted" or "provides", + to limit the checking that is performed (the default is "all" which does all). + + .IP diff --git a/SOURCES/BZ-1411575-manpage-typo.patch b/SOURCES/BZ-1411575-manpage-typo.patch new file mode 100644 index 0000000..ec622f9 --- /dev/null +++ b/SOURCES/BZ-1411575-manpage-typo.patch @@ -0,0 +1,28 @@ +commit cee73706e91911c74df7bdc57d822a3b993ecb71 +Author: Valentina Mukhamedzhanova +Date: Fri Oct 6 14:04:01 2017 +0200 + + Fix some typos in the manpage. + +diff --git a/docs/yum.8 b/docs/yum.8 +index a4b953d..b6961e7 100644 +--- a/docs/yum.8 ++++ b/docs/yum.8 +@@ -247,7 +247,7 @@ the \fIClean Options\fP section below\&. + .IP "\fBmakecache\fP" + Is used to download and make usable all the metadata for the currently enabled + \fByum\fP repos. If the argument "fast" is passed, then we just try to make +-sure the repos. are current (much like "yum clean expire-cache"). ++sure the repos are current (much like "yum clean expire-cache"). + .IP + .IP "\fBgroups\fP" + A command, new in 3.4.2, that collects all the subcommands that act on groups +@@ -430,7 +430,7 @@ or \'all\' then the command will list those types of repos. + + You can pass repo id or name arguments, or wildcards which to match against + both of those. However if the id or name matches exactly then the repo will +-be listed even if you are listing enabled repos. and it is disabled. ++be listed even if you are listing enabled repos and it is disabled. + + In non-verbose mode the first column will start with a \'*\' if the repo. has + metalink data and the latest metadata is not local and will start with a diff --git a/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch b/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch new file mode 100644 index 0000000..25323df --- /dev/null +++ b/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch @@ -0,0 +1,23 @@ +diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5 +--- yum-3.4.3/docs/yum.conf.5.orig 2017-11-01 14:58:28.259740017 +0100 ++++ yum-3.4.3/docs/yum.conf.5 2017-11-01 14:58:48.528648100 +0100 +@@ -1356,8 +1356,17 @@ the same name. If the shell environment + configuration file variable will not be replaced. + + .LP +-As of 3.2.28, any file in /etc/yum/vars is turned into a variable named after +-the filename (or overrides any of the above variables). ++When variable names are parsed in a string, all alphanumeric characters and ++underscores immediately following a $ sign are interpreted as part of a name. ++If a variable is undefined, it will not be replaced. ++For example, the strings $releasever-foo or $releasever/foo will be expanded ++with the $releasever value accordingly, whereas $releaseverfoo or ++$releasever_foo will not be expanded. ++ ++As of 3.2.28, any properly named file in /etc/yum/vars is turned into ++a variable named after the filename (or overrides any of the above variables). ++Filenames may contain only alphanumeric characters and underscores ++and be in lowercase. + + Note that no warnings/errors are given if the files are unreadable, so creating + files that only root can read may be confusing for users. diff --git a/SOURCES/BZ-1432319-add-usercache-opt.patch b/SOURCES/BZ-1432319-add-usercache-opt.patch new file mode 100644 index 0000000..ba42905 --- /dev/null +++ b/SOURCES/BZ-1432319-add-usercache-opt.patch @@ -0,0 +1,84 @@ +diff -up yum-3.4.3/cli.py.orig yum-3.4.3/cli.py +--- yum-3.4.3/cli.py.orig 2017-10-20 18:27:45.114593690 +0200 ++++ yum-3.4.3/cli.py 2017-10-20 18:27:48.367578901 +0200 +@@ -2275,8 +2275,10 @@ class YumOptionParser(OptionParser): + self.base.updateinfo_filters['cves'] = self._splitArg(opts.cves) + self.base.updateinfo_filters['sevs'] = self._splitArg(opts.sevs) + ++ if not self.base.conf.usercache and os.geteuid() != 0: ++ self.base.conf.cache = 1 + # Treat users like root as much as possible: +- if not self.base.setCacheDir(): ++ elif not self.base.setCacheDir(): + self.base.conf.cache = 1 + if opts.cacheonly: + self.base.conf.cache = 1 +diff -up yum-3.4.3/docs/yum.8.orig yum-3.4.3/docs/yum.8 +--- yum-3.4.3/docs/yum.8.orig 2017-10-20 18:27:45.135593595 +0200 ++++ yum-3.4.3/docs/yum.8 2017-10-20 18:27:48.368578897 +0200 +@@ -835,8 +835,12 @@ Configuration Option: \fBrpmverbosity\fP + .IP "\fB\-R, \-\-randomwait=[time in minutes]\fP" + Sets the maximum amount of time yum will wait before performing a command \- it randomizes over the time. + .IP "\fB\-C, \-\-cacheonly\fP" +-Tells yum to run entirely from system cache - does not download or +-update any headers unless it has to to perform the requested action. ++Tells yum to run entirely from system cache; does not download or update ++metadata. ++When this is used by a non\-root user, yum will run entirely from user cache in ++$TMPDIR. ++This option doesn't stop yum from updating user cache from system cache locally ++if the latter is newer (this is always done when running as a user). + .IP "\fB\-\-version\fP" + Reports the \fByum\fP version number and installed package versions for + everything in history_record_packages (can be added to by plugins). +diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5 +--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-20 18:27:45.137593585 +0200 ++++ yum-3.4.3/docs/yum.conf.5 2017-10-20 18:27:48.368578897 +0200 +@@ -40,6 +40,19 @@ of headers and packages after successful + .br + + .IP ++\fBusercache\fR ++Either `1' or `0'. Determines whether or not yum should store per-user cache in ++$TMPDIR. ++When set to `0', then whenever yum runs as a non\-root user, ++\fB\-\-cacheonly\fR is implied and system cache is used directly, and no new ++user cache is created in $TMPDIR. ++This can be used to prevent $TMPDIR from filling up if many users on the system ++often use yum and root tends to have up-to-date metadata that the users can ++rely on (they can still enable this feature with \fB\-\-setopt\fR if they ++wish). ++Default is `1' (user cache enabled). ++ ++.IP + \fBreposdir\fR + A list of directories where yum should look for .repo files which define + repositories to use. Default is `/etc/yum.repos.d'. Each +diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py +--- yum-3.4.3/yum/config.py.orig 2017-10-20 18:27:45.136593590 +0200 ++++ yum-3.4.3/yum/config.py 2017-10-20 18:27:48.369578892 +0200 +@@ -742,6 +742,7 @@ class YumConf(StartupConf): + cachedir = Option('/var/cache/yum') + + keepcache = BoolOption(True) ++ usercache = BoolOption(True) + logfile = Option('/var/log/yum.log') + reposdir = ListOption(['/etc/yum/repos.d', '/etc/yum.repos.d']) + +diff -up yum-3.4.3/yummain.py.orig yum-3.4.3/yummain.py +--- yum-3.4.3/yummain.py.orig 2017-10-20 18:27:45.062593926 +0200 ++++ yum-3.4.3/yummain.py 2017-10-20 18:27:48.369578892 +0200 +@@ -71,7 +71,12 @@ def main(args): + def exRepoError(e): + # For RepoErrors ... help out by forcing new repodata next time. + # XXX: clean only the repo that has failed? +- base.cleanExpireCache() ++ try: ++ base.cleanExpireCache() ++ except Errors.YumBaseError: ++ # Let's not confuse the user further (they don't even know we tried ++ # the clean). ++ pass + + msg = _("""\ + One of the configured repositories failed (%(repo)s), diff --git a/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch b/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch new file mode 100644 index 0000000..f236da2 --- /dev/null +++ b/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch @@ -0,0 +1,73 @@ +diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5 +--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-26 11:13:52.013324456 +0200 ++++ yum-3.4.3/docs/yum.conf.5 2017-10-26 11:15:37.733858789 +0200 +@@ -106,28 +106,34 @@ default for all repositories. The defaul + + .IP + \fBpayload_gpgcheck\fR +-Either `1' or `0'. This tells yum whether or not it should also perform a GPG +-signature check on the payload (part of a package holding the actual files that +-comprise the package). +- +-By default, yum only performs GPG signature checks on package headers. +-Thus, if the payload data has been tampered with or corrupted, yum will fail in +-the middle of the transaction due to an RPM unpacking error, after some +-unverified scriptlets might have already run, and possibly leave the package in +-question partly installed. +- +-To prevent all of that, you can enable this option to extend the signature +-check to also include the payload, so that yum can avoid running the +-transaction in case of payload corruption. +-This slightly improves security, however at the expense of significantly +-increased transaction time, so you may want to only use this option when +-package corruption is a concern. ++Either `1' or `0'. This tells yum whether or not it should perform a v3 ++signature check on packages when \fBgpgcheck\fR (or \fBlocalpkg_gpgcheck\fR for ++local packages) is enabled. ++ ++There are two types of GPG signatures generated by rpm: v3 (on header+payload) ++and v4 (on header only). When rpm signs a package, it creates both types. Yum ++can verify any of them before the transaction, depending on which options are ++set. When \fBgpgcheck\fR is enabled and this option is disabled, yum will ++verify v4 signatures only. When both \fBgpgcheck\fR and this option are ++enabled, yum will verify both v4 and v3 signatures (equivalent to running "rpm ++\-\-checksig"). The same rules apply to local packages and the ++\fBlocalpkg_gpgcheck\fR option accordingly. ++ ++Since the header contains sha256 digests of individual files in the payload (a ++gzip-compressed cpio archive of files used in the package), verifying the ++header signature (v4) is sufficient to ensure authenticity and integrity of the ++whole package. After rpm unpacks the payload, it moves the files to their ++destination paths one by one after they pass the digest check. If a file ++doesn't pass, it won't be moved and the transaction will abort. However, ++because no rollback is done in such a case, the package may end up in the ++partially installed state. ++ ++By verifying v3 signatures, yum will detect payload tamper before the ++transaction. While this will slightly increase processing time for big ++transactions and/or packages, it will prevent such broken installs and enhance ++security. + +-For this option to have effect, make sure to also enable gpgcheck (or +-localpkg_gpgcheck for local packages). +- +-When this option is set in the [main] section it sets the default for all +-repositories. The default is `0'. ++The default is `0'. + + .IP + \fBskip_broken\fR +diff -up yum-3.4.3/rpmUtils/miscutils.py.orig yum-3.4.3/rpmUtils/miscutils.py +--- yum-3.4.3/rpmUtils/miscutils.py.orig 2017-10-26 11:13:49.637334921 +0200 ++++ yum-3.4.3/rpmUtils/miscutils.py 2017-10-26 11:15:43.141834969 +0200 +@@ -61,8 +61,8 @@ def compareVerOnly(v1, v2): + def checkSig(ts, package, payload=False): + """Takes a transaction set and a package, check it's sigs. + +- By default, only RPMv4 sigs (header-only) will be verified (faster). By +- setting payload to True, RPMv3 sigs (header+payload) will also be verified ++ By default, only v4 sigs (header-only) will be verified (faster). By ++ setting payload to True, v3 sigs (header+payload) will also be verified + (slower). + + return 0 if they are all fine diff --git a/SOURCES/BZ-1458841-preload-shared-libs.patch b/SOURCES/BZ-1458841-preload-shared-libs.patch new file mode 100644 index 0000000..fa3e786 --- /dev/null +++ b/SOURCES/BZ-1458841-preload-shared-libs.patch @@ -0,0 +1,50 @@ +diff -up yum-3.4.3/cli.py.orig yum-3.4.3/cli.py +--- yum-3.4.3/cli.py.orig 2017-06-29 17:44:53.784522557 +0200 ++++ yum-3.4.3/cli.py 2017-06-29 17:46:16.249149700 +0200 +@@ -28,6 +28,7 @@ import logging + import math + from optparse import OptionParser,OptionGroup,SUPPRESS_HELP + import rpm ++import ctypes + + from weakref import proxy as weakref + +@@ -779,6 +780,38 @@ class YumBaseCli(yum.YumBase, output.Yum + if self.conf.debuglevel < 2: + cb.display.output = False + ++ # Whenever we upgrade a shared library (and its dependencies) which the ++ # yum process itself may dlopen() post-transaction (e.g. in a plugin ++ # hook), we may end up in a situation where the upgraded library and ++ # the pre-transaction version of a library it depends on which is ABI ++ # incompatible are loaded in memory at the same time, leading to ++ # unpredictable behavior and possibly a crash. Let's avoid that by ++ # preloading all such dynamically loaded libraries pre-transaction so ++ # that dlopen(), if called post-transaction, uses those instead of ++ # loading the newly installed versions. ++ preload = { ++ # Loaded by libcurl, see BZ#1458841 ++ 'nss-sysinit': ['libnsssysinit.so'], ++ } ++ for pkg in preload: ++ # Only preload the libs if the package is actually installed and we ++ # are changing it with the transaction ++ if not self.tsInfo.matchNaevr(name=pkg) or \ ++ not self.rpmdb.searchNevra(name=pkg): ++ continue ++ for lib in preload[pkg]: ++ try: ++ ctypes.cdll.LoadLibrary(lib) ++ self.verbose_logger.log( ++ yum.logginglevels.DEBUG_4, ++ _('Preloaded shared library %s') % lib ++ ) ++ except Exception as e: ++ self.verbose_logger.log( ++ yum.logginglevels.DEBUG_4, ++ _('Could not preload shared library %s: %s') % (lib, e) ++ ) ++ + self.verbose_logger.log(yum.logginglevels.INFO_2, _('Running transaction')) + resultobject = self.runTransaction(cb=cb) + diff --git a/SOURCES/centos-branding-yum.patch b/SOURCES/centos-branding-yum.patch deleted file mode 100644 index f100222..0000000 --- a/SOURCES/centos-branding-yum.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -uNrp yum-3.4.3.orig/yum/constants.py yum-3.4.3/yum/constants.py ---- yum-3.4.3.orig/yum/constants.py 2018-01-30 11:17:56.961899488 +0000 -+++ yum-3.4.3/yum/constants.py 2018-01-30 11:41:57.421866122 +0000 -@@ -123,22 +123,22 @@ REPO_PROBLEM_PACKAGE=5 - - - ERRORS_TO_KBASE_ARTICLES = { -- 404: """To address this issue please refer to the below knowledge base article -+ 404: """To address this issue please refer to the below wiki article - --https://access.redhat.com/articles/1320623 -+https://wiki.centos.org/yum-errors - --If above article doesn't help to resolve this issue please open a ticket with Red Hat Support. -+If above article doesn't help to resolve this issue please use https://bugs.centos.org/. - """, -- 403: """To address this issue please refer to the below knowledge base article -+ 403: """To address this issue please refer to the below wiki article - --https://access.redhat.com/solutions/69319 -+https://wiki.centos.org/yum-errors - --If above article doesn't help to resolve this issue please open a ticket with Red Hat Support. -+If above article doesn't help to resolve this issue please use https://bugs.centos.org/. - """, -- 60: """It was impossible to connect to the Red Hat servers. -+ 60: """It was impossible to connect to the CentOS servers. - This could mean a connectivity issue in your environment, such as the requirement to configure a proxy, - or a transparent proxy that tampers with TLS security, or an incorrect system clock. --Please collect information about the specific failure that occurs in your environment, --using the instructions in: https://access.redhat.com/solutions/1527033 and open a ticket with Red Hat Support. -+You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors -+If above article doesn't help to resolve this issue please use https://bugs.centos.org/. - """ --} -\ No newline at end of file -+} diff --git a/SOURCES/yum.conf.centos b/SOURCES/yum.conf.centos deleted file mode 100644 index 367126f..0000000 --- a/SOURCES/yum.conf.centos +++ /dev/null @@ -1,26 +0,0 @@ -[main] -cachedir=/var/cache/yum/$basearch/$releasever -keepcache=0 -debuglevel=2 -logfile=/var/log/yum.log -exactarch=1 -obsoletes=1 -gpgcheck=1 -plugins=1 -installonly_limit=5 -bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum -distroverpkg=centos-release - - -# This is the default, if you make this bigger yum won't see if the metadata -# is newer on the remote and so you'll "gain" the bandwidth of not having to -# download the new metadata and "pay" for it by yum not having correct -# information. -# It is esp. important, to have correct metadata, for distributions like -# Fedora which don't keep old packages around. If you don't like this checking -# interupting your command line usage, it's much better to have something -# manually check the metadata once an hour (yum-updatesd will do this). -# metadata_expire=90m - -# PUT YOUR REPOS HERE OR IN separate files named file.repo -# in /etc/yum.repos.d diff --git a/SPECS/yum.spec b/SPECS/yum.spec index 571fb04..2391e29 100644 --- a/SPECS/yum.spec +++ b/SPECS/yum.spec @@ -32,11 +32,11 @@ Summary: RPM package installer/updater/manager Name: yum Version: 3.4.3 -Release: 154%{?dist}.1 +Release: 158%{?dist} License: GPLv2+ Group: System Environment/Base Source0: http://yum.baseurl.org/download/3.4/%{name}-%{version}.tar.gz -Source1: yum.conf.centos +Source1: yum.conf.fedora Source2: yum-updatesd.conf.fedora Patch1: yum-distro-configs.patch Patch5: geode-arch.patch @@ -146,8 +146,18 @@ Patch258: BZ-1370134-yum-check-ignore-self-conflicts.patch Patch259: BZ-1352585-detect-installed-provide.patch Patch260: BZ-1397829-fix-reget-simple-md-fnames.patch -#CentOS Branding -Patch1000: centos-branding-yum.patch +# rhel-7.5 +Patch280: BZ-1287610-fips-dont-pollute-stderr.patch +Patch281: BZ-1358492-installonly-kernel.patch +Patch282: BZ-1175315-dont-require-enabled-repos-for-url.patch +Patch283: BZ-1386597-obsoletes-man-page.patch +Patch284: BZ-1411575-manpage-typo.patch +Patch285: BZ-1458841-preload-shared-libs.patch +Patch286: BZ-1451817-docs-improve-payload-gpgcheck-opt.patch +Patch287: BZ-1361609-improve-exactarchlist-opt.patch +Patch288: BZ-1432319-add-usercache-opt.patch +Patch289: BZ-1411692-docs-conf-var-naming-rules.patch +Patch290: BZ-1278333-yum-shell-support-exit-status.patch URL: http://yum.baseurl.org/ BuildArchitectures: noarch @@ -166,7 +176,6 @@ BuildRequires: pygpgme # End of CheckRequires Conflicts: pirut < 1.1.4 Requires: python >= 2.4 -Requires: yum-plugin-fastestmirror Requires: rpm-python, rpm >= 0:4.11.3-22 Requires: python-iniparse Requires: python-sqlite @@ -378,7 +387,18 @@ Install this package if you want auto yum updates nightly via cron. %patch259 -p1 %patch260 -p1 -%patch1000 -p1 +# rhel-7.5 +%patch280 -p1 +%patch281 -p1 +%patch282 -p1 +%patch283 -p1 +%patch284 -p1 +%patch285 -p1 +%patch286 -p1 +%patch287 -p1 +%patch288 -p1 +%patch289 -p1 +%patch290 -p1 # Do distro config. changes after everything else. %patch1 -p1 @@ -610,16 +630,34 @@ exit 0 %endif %changelog -* Tue Jan 30 2018 Johnny Hughes - 3.4.3-154.el7.centos.1 -- Remove access.redhat.com knowledge base articles and point to - wiki.centos.org instead - -* Tue Aug 01 2017 CentOS Sources - 3.4.3-154.el7.centos -- CentOS yum config -- use the CentOS bug tracker url -- retain installonly limit of 5 -- ensure distrover is always from centos-release -- Make yum require yum-plugin-fastestmirror +* Sun Nov 26 2017 Valentina Mukhamedzhanova - 3.4.3-158 +- Add support for yum-shell exit status. +- Resolves: bug#1278333 + +* Fri Nov 03 2017 Valentina Mukhamedzhanova - 3.4.3-157 +- docs: clarify variable name matching. +- Resolves: bug#1411692 + +* Wed Nov 01 2017 Valentina Mukhamedzhanova - 3.4.3-156 +- Preload shared libs that we may dlopen(). +- Resolves: bug#1458841 +- Update payload_gpgcheck documentation. +- Resolves: bug#1451817 +- Make exactarchlist support wildcards and add docs. +- Resolves: bug#1361609 +- Add usercache config option. +- Resolves: bug#1432319 + +* Thu Oct 06 2017 Valentina Mukhamedzhanova - 3.4.3-155 +- Don't pollute stderr in FIPS mode. +- Resolves: bug#1287610 +- Don't require enabled repos for URL installs. +- Resolves: bug#1175315 +- installonlypkgs: add "installonlypkg(kernel) +- Resolves: bug#1358492 +- Manpage fixes. +- Resolves: bug#1386597 +- Resolves: bug#1411575 * Mon Mar 27 2017 Valentina Mukhamedzhanova - 3.4.3-154 - Add payload_gpgcheck option.