diff --git a/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch b/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch
new file mode 100644
index 0000000..b6e7487
--- /dev/null
+++ b/SOURCES/BZ-1175315-dont-require-enabled-repos-for-url.patch
@@ -0,0 +1,22 @@
+commit 9115c850c9fda46c26dcc0f2f627b7483aa39435
+Author: Michal Domonkos <mdomonko@redhat.com>
+Date: Wed Jun 14 18:38:03 2017 +0200
+
+ Don't require enabled repos for URL installs. BZ 1175315
+
+ This makes the check consistent with installPkgs() (cli.py:979).
+
+diff --git a/yumcommands.py b/yumcommands.py
+index 502bcb3..1be1051 100644
+--- a/yumcommands.py
++++ b/yumcommands.py
+@@ -253,7 +253,8 @@ def checkEnabledRepo(base, possible_local_files=[]):
+ return
+
+ for lfile in possible_local_files:
+- if lfile.endswith(".rpm") and os.path.exists(lfile):
++ if lfile.endswith(".rpm") and (yum.misc.re_remote_url(lfile) or
++ os.path.exists(lfile)):
+ return
+
+ # runs prereposetup (which "most" plugins currently use to add repos.)
diff --git a/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch b/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch
new file mode 100644
index 0000000..c1ff787
--- /dev/null
+++ b/SOURCES/BZ-1278333-yum-shell-support-exit-status.patch
@@ -0,0 +1,243 @@
+diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
+--- yum-3.4.3/docs/yum.conf.5.orig 2017-11-24 20:52:02.648462776 +0100
++++ yum-3.4.3/docs/yum.conf.5 2017-11-24 20:52:18.483380945 +0100
+@@ -1016,6 +1016,15 @@ If set to False, 'yum update' will fail
+ names (package, group, rpm file). It will also fail if the provided name is a package
+ which is available, but not installed. Boolean (1, 0, True, False, yes, no). Defaults to True.
+
++.IP
++\fBshell_exit_status\fR
++Determines the exit status that should be returned by `yum shell' when it
++terminates after reading the `exit' command or EOF.
++Possible values are: 0, ?.
++If ? is set, the exit status is that of the last command executed before `exit'
++(bash-like behavior).
++Defaults to 0.
++
+ .SH "[repository] OPTIONS"
+ .LP
+ The repository section(s) take the following form:
+diff -up yum-3.4.3/docs/yum-shell.8.orig yum-3.4.3/docs/yum-shell.8
+--- yum-3.4.3/docs/yum-shell.8.orig 2011-06-28 22:27:22.000000000 +0200
++++ yum-3.4.3/docs/yum-shell.8 2017-11-24 20:52:18.483380945 +0100
+@@ -31,6 +31,12 @@ information. There are a few additional
+ reset: reset (zero-out) the transaction
+ solve: run the dependency solver on the transaction
+ run: run the transaction
++.IP
++.IP "\fBexit\fP"
++ Causes the shell to exit, setting the exit status as specified by the
++ \fBshell_exit_status\fR option in \fIyum.conf(5)\fR.
++ This command is also triggered when EOF is read (usually the C-d keystroke
++ or end of script).
+
+ .PP
+ .SH "Examples"
+diff -up yum-3.4.3/shell.py.orig yum-3.4.3/shell.py
+--- yum-3.4.3/shell.py.orig 2017-11-24 20:52:02.580463129 +0100
++++ yum-3.4.3/shell.py 2017-11-24 20:52:18.483380945 +0100
+@@ -126,6 +126,7 @@ class YumShell(cmd.Cmd):
+
+ :param line: the next line of input
+ """
++ self.result = 0
+ if len(line) > 0 and line.strip()[0] == '#':
+ pass
+ else:
+@@ -150,7 +151,8 @@ class YumShell(cmd.Cmd):
+ except Errors.YumBaseError:
+ pass
+ else:
+- self.base.doCommands()
++ result, _ = self.base.doCommands()
++ self.result = result
+
+ def emptyline(self):
+ """Do nothing on an empty line of input."""
+@@ -211,13 +213,14 @@ class YumShell(cmd.Cmd):
+ self.base.shellUsage()
+
+ self.verbose_logger.info(msg)
++ self.result = 0
+
+ def do_EOF(self, line):
+ """Exit the shell when EOF is reached.
+
+ :param line: unused
+ """
+- self.resultmsgs = ['Leaving Shell']
++ self.do_exit(line)
+ return True
+
+ def do_quit(self, line):
+@@ -225,7 +228,7 @@ class YumShell(cmd.Cmd):
+
+ :param line: unused
+ """
+- self.resultmsgs = ['Leaving Shell']
++ self.do_exit(line)
+ return True
+
+ def do_exit(self, line):
+@@ -233,6 +236,9 @@ class YumShell(cmd.Cmd):
+
+ :param line: unused
+ """
++ # Make sure we don't go onto the next stage in yummain (result == 2)
++ if self.base.conf.shell_exit_status == '0' or self.result == 2:
++ self.result = 0
+ self.resultmsgs = ['Leaving Shell']
+ return True
+
+@@ -254,6 +260,7 @@ class YumShell(cmd.Cmd):
+ :param line: the remainder of the line, containing the name of
+ a subcommand. If no subcommand is given, run the list subcommand.
+ """
++ self.result = 0
+ (cmd, args, line) = self.parseline(line)
+ if cmd in ['list', None]:
+ self.verbose_logger.log(logginglevels.INFO_2,
+@@ -267,11 +274,13 @@ class YumShell(cmd.Cmd):
+ (code, msgs) = self.base.buildTransaction()
+ except Errors.YumBaseError, e:
+ self.logger.critical('Error building transaction: %s', e)
++ self.result = 1
+ return False
+
+ if code == 1:
+ for msg in msgs:
+ self.logger.critical('Error: %s', msg)
++ self.result = 1
+ else:
+ self.verbose_logger.log(logginglevels.INFO_2,
+ 'Success resolving dependencies')
+@@ -292,6 +301,7 @@ class YumShell(cmd.Cmd):
+ value is given, print the current value. If a value is
+ supplied, set the option to the given value.
+ """
++ self.result = 0
+ (cmd, args, line) = self.parseline(line)
+ # logs
+ if cmd in ['debuglevel', 'errorlevel']:
+@@ -305,6 +315,7 @@ class YumShell(cmd.Cmd):
+ val = int(val)
+ except ValueError:
+ self.logger.critical('Value %s for %s cannot be made to an int', val, cmd)
++ self.result = 1
+ return
+ setattr(self.base.conf, cmd, val)
+ if cmd == 'debuglevel':
+@@ -321,6 +332,7 @@ class YumShell(cmd.Cmd):
+ value = opts[0]
+ if value.lower() not in BOOLEAN_STATES:
+ self.logger.critical('Value %s for %s is not a Boolean', value, cmd)
++ self.result = 1
+ return False
+ value = BOOLEAN_STATES[value.lower()]
+ setattr(self.base.conf, cmd, value)
+@@ -363,6 +375,7 @@ class YumShell(cmd.Cmd):
+ a subcommand and other parameters if required. If no
+ subcommand is given, run the list subcommand.
+ """
++ self.result = 0
+ (cmd, args, line) = self.parseline(line)
+ if cmd in ['list', None]:
+ # Munge things to run the repolist command
+@@ -380,7 +393,8 @@ class YumShell(cmd.Cmd):
+ except Errors.YumBaseError:
+ pass
+ else:
+- self.base.doCommands()
++ result, _ = self.base.doCommands()
++ self.result = result
+
+ elif cmd == 'enable':
+ repos = self._shlex_split(args)
+@@ -392,8 +406,10 @@ class YumShell(cmd.Cmd):
+ changed = self.base.repos.enableRepo(repo)
+ except Errors.ConfigError, e:
+ self.logger.critical(e)
++ self.result = 1
+ except Errors.RepoError, e:
+ self.logger.critical(e)
++ self.result = 1
+
+ else:
+ for repo in changed:
+@@ -402,6 +418,7 @@ class YumShell(cmd.Cmd):
+ except Errors.RepoError, e:
+ self.logger.critical('Disabling Repository')
+ self.base.repos.disableRepo(repo)
++ self.result = 1
+ return False
+
+ self.base.up = None
+@@ -413,8 +430,10 @@ class YumShell(cmd.Cmd):
+ offrepos = self.base.repos.disableRepo(repo)
+ except Errors.ConfigError, e:
+ self.logger.critical(e)
++ self.result = 1
+ except Errors.RepoError, e:
+ self.logger.critical(e)
++ self.result = 1
+
+ else:
+ # close the repos, too
+@@ -432,36 +451,45 @@ class YumShell(cmd.Cmd):
+ print cmd
+ print args
+ print line
++ self.result = 0
+
+ def do_run(self, line):
+ """Run the transaction.
+
+ :param line: unused
+ """
++ self.result = 0
+ if len(self.base.tsInfo) > 0:
+ try:
+ (code, msgs) = self.base.buildTransaction()
+ if code == 1:
+ for msg in msgs:
+ self.logger.critical('Error: %s', msg)
++ self.result = 1
+ return False
+
+ returnval = self.base.doTransaction()
+ except Errors.YumBaseError, e:
+ self.logger.critical('Error: %s', e)
++ self.result = 1
+ except KeyboardInterrupt, e:
+ self.logger.critical('\n\nExiting on user cancel')
++ self.result = 1
+ except IOError, e:
+ if e.errno == 32:
+ self.logger.critical('\n\nExiting on Broken Pipe')
++ self.result = 1
+ else:
+ if returnval not in [0,1,-1]:
+ self.verbose_logger.info('Transaction encountered a serious error.')
++ self.result = 1
+ else:
+ if returnval == 1:
+ self.verbose_logger.info('There were non-fatal errors in the transaction')
++ self.result = 1
+ elif returnval == -1:
+ self.verbose_logger.info("Transaction didn't start")
++ self.result = 1
+ self.verbose_logger.log(logginglevels.INFO_2,
+ 'Finished Transaction')
+ self.base.closeRpmDB()
+diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py
+--- yum-3.4.3/yum/config.py.orig 2017-11-24 20:52:02.648462776 +0100
++++ yum-3.4.3/yum/config.py 2017-11-24 20:52:18.484380940 +0100
+@@ -931,6 +931,8 @@ class YumConf(StartupConf):
+
+ usr_w_check = BoolOption(True)
+
++ shell_exit_status = SelectionOption('0', ('0', '?'))
++
+ _reposlist = []
+
+ def dump(self):
diff --git a/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch b/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch
new file mode 100644
index 0000000..62e690b
--- /dev/null
+++ b/SOURCES/BZ-1287610-fips-dont-pollute-stderr.patch
@@ -0,0 +1,83 @@
+diff -up yum-3.4.3/yum/Errors.py.orig yum-3.4.3/yum/Errors.py
+--- yum-3.4.3/yum/Errors.py.orig 2017-09-14 18:42:26.740558383 +0200
++++ yum-3.4.3/yum/Errors.py 2017-09-14 18:42:30.371541754 +0200
+@@ -99,6 +99,11 @@ class ConfigError(YumBaseError):
+ class MiscError(YumBaseError):
+ pass
+
++class FIPSNonCompliantError(MiscError):
++ def __init__(self, sumtype):
++ MiscError.__init__(
++ self, '%s algorithm is not FIPS compliant' % sumtype)
++
+ class GroupsError(YumBaseError):
+ pass
+
+diff -up yum-3.4.3/yum/misc.py.orig yum-3.4.3/yum/misc.py
+--- yum-3.4.3/yum/misc.py.orig 2017-09-14 18:42:26.794558135 +0200
++++ yum-3.4.3/yum/misc.py 2017-09-14 18:42:30.372541749 +0200
+@@ -58,11 +58,20 @@ except ImportError:
+ raise ValueError, "Bad checksum type"
+
+ # some checksum types might be disabled
++_fips_noncompliant = set()
+ for ctype in list(_available_checksums):
+ try:
+ hashlib.new(ctype)
+- except:
+- print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype)
++ except Exception as e:
++ # Print an error unless this is due to FIPS mode (in which case it's
++ # not really an error and we don't want to pollute the output
++ # needlessly; if someone actually tries to instantiate a Checksum with
++ # a FIPS non-compliant ctype, we'll raise an explanatory exception
++ # anyway).
++ if isinstance(e, ValueError) and str(e).endswith('disabled for fips'):
++ _fips_noncompliant.add(ctype)
++ else:
++ print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype)
+ _available_checksums.remove(ctype)
+ for ctype in 'sha256', 'sha1':
+ if ctype in _available_checksums:
+@@ -71,7 +80,7 @@ for ctype in 'sha256', 'sha1':
+ else:
+ raise ImportError, 'broken hashlib'
+
+-from Errors import MiscError
++from Errors import MiscError, FIPSNonCompliantError
+ # These are API things, so we can't remove them even if they aren't used here.
+ # pylint: disable-msg=W0611
+ from i18n import to_utf8, to_unicode
+@@ -271,6 +280,8 @@ class Checksums:
+ sumalgo = hashlib.new(sumtype)
+ elif ignore_missing:
+ continue
++ elif sumtype in _fips_noncompliant:
++ raise FIPSNonCompliantError(sumtype)
+ else:
+ raise MiscError, 'Error Checksumming, bad checksum type %s' % sumtype
+ done.add(sumtype)
+diff -up yum-3.4.3/yum/yumRepo.py.orig yum-3.4.3/yum/yumRepo.py
+--- yum-3.4.3/yum/yumRepo.py.orig 2017-09-14 18:42:26.879557746 +0200
++++ yum-3.4.3/yum/yumRepo.py 2017-09-14 18:43:23.422298802 +0200
+@@ -497,7 +497,10 @@ class YumRepository(Repository, config.R
+ except (Errors.MiscError, EnvironmentError), e:
+ if checksum_can_fail:
+ return None
+- raise Errors.RepoError, 'Error opening file for checksum: %s' % e
++ msg = 'Error opening file for checksum: %s' % e
++ if isinstance(e, Errors.FIPSNonCompliantError):
++ msg = str(e)
++ raise Errors.RepoError(msg)
+
+ def dump(self):
+ output = '[%s]\n' % self.id
+@@ -1799,7 +1802,7 @@ Insufficient space in download directory
+ except Errors.RepoError, e:
+ if check_can_fail:
+ return None
+- raise URLGrabError(-3, 'Error performing checksum')
++ raise URLGrabError(-3, 'Error performing checksum: %s' % e)
+
+ if l_csum == r_csum:
+ _xattr_set_chksum(file, r_ctype, l_csum)
diff --git a/SOURCES/BZ-1358492-installonly-kernel.patch b/SOURCES/BZ-1358492-installonly-kernel.patch
new file mode 100644
index 0000000..91c9070
--- /dev/null
+++ b/SOURCES/BZ-1358492-installonly-kernel.patch
@@ -0,0 +1,11 @@
+diff -up yum-3.4.3/yum/config.py.old yum-3.4.3/yum/config.py
+--- yum-3.4.3/yum/config.py.old 2017-10-06 13:24:25.014855429 +0200
++++ yum-3.4.3/yum/config.py 2017-10-06 13:36:38.602637131 +0200
+@@ -755,6 +755,7 @@ class YumConf(StartupConf):
+ username = Option()
+ password = Option()
+ installonlypkgs = ListOption(['kernel', 'kernel-bigmem',
++ 'installonlypkg(kernel)',
+ 'installonlypkg(kernel-module)',
+ 'installonlypkg(vm)',
+ 'kernel-enterprise','kernel-smp', 'kernel-debug',
diff --git a/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch b/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch
new file mode 100644
index 0000000..3420181
--- /dev/null
+++ b/SOURCES/BZ-1361609-improve-exactarchlist-opt.patch
@@ -0,0 +1,63 @@
+diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
+--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-31 17:11:01.730922455 +0100
++++ yum-3.4.3/docs/yum.conf.5 2017-10-31 17:14:00.544379686 +0100
+@@ -221,6 +221,18 @@ List of package names that are kernels.
+ updating of kernel packages and should be removed out in the yum 2.1 series.
+
+ .IP
++\fBexactarchlist\fR
++List of packages that should never change archs in an update.
++That means, if a package has a newer version available which is for a different
++compatible arch, yum will not consider that version an update if the package
++name is in this list.
++For example, on x86_64, foo-1.x86_64 won't be updated to foo-2.i686 if foo is
++in this list.
++Kernels in particular fall into this category.
++Shell globs using wildcards (eg. * and ?) are allowed.
++Default is an empty list.
++
++.IP
+ \fBshowdupesfromrepos\fR
+ Either `0' or `1'. Set to `1' if you wish to show any duplicate packages from
+ any repository, from package listings like the info or list commands. Set
+diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py
+--- yum-3.4.3/yum/config.py.orig 2017-10-31 17:11:01.729922458 +0100
++++ yum-3.4.3/yum/config.py 2017-10-31 17:12:46.513604398 +0100
+@@ -42,6 +42,7 @@ import rpmUtils.miscutils
+ import Errors
+ import types
+ from misc import get_uuid, read_in_items_from_dot_dir
++import fnmatch
+
+ # Alter/patch these to change the default checking...
+ __pkgs_gpgcheck_default__ = False
+@@ -284,6 +285,20 @@ class UrlListOption(ListOption):
+ return out
+
+
++class WildListOption(ListOption):
++ """An option containing a list of strings that supports shell-style
++ wildcard matching in membership test operations."""
++
++ def parse(self, s):
++ class WildList(list):
++ def __contains__(self, item):
++ if not isinstance(item, basestring):
++ return False
++ return any(fnmatch.fnmatch(item, p) for p in self)
++ patterns = super(WildListOption, self).parse(s)
++ return WildList(patterns)
++
++
+ class IntOption(Option):
+ """An option representing an integer value."""
+
+@@ -769,7 +784,7 @@ class YumConf(StartupConf):
+ names_of_0=["0", "<off>"])
+ kernelpkgnames = ListOption(['kernel','kernel-smp', 'kernel-enterprise',
+ 'kernel-bigmem', 'kernel-BOOT', 'kernel-PAE', 'kernel-PAE-debug'])
+- exactarchlist = ListOption(__exactarchlist_default__)
++ exactarchlist = WildListOption(__exactarchlist_default__)
+ tsflags = ListOption()
+ override_install_langs = Option()
+
diff --git a/SOURCES/BZ-1386597-obsoletes-man-page.patch b/SOURCES/BZ-1386597-obsoletes-man-page.patch
new file mode 100644
index 0000000..ec6f0fc
--- /dev/null
+++ b/SOURCES/BZ-1386597-obsoletes-man-page.patch
@@ -0,0 +1,19 @@
+commit e9c88f76e0594d5c52ebb08f4c68003cad2c6e67
+Author: Jaroslav Mracek <jmracek@redhat.com>
+Date: Wed Oct 19 11:28:01 2016 +0200
+
+ Minor fix in doc of check command
+
+diff --git a/docs/yum.8 b/docs/yum.8
+index efaa061..a4b953d 100644
+--- a/docs/yum.8
++++ b/docs/yum.8
+@@ -784,7 +784,7 @@ included so you can easily see the space used/saved and any other changes.
+ .IP
+ .IP "\fBcheck\fP"
+ Checks the local rpmdb and produces information on any problems it finds. You
+-can pass the check command the arguments "dependencies", "duplicates", "obsoletes" or "provides",
++can pass the check command the arguments "dependencies", "duplicates", "obsoleted" or "provides",
+ to limit the checking that is performed (the default is "all" which does all).
+
+ .IP
diff --git a/SOURCES/BZ-1411575-manpage-typo.patch b/SOURCES/BZ-1411575-manpage-typo.patch
new file mode 100644
index 0000000..ec622f9
--- /dev/null
+++ b/SOURCES/BZ-1411575-manpage-typo.patch
@@ -0,0 +1,28 @@
+commit cee73706e91911c74df7bdc57d822a3b993ecb71
+Author: Valentina Mukhamedzhanova <vmukhame@redhat.com>
+Date: Fri Oct 6 14:04:01 2017 +0200
+
+ Fix some typos in the manpage.
+
+diff --git a/docs/yum.8 b/docs/yum.8
+index a4b953d..b6961e7 100644
+--- a/docs/yum.8
++++ b/docs/yum.8
+@@ -247,7 +247,7 @@ the \fIClean Options\fP section below\&.
+ .IP "\fBmakecache\fP"
+ Is used to download and make usable all the metadata for the currently enabled
+ \fByum\fP repos. If the argument "fast" is passed, then we just try to make
+-sure the repos. are current (much like "yum clean expire-cache").
++sure the repos are current (much like "yum clean expire-cache").
+ .IP
+ .IP "\fBgroups\fP"
+ A command, new in 3.4.2, that collects all the subcommands that act on groups
+@@ -430,7 +430,7 @@ or \'all\' then the command will list those types of repos.
+
+ You can pass repo id or name arguments, or wildcards which to match against
+ both of those. However if the id or name matches exactly then the repo will
+-be listed even if you are listing enabled repos. and it is disabled.
++be listed even if you are listing enabled repos and it is disabled.
+
+ In non-verbose mode the first column will start with a \'*\' if the repo. has
+ metalink data and the latest metadata is not local and will start with a
diff --git a/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch b/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch
new file mode 100644
index 0000000..25323df
--- /dev/null
+++ b/SOURCES/BZ-1411692-docs-conf-var-naming-rules.patch
@@ -0,0 +1,23 @@
+diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
+--- yum-3.4.3/docs/yum.conf.5.orig 2017-11-01 14:58:28.259740017 +0100
++++ yum-3.4.3/docs/yum.conf.5 2017-11-01 14:58:48.528648100 +0100
+@@ -1356,8 +1356,17 @@ the same name. If the shell environment
+ configuration file variable will not be replaced.
+
+ .LP
+-As of 3.2.28, any file in /etc/yum/vars is turned into a variable named after
+-the filename (or overrides any of the above variables).
++When variable names are parsed in a string, all alphanumeric characters and
++underscores immediately following a $ sign are interpreted as part of a name.
++If a variable is undefined, it will not be replaced.
++For example, the strings $releasever-foo or $releasever/foo will be expanded
++with the $releasever value accordingly, whereas $releaseverfoo or
++$releasever_foo will not be expanded.
++
++As of 3.2.28, any properly named file in /etc/yum/vars is turned into
++a variable named after the filename (or overrides any of the above variables).
++Filenames may contain only alphanumeric characters and underscores
++and be in lowercase.
+
+ Note that no warnings/errors are given if the files are unreadable, so creating
+ files that only root can read may be confusing for users.
diff --git a/SOURCES/BZ-1432319-add-usercache-opt.patch b/SOURCES/BZ-1432319-add-usercache-opt.patch
new file mode 100644
index 0000000..ba42905
--- /dev/null
+++ b/SOURCES/BZ-1432319-add-usercache-opt.patch
@@ -0,0 +1,84 @@
+diff -up yum-3.4.3/cli.py.orig yum-3.4.3/cli.py
+--- yum-3.4.3/cli.py.orig 2017-10-20 18:27:45.114593690 +0200
++++ yum-3.4.3/cli.py 2017-10-20 18:27:48.367578901 +0200
+@@ -2275,8 +2275,10 @@ class YumOptionParser(OptionParser):
+ self.base.updateinfo_filters['cves'] = self._splitArg(opts.cves)
+ self.base.updateinfo_filters['sevs'] = self._splitArg(opts.sevs)
+
++ if not self.base.conf.usercache and os.geteuid() != 0:
++ self.base.conf.cache = 1
+ # Treat users like root as much as possible:
+- if not self.base.setCacheDir():
++ elif not self.base.setCacheDir():
+ self.base.conf.cache = 1
+ if opts.cacheonly:
+ self.base.conf.cache = 1
+diff -up yum-3.4.3/docs/yum.8.orig yum-3.4.3/docs/yum.8
+--- yum-3.4.3/docs/yum.8.orig 2017-10-20 18:27:45.135593595 +0200
++++ yum-3.4.3/docs/yum.8 2017-10-20 18:27:48.368578897 +0200
+@@ -835,8 +835,12 @@ Configuration Option: \fBrpmverbosity\fP
+ .IP "\fB\-R, \-\-randomwait=[time in minutes]\fP"
+ Sets the maximum amount of time yum will wait before performing a command \- it randomizes over the time.
+ .IP "\fB\-C, \-\-cacheonly\fP"
+-Tells yum to run entirely from system cache - does not download or
+-update any headers unless it has to to perform the requested action.
++Tells yum to run entirely from system cache; does not download or update
++metadata.
++When this is used by a non\-root user, yum will run entirely from user cache in
++$TMPDIR.
++This option doesn't stop yum from updating user cache from system cache locally
++if the latter is newer (this is always done when running as a user).
+ .IP "\fB\-\-version\fP"
+ Reports the \fByum\fP version number and installed package versions for
+ everything in history_record_packages (can be added to by plugins).
+diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
+--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-20 18:27:45.137593585 +0200
++++ yum-3.4.3/docs/yum.conf.5 2017-10-20 18:27:48.368578897 +0200
+@@ -40,6 +40,19 @@ of headers and packages after successful
+ .br
+
+ .IP
++\fBusercache\fR
++Either `1' or `0'. Determines whether or not yum should store per-user cache in
++$TMPDIR.
++When set to `0', then whenever yum runs as a non\-root user,
++\fB\-\-cacheonly\fR is implied and system cache is used directly, and no new
++user cache is created in $TMPDIR.
++This can be used to prevent $TMPDIR from filling up if many users on the system
++often use yum and root tends to have up-to-date metadata that the users can
++rely on (they can still enable this feature with \fB\-\-setopt\fR if they
++wish).
++Default is `1' (user cache enabled).
++
++.IP
+ \fBreposdir\fR
+ A list of directories where yum should look for .repo files which define
+ repositories to use. Default is `/etc/yum.repos.d'. Each
+diff -up yum-3.4.3/yum/config.py.orig yum-3.4.3/yum/config.py
+--- yum-3.4.3/yum/config.py.orig 2017-10-20 18:27:45.136593590 +0200
++++ yum-3.4.3/yum/config.py 2017-10-20 18:27:48.369578892 +0200
+@@ -742,6 +742,7 @@ class YumConf(StartupConf):
+ cachedir = Option('/var/cache/yum')
+
+ keepcache = BoolOption(True)
++ usercache = BoolOption(True)
+ logfile = Option('/var/log/yum.log')
+ reposdir = ListOption(['/etc/yum/repos.d', '/etc/yum.repos.d'])
+
+diff -up yum-3.4.3/yummain.py.orig yum-3.4.3/yummain.py
+--- yum-3.4.3/yummain.py.orig 2017-10-20 18:27:45.062593926 +0200
++++ yum-3.4.3/yummain.py 2017-10-20 18:27:48.369578892 +0200
+@@ -71,7 +71,12 @@ def main(args):
+ def exRepoError(e):
+ # For RepoErrors ... help out by forcing new repodata next time.
+ # XXX: clean only the repo that has failed?
+- base.cleanExpireCache()
++ try:
++ base.cleanExpireCache()
++ except Errors.YumBaseError:
++ # Let's not confuse the user further (they don't even know we tried
++ # the clean).
++ pass
+
+ msg = _("""\
+ One of the configured repositories failed (%(repo)s),
diff --git a/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch b/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch
new file mode 100644
index 0000000..f236da2
--- /dev/null
+++ b/SOURCES/BZ-1451817-docs-improve-payload-gpgcheck-opt.patch
@@ -0,0 +1,73 @@
+diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
+--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-26 11:13:52.013324456 +0200
++++ yum-3.4.3/docs/yum.conf.5 2017-10-26 11:15:37.733858789 +0200
+@@ -106,28 +106,34 @@ default for all repositories. The defaul
+
+ .IP
+ \fBpayload_gpgcheck\fR
+-Either `1' or `0'. This tells yum whether or not it should also perform a GPG
+-signature check on the payload (part of a package holding the actual files that
+-comprise the package).
+-
+-By default, yum only performs GPG signature checks on package headers.
+-Thus, if the payload data has been tampered with or corrupted, yum will fail in
+-the middle of the transaction due to an RPM unpacking error, after some
+-unverified scriptlets might have already run, and possibly leave the package in
+-question partly installed.
+-
+-To prevent all of that, you can enable this option to extend the signature
+-check to also include the payload, so that yum can avoid running the
+-transaction in case of payload corruption.
+-This slightly improves security, however at the expense of significantly
+-increased transaction time, so you may want to only use this option when
+-package corruption is a concern.
++Either `1' or `0'. This tells yum whether or not it should perform a v3
++signature check on packages when \fBgpgcheck\fR (or \fBlocalpkg_gpgcheck\fR for
++local packages) is enabled.
++
++There are two types of GPG signatures generated by rpm: v3 (on header+payload)
++and v4 (on header only). When rpm signs a package, it creates both types. Yum
++can verify any of them before the transaction, depending on which options are
++set. When \fBgpgcheck\fR is enabled and this option is disabled, yum will
++verify v4 signatures only. When both \fBgpgcheck\fR and this option are
++enabled, yum will verify both v4 and v3 signatures (equivalent to running "rpm
++\-\-checksig"). The same rules apply to local packages and the
++\fBlocalpkg_gpgcheck\fR option accordingly.
++
++Since the header contains sha256 digests of individual files in the payload (a
++gzip-compressed cpio archive of files used in the package), verifying the
++header signature (v4) is sufficient to ensure authenticity and integrity of the
++whole package. After rpm unpacks the payload, it moves the files to their
++destination paths one by one after they pass the digest check. If a file
++doesn't pass, it won't be moved and the transaction will abort. However,
++because no rollback is done in such a case, the package may end up in the
++partially installed state.
++
++By verifying v3 signatures, yum will detect payload tamper before the
++transaction. While this will slightly increase processing time for big
++transactions and/or packages, it will prevent such broken installs and enhance
++security.
+
+-For this option to have effect, make sure to also enable gpgcheck (or
+-localpkg_gpgcheck for local packages).
+-
+-When this option is set in the [main] section it sets the default for all
+-repositories. The default is `0'.
++The default is `0'.
+
+ .IP
+ \fBskip_broken\fR
+diff -up yum-3.4.3/rpmUtils/miscutils.py.orig yum-3.4.3/rpmUtils/miscutils.py
+--- yum-3.4.3/rpmUtils/miscutils.py.orig 2017-10-26 11:13:49.637334921 +0200
++++ yum-3.4.3/rpmUtils/miscutils.py 2017-10-26 11:15:43.141834969 +0200
+@@ -61,8 +61,8 @@ def compareVerOnly(v1, v2):
+ def checkSig(ts, package, payload=False):
+ """Takes a transaction set and a package, check it's sigs.
+
+- By default, only RPMv4 sigs (header-only) will be verified (faster). By
+- setting payload to True, RPMv3 sigs (header+payload) will also be verified
++ By default, only v4 sigs (header-only) will be verified (faster). By
++ setting payload to True, v3 sigs (header+payload) will also be verified
+ (slower).
+
+ return 0 if they are all fine
diff --git a/SOURCES/BZ-1458841-preload-shared-libs.patch b/SOURCES/BZ-1458841-preload-shared-libs.patch
new file mode 100644
index 0000000..fa3e786
--- /dev/null
+++ b/SOURCES/BZ-1458841-preload-shared-libs.patch
@@ -0,0 +1,50 @@
+diff -up yum-3.4.3/cli.py.orig yum-3.4.3/cli.py
+--- yum-3.4.3/cli.py.orig 2017-06-29 17:44:53.784522557 +0200
++++ yum-3.4.3/cli.py 2017-06-29 17:46:16.249149700 +0200
+@@ -28,6 +28,7 @@ import logging
+ import math
+ from optparse import OptionParser,OptionGroup,SUPPRESS_HELP
+ import rpm
++import ctypes
+
+ from weakref import proxy as weakref
+
+@@ -779,6 +780,38 @@ class YumBaseCli(yum.YumBase, output.Yum
+ if self.conf.debuglevel < 2:
+ cb.display.output = False
+
++ # Whenever we upgrade a shared library (and its dependencies) which the
++ # yum process itself may dlopen() post-transaction (e.g. in a plugin
++ # hook), we may end up in a situation where the upgraded library and
++ # the pre-transaction version of a library it depends on which is ABI
++ # incompatible are loaded in memory at the same time, leading to
++ # unpredictable behavior and possibly a crash. Let's avoid that by
++ # preloading all such dynamically loaded libraries pre-transaction so
++ # that dlopen(), if called post-transaction, uses those instead of
++ # loading the newly installed versions.
++ preload = {
++ # Loaded by libcurl, see BZ#1458841
++ 'nss-sysinit': ['libnsssysinit.so'],
++ }
++ for pkg in preload:
++ # Only preload the libs if the package is actually installed and we
++ # are changing it with the transaction
++ if not self.tsInfo.matchNaevr(name=pkg) or \
++ not self.rpmdb.searchNevra(name=pkg):
++ continue
++ for lib in preload[pkg]:
++ try:
++ ctypes.cdll.LoadLibrary(lib)
++ self.verbose_logger.log(
++ yum.logginglevels.DEBUG_4,
++ _('Preloaded shared library %s') % lib
++ )
++ except Exception as e:
++ self.verbose_logger.log(
++ yum.logginglevels.DEBUG_4,
++ _('Could not preload shared library %s: %s') % (lib, e)
++ )
++
+ self.verbose_logger.log(yum.logginglevels.INFO_2, _('Running transaction'))
+ resultobject = self.runTransaction(cb=cb)
+
diff --git a/SOURCES/centos-branding-yum.patch b/SOURCES/centos-branding-yum.patch
deleted file mode 100644
index f100222..0000000
--- a/SOURCES/centos-branding-yum.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff -uNrp yum-3.4.3.orig/yum/constants.py yum-3.4.3/yum/constants.py
---- yum-3.4.3.orig/yum/constants.py 2018-01-30 11:17:56.961899488 +0000
-+++ yum-3.4.3/yum/constants.py 2018-01-30 11:41:57.421866122 +0000
-@@ -123,22 +123,22 @@ REPO_PROBLEM_PACKAGE=5
-
-
- ERRORS_TO_KBASE_ARTICLES = {
-- 404: """To address this issue please refer to the below knowledge base article
-+ 404: """To address this issue please refer to the below wiki article
-
--https://access.redhat.com/articles/1320623
-+https://wiki.centos.org/yum-errors
-
--If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.
-+If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
- """,
-- 403: """To address this issue please refer to the below knowledge base article
-+ 403: """To address this issue please refer to the below wiki article
-
--https://access.redhat.com/solutions/69319
-+https://wiki.centos.org/yum-errors
-
--If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.
-+If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
- """,
-- 60: """It was impossible to connect to the Red Hat servers.
-+ 60: """It was impossible to connect to the CentOS servers.
- This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
- or a transparent proxy that tampers with TLS security, or an incorrect system clock.
--Please collect information about the specific failure that occurs in your environment,
--using the instructions in: https://access.redhat.com/solutions/1527033 and open a ticket with Red Hat Support.
-+You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
-+If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
- """
--}
-\ No newline at end of file
-+}
diff --git a/SOURCES/yum.conf.centos b/SOURCES/yum.conf.centos
deleted file mode 100644
index 367126f..0000000
--- a/SOURCES/yum.conf.centos
+++ /dev/null
@@ -1,26 +0,0 @@
-[main]
-cachedir=/var/cache/yum/$basearch/$releasever
-keepcache=0
-debuglevel=2
-logfile=/var/log/yum.log
-exactarch=1
-obsoletes=1
-gpgcheck=1
-plugins=1
-installonly_limit=5
-bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
-distroverpkg=centos-release
-
-
-# This is the default, if you make this bigger yum won't see if the metadata
-# is newer on the remote and so you'll "gain" the bandwidth of not having to
-# download the new metadata and "pay" for it by yum not having correct
-# information.
-# It is esp. important, to have correct metadata, for distributions like
-# Fedora which don't keep old packages around. If you don't like this checking
-# interupting your command line usage, it's much better to have something
-# manually check the metadata once an hour (yum-updatesd will do this).
-# metadata_expire=90m
-
-# PUT YOUR REPOS HERE OR IN separate files named file.repo
-# in /etc/yum.repos.d
diff --git a/SPECS/yum.spec b/SPECS/yum.spec
index 571fb04..2391e29 100644
--- a/SPECS/yum.spec
+++ b/SPECS/yum.spec
@@ -32,11 +32,11 @@
Summary: RPM package installer/updater/manager
Name: yum
Version: 3.4.3
-Release: 154%{?dist}.1
+Release: 158%{?dist}
License: GPLv2+
Group: System Environment/Base
Source0: http://yum.baseurl.org/download/3.4/%{name}-%{version}.tar.gz
-Source1: yum.conf.centos
+Source1: yum.conf.fedora
Source2: yum-updatesd.conf.fedora
Patch1: yum-distro-configs.patch
Patch5: geode-arch.patch
@@ -146,8 +146,18 @@ Patch258: BZ-1370134-yum-check-ignore-self-conflicts.patch
Patch259: BZ-1352585-detect-installed-provide.patch
Patch260: BZ-1397829-fix-reget-simple-md-fnames.patch
-#CentOS Branding
-Patch1000: centos-branding-yum.patch
+# rhel-7.5
+Patch280: BZ-1287610-fips-dont-pollute-stderr.patch
+Patch281: BZ-1358492-installonly-kernel.patch
+Patch282: BZ-1175315-dont-require-enabled-repos-for-url.patch
+Patch283: BZ-1386597-obsoletes-man-page.patch
+Patch284: BZ-1411575-manpage-typo.patch
+Patch285: BZ-1458841-preload-shared-libs.patch
+Patch286: BZ-1451817-docs-improve-payload-gpgcheck-opt.patch
+Patch287: BZ-1361609-improve-exactarchlist-opt.patch
+Patch288: BZ-1432319-add-usercache-opt.patch
+Patch289: BZ-1411692-docs-conf-var-naming-rules.patch
+Patch290: BZ-1278333-yum-shell-support-exit-status.patch
URL: http://yum.baseurl.org/
BuildArchitectures: noarch
@@ -166,7 +176,6 @@ BuildRequires: pygpgme
# End of CheckRequires
Conflicts: pirut < 1.1.4
Requires: python >= 2.4
-Requires: yum-plugin-fastestmirror
Requires: rpm-python, rpm >= 0:4.11.3-22
Requires: python-iniparse
Requires: python-sqlite
@@ -378,7 +387,18 @@ Install this package if you want auto yum updates nightly via cron.
%patch259 -p1
%patch260 -p1
-%patch1000 -p1
+# rhel-7.5
+%patch280 -p1
+%patch281 -p1
+%patch282 -p1
+%patch283 -p1
+%patch284 -p1
+%patch285 -p1
+%patch286 -p1
+%patch287 -p1
+%patch288 -p1
+%patch289 -p1
+%patch290 -p1
# Do distro config. changes after everything else.
%patch1 -p1
@@ -610,16 +630,34 @@ exit 0
%endif
%changelog
-* Tue Jan 30 2018 Johnny Hughes <johnny@centos.org> - 3.4.3-154.el7.centos.1
-- Remove access.redhat.com knowledge base articles and point to
- wiki.centos.org instead
-
-* Tue Aug 01 2017 CentOS Sources <bugs@centos.org> - 3.4.3-154.el7.centos
-- CentOS yum config
-- use the CentOS bug tracker url
-- retain installonly limit of 5
-- ensure distrover is always from centos-release
-- Make yum require yum-plugin-fastestmirror
+* Sun Nov 26 2017 Valentina Mukhamedzhanova <vmukhame@redhat.com> - 3.4.3-158
+- Add support for yum-shell exit status.
+- Resolves: bug#1278333
+
+* Fri Nov 03 2017 Valentina Mukhamedzhanova <vmukhame@redhat.com> - 3.4.3-157
+- docs: clarify variable name matching.
+- Resolves: bug#1411692
+
+* Wed Nov 01 2017 Valentina Mukhamedzhanova <vmukhame@redhat.com> - 3.4.3-156
+- Preload shared libs that we may dlopen().
+- Resolves: bug#1458841
+- Update payload_gpgcheck documentation.
+- Resolves: bug#1451817
+- Make exactarchlist support wildcards and add docs.
+- Resolves: bug#1361609
+- Add usercache config option.
+- Resolves: bug#1432319
+
+* Thu Oct 06 2017 Valentina Mukhamedzhanova <vmukhame@redhat.com> - 3.4.3-155
+- Don't pollute stderr in FIPS mode.
+- Resolves: bug#1287610
+- Don't require enabled repos for URL installs.
+- Resolves: bug#1175315
+- installonlypkgs: add "installonlypkg(kernel)
+- Resolves: bug#1358492
+- Manpage fixes.
+- Resolves: bug#1386597
+- Resolves: bug#1411575
* Mon Mar 27 2017 Valentina Mukhamedzhanova <vmukhame@redhat.com> - 3.4.3-154
- Add payload_gpgcheck option.