Added patch for almalinux bugtracker

SOURCES/0068-automatic-Expand-email_to-in-command_email-emitter-t.patch

@@ -0,0 +1,98 @@
+From 843c725eebdd0484cf6f9d7a1de9369f336e28f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 19 Jun 2025 13:09:35 +0200
+Subject: [PATCH] automatic: Expand email_to in command_email emitter to
+ individual arguments
+
+Upstream commit: aa1ba2d1566198127518d0ccb38eaf5481b4649e
+
+If /etc/dnf/automatic.conf has:
+
+    [emitters]
+    emit_via = command_email
+    [command_email]
+    email_to = root,test
+
+a command incompatible with s-nail-14.9.25, a "mail" command
+implementation, was executed:
+
+    execve("/usr/bin/mail", ["mail", "-Ssendwait", "-s", "Updates available on 'fedora-43'.", "-r", "root", "root test"], ...) = 0
+
+The cause was that s-nail does not support multiple recipients in
+a single argument.
+
+This patch changes how "{email_to}" expands in command_format
+formatting string. Now it expands into multiple, space separated arguments.
+The new syntax is also accepted by mailx tool.
+
+Implementation detail: A list of email_to recipients passed in
+CommandEmitterMixIn does not inherit from "list" Python class or any
+other iterator. It's libdnf.module.VectorString class generated by
+Swig without. There the custom ShellQuotedLists formatting dictionary
+needs to refer to libdnf.module.VectorString type and include "libdnf"
+Python module explicitly.
+
+A test will be added to ci-dnf-stack repository.
+
+Resolve: #2241
+Resolve: https://issues.redhat.com/browse/RHEL-94321
+---
+ dnf/automatic/emitter.py | 21 +++++++++++++++++----
+ 1 file changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/dnf/automatic/emitter.py b/dnf/automatic/emitter.py
+index 673da082b..7753f7715 100644
+--- a/dnf/automatic/emitter.py
++++ b/dnf/automatic/emitter.py
+@@ -22,6 +22,7 @@ from __future__ import absolute_import
+ from __future__ import print_function
+ from __future__ import unicode_literals
+ from dnf.i18n import _
++import libdnf
+ import logging
+ import dnf.pycomp
+ import smtplib
+@@ -126,6 +127,20 @@ class EmailEmitter(Emitter):
+             logger.error(msg)
+ 
+ 
++class ShellQuotedLists(dict):
++    """
++    Dictionary which returns values quoted with dnf.pycomp.shlex_quote().
++    If a looked-up value is a list or libdnf.module.VectorString, it will
++    quote the list members and then concatenate them with a space and return
++    the resulting string.
++    """
++    def __getitem__(self, key):
++        value = super(ShellQuotedLists, self).__getitem__(key)
++        if isinstance(value, (list, libdnf.module.VectorString)):
++            return ' '.join(dnf.pycomp.shlex_quote(item) for item in value)
++        else:
++            return dnf.pycomp.shlex_quote(value)
++
+ class CommandEmitterMixIn(object):
+     """
+     Executes a desired command, and pushes data into its stdin.
+@@ -141,9 +156,7 @@ class CommandEmitterMixIn(object):
+         msg = self._prepare_msg()
+         # all strings passed to shell should be quoted to avoid accidental code
+         # execution
+-        quoted_msg = dict((key, dnf.pycomp.shlex_quote(val))
+-                          for key, val in msg.items())
+-        command = command_fmt.format(**quoted_msg)
++        command = command_fmt.format_map(ShellQuotedLists(msg))
+         stdin_feed = stdin_fmt.format(**msg).encode('utf-8')
+ 
+         # Execute the command
+@@ -171,7 +184,7 @@ class CommandEmailEmitter(CommandEmitterMixIn, EmailEmitter):
+         return {'subject': subject,
+                 'body': body,
+                 'email_from': self._conf.email_from,
+-                'email_to': ' '.join(self._conf.email_to)}
++                'email_to': self._conf.email_to}
+ 
+ 
+ class StdIoEmitter(Emitter):
+-- 
+2.52.0
+

SOURCES/0069-autoremove-warn-and-skip-dangling-protected-dependen.patch

@@ -0,0 +1,43 @@
+From bffb669be6d49bd570c3a898aebc3a6dd28abf30 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
+Date: Mon, 26 Jan 2026 12:29:11 +0100
+Subject: [PATCH] autoremove: warn and skip dangling protected dependencies
+
+Requires new libdnf 0.76.0 API.
+---
+ dnf/base.py | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/dnf/base.py b/dnf/base.py
+index 7d3dfdee..a20c18ee 100644
+--- a/dnf/base.py
++++ b/dnf/base.py
+@@ -2308,9 +2308,23 @@ class Base(object):
+                 logger.warning(_('No packages marked for removal.'))
+ 
+         else:
+-            pkgs = self.sack.query()._unneeded(self.history.swdb,
++            unneeded_pkgs = self.sack.query()._unneeded(self.history.swdb,
+                                                debug_solver=self.conf.debug_solver)
+-            for pkg in pkgs:
++
++            protected = self.sack.query().installed().filterm(name=self.conf.protected_packages)
++            protected_found = False
++            for pkg in protected:
++                if pkg in unneeded_pkgs:
++                    msg = _('Unneeded protected package: %s (and its dependencies) cannot be removed, '
++                            'either mark it as user-installed or change protected_packages configuration option.')
++                    logger.warning(msg, pkg)
++                    protected_found = True
++
++            if protected_found:
++                unneeded_pkgs = self.sack.query()._unneeded_extra_userinstalled(self.history.swdb, protected,
++                                                   debug_solver=self.conf.debug_solver)
++
++            for pkg in unneeded_pkgs:
+                 self.package_remove(pkg)
+ 
+     def remove(self, pkg_spec, reponame=None, forms=None):
+-- 
+2.53.0
+

SOURCES/0070-bootc-unlock-only-if-usr-is-read-only.patch

@@ -0,0 +1,57 @@
+From a8608927848b918e82d4b78bc0312cfdb58210de Mon Sep 17 00:00:00 2001
+From: Evan Goode <mail@evangoo.de>
+Date: Mon, 1 Dec 2025 13:40:26 -0500
+Subject: [PATCH 1/2] bootc: unlock only if /usr is read-only
+
+DNF should only run `ostree admin unlock --transient` if `/usr` is
+actually read-only. `/usr` may be writable via OSTree's `root.transient =
+true` even if the `ostree admin status` is not transient.
+
+Resolves: https://redhat.atlassian.net/browse/RHEL-138512
+---
+ dnf/cli/cli.py | 4 +++-
+ dnf/util.py    | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
+index 21e8764d0..f855c5eec 100644
+--- a/dnf/cli/cli.py
++++ b/dnf/cli/cli.py
+@@ -225,6 +225,7 @@ class BaseCli(dnf.Base):
+             # Handle bootc transactions. `--transient` must be specified if
+             # /usr is not already writeable.
+             bootc_system = None
++            bootc_system_needs_unlock = False
+             if is_bootc_transaction:
+                 if self.conf.persistence == "persist":
+                     logger.info(_("Persistent transactions aren't supported on bootc systems."))
+@@ -246,6 +247,7 @@ class BaseCli(dnf.Base):
+                         logger.info(_("A transient overlay will be created on /usr that will be discarded on reboot. "
+                                       "Keep in mind that changes to /etc and /var will still persist, and packages "
+                                       "commonly modify these directories."))
++                        bootc_system_needs_unlock = True
+                 self._persistence = libdnf.transaction.TransactionPersistence_TRANSIENT
+ 
+                 # Check whether the transaction modifies usr_drift_protected_paths
+@@ -276,7 +278,7 @@ class BaseCli(dnf.Base):
+                 if self.conf.assumeno or not self.output.userconfirm():
+                     raise CliError(_("Operation aborted."))
+ 
+-            if bootc_system:
++            if bootc_system and bootc_system_needs_unlock:
+                 bootc_system.make_writable()
+         else:
+             logger.info(_('Nothing to do.'))
+diff --git a/dnf/util.py b/dnf/util.py
+index 0161f80d8..70bae605f 100644
+--- a/dnf/util.py
++++ b/dnf/util.py
+@@ -741,4 +741,4 @@ class _BootcSystem:
+             # read-only. Set up a mount namespace for DNF.
+             self._set_up_mountns()
+ 
+-        assert os.access(self.usr, os.W_OK)
++        assert self.is_writable()
+-- 
+2.53.0
+

SOURCES/0071-bootc-Call-make_writable-when-DeploymentUnlockedStat.patch

@@ -0,0 +1,37 @@
+From b9c0a2ab768c624ad7746a175379358479df6f55 Mon Sep 17 00:00:00 2001
+From: Evan Goode <mail@evangoo.de>
+Date: Fri, 20 Mar 2026 16:28:14 -0400
+Subject: [PATCH 2/2] bootc: Call make_writable when
+ DeploymentUnlockedState.TRANSIENT
+
+Fixes a bug in 1afe4328334f27b45b5c4599b6f1e8ac69d465e4.
+bootc_system.make_writable should still be called even when the system
+is already in DeploymentUnlockedState.TRANSIENT, since the DNF mount
+namespace needs to be set up either way.
+---
+ dnf/cli/cli.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
+index f855c5eec..ce81f262b 100644
+--- a/dnf/cli/cli.py
++++ b/dnf/cli/cli.py
+@@ -235,6 +235,7 @@ class BaseCli(dnf.Base):
+                 bootc_system = dnf.util._BootcSystem()
+ 
+                 if not bootc_system.is_writable():
++                    bootc_system_needs_unlock = True
+                     if self.conf.persistence == "auto":
+                         logger.info(_("This bootc system is configured to be read-only. Pass --transient to "
+                                       "perform this transaction in a transient overlay which will reset when "
+@@ -247,7 +248,6 @@ class BaseCli(dnf.Base):
+                         logger.info(_("A transient overlay will be created on /usr that will be discarded on reboot. "
+                                       "Keep in mind that changes to /etc and /var will still persist, and packages "
+                                       "commonly modify these directories."))
+-                        bootc_system_needs_unlock = True
+                 self._persistence = libdnf.transaction.TransactionPersistence_TRANSIENT
+ 
+                 # Check whether the transaction modifies usr_drift_protected_paths
+-- 
+2.53.0
+

SPECS/dnf.spec

@@ -22,7 +22,7 @@
 %endif
 
 %if 0%{?rhel} == 9
-    %global hawkey_version 0.69.0-16
+    %global hawkey_version 0.69.0-18
 %endif
 
 # override dependencies for fedora 26
@@ -73,7 +73,7 @@ It supports RPMs, modules and comps groups & environments.
 
 Name:           dnf
 Version:        4.14.0
-Release:        31%{?dist}.alma.1
+Release:        34%{?dist}.alma.1
 Summary:        %{pkg_summary}
 # For a breakdown of the licensing, see PACKAGE-LICENSING
 License:        GPLv2+
@@ -146,6 +146,10 @@ Patch64:        0064-doc-Document-detect_releasevers-and-update-example.patch
 Patch65:        0065-tests-Patch-detect_releasevers-not-detect_releasever.patch
 Patch66:        0066-Document-how-releasever-releasever_-major-minor-affe.patch
 Patch67:        0067-Move-releasever_minor-setter-docstring-to-the-correc.patch
+Patch68:        0068-automatic-Expand-email_to-in-command_email-emitter-t.patch
+Patch69:        0069-autoremove-warn-and-skip-dangling-protected-dependen.patch
+Patch70:        0070-bootc-unlock-only-if-usr-is-read-only.patch
+Patch71:        0071-bootc-Call-make_writable-when-DeploymentUnlockedStat.patch
 
 # AlmaLinux Patch
 Patch10000: almalinux_bugtracker.patch
@@ -455,9 +459,20 @@ popd
 # bootc subpackage does not include any files
 
 %changelog
-* Tue Nov 11 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.14.0-31.alma.1
+* Wed May 20 2026 Eduard Abdullin <eabdullin@almalinux.org> - 4.14.0-34.alma.1
 - Added patch for almalinux bugtracker
 
+* Wed Mar 25 2026 Evan Goode <egoode@redhat.com> - 4.14.0-34
+- bootc: unlock only if /usr is read-only (RHEL-138512)
+
+* Wed Feb 11 2026 Ales Matej <amatej@redhat.com> - 4.14.0-33
+- autoremove: when a dangling protected dependency is found produce a wanrning
+  and skip it (RHEL-76112)
+
+* Fri Jan 09 2026 Petr Pisar <ppisar@redhat.com> - 4.14.0-32
+- automatic: Expand email_to in command_email emitter to individual arguments
+  (RHEL-94321)
+
 * Mon Jun 30 2025 Evan Goode <egoode@redhat.com> - 4.14.0-31
 - Introduce $releasever_major, $releasever_minor variables, shell-style
   variable substitution (RHEL-65817)