rpms/libdnf
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libdnf-0.65.0-5.1.el9_0

Browse Source
This commit is contained in:
CentOS Sources 2022-09-20 07:50:09 -04:00 committed by Stepan Oksanichenko
parent b35c2792c9
commit 3d823509e4
3 changed files with 179 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
SOURCES/0004-advisory-upgrade-filter-out-advPkgs-with-different-a.patch Normal file
View File

@ -0,0 +1,100 @@
From 35a3cebb3b23b3ba9001e3d4f9f0ef5e59c499f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 30 May 2022 08:59:41 +0200
Subject: [PATCH 4/5] advisory upgrade: filter out advPkgs with different arch
This prevents a situation in security upgrades where libsolv cannot
upgrade dependent pkgs because we ask for an upgrade of different arch:
We can get the following testcase if libdnf has filtered out
json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
(because there is an advisory for already installed json-c-1-1.el8.x86_64) but
json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms is not filtered out because
it has different architecture. The resulting transaction doesn't work.
```
repo @System -99.-1000 testtags <inline>
#>=Pkg: bind-libs-lite 1 1.el8 x86_64
#>=Pkg: json-c 1 1.el8 x86_64
repo rhel-8-for-x86_64-baseos-rpms -99.-1000 testtags <inline>
#>=Pkg: json-c 2 2.el8 x86_64
#>=Prv: libjson-c.so.4()(64bit)
#>
#>=Pkg: json-c 2 2.el8 i686
#>=Prv: libjson-c.so.4()
#>
#>=Pkg: bind-libs-lite 2 2.el8 x86_64
#>=Req: libjson-c.so.4()(64bit)
system x86_64 rpm @System
job update oneof json-c-1-1.el8.x86_64@@System json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms [forcebest,targeted,setevr,setarch]
result transaction,problems <inline>
#>problem f06d81a4 info package bind-libs-lite-2-2.el8.x86_64 requires libjson-c.so.4()(64bit), but none of the providers can be installed
#>problem f06d81a4 solution 96f9031b allow bind-libs-lite-1-1.el8.x86_64@@System
#>problem f06d81a4 solution c8daf94f allow json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
#>upgrade bind-libs-lite-1-1.el8.x86_64@@System bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
#>upgrade json-c-1-1.el8.x86_64@@System json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms```
```
= changelog =
msg: Filter out advisory pkgs with different arch during advisory upgrade, fixes possible problems in dependency resulution.
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2088149
---
libdnf/sack/query.cpp | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp
index ac2736b5..03d39659 100644
--- a/libdnf/sack/query.cpp
+++ b/libdnf/sack/query.cpp
@@ -1877,12 +1877,6 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
std::vector<Solvable *> candidates;
std::vector<Solvable *> installed_solvables;
- Id id = -1;
- while ((id = resultPset->next(id)) != -1) {
- candidates.push_back(pool_id2solvable(pool, id));
- }
- NameArchEVRComparator cmp_key(pool);
-
if (cmp_type & HY_UPGRADE) {
Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES);
installed.installed();
@@ -1893,6 +1887,18 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
installed_solvables.push_back(pool_id2solvable(pool, installed_id));
}
std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator);
+ Id id = -1;
+ while ((id = resultPset->next(id)) != -1) {
+ Solvable * s = pool_id2solvable(pool, id);
+ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch
+ // with some already installed pkg (in other words: some other version of the pkg is already installed).
+ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
+ // It can result in dependency issues, reported as: RhBug:2088149.
+ auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator);
+ if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) {
+ candidates.push_back(s);
+ }
+ }
// Apply security filters only to packages with lower priority - to unify behaviour upgrade
// and upgrade-minimal
@@ -1915,7 +1921,14 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
}
}
std::swap(candidates, priority_candidates);
+ } else {
+ Id id = -1;
+ while ((id = resultPset->next(id)) != -1) {
+ candidates.push_back(pool_id2solvable(pool, id));
+ }
}
+
+ NameArchEVRComparator cmp_key(pool);
std::sort(candidates.begin(), candidates.end(), cmp_key);
for (auto & advisoryPkg : pkgs) {
if (cmp_type & HY_UPGRADE) {
--
2.37.1

71
SOURCES/0005-Add-obsoletes-to-filtering-for-advisory-candidates.patch Normal file
View File

@ -0,0 +1,71 @@
From 83d6c019360823504fe27284fdf4804943bb2033 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Tue, 5 Jul 2022 09:02:22 +0200
Subject: [PATCH 5/5] Add obsoletes to filtering for advisory candidates
Patch https://github.com/rpm-software-management/libdnf/pull/1526
introduced a regression where we no longer do a security upgrade if a
package A is installed and package B obsoletes A and B is available in two
versions while there is an advisory for the second version.
Test: https://github.com/rpm-software-management/ci-dnf-stack/pull/1130
---
libdnf/sack/query.cpp | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp
index 03d39659..5355f9f7 100644
--- a/libdnf/sack/query.cpp
+++ b/libdnf/sack/query.cpp
@@ -1878,6 +1878,13 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
std::vector<Solvable *> installed_solvables;
if (cmp_type & HY_UPGRADE) {
+ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch with:
+ // * some already installed pkg (in other words: some other version of the pkg is already installed)
+ // or
+ // * with pkg that obsoletes some already installed (or to be installed in this transaction) pkg
+ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
+ // It can result in dependency issues, reported as: RhBug:2088149.
+
Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES);
installed.installed();
installed.addFilter(HY_PKG_LATEST_PER_ARCH, HY_EQ, 1);
@@ -1887,13 +1894,30 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
installed_solvables.push_back(pool_id2solvable(pool, installed_id));
}
std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator);
+
+ Query obsoletes(sack, ExcludeFlags::IGNORE_EXCLUDES);
+ obsoletes.addFilter(HY_PKG, HY_EQ, resultPset);
+ obsoletes.available();
+
+ Query possibly_obsoleted(sack, ExcludeFlags::IGNORE_EXCLUDES);
+ possibly_obsoleted.addFilter(HY_PKG, HY_EQ, resultPset);
+ possibly_obsoleted.addFilter(HY_PKG_UPGRADES, HY_EQ, 1);
+ possibly_obsoleted.queryUnion(installed);
+ possibly_obsoleted.apply();
+
+ obsoletes.addFilter(HY_PKG_OBSOLETES, HY_EQ, possibly_obsoleted.runSet());
+ obsoletes.apply();
+ Id obsoleted_id = -1;
+ // Add to candidates resultPset pkgs that obsolete some installed (or to be installed in this transaction) pkg
+ while ((obsoleted_id = obsoletes.pImpl->result->next(obsoleted_id)) != -1) {
+ Solvable * s = pool_id2solvable(pool, obsoleted_id);
+ candidates.push_back(s);
+ }
+
Id id = -1;
+ // Add to candidates resultPset pkgs that match name and arch with some already installed pkg
while ((id = resultPset->next(id)) != -1) {
Solvable * s = pool_id2solvable(pool, id);
- // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch
- // with some already installed pkg (in other words: some other version of the pkg is already installed).
- // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
- // It can result in dependency issues, reported as: RhBug:2088149.
auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator);
if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) {
candidates.push_back(s);
--
2.37.1

9
SPECS/libdnf.spec
View File

@ -56,7 +56,7 @@
Name: libdnf Name: libdnf
Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version} Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version}
Release: 5%{?dist} Release: 5.1%{?dist}
Summary: Library providing simplified C and Python API to libsolv Summary: Library providing simplified C and Python API to libsolv
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/rpm-software-management/libdnf URL: https://github.com/rpm-software-management/libdnf
@ -64,6 +64,9 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: 0001-Use-rpmdbCookie-from-librpm-remove-hawkey.Sack._rpmd.patch Patch1: 0001-Use-rpmdbCookie-from-librpm-remove-hawkey.Sack._rpmd.patch
Patch2: 0002-Skip-rich-deps-for-autodetection-of-unmet-dependencies-RhBug2033130-2048394.patch Patch2: 0002-Skip-rich-deps-for-autodetection-of-unmet-dependencies-RhBug2033130-2048394.patch
Patch3: 0003-Update-translations-RhBug-2017349.patch Patch3: 0003-Update-translations-RhBug-2017349.patch
Patch4: 0004-advisory-upgrade-filter-out-advPkgs-with-different-a.patch
Patch5: 0005-Add-obsoletes-to-filtering-for-advisory-candidates.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc BuildRequires: gcc
@ -307,6 +310,10 @@ popd
%endif %endif
%changelog %changelog
* Wed Aug 17 2022 Lukas Hrazky <lhrazky@redhat.com> - 0.65.0-5.1
- advisory upgrade: filter out advPkgs with different arch
- Add obsoletes to filtering for advisory candidates
* Mon Mar 21 2022 Marek Blaha <mblaha@redhat.com> - 0.65.0-5 * Mon Mar 21 2022 Marek Blaha <mblaha@redhat.com> - 0.65.0-5
- Update translations - Update translations