diff --git a/0001-advisory-upgrade-filter-out-advPkgs-with-different-a.patch b/0001-advisory-upgrade-filter-out-advPkgs-with-different-a.patch new file mode 100644 index 0000000..46ea2ca --- /dev/null +++ b/0001-advisory-upgrade-filter-out-advPkgs-with-different-a.patch @@ -0,0 +1,100 @@ +From c17e59faf6075e7ddb803f6393e86653afd6b16d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= +Date: Mon, 30 May 2022 08:59:41 +0200 +Subject: [PATCH] advisory upgrade: filter out advPkgs with different arch + +This prevents a situation in security upgrades where libsolv cannot +upgrade dependent pkgs because we ask for an upgrade of different arch: + +We can get the following testcase if libdnf has filtered out +json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms +(because there is an advisory for already installed json-c-1-1.el8.x86_64) but +json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms is not filtered out because +it has different architecture. The resulting transaction doesn't work. + +``` +repo @System -99.-1000 testtags +#>=Pkg: bind-libs-lite 1 1.el8 x86_64 +#>=Pkg: json-c 1 1.el8 x86_64 + +repo rhel-8-for-x86_64-baseos-rpms -99.-1000 testtags +#>=Pkg: json-c 2 2.el8 x86_64 +#>=Prv: libjson-c.so.4()(64bit) +#> +#>=Pkg: json-c 2 2.el8 i686 +#>=Prv: libjson-c.so.4() +#> +#>=Pkg: bind-libs-lite 2 2.el8 x86_64 +#>=Req: libjson-c.so.4()(64bit) +system x86_64 rpm @System +job update oneof json-c-1-1.el8.x86_64@@System json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms [forcebest,targeted,setevr,setarch] +result transaction,problems +#>problem f06d81a4 info package bind-libs-lite-2-2.el8.x86_64 requires libjson-c.so.4()(64bit), but none of the providers can be installed +#>problem f06d81a4 solution 96f9031b allow bind-libs-lite-1-1.el8.x86_64@@System +#>problem f06d81a4 solution c8daf94f allow json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms +#>upgrade bind-libs-lite-1-1.el8.x86_64@@System bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms +#>upgrade json-c-1-1.el8.x86_64@@System json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms``` +``` + += changelog = +msg: Filter out advisory pkgs with different arch during advisory upgrade, fixes possible problems in dependency resulution. +type: bugfix +resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2088149 +--- + libdnf/sack/query.cpp | 25 +++++++++++++++++++------ + 1 file changed, 19 insertions(+), 6 deletions(-) + +diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp +index ac2736b5..03d39659 100644 +--- a/libdnf/sack/query.cpp ++++ b/libdnf/sack/query.cpp +@@ -1877,12 +1877,6 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname) + std::vector candidates; + std::vector installed_solvables; + +- Id id = -1; +- while ((id = resultPset->next(id)) != -1) { +- candidates.push_back(pool_id2solvable(pool, id)); +- } +- NameArchEVRComparator cmp_key(pool); +- + if (cmp_type & HY_UPGRADE) { + Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES); + installed.installed(); +@@ -1893,6 +1887,18 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname) + installed_solvables.push_back(pool_id2solvable(pool, installed_id)); + } + std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator); ++ Id id = -1; ++ while ((id = resultPset->next(id)) != -1) { ++ Solvable * s = pool_id2solvable(pool, id); ++ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch ++ // with some already installed pkg (in other words: some other version of the pkg is already installed). ++ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong. ++ // It can result in dependency issues, reported as: RhBug:2088149. ++ auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator); ++ if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) { ++ candidates.push_back(s); ++ } ++ } + + // Apply security filters only to packages with lower priority - to unify behaviour upgrade + // and upgrade-minimal +@@ -1915,7 +1921,14 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname) + } + } + std::swap(candidates, priority_candidates); ++ } else { ++ Id id = -1; ++ while ((id = resultPset->next(id)) != -1) { ++ candidates.push_back(pool_id2solvable(pool, id)); ++ } + } ++ ++ NameArchEVRComparator cmp_key(pool); + std::sort(candidates.begin(), candidates.end(), cmp_key); + for (auto & advisoryPkg : pkgs) { + if (cmp_type & HY_UPGRADE) { +-- +2.36.1 + diff --git a/0002-Add-obsoletes-to-filtering-for-advisory-candidates.patch b/0002-Add-obsoletes-to-filtering-for-advisory-candidates.patch new file mode 100644 index 0000000..1bf2e2d --- /dev/null +++ b/0002-Add-obsoletes-to-filtering-for-advisory-candidates.patch @@ -0,0 +1,71 @@ +From 549d248c9b331d19a0fd355fc605ab8912ed50f6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= +Date: Tue, 5 Jul 2022 09:02:22 +0200 +Subject: [PATCH] Add obsoletes to filtering for advisory candidates + +Patch https://github.com/rpm-software-management/libdnf/pull/1526 +introduced a regression where we no longer do a security upgrade if a +package A is installed and package B obsoletes A and B is available in two +versions while there is an advisory for the second version. + +Test: https://github.com/rpm-software-management/ci-dnf-stack/pull/1130 +--- + libdnf/sack/query.cpp | 32 ++++++++++++++++++++++++++++---- + 1 file changed, 28 insertions(+), 4 deletions(-) + +diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp +index 03d39659..5355f9f7 100644 +--- a/libdnf/sack/query.cpp ++++ b/libdnf/sack/query.cpp +@@ -1878,6 +1878,13 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname) + std::vector installed_solvables; + + if (cmp_type & HY_UPGRADE) { ++ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch with: ++ // * some already installed pkg (in other words: some other version of the pkg is already installed) ++ // or ++ // * with pkg that obsoletes some already installed (or to be installed in this transaction) pkg ++ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong. ++ // It can result in dependency issues, reported as: RhBug:2088149. ++ + Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES); + installed.installed(); + installed.addFilter(HY_PKG_LATEST_PER_ARCH, HY_EQ, 1); +@@ -1887,13 +1894,30 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname) + installed_solvables.push_back(pool_id2solvable(pool, installed_id)); + } + std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator); ++ ++ Query obsoletes(sack, ExcludeFlags::IGNORE_EXCLUDES); ++ obsoletes.addFilter(HY_PKG, HY_EQ, resultPset); ++ obsoletes.available(); ++ ++ Query possibly_obsoleted(sack, ExcludeFlags::IGNORE_EXCLUDES); ++ possibly_obsoleted.addFilter(HY_PKG, HY_EQ, resultPset); ++ possibly_obsoleted.addFilter(HY_PKG_UPGRADES, HY_EQ, 1); ++ possibly_obsoleted.queryUnion(installed); ++ possibly_obsoleted.apply(); ++ ++ obsoletes.addFilter(HY_PKG_OBSOLETES, HY_EQ, possibly_obsoleted.runSet()); ++ obsoletes.apply(); ++ Id obsoleted_id = -1; ++ // Add to candidates resultPset pkgs that obsolete some installed (or to be installed in this transaction) pkg ++ while ((obsoleted_id = obsoletes.pImpl->result->next(obsoleted_id)) != -1) { ++ Solvable * s = pool_id2solvable(pool, obsoleted_id); ++ candidates.push_back(s); ++ } ++ + Id id = -1; ++ // Add to candidates resultPset pkgs that match name and arch with some already installed pkg + while ((id = resultPset->next(id)) != -1) { + Solvable * s = pool_id2solvable(pool, id); +- // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch +- // with some already installed pkg (in other words: some other version of the pkg is already installed). +- // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong. +- // It can result in dependency issues, reported as: RhBug:2088149. + auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator); + if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) { + candidates.push_back(s); +-- +2.36.1 + diff --git a/libdnf.spec b/libdnf.spec index 9152c78..7b34472 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -56,11 +56,13 @@ Name: libdnf Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Library providing simplified C and Python API to libsolv License: LGPLv2+ URL: https://github.com/rpm-software-management/libdnf Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +Patch1: 0001-advisory-upgrade-filter-out-advPkgs-with-different-a.patch +Patch2: 0002-Add-obsoletes-to-filtering-for-advisory-candidates.patch BuildRequires: cmake BuildRequires: gcc @@ -304,6 +306,10 @@ popd %endif %changelog +* Thu Jul 21 2022 Lukas Hrazky - 0.67.0-2 +- Add obsoletes to filtering for advisory candidates +- advisory upgrade: filter out advPkgs with different arch + * Thu Apr 28 2022 Pavla Kratochvilova - 0.67.0-1 - Fix handling transaction id in resolveTransactionItemReason (RhBug:2010259,2053014) - Remove deprecated assertions (RhBug:2027383)