packages/dnf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove recommends rpm-plugins-systemd-inhibit and backport community patches

Browse Source
This commit is contained in:
eaglegai 2021-07-15 14:30:26 +08:00
parent f3ec731089
commit cf1ac7c7b7
9 changed files with 566 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Add-missing-check-if-path-exists-fixes-dead-code.patch Normal file
View File

@ -0,0 +1,35 @@
From e74a5fa5d23ab7903709faebf20449461d7c7575 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 12 Apr 2021 09:02:42 +0200
Subject: [PATCH] Add missing check if path exists, fixes dead code
CVE-2021-3445
RhBug:1915990
Related: CVE-2021-3421, CVE-2021-20271
---
dnf/rpm/miscutils.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 24456f3..235aaf2 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -30,12 +30,12 @@ logger = logging.getLogger('dnf')
def _verifyPkgUsingRpmkeys(package, installroot):
rpmkeys_binary = '/usr/bin/rpmkeys'
- if not rpmkeys_binary:
+ if not os.path.isfile(rpmkeys_binary):
rpmkeys_binary = which("rpmkeys")
logger.info(_('Using rpmkeys executable from {path} to verify signature for package: {package}.').format(
path=rpmkeys_binary, package=package))
- if not rpmkeys_binary:
+ if not os.path.isfile(rpmkeys_binary):
logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
return 0
--
1.8.3.1

87
Check-for-specific-key-string-when-verifing-signatures.patch Normal file
View File

@ -0,0 +1,87 @@
From 4268176cce2ca6e216dd543ce3bfae7f58b15b53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Tue, 30 Mar 2021 08:18:42 +0200
Subject: [PATCH] Check for specific key string when verifing signatures
Also improves handling of return values and exceptions.
The function can't return 0 when the signature is malformed.
Credit for the original patch goes to Demi Marie Obenour: @DemiMarie
= changelog =
msg: Check for specific key string when verifing signatures
type: security
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1915990
CVE-2021-3445
RhBug:1915990
Related: CVE-2021-3421, CVE-2021-20271
---
dnf/rpm/miscutils.py | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 9038f98..07451bb 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -18,6 +18,7 @@ from __future__ import unicode_literals
import rpm
import os
+import re
from dnf.i18n import ucd
@@ -30,7 +31,7 @@ def checkSig(ts, package):
return 3 if the key is not trusted
return 4 if the pkg is not gpg or pgp signed"""
- value = 0
+ value = 4
currentflags = ts.setVSFlags(0)
fdno = os.open(package, os.O_RDONLY)
try:
@@ -38,10 +39,12 @@ def checkSig(ts, package):
except rpm.error as e:
if str(e) == "public key not available":
value = 1
- if str(e) == "public key not trusted":
+ elif str(e) == "public key not trusted":
value = 3
- if str(e) == "error reading package header":
+ elif str(e) == "error reading package header":
value = 2
+ else:
+ raise ValueError('Unexpected error value %r from ts.hdrFromFdno when checking signature.' % str(e))
else:
# checks signature from an hdr
string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:' \
@@ -49,17 +52,20 @@ def checkSig(ts, package):
try:
siginfo = hdr.sprintf(string)
siginfo = ucd(siginfo)
+ rpm_pgpsig_format_regex = re.compile(r'[0-9]{2}:[0-9]{2}:[0-9]{2} [0-9]{4}, Key ID [0-9a-f]{16}\Z')
+
if siginfo == '(none)':
value = 4
+ elif rpm_pgpsig_format_regex.search(siginfo):
+ value = 0
+ else:
+ raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
except UnicodeDecodeError:
pass
del hdr
- try:
- os.close(fdno)
- except OSError as e: # if we're not opened, don't scream about it
- pass
+ os.close(fdno)
ts.setVSFlags(currentflags) # put things back like they were before
return value
--
1.8.3.1

56
Pass-the-package-to-rpmkeys-stdin.patch Normal file
View File

@ -0,0 +1,56 @@
From 134b095b0833956cadfc02a9a1e7ca1344cd5aaa Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Tue, 27 Apr 2021 21:07:19 -0400
Subject: [PATCH] Pass the package to rpmkeys stdin
This avoids having to compute the expected stdout value, which will
always be the constant "-: digests signatures OK\n".
---
dnf/rpm/miscutils.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 7e33d4c..5f2621c 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -29,7 +29,8 @@ from shutil import which
logger = logging.getLogger('dnf')
-def _verifyPkgUsingRpmkeys(package, installroot):
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
+ os.lseek(fdno, 0, os.SEEK_SET)
rpmkeys_binary = '/usr/bin/rpmkeys'
if not os.path.isfile(rpmkeys_binary):
rpmkeys_binary = which("rpmkeys")
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
return 0
- args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
with subprocess.Popen(
args=args,
executable=rpmkeys_binary,
env={'LC_ALL': 'C'},
+ stdin=fdno,
stdout=subprocess.PIPE,
cwd='/') as p:
data, err = p.communicate()
- if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
+ if p.returncode != 0 or data != b'-: digests signatures OK\n':
return 0
else:
return 1
@@ -85,7 +87,7 @@ def checkSig(ts, package):
if siginfo == '(none)':
value = 4
- elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
+ elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
value = 0
else:
raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
--
1.8.3.1

25
Prevent-traceback-catch-ValueError-if-pkg-is-from-cmdline.patch Normal file
View File

@ -0,0 +1,25 @@
From 643780709fbc62a58da3f71d32ee3e7399a8cdcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 29 Mar 2021 09:26:16 +0200
Subject: [PATCH] Prevent traceback (catch ValueError) if pkg is from cmdline
---
dnf/cli/cli.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index c2c04c9..6576997 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -292,7 +292,7 @@ class BaseCli(dnf.Base):
fn = lambda x, y, z: self.output.userconfirm()
try:
self._get_key_for_package(po, fn)
- except dnf.exceptions.Error as e:
+ except (dnf.exceptions.Error, ValueError) as e:
error_messages.append(str(e))
else:
--
1.8.3.1

51
Remove-key-regex-matching-rpm-sprintf-output-varies-too-much.patch Normal file
View File

@ -0,0 +1,51 @@
From a9b5c39787e97e9955e6de1c6f25da93bc0a4c02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 12 Apr 2021 07:31:15 +0200
Subject: [PATCH] Remove key regex matching, rpm sprintf output varies too much
Depending on locale it can return:
`RSA/SHA256, Fri 19 Feb 2021 12:14:18 AM CET, Key ID db4639719867c58f`
vs
`RSA/SHA256, Fri Feb 19 00:14:18 2021, Key ID db4639719867c58f`
(with LC_ALL=C.UTF-8)
We only check presence of the signature header to distinguish between
signed and unsigned RPMs. The actual signature validation is done by
calling rpmkeys in _verifyPkgUsingRpmkeys().
CVE-2021-3445
RhBug:1915990
Related: CVE-2021-3421, CVE-2021-20271
---
dnf/rpm/miscutils.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 49d3717..24456f3 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -18,7 +18,6 @@ from __future__ import unicode_literals
import rpm
import os
-import re
import subprocess
import logging
@@ -82,11 +81,10 @@ def checkSig(ts, package):
try:
siginfo = hdr.sprintf(string)
siginfo = ucd(siginfo)
- rpm_pgpsig_format_regex = re.compile(r'[0-9]{2}:[0-9]{2}:[0-9]{2} [0-9]{4}, Key ID [0-9a-f]{16}\Z')
if siginfo == '(none)':
value = 4
- elif rpm_pgpsig_format_regex.search(siginfo) and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
+ elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
value = 0
else:
raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
--
1.8.3.1

174
Use-rpmkeys-alone-to-verify-signature.patch Normal file
View File

@ -0,0 +1,174 @@
From a21880fbac479968546304beeeae3ed3bb899373 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Fri, 9 Apr 2021 13:03:03 -0400
Subject: [PATCH] Use rpmkeys alone to verify signature
This avoids having to actually parse the package to check its signature,
which reduces attack surface. If the output of rpmkeys cannot be
parsed, we assume the package is corrupt (the most likely cause).
---
dnf/rpm/miscutils.py | 126 +++++++++++++++++++++++++++------------------------
1 file changed, 66 insertions(+), 60 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 5f2621c..9d5b286 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -13,47 +13,84 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Copyright 2003 Duke University
-from __future__ import print_function, absolute_import
-from __future__ import unicode_literals
+from __future__ import print_function, absolute_import, unicode_literals
-import rpm
import os
import subprocess
import logging
-
-from dnf.i18n import ucd
-from dnf.i18n import _
from shutil import which
+from dnf.i18n import _
-logger = logging.getLogger('dnf')
+_logger = logging.getLogger('dnf')
+_rpmkeys_binary = None
+def _find_rpmkeys_binary():
+ global _rpmkeys_binary
+ if _rpmkeys_binary is None:
+ _rpmkeys_binary = which("rpmkeys")
+ _logger.debug(_('Using rpmkeys executable at %s to verify signatures'),
+ _rpmkeys_binary)
+ return _rpmkeys_binary
-def _verifyPkgUsingRpmkeys(package, installroot, fdno):
- os.lseek(fdno, 0, os.SEEK_SET)
- rpmkeys_binary = '/usr/bin/rpmkeys'
- if not os.path.isfile(rpmkeys_binary):
- rpmkeys_binary = which("rpmkeys")
- logger.info(_('Using rpmkeys executable from {path} to verify signature for package: {package}.').format(
- path=rpmkeys_binary, package=package))
+def _process_rpm_output(data):
+ # No signatures or digests = corrupt package.
+ # There is at least one line for -: and another (empty) entry after the
+ # last newline.
+ if len(data) < 3 or data[0] != b'-:' or data[-1]:
+ return 2
+ seen_sig, missing_key, not_trusted, not_signed = False, False, False, False
+ for i in data[1:-1]:
+ if b': BAD' in i:
+ return 2
+ elif i.endswith(b': NOKEY'):
+ missing_key = True
+ elif i.endswith(b': NOTTRUSTED'):
+ not_trusted = True
+ elif i.endswith(b': NOTFOUND'):
+ not_signed = True
+ elif not i.endswith(b': OK'):
+ return 2
+ if not_trusted:
+ return 3
+ elif missing_key:
+ return 1
+ elif not_signed:
+ return 4
+ # we still check return code, so this is safe
+ return 0
- if not os.path.isfile(rpmkeys_binary):
- logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
- return 0
+def _verifyPackageUsingRpmkeys(package, installroot):
+ rpmkeys_binary = _find_rpmkeys_binary()
+ if rpmkeys_binary is None or not os.path.isfile(rpmkeys_binary):
+ _logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
+ return 2
- args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
+ # "--define=_pkgverify_level all" enforces signature checking;
+ # "--define=_pkgverify_flags 0x0" ensures that all signatures and digests
+ # are checked.
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--verbose',
+ '--define=_pkgverify_level all', '--define=_pkgverify_flags 0x0',
+ '-')
with subprocess.Popen(
args=args,
executable=rpmkeys_binary,
env={'LC_ALL': 'C'},
- stdin=fdno,
stdout=subprocess.PIPE,
- cwd='/') as p:
- data, err = p.communicate()
- if p.returncode != 0 or data != b'-: digests signatures OK\n':
- return 0
- else:
- return 1
+ cwd='/',
+ stdin=package) as p:
+ data = p.communicate()[0]
+ returncode = p.returncode
+ if type(returncode) is not int:
+ raise AssertionError('Popen set return code to non-int')
+ # rpmkeys can return something other than 0 or 1 in the case of a
+ # fatal error (OOM, abort() called, SIGSEGV, etc)
+ if returncode >= 2 or returncode < 0:
+ return 2
+ ret = _process_rpm_output(data.split(b'\n'))
+ if ret:
+ return ret
+ return 2 if returncode else 0
def checkSig(ts, package):
"""Takes a transaction set and a package, check it's sigs,
@@ -63,40 +100,9 @@ def checkSig(ts, package):
return 3 if the key is not trusted
return 4 if the pkg is not gpg or pgp signed"""
- value = 4
- currentflags = ts.setVSFlags(0)
- fdno = os.open(package, os.O_RDONLY)
+ fdno = os.open(package, os.O_RDONLY|os.O_NOCTTY|os.O_CLOEXEC)
try:
- hdr = ts.hdrFromFdno(fdno)
- except rpm.error as e:
- if str(e) == "public key not available":
- value = 1
- elif str(e) == "public key not trusted":
- value = 3
- elif str(e) == "error reading package header":
- value = 2
- else:
- raise ValueError('Unexpected error value %r from ts.hdrFromFdno when checking signature.' % str(e))
- else:
- # checks signature from an hdr
- string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:' \
- '{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
- try:
- siginfo = hdr.sprintf(string)
- siginfo = ucd(siginfo)
-
- if siginfo == '(none)':
- value = 4
- elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
- value = 0
- else:
- raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
- except UnicodeDecodeError:
- pass
-
- del hdr
-
- os.close(fdno)
-
- ts.setVSFlags(currentflags) # put things back like they were before
+ value = _verifyPackageUsingRpmkeys(fdno, ts.ts.rootDir)
+ finally:
+ os.close(fdno)
return value
--
1.8.3.1

80
Use-rpmkeys-to-verify-package-signature-with-_pkgverify_level.patch Normal file
View File

@ -0,0 +1,80 @@
From 4747e369c1b5b406688ff0be5447ebd0c29575a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Tue, 30 Mar 2021 08:19:37 +0200
Subject: [PATCH] Use rpmkeys to verify package signature with _pkgverify_level
rpm doesn't provide any API how to check package signature with
_pkgverify_level signature therefore we call rpmkeys binary.
Credit for the original patch goes to Demi Marie Obenour: @DemiMarie
= changelog =
msg: Use rpmkeys binary to verify package signature
type: security
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1915990
CVE-2021-3445
RhBug:1915990
Related: CVE-2021-3421, CVE-2021-20271
---
dnf/rpm/miscutils.py | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 07451bb..49d3717 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -19,10 +19,40 @@ from __future__ import unicode_literals
import rpm
import os
import re
+import subprocess
+import logging
from dnf.i18n import ucd
+from shutil import which
+logger = logging.getLogger('dnf')
+
+
+def _verifyPkgUsingRpmkeys(package, installroot):
+ rpmkeys_binary = '/usr/bin/rpmkeys'
+ if not rpmkeys_binary:
+ rpmkeys_binary = which("rpmkeys")
+ logger.info(_('Using rpmkeys executable from {path} to verify signature for package: {package}.').format(
+ path=rpmkeys_binary, package=package))
+
+ if not rpmkeys_binary:
+ logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
+ return 0
+
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
+ with subprocess.Popen(
+ args=args,
+ executable=rpmkeys_binary,
+ env={'LC_ALL': 'C'},
+ stdout=subprocess.PIPE,
+ cwd='/') as p:
+ data, _ = p.communicate()
+ if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
+ return 0
+ else:
+ return 1
+
def checkSig(ts, package):
"""Takes a transaction set and a package, check it's sigs,
return 0 if they are all fine
@@ -56,7 +86,7 @@ def checkSig(ts, package):
if siginfo == '(none)':
value = 4
- elif rpm_pgpsig_format_regex.search(siginfo):
+ elif rpm_pgpsig_format_regex.search(siginfo) and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
value = 0
else:
raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
--
1.8.3.1

36
dnf-rpm-miscutils.py-fix-usage-of-_.patch Normal file
View File

@ -0,0 +1,36 @@
From 8823feb5f42f8c579fdab80d9e22112b88d0ad2b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 4 May 2021 22:03:30 +0200
Subject: [PATCH] dnf/rpm/miscutils.py: fix usage of _()
Specifically:
- an import of _ was missing
- _ was reused for a different purpose
---
dnf/rpm/miscutils.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 235aaf2..7e33d4c 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -22,6 +22,7 @@ import subprocess
import logging
from dnf.i18n import ucd
+from dnf.i18n import _
from shutil import which
@@ -46,7 +47,7 @@ def _verifyPkgUsingRpmkeys(package, installroot):
env={'LC_ALL': 'C'},
stdout=subprocess.PIPE,
cwd='/') as p:
- data, _ = p.communicate()
+ data, err = p.communicate()
if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
return 0
else:
--
1.8.3.1

27
dnf.spec
View File

@ -1,14 +1,23 @@
%global py3pluginpath %{python3_sitelib}/%{name}-plugins %global py3pluginpath %{python3_sitelib}/%{name}-plugins
%global relate_libdnf_version 0.48.0-3
Name: dnf Name: dnf
Version: 4.2.23 Version: 4.2.23
Release: 5 Release: 6
Summary: A software package manager that manages packages on Linux distributions. Summary: A software package manager that manages packages on Linux distributions.
License: GPLv2+ and GPLv2 and GPL License: GPLv2+ and GPLv2 and GPL
URL: https://github.com/rpm-software-management/dnf URL: https://github.com/rpm-software-management/dnf
Source0: https://github.com/rpm-software-management/dnf/archive/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/rpm-software-management/dnf/archive/%{version}/%{name}-%{version}.tar.gz
Patch0: Fix-module-remove-all-when-no-match.patch Patch0: Fix-module-remove-all-when-no-match.patch
Patch1: Prevent-traceback-catch-ValueError-if-pkg-is-from-cmdline.patch
Patch2: Check-for-specific-key-string-when-verifing-signatures.patch
Patch3: Use-rpmkeys-to-verify-package-signature-with-_pkgverify_level.patch
Patch4: Remove-key-regex-matching-rpm-sprintf-output-varies-too-much.patch
Patch5: Add-missing-check-if-path-exists-fixes-dead-code.patch
Patch6: dnf-rpm-miscutils.py-fix-usage-of-_.patch
Patch7: Pass-the-package-to-rpmkeys-stdin.patch
Patch8: Use-rpmkeys-alone-to-verify-signature.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: cmake gettext systemd bash-completion python3-sphinx BuildRequires: cmake gettext systemd bash-completion python3-sphinx
@ -43,12 +52,12 @@ It supports RPMs, modules and comps groups & environments.
Summary: Python 3 interface to DNF Summary: Python 3 interface to DNF
%{?python_provide:%python_provide python3-%{name}} %{?python_provide:%python_provide python3-%{name}}
BuildRequires: python3-devel python3-hawkey >= 0.48.0 python3-libdnf >= 0.48.0 BuildRequires: python3-devel python3-hawkey >= 0.48.0 python3-libdnf >= 0.48.0
BuildRequires: python3-libcomps >= 0.1.8 python3-libdnf libmodulemd >= 1.4.0 BuildRequires: python3-libcomps >= 0.1.8 libmodulemd >= 1.4.0
BuildRequires: python3-nose python3-gpg python3-rpm >= 4.14.0 BuildRequires: python3-nose python3-gpg python3-rpm >= 4.14.0
Requires: python3-gpg %{name}-data = %{version}-%{release} libmodulemd >= 1.4.0 Requires: python3-gpg %{name}-data = %{version}-%{release} libmodulemd >= 1.4.0
Requires: python3-hawkey >= 0.48.0 python3-libdnf >= 0.48.0 Requires: python3-hawkey >= 0.48.0 python3-libdnf >= %{relate_libdnf_version}
Requires: python3-libcomps >= 0.1.8 python3-libdnf python3-rpm >= 4.14.0 Requires: python3-libcomps >= 0.1.8 python3-rpm >= 4.14.0
Recommends: python3-unbound rpm-plugin-systemd-inhibit Recommends: python3-unbound
Obsoletes: python2-%{name} Obsoletes: python2-%{name}
%description -n python3-%{name} %description -n python3-%{name}
@ -199,6 +208,14 @@ popd
%{_mandir}/man8/%{name}-automatic.8* %{_mandir}/man8/%{name}-automatic.8*
%changelog %changelog
* Thu Jul 15 2021 gaihuiying <gaihuiying1@huawei.com> - 4.2.23-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:remove recommends rpm-plugins-systemd-inhibit
backport community patches and fix CVE-2021-3445
delete duplicate python3-libdnf dependency
* Tue Mar 30 2021 gaihuiying <gaihuiying1@huawei.com> - 4.2.23-5 * Tue Mar 30 2021 gaihuiying <gaihuiying1@huawei.com> - 4.2.23-5
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA