[yum-commits] 2 commits - docs/yum-security.8 plugins/security

James Antill james at osuosl.org
Wed Dec 10 17:01:51 UTC 2008


 docs/yum-security.8          |   10 +++++++++-
 plugins/security/security.py |   37 ++++++++++++++++++++++++++-----------
 2 files changed, 35 insertions(+), 12 deletions(-)

New commits:
commit 6bbb5f05563d9c9a520b90742a4ab00e4ab2a3f5
Author: James Antill <james at and.org>
Date:   Wed Dec 10 12:01:30 2008 -0500

    Fixup the security documentation for --bugfix etc.

diff --git a/docs/yum-security.8 b/docs/yum-security.8
index d45ad2b..e854151 100644
--- a/docs/yum-security.8
+++ b/docs/yum-security.8
@@ -35,7 +35,7 @@ both of the last two take these \fIsub-commands\fPs:
 .IP "\fB<advisory> [advisory...]\fP"
 Is used to display information about one or more advisories.
 .PP 
-.IP "\fBlist-sec\fP" "\fBinfo-sec\fP"
+.IP "\fBlist-security\fP" "\fBinfo-security\fP"
 Is used to list all of the relevant errata notice information, from the
 updateinfo.xml data in yum. This includes bugzillas, CVEs and security updates.
 .IP 
@@ -47,6 +47,12 @@ Is the subset of the security information, pertaining to the CVEs.
 .IP 
 .IP "\fBsecurity / sec\fP"
 Is the subset of the security information, pertaining to security.
+.IP "\fBbugfix\fP"
+Is the subset of the security information, pertaining to bugfixes.
+.IP "\fBenhancement\fP"
+Is the subset of the security information, pertaining to enhancements.
+.IP "\fBrecommended\fP"
+Is the subset of the security information, pertaining to recommended updates.
 .IP
 .PP
 .SH "GENERAL OPTIONS"
@@ -58,6 +64,8 @@ This option includes packages coresponding to the advisory ID, Eg. FEDORA-2201-1
 This option includes packages that say they fix a Bugzilla ID, Eg. 123.
 .IP "\fB\--cve\fP"
 This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
+.IP "\fB\--bugfixes\fP"
+This option includes packages that say they fix a bugfix issue.
 .IP "\fB\--security\fP"
 This option includes packages that say they fix a security issue.
 .PP
commit de03001769e0adc41775916ed99a7c32b8be7373
Author: James Antill <james at and.org>
Date:   Wed Dec 10 11:57:56 2008 -0500

     Allow list-security to specify bugfix/enhancement/recommended/etc.
     Add a --bugfixes option.

diff --git a/plugins/security/security.py b/plugins/security/security.py
index 82a3300..5162e4b 100755
--- a/plugins/security/security.py
+++ b/plugins/security/security.py
@@ -50,6 +50,11 @@ import rpmUtils.miscutils
 requires_api_version = '2.5'
 plugin_type = (TYPE_INTERACTIVE,)
 
+# newpackages is weird, in that we'll never display that because we filter to
+# things relevant to installed pkgs...
+__update_info_types__ = ("security", "bugfix", "enhancement",
+                         "recommended", "newpackages")
+
 def _rpm_tup_vercmp(tup1, tup2):
     """ Compare two "std." tuples, (n, a, e, v, r). """
     return rpmUtils.miscutils.compareEVR((tup1[2], tup1[3], tup1[4]),
@@ -118,17 +123,19 @@ def ysp_should_filter_pkg(opts, pkgname, notice, used_map):
         return True
     elif opts.bz and _has_id(used_map, notice['references'],"bugzilla",opts.bz):
         return True
-    elif opts.security:
-        if notice['type'] == 'security':
-            return True
-    elif not (opts.advisory or opts.cve or opts.bz or opts.security or \
-              opts.sec_cmds):
+    # FIXME: Add opts for enhancement/etc.? -- __update_info_types__
+    elif opts.security and notice['type'] == 'security':
+        return True
+    elif opts.bugfixes and notice['type'] == 'bugfix':
+        return True
+    elif not (opts.advisory or opts.cve or opts.bz or
+              opts.security or opts.bugfixes or opts.sec_cmds):
         return True # This is only possible from should_show_pkg
     return False
 
 def ysp_has_info_md(rname, md):
-    if rname == "security":
-        if md['type'] == 'security':
+    if rname in __update_info_types__:
+        if md['type'] == rname:
             return md
     for ref in ysp__safe_refs(md['references']):
         if ref['type'] != rname:
@@ -225,7 +232,7 @@ class SecurityListCommand:
             
             elif filt_type == "sec":
                 filt_type = "security"
-            elif filt_type == "security":
+            elif filt_type in __update_info_types__:
                 pass
             
             elif filt_type == "cves":
@@ -236,7 +243,7 @@ class SecurityListCommand:
                 extcmds = [filt_type] + extcmds
                 filt_type = None
             show_type = filt_type
-            if filt_type and filt_type == "security":
+            if filt_type and filt_type in __update_info_types__:
                 show_type = None
             
         opts.sec_cmds = extcmds
@@ -339,7 +346,8 @@ class SecurityUpdateCommand:
         opts.sec_cmds = []
         used_map      = ysp_gen_used_map(opts)
 
-        ndata = not (opts.security or opts.advisory or opts.bz or opts.cve)
+        ndata = not (opts.security or opts.bugfixes or
+                     opts.advisory or opts.bz or opts.cve)
 
         # NOTE: Not doing obsoletes processing atm. ... maybe we should? --
         # Also worth pointing out we don't go backwards for obsoletes in the:
@@ -392,9 +400,12 @@ def config_hook(conduit):
     parser.values.cve      = []
     parser.values.bz       = []
     parser.values.security = False
+    parser.values.bugfixes = False
     def osec(opt, key, val, parser):
          # CVE is a subset of --security on RHEL, but not on Fedora
         parser.values.security = True
+    def obug(opt, key, val, parser):
+        parser.values.bugfixes = True
     def ocve(opt, key, val, parser):
         parser.values.cve.append(val)
     def obz(opt, key, val, parser):
@@ -405,6 +416,9 @@ def config_hook(conduit):
     parser.add_option('--security', action="callback",
                       callback=osec, dest='security', default=False,
                       help='Include security relevant packages')
+    parser.add_option('--bugfixes', action="callback",
+                      callback=obug, dest='bugfixes', default=False,
+                      help='Include bugfix relevant packages')
     parser.add_option('--cve', action="callback", type="string",
                       callback=ocve, dest='cve', default=[],
                       help='Include packages needed to fix the given CVE')
@@ -438,7 +452,8 @@ def ysp_check_func_enter(conduit):
     
     opts, args = conduit.getCmdLine()
 
-    ndata = not (opts.security or opts.advisory or opts.bz or opts.cve)
+    ndata = not (opts.security or opts.bugfixes or
+                 opts.advisory or opts.bz or opts.cve)
     
     ret = None
     if len(args) >= 2:


More information about the Yum-commits mailing list