/_[c @sddkZddkZddklZddklZddkZddkTddkZ dZ efZ dZ ddd d d fZ d Zd eiifdYZdZdZdZdZdZdZdZdZdfdYZdZdZdZdZdZdZ dZ!d fd!YZ"d"Z#d#Z$d$Z%d%Z&d&Z'd'Z(e)d(jo d)GHndS(*iN(tTYPE_INTERACTIVE(tUpdateMetadata(t*s2.5syum-plugin-securitytsecuritytbugfixt enhancementt recommendedt newpackagecCs=tii|d|d|df|d|d|dfS(s- Compare two "std." tuples, (n, a, e, v, r). iii(trpmUtilst miscutilst compareEVR(ttup1ttup2((s /usr/lib/yum-plugins/security.pyt_rpm_tup_vercmp=s!tCliErrorcBseZdZddZRS(s3 Command line interface related Exception. tcCs tiii|||_dS(N(tyumtErrorst YumBaseErrort__init__targs(tselfR((s /usr/lib/yum-plugins/security.pyRHs(t__name__t __module__t__doc__R(((s /usr/lib/yum-plugins/security.pyRBscCs_t}xO|D]G}|ipqny|i|Wqtiij o qqXqW|S(s3 Generate the info. from the updateinfo.xml files. (RtenabledtaddRRt RepoMDError(trepostmd_infotrepo((s /usr/lib/yum-plugins/security.pytysp_gen_metadataLs   cCs|djogS|S(sj Sometimes refs == None, if so return the empty list here. So we don't have to check everywhere. N(tNone(trefs((s /usr/lib/yum-plugins/security.pytysp__safe_refsYs cCsCx<|D]4}ti||o|S|d|jo|SqWdS(Nt update_id(tfnmatchR (tsec_cmdstpkgnametnoticeti((s /usr/lib/yum-plugins/security.pyt_match_sec_cmd`s cCs^xWt|D]I}|d|joq n|d|joq nt|||d<|SWdS(s# Check if the given ID is a match. ttypetidN(R"tTrueR (tused_mapR!tref_typetref_idstref((s /usr/lib/yum-plugins/security.pyt_has_idhs cCst|i||}|ot|d|sit installedtupdatest available(Rsupdates(tsetRKRR)RGtreversedtrpmdbt searchNamesRtpkgSacktsearchPkgTupletverLEtappendR (RRQR]RSRRDt show_pkgst done_pkgsR`R'RdRtipkgstpkgs((s /usr/lib/yum-plugins/security.pytdoCommand_li_new{s4    '  %  cCsd}d}t|djo\d}|d|ijo|i|id}n|}|o|tjo d}q{n|||fS(Nii(R RXRtpopR?(RRSt filt_typeR^((s /usr/lib/yum-plugins/security.pyt_parse_extcmdssc st|i|_t|iitid}d}|ii\}|i|\}}d|o$|ddjo|idndjo.|i ||||d|d gfS|_ t ht onpdjot |} t|nGdjot|} n*djot|} t|nfd } g} xt| D]} x| | | D]\} }h}| \|d <|d <|d <|d<|d<|d djod|d(RdRVRR'(R_RRR-R]R<(s /usr/lib/yum-plugins/security.pyt _show_pkgtups   '  ' RtatetvtrRRRs%s:s %(n)s-%(epoch)s%(v)s-%(r)s.%(a)ss done(supdatess availables installedsall(s availablesall(RRt listEnabledRmRntpluginstcmdlineRRRR%RCR;t_get_name2allpkgtupt_get_name2instpkgtupt_get_name2oldpkgtupt_get_name2aallpkgtupRKRRE(RRQRRRSRtloggerRDRR^tname2tupRR`R&RdR'td((R_RR-RR]R<s /usr/lib/yum-plugins/security.pyRsT            )  (RRRLRNRORPRTRhRuRRRR?RRRRR(((s /usr/lib/yum-plugins/security.pyRFsD       (  2     cCs1|iidjo|iidtndS(sd Verify that the program is being run by the root user. @param base: a YumBase object. is,You need to be root to perform this command.N(tconftuidRtcriticalR(RQ((s /usr/lib/yum-plugins/security.pytyumcommands_checkRootUIDscCso|ip^x[|iiD]F}|idjo0|idjo d}|ii|tqqWndS(NtfalseRs  You have enabled checking of packages via GPG keys. This is a good thing. However, you do not have any GPG public keys installed. You need to download the keys for packages you wish to install and install them. You can do that by running the command: rpm --import public.gpg.key Alternatively you can specify the url to the key you would like to use for a repository in the 'gpgkey' option in a repository section and yum will install it for you. For more information contact your distribution or package provider. (t gpgKeyCheckRRtgpgchecktgpgkeyRRR(RQRRD((s /usr/lib/yum-plugins/security.pytyumcommands_checkGPGKeys  cCs_h}xR|D]J}|d|jo%t||d|djoq n|||dtupdateRXttsInfo(RRQRRRSRR<R-tndataRt oldpkgtupR`RdR'RVRD((s /usr/lib/yum-plugins/security.pyR6s:  (    ' (RRRNRORPRTR(((s /usr/lib/yum-plugins/security.pyR(s     cCs|i}|pdSt|do |i}n|it|itd}d}d}d}d}d}|id d d d |d d dtdd|idd d d |d ddtdd|idd d ddd |d ddgdd|idd d d |d ddgdddd|idd d d |d ddgdddd|id d d d |d d!dgdddd"dS(#s Yum Plugin Config Hook: Setup the option parser with the '--advisory', '--bz', '--cve', '--security' and '--severity' command line options. Also the 'updateinfo' and 'update-minimal' commands. Ntplugin_option_groupcSst|i_dS(N(R,tvaluesR(toptRtvaltparser((s /usr/lib/yum-plugins/security.pytosecrscSst|i_dS(N(R,RR:(RRRR((s /usr/lib/yum-plugins/security.pytobuguscSs |iii|iddS(Nt,(RR6textendtsplit(RRRR((s /usr/lib/yum-plugins/security.pytocvewscSs|iiit|dS(N(RR9RRY(RRRR((s /usr/lib/yum-plugins/security.pytobzyscSs |iii|iddS(NR(RR8RR(RRRR((s /usr/lib/yum-plugins/security.pytoadv{scSs |iii|iddS(NR(RR3RR(RRRR((s /usr/lib/yum-plugins/security.pytosev}ss --securitytactiontcallbacktdestRtdefaultthelps"Include security relevant packagess --bugfixesR:s Include bugfix relevant packagess--cveR*tstringR6s,Include packages needed to fix the given CVEs--bzR9tints+Include packages needed to fix the given BZs--sec-severityR3s4Include security relevant packages, of this severitys --advisoryR8s1Include packages needed to fix the given advisory(t getOptParserRZRtregisterCommandRFRt add_optionR;(tconduitRRRRRRR((s /usr/lib/yum-plugins/security.pyt config_hookas>        cCsI|d}x8|i|D]'\}}t||||otSqWtS(sA Do we want to keep this package to satisfy the security limits. i(RR>R,R;(R<RdRR-RVR'((s /usr/lib/yum-plugins/security.pytysp_should_keep_pkgs    cCs |i\}}|ip%|ip|ip|ip|i }d}t|djox|ddjo)|ddjoh|d6td6}n|dd jo)|ddjoh|d6td6}qnt|o|dd jo |htd6t d6td 6fS|dd joh|d6td6}n|ddjoh|d6t d6}n|ddjo|htd6td6fS|dt i jo|htd6td6fSn|o ||fS|p|i ddn|htd6t d6td 6fS(s4 Stuff we need to do in both list and update modes. iiRGit obsoletesRtskiptlist_cmdRHsupdate-minimalRDs check-updateRtupgradeRJs'Skipping security plugin, other commandN(s obsoletessupdates(s obsoletessupdates(supdateR( t getCmdLineRR:R8R9R6R RXR,R;RFRLterror(RR<RRtret((s /usr/lib/yum-plugins/security.pytysp_check_func_enters2""   c s@t\}}|dodS|dpdStdoitniddtii}fd}g|_t |}t t i i dd ii i dd i}i}ti }g} xV|D]N} | i} | |jpt||| || o| i| iqqqW| o=x:i i dd d | d tiD]} || qWnt t i i dd ii i dd i} t|fd| oidd| |fnidd|ti |fddS(sk Yum Plugin Exclude Hook: Check and remove packages that don't align with the security config. RNRtregisterPackageNameis0Limiting package lists to security relevant onescs.idd||ifi|dS(s7 Deletes a package from all trees that yum knows about is' --> %s from %s excluded (non-security)N(RHtrepoidt delPackage(Re(R(s /usr/lib/yum-plugins/security.pyt ysp_del_pkgs t pkgnarrowRRRtpatternstshowdupscsid|S(i(R(Rv(R(s /usr/lib/yum-plugins/security.pyRss6%d package(s) needed for security, out of %d availables6No packages needed for security; %d packages availablecsid|S(i(RH(Rv(R(s /usr/lib/yum-plugins/security.pyRs(RRZRRRHRtgetReposRR%RCRXRt_basetdoPackageListsRRt getPackagesRRVRRR,RRER~(RR<RHRRR-ttotRRt pkgs_to_delReRVtptcnt((Rs /usr/lib/yum-plugins/security.pyt exclude_hooksF        %c Cs+ttidpdStii|i}|ddjodSt}x|i|D]\}}|p|ddjoqYnt}|i i |}|pqYn|d}d}|ddjod|d}nd |d||d |d |d f} |d ||d| PqYWdS(Ntget_running_kernel_pkgtupiR*RRiRs%s:s %s-%s%s-%s.%siiis,Security: %s is an installed security updates-Security: %s is the currently running version( RZRtmiscRttsR R;RR,RR( tybRRDt kern_pkgtupt found_secRdR'tipkgRtrpkg((s /usr/lib/yum-plugins/security.pyR~s0   csLt\}}|dodS|dodStdoitniddtii}fd}d}d}g|_t |}i i }t } t t tg} t } x2|D]*} | i| jo| i| iqqWti} x|D]} | i| jo|d 7}n| ii}|| jpt|| ||| oq6n| i| jo|d 7}n| i| iq6W|}t}x|ot}x|D]} | i| jo]x| iD]K\}}|| jo2|| jo|d 7}n| i|t}q q WqxZ| iD]O\}}|| jo6|| jo|d 7}n| i| it}PqgqgWqWqWx,|D]$} | i| jo|| qqWt|fd |o%idd ||||fnidd |dS( sn Yum Plugin PreResolve Hook: Check and remove packages that don't align with the security config. RNRRis+Limiting packages to security relevant onescs7idd|i|iifi|idS(s) Deletes a package within a transaction. is' --> %s from %s excluded (non-security)N(RHtpoRtremoveRd(ttspkg(Rttsinfo(s /usr/lib/yum-plugins/security.pyR2s iicsid|S(i(R(Rv(R(s /usr/lib/yum-plugins/security.pyRpssD%d package(s) needed (+%d related) for security, out of %d availables6No packages needed for security; %d packages available(RRZRRRHRRRR%RCt getTsInfot getMembersRtTS_INSTALL_STATEStTS_ERASEt output_stateRRRRRVRR,R;t relatedtoRE(RR<RHRRR R R-ttspkgst keep_pkgst count_statest count_pkgsRRRVtscnttmini_depsolve_againRtreason((RRs /usr/lib/yum-plugins/security.pytpreresolve_hooks                 %t__main__s8This is a plugin that is supposed to run from inside YUM(*RR$t yum.pluginsRt yum.update_mdRRmt yum.constantstrpmUtils.miscutilsRtrequires_api_versiont plugin_typeRR?R RRRRR"R)R1R>RBRCRERFRRRRRRRRRRRRR~R(R(((s /usr/lib/yum-plugins/security.pyt*sN              6     9 <  $ 8  X