From e198f23a728d4db870dd9e1b56fa5d877c3640ae Mon Sep 17 00:00:00 2001
From: majianhan <majianhan@kylinos.cn>
Date: Mon, 4 Nov 2024 15:27:35 +0800
Subject: [PATCH 1/2] Fix dnf-automatic service to apply security updates the
 same way as dnf tool

---
 ...d_security_filters-not-_update_secur.patch | 26 +++++++++++++++++++
 dnf.spec                                      | 10 ++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 bugfix-automatic-Use-add_security_filters-not-_update_secur.patch

diff --git a/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
new file mode 100644
index 0000000..09452ef
--- /dev/null
+++ b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
@@ -0,0 +1,26 @@
+From 6c6984cd85964e99296388f2db14f970c507babc Mon Sep 17 00:00:00 2001
+From: majianhan <majianhan@kylinos.cn>
+Date: Mon, 4 Nov 2024 15:10:46 +0800
+Subject: [PATCH] fix
+
+---
+ dnf/automatic/main.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/dnf/automatic/main.py b/dnf/automatic/main.py
+index f6f4049..caef627 100644
+--- a/dnf/automatic/main.py
++++ b/dnf/automatic/main.py
+@@ -375,8 +375,7 @@ def main(args):
+ 
+ def upgrade(base, upgrade_type):
+     if upgrade_type == 'security':
+-        base._update_security_filters.append(base.sack.query().upgrades().filterm(
+-            advisory_type='security'))
++        base.add_security_filters("gte", ("security",))
+         base.upgrade_all()
+     elif upgrade_type == 'default':
+         base.upgrade_all()
+-- 
+2.43.0
+
diff --git a/dnf.spec b/dnf.spec
index 9c60ffe..dfc11c5 100644
--- a/dnf.spec
+++ b/dnf.spec
@@ -3,7 +3,7 @@
 
 Name:                 dnf
 Version:              4.16.2
-Release:              6
+Release:              7
 Summary:              A software package manager that manages packages on Linux distributions.
 License:              GPL-2.0-or-later AND GPL-1.0-only
 URL:                  https://github.com/rpm-software-management/dnf
@@ -32,6 +32,8 @@ Patch6006:            backport-Limit-queries-to-nevra-forms-when-provided-by-com
 Patch6007:            backport-doc-Remove-provide-of-spec-definition-for-repoquery-command.patch
 Patch6008:            backport-Update-the-man-page-entry-for-the-countme-option.patch
 
+Patch9001:            bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
+
 BuildArch:            noarch
 BuildRequires:        cmake gettext systemd bash-completion python3-sphinx
 Requires:             python3-%{name} = %{version}-%{release} libreport-filesystem
@@ -258,6 +260,12 @@ popd
 %{_mandir}/man8/%{name}-automatic.8*
 
 %changelog
+* Mon Nov 04 2024 majianhan <majianhan@kylinos.cn> - 4.16.2-7
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: Fix dnf-automatic service to apply security updates the same way as dnf tool
+
 * Wed Aug 14 2024 Funda Wang <fundawang@yeah.net> - 4.16.2-6
 - Drop wrong obsolete tag
 
-- 
Gitee


From 3900621f67feb51aa7bc60b2d0cc5aa03ea2a3fb Mon Sep 17 00:00:00 2001
From: majianhan <majianhan@kylinos.cn>
Date: Tue, 5 Nov 2024 06:51:39 +0000
Subject: [PATCH 2/2] update
 bugfix-automatic-Use-add_security_filters-not-_update_secur.patch.

Signed-off-by: majianhan <majianhan@kylinos.cn>
---
 ...d_security_filters-not-_update_secur.patch | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
index 09452ef..a61cded 100644
--- a/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
+++ b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
@@ -1,8 +1,21 @@
-From 6c6984cd85964e99296388f2db14f970c507babc Mon Sep 17 00:00:00 2001
-From: majianhan <majianhan@kylinos.cn>
-Date: Mon, 4 Nov 2024 15:10:46 +0800
-Subject: [PATCH] fix
+From 5388d980c8137c3ee6924f145bd284169d838fad Mon Sep 17 00:00:00 2001
+From: Evan Goode <mail@evangoo.de>
+Date: Tue, 30 Jan 2024 21:36:46 +0000
+Subject: [PATCH] automatic: Use add_security_filters, not
+ _update_security_filters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
+Upstream commit: 0b4b8cc8940a4073b33f1bb772651ae27e55f299
+Resolves: https://issues.redhat.com/browse/RHEL-21874
+
+It seems that these two approaches for selecting security updates
+sometimes disagree. The regular `dnf update` command uses
+base.add_security_filters to select security updates, so dnf-automatic
+should do the same.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
  dnf/automatic/main.py | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
-- 
Gitee