rpms
/
librepo
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import librepo-1.14.2-5.el8

Browse Source
c8-beta imports/c8-beta/librepo-1.14.2-5.el8
MSVSphere Packaging Team 10 months ago
commit e481423cfb
10 changed files with 1621 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/librepo-1.14.2.tar.gz

1
.librepo.metadata
Unescape View File

@ -0,0 +1 @@
c9f39d7497d310ae220df2dfbd8e95f347e2bc8c SOURCES/librepo-1.14.2.tar.gz

72
SOURCES/0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch
Unescape View File

@ -0,0 +1,72 @@
From e6f48ae9bff7b5dc8027d043aa1bffa53d507a42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Thu, 5 May 2022 12:44:27 +0200
Subject: [PATCH] Use nanosec precision for timestamp of checksum cache
(RhBug:2077864)
= changelog =
msg: Use nanosec precision for timestamp of checksum cache
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2077864
---
librepo/checksum.c | 7 +++++--
tests/test_checksum.c | 6 +++++-
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/librepo/checksum.c b/librepo/checksum.c
index 6bba53c..d82cb5c 100644
--- a/librepo/checksum.c
+++ b/librepo/checksum.c
@@ -18,6 +18,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#define _POSIX_C_SOURCE 200809L
#include <glib.h>
#include <glib/gprintf.h>
#include <assert.h>
@@ -217,16 +218,18 @@ lr_checksum_fd_compare(LrChecksumType type,
return FALSE;
}
- time_t timestamp = -1;
+ long long timestamp = -1;
if (caching) {
struct stat st;
if (fstat(fd, &st) == 0) {
timestamp = st.st_mtime;
+ timestamp *= 1000000000; //convert sec timestamp to nanosec timestamp
+ timestamp += st.st_mtim.tv_nsec;
}
}
- _cleanup_free_ gchar *timestamp_str = g_strdup_printf("%lli", (long long)timestamp);
+ _cleanup_free_ gchar *timestamp_str = g_strdup_printf("%lli", timestamp);
const char *type_str = lr_checksum_type_to_str(type);
_cleanup_free_ gchar *timestamp_key = g_strconcat(XATTR_CHKSUM_PREFIX, "mtime", NULL);
_cleanup_free_ gchar *checksum_key = g_strconcat(XATTR_CHKSUM_PREFIX, type_str, NULL);
diff --git a/tests/test_checksum.c b/tests/test_checksum.c
index cd28cd1..548f588 100644
--- a/tests/test_checksum.c
+++ b/tests/test_checksum.c
@@ -1,3 +1,4 @@
+#define _POSIX_C_SOURCE 200809L
#define _GNU_SOURCE
#include <errno.h>
#include <stdlib.h>
@@ -150,7 +151,10 @@ START_TEST(test_cached_checksum_matches)
// stored timestamp matches the file mtime
ret = stat(filename, &st);
ck_assert_int_eq(ret, 0);
- mtime_str = g_strdup_printf("%lli", (long long) st.st_mtime);
+ long long timestamp = st.st_mtime;
+ timestamp *= 1000000000; //convert sec timestamp to nanosec timestamp
+ timestamp += st.st_mtim.tv_nsec;
+ mtime_str = g_strdup_printf("%lli", timestamp);
attr_ret = GETXATTR(filename, timestamp_key, &buf, sizeof(buf)-1);
ck_assert(attr_ret != -1);
buf[attr_ret] = 0;
--
2.36.1

296
SOURCES/0002-Fix-alloc-free-mismatches-from-covscan.patch
Unescape View File

@ -0,0 +1,296 @@
From 493226f298b3d81e4b01d9f2c64a1cc2eb3049e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Fri, 15 Jul 2022 17:16:12 +0200
Subject: [PATCH] Fix alloc / free mismatches from covscan
---
librepo/checksum.c | 6 +++---
librepo/downloader.c | 2 +-
librepo/lrmirrorlist.c | 2 +-
librepo/package_downloader.c | 2 +-
librepo/repoconf.c | 2 +-
librepo/repoutil_yum.c | 4 ++--
librepo/util.c | 6 +++---
tests/test_checksum.c | 4 ++--
tests/test_gpg.c | 2 +-
tests/test_main.c | 2 +-
tests/test_util.c | 24 ++++++++++++------------
11 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/librepo/checksum.c b/librepo/checksum.c
index d82cb5c..4831ddc 100644
--- a/librepo/checksum.c
+++ b/librepo/checksum.c
@@ -205,8 +205,6 @@ lr_checksum_fd_compare(LrChecksumType type,
gchar **calculated,
GError **err)
{
- _cleanup_free_ gchar *checksum = NULL;
-
assert(fd >= 0);
assert(!err || *err == NULL);
@@ -262,7 +260,7 @@ lr_checksum_fd_compare(LrChecksumType type,
}
}
- checksum = lr_checksum_fd(type, fd, err);
+ char *checksum = lr_checksum_fd(type, fd, err);
if (!checksum)
return FALSE;
@@ -274,6 +272,7 @@ lr_checksum_fd_compare(LrChecksumType type,
} else {
g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE,
"fsync failed: %s", strerror(errno));
+ lr_free(checksum);
return FALSE;
}
}
@@ -287,6 +286,7 @@ lr_checksum_fd_compare(LrChecksumType type,
if (calculated)
*calculated = g_strdup(checksum);
+ lr_free(checksum);
return TRUE;
}
diff --git a/librepo/downloader.c b/librepo/downloader.c
index f4e8ba2..84739a9 100644
--- a/librepo/downloader.c
+++ b/librepo/downloader.c
@@ -1974,7 +1974,7 @@ list_of_checksums_to_str(GSList *checksums)
tmp = g_strconcat(expected, chksum->value, "(",
chtype_str ? chtype_str : "UNKNOWN",
") ", NULL);
- free(expected);
+ g_free(expected);
expected = tmp;
}
diff --git a/librepo/lrmirrorlist.c b/librepo/lrmirrorlist.c
index c7e51b3..91cdc4b 100644
--- a/librepo/lrmirrorlist.c
+++ b/librepo/lrmirrorlist.c
@@ -156,7 +156,7 @@ lr_lrmirrorlist_append_metalink(LrInternalMirrorlist *list,
LrInternalMirror *mirror = lr_lrmirror_new(url_copy, urlvars);
mirror->preference = metalinkurl->preference;
mirror->protocol = lr_detect_protocol(mirror->url);
- lr_free(url_copy);
+ g_free(url_copy);
list = g_slist_append(list, mirror);
//g_debug("%s: Appending URL: %s", __func__, mirror->url);
diff --git a/librepo/package_downloader.c b/librepo/package_downloader.c
index adea459..353cac8 100644
--- a/librepo/package_downloader.c
+++ b/librepo/package_downloader.c
@@ -173,7 +173,7 @@ lr_packagetarget_free(LrPackageTarget *target)
if (!target)
return;
g_string_chunk_free(target->chunk);
- g_free(target);
+ lr_free(target);
}
gboolean
diff --git a/librepo/repoconf.c b/librepo/repoconf.c
index 948259e..34dbab4 100644
--- a/librepo/repoconf.c
+++ b/librepo/repoconf.c
@@ -146,7 +146,7 @@ lr_yum_repoconfs_free(LrYumRepoConfs *repos)
return;
g_slist_free_full(repos->repos, (GDestroyNotify) lr_yum_repoconf_free);
g_slist_free_full(repos->files, (GDestroyNotify) lr_yum_repofile_free);
- g_free(repos);
+ lr_free(repos);
}
GSList *
diff --git a/librepo/repoutil_yum.c b/librepo/repoutil_yum.c
index 02e796f..bb09ff5 100644
--- a/librepo/repoutil_yum.c
+++ b/librepo/repoutil_yum.c
@@ -105,11 +105,11 @@ lr_repoutil_yum_parse_repomd(const char *in_path,
if (fd < 0) {
g_set_error(err, LR_REPOUTIL_YUM_ERROR, LRE_IO,
"open(%s, O_RDONLY) error: %s", path, g_strerror(errno));
- lr_free(path);
+ g_free(path);
return FALSE;
}
- lr_free(path);
+ g_free(path);
ret = lr_yum_repomd_parse_file(repomd, fd, NULL, NULL, err);
close(fd);
diff --git a/librepo/util.c b/librepo/util.c
index 8ba7120..204572d 100644
--- a/librepo/util.c
+++ b/librepo/util.c
@@ -170,7 +170,7 @@ lr_gettmpdir(void)
{
char *template = g_build_filename(g_get_tmp_dir(), "librepo-tmpdir-XXXXXX", NULL);
if (!mkdtemp(template)) {
- lr_free(template);
+ g_free(template);
return NULL;
}
return template;
@@ -206,7 +206,7 @@ lr_pathconcat(const char *first, ...)
qmark_section = strchr(first, '?');
- res = lr_malloc(total_len + separator_len + 1);
+ res = g_malloc(total_len + separator_len + 1);
next = first;
va_start(args, first);
@@ -273,7 +273,7 @@ lr_pathconcat(const char *first, ...)
assert(offset <= total_len);
if (offset == 0) {
- lr_free(res);
+ g_free(res);
return g_strdup(first);
}
diff --git a/tests/test_checksum.c b/tests/test_checksum.c
index 548f588..264782c 100644
--- a/tests/test_checksum.c
+++ b/tests/test_checksum.c
@@ -295,8 +295,8 @@ START_TEST(test_cached_checksum_clear)
cleanup:
close(fd);
lr_free(filename);
- lr_free(timestamp_key);
- lr_free(checksum_key);
+ g_free(timestamp_key);
+ g_free(checksum_key);
}
END_TEST
diff --git a/tests/test_gpg.c b/tests/test_gpg.c
index fd322e3..0af423a 100644
--- a/tests/test_gpg.c
+++ b/tests/test_gpg.c
@@ -110,7 +110,7 @@ START_TEST(test_gpg_check_signature)
lr_free(_data_path);
lr_free(signature_path);
lr_free(_signature_path);
- lr_free(tmp_home_path);
+ g_free(tmp_home_path);
}
END_TEST
diff --git a/tests/test_main.c b/tests/test_main.c
index 1076062..b323ce5 100644
--- a/tests/test_main.c
+++ b/tests/test_main.c
@@ -39,7 +39,7 @@ init_test_globals(struct TestGlobals_s *tg, const char *testdata_dir)
static void
free_test_globals(struct TestGlobals_s *tg)
{
- lr_free(tg->tmpdir);
+ g_free(tg->tmpdir);
lr_free(tg->testdata_dir);
}
diff --git a/tests/test_util.c b/tests/test_util.c
index 595b0fe..d082445 100644
--- a/tests/test_util.c
+++ b/tests/test_util.c
@@ -54,7 +54,7 @@ START_TEST(test_gettmpdir)
char *tmp_dir = lr_gettmpdir();
ck_assert_ptr_nonnull(tmp_dir);
ck_assert_int_eq(rmdir(tmp_dir), 0);
- lr_free(tmp_dir);
+ g_free(tmp_dir);
}
END_TEST
@@ -126,7 +126,7 @@ START_TEST(test_remove_dir)
ck_assert_int_eq(rc, 0);
ck_assert_int_ne(unlink(tmp_file), 0);
ck_assert_int_ne(rmdir(tmp_dir), 0);
- lr_free(tmp_dir);
+ g_free(tmp_dir);
lr_free(tmp_file);
}
END_TEST
@@ -141,61 +141,61 @@ START_TEST(test_url_without_path)
new_url = lr_url_without_path("");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("hostname");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "hostname");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("hostname/foo/bar/");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "hostname");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("hostname:80");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "hostname:80");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("hostname:80/foo/bar");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "hostname:80");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("http://hostname:80/");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "http://hostname:80");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("http://hostname:80/foo/bar");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "http://hostname:80");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("ftp://foo.hostname:80/foo/bar");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "ftp://foo.hostname:80");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("file:///home/foobar");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "file://");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
new_url = lr_url_without_path("file:/home/foobar");
ck_assert_ptr_nonnull(new_url);
ck_assert_str_eq(new_url, "file://");
- lr_free(new_url);
+ g_free(new_url);
new_url = NULL;
}
END_TEST
--
2.37.1

578
SOURCES/0003-More-covscan-fixes.patch
Unescape View File

@ -0,0 +1,578 @@
From 678803b825fea10e4915a300f0e2fc990b7c99fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Thu, 21 Jul 2022 10:11:17 +0200
Subject: [PATCH] More covscan fixes
---
librepo/metadata_downloader.c | 18 +++++++++---------
librepo/metalink.c | 2 +-
librepo/repomd.c | 2 +-
librepo/xmlparser.c | 4 ++--
librepo/xmlparser_internal.h | 2 +-
librepo/yum.c | 32 ++++++++++++++++----------------
tests/test_checksum.c | 10 +++++-----
tests/test_downloader.c | 16 ++++++++--------
tests/test_metalink.c | 18 +++++++++---------
tests/test_mirrorlist.c | 6 +++---
tests/test_util.c | 16 ++++++++--------
11 files changed, 63 insertions(+), 63 deletions(-)
diff --git a/librepo/metadata_downloader.c b/librepo/metadata_downloader.c
index be6fe68..9e7d7e5 100644
--- a/librepo/metadata_downloader.c
+++ b/librepo/metadata_downloader.c
@@ -192,7 +192,7 @@ handle_failure(LrMetadataTarget *target,
GSList **paths,
GError *err)
{
- lr_metadatatarget_append_error(target, err->message, NULL);
+ lr_metadatatarget_append_error(target, err->message);
fillInvalidationValues(fd_list, paths);
g_error_free(err);
}
@@ -221,13 +221,13 @@ create_repomd_xml_download_targets(GSList *targets,
handle = target->handle;
if (!handle->urls && !handle->mirrorlisturl && !handle->metalinkurl) {
- lr_metadatatarget_append_error(target, "No LRO_URLS, LRO_MIRRORLISTURL nor LRO_METALINKURL specified", NULL);
+ lr_metadatatarget_append_error(target, "No LRO_URLS, LRO_MIRRORLISTURL nor LRO_METALINKURL specified");
fillInvalidationValues(fd_list, paths);
continue;
}
if (handle->repotype != LR_YUMREPO) {
- lr_metadatatarget_append_error(target, "Bad LRO_REPOTYPE specified", NULL);
+ lr_metadatatarget_append_error(target, "Bad LRO_REPOTYPE specified");
fillInvalidationValues(fd_list, paths);
continue;
}
@@ -242,14 +242,14 @@ create_repomd_xml_download_targets(GSList *targets,
if (!lr_handle_prepare_internal_mirrorlist(handle,
handle->fastestmirror,
&err)) {
- lr_metadatatarget_append_error(target, "Cannot prepare internal mirrorlist: %s", err->message, NULL);
+ lr_metadatatarget_append_error(target, "Cannot prepare internal mirrorlist: %s", err->message);
fillInvalidationValues(fd_list, paths);
g_error_free(err);
continue;
}
if (mkdir(handle->destdir, S_IRWXU) == -1 && errno != EEXIST) {
- lr_metadatatarget_append_error(target, "Cannot create tmpdir: %s %s", handle->destdir, g_strerror(errno), NULL);
+ lr_metadatatarget_append_error(target, "Cannot create tmpdir: %s %s", handle->destdir, g_strerror(errno));
fillInvalidationValues(fd_list, paths);
g_error_free(err);
continue;
@@ -335,12 +335,12 @@ process_repomd_xml(GSList *targets,
handle->gnupghomedir = g_strdup(target->gnupghomedir);
if (target->download_target->rcode != LRE_OK) {
- lr_metadatatarget_append_error(target, (char *) lr_strerror(target->download_target->rcode), NULL);
+ lr_metadatatarget_append_error(target, (char *) lr_strerror(target->download_target->rcode));
goto fail;
}
if (!lr_check_repomd_xml_asc_availability(handle, target->repo, fd_value, path->data, &error)) {
- lr_metadatatarget_append_error(target, error->message, NULL);
+ lr_metadatatarget_append_error(target, error->message);
g_error_free(error);
goto fail;
}
@@ -349,7 +349,7 @@ process_repomd_xml(GSList *targets,
ret = lr_yum_repomd_parse_file(target->repomd, fd_value, lr_xml_parser_warning_logger,
"Repomd xml parser", &error);
if (!ret) {
- lr_metadatatarget_append_error(target, "Parsing unsuccessful: %s", error->message, NULL);
+ lr_metadatatarget_append_error(target, "Parsing unsuccessful: %s", error->message);
g_error_free(error);
goto fail;
}
@@ -377,7 +377,7 @@ lr_metadata_download_cleanup(GSList *download_targets)
LrDownloadTarget *download_target = elem->data;
LrMetadataTarget *target = download_target->userdata;
if (download_target->err)
- lr_metadatatarget_append_error(target, download_target->err, NULL);
+ lr_metadatatarget_append_error(target, download_target->err);
if (target->err != NULL) {
ret = FALSE;
diff --git a/librepo/metalink.c b/librepo/metalink.c
index 0f939de..1f839a9 100644
--- a/librepo/metalink.c
+++ b/librepo/metalink.c
@@ -504,7 +504,7 @@ lr_metalink_parse_file(LrMetalink *metalink,
// Parsing
- ret = lr_xml_parser_generic(parser, pd, fd, &tmp_err);
+ ret = lr_xml_parser_generic(&parser, pd, fd, &tmp_err);
if (tmp_err) {
g_propagate_error(err, tmp_err);
goto err;
diff --git a/librepo/repomd.c b/librepo/repomd.c
index f0fd2ad..2905749 100644
--- a/librepo/repomd.c
+++ b/librepo/repomd.c
@@ -570,7 +570,7 @@ lr_yum_repomd_parse_file(LrYumRepoMd *repomd,
// Parsing
- ret = lr_xml_parser_generic(parser, pd, fd, &tmp_err);
+ ret = lr_xml_parser_generic(&parser, pd, fd, &tmp_err);
if (tmp_err)
g_propagate_error(err, tmp_err);
diff --git a/librepo/xmlparser.c b/librepo/xmlparser.c
index 793c272..88d16aa 100644
--- a/librepo/xmlparser.c
+++ b/librepo/xmlparser.c
@@ -143,7 +143,7 @@ lr_xml_parser_strtoll(LrParserData *pd,
}
gboolean
-lr_xml_parser_generic(XmlParser parser,
+lr_xml_parser_generic(XmlParser *parser,
LrParserData *pd,
int fd,
GError **err)
@@ -151,7 +151,7 @@ lr_xml_parser_generic(XmlParser parser,
/* Note: This function uses .err members of LrParserData! */
gboolean ret = TRUE;
- xmlParserCtxtPtr ctxt = xmlCreatePushParserCtxt(&parser, pd, NULL, 0, NULL);
+ xmlParserCtxtPtr ctxt = xmlCreatePushParserCtxt(parser, pd, NULL, 0, NULL);
ctxt->linenumbers = 1;
assert(ctxt);
diff --git a/librepo/xmlparser_internal.h b/librepo/xmlparser_internal.h
index c9bacac..25a48a5 100644
--- a/librepo/xmlparser_internal.h
+++ b/librepo/xmlparser_internal.h
@@ -159,7 +159,7 @@ lr_xml_parser_strtoll(LrParserData *pd,
/** Generic parser.
*/
gboolean
-lr_xml_parser_generic(XmlParser parser,
+lr_xml_parser_generic(XmlParser *parser,
LrParserData *pd,
int fd,
GError **err);
diff --git a/librepo/yum.c b/librepo/yum.c
index 3b287cd..56bca3e 100644
--- a/librepo/yum.c
+++ b/librepo/yum.c
@@ -335,7 +335,7 @@ lr_prepare_repodata_dir(LrHandle *handle,
return FALSE;
}
}
- lr_free(path_to_repodata);
+ g_free(path_to_repodata);
return TRUE;
}
@@ -356,7 +356,7 @@ lr_store_mirrorlist_files(LrHandle *handle,
g_debug("%s: Cannot create: %s", __func__, ml_file_path);
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot create %s: %s", ml_file_path, g_strerror(errno));
- lr_free(ml_file_path);
+ g_free(ml_file_path);
return FALSE;
}
rc = lr_copy_content(handle->mirrorlist_fd, fd);
@@ -366,7 +366,7 @@ lr_store_mirrorlist_files(LrHandle *handle,
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot copy content of mirrorlist file %s: %s",
ml_file_path, g_strerror(errno));
- lr_free(ml_file_path);
+ g_free(ml_file_path);
return FALSE;
}
repo->mirrorlist = ml_file_path;
@@ -391,7 +391,7 @@ lr_copy_metalink_content(LrHandle *handle,
g_debug("%s: Cannot create: %s", __func__, ml_file_path);
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot create %s: %s", ml_file_path, g_strerror(errno));
- lr_free(ml_file_path);
+ g_free(ml_file_path);
return FALSE;
}
rc = lr_copy_content(handle->metalink_fd, fd);
@@ -401,7 +401,7 @@ lr_copy_metalink_content(LrHandle *handle,
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot copy content of metalink file %s: %s",
ml_file_path, g_strerror(errno));
- lr_free(ml_file_path);
+ g_free(ml_file_path);
return FALSE;
}
repo->metalink = ml_file_path;
@@ -422,7 +422,7 @@ lr_prepare_repomd_xml_file(LrHandle *handle,
if (fd == -1) {
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot open %s: %s", *path, g_strerror(errno));
- lr_free(*path);
+ g_free(*path);
return -1;
}
@@ -458,13 +458,13 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle,
g_debug("%s: Cannot open: %s", __func__, signature);
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot open %s: %s", signature, g_strerror(errno));
- lr_free(signature);
+ g_free(signature);
return FALSE;
}
url = lr_pathconcat(handle->used_mirror, "repodata/repomd.xml.asc", NULL);
ret = lr_download_url(handle, url, fd_sig, &tmp_err);
- lr_free(url);
+ g_free(url);
close(fd_sig);
if (!ret) {
// Error downloading signature
@@ -474,7 +474,7 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle,
"repository does not support GPG verification: %s", tmp_err->message);
g_clear_error(&tmp_err);
unlink(signature);
- lr_free(signature);
+ g_free(signature);
return FALSE;
} else {
// Signature downloaded
@@ -483,7 +483,7 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle,
path,
handle->gnupghomedir,
&tmp_err);
- lr_free(signature);
+ g_free(signature);
if (!ret) {
g_debug("%s: GPG signature verification failed: %s",
__func__, tmp_err->message);
@@ -680,7 +680,7 @@ prepare_repo_download_std_target(LrHandle *handle,
__func__, *path, g_strerror(errno));
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot create/open %s: %s", *path, g_strerror(errno));
- lr_free(*path);
+ g_free(*path);
g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free);
return FALSE;
}
@@ -713,7 +713,7 @@ prepare_repo_download_zck_target(LrHandle *handle,
__func__, *path, g_strerror(errno));
g_set_error(err, LR_YUM_ERROR, LRE_IO,
"Cannot create/open %s: %s", *path, g_strerror(errno));
- lr_free(*path);
+ g_free(*path);
g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free);
return FALSE;
}
@@ -778,7 +778,7 @@ prepare_repo_download_targets(LrHandle *handle,
char *dest_dir = realpath(handle->destdir, NULL);
path = lr_pathconcat(handle->destdir, record->location_href, NULL);
char *requested_dir = realpath(dirname(path), NULL);
- lr_free(path);
+ g_free(path);
if (!g_str_has_prefix(requested_dir, dest_dir)) {
g_debug("%s: Invalid path: %s", __func__, location_href);
g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href);
@@ -850,7 +850,7 @@ prepare_repo_download_targets(LrHandle *handle,
/* Because path may already exists in repo (while update) */
lr_yum_repo_update(repo, record->type, path);
- lr_free(path);
+ g_free(path);
}
return TRUE;
@@ -1130,7 +1130,7 @@ lr_yum_use_local_load_base(LrHandle *handle,
repo->mirrorlist = mrl_fn;
} else {
repo->mirrorlist = NULL;
- lr_free(mrl_fn);
+ g_free(mrl_fn);
}
}
@@ -1142,7 +1142,7 @@ lr_yum_use_local_load_base(LrHandle *handle,
repo->metalink = mtl_fn;
} else {
repo->metalink = NULL;
- lr_free(mtl_fn);
+ g_free(mtl_fn);
}
}
diff --git a/tests/test_checksum.c b/tests/test_checksum.c
index 264782c..efac88b 100644
--- a/tests/test_checksum.c
+++ b/tests/test_checksum.c
@@ -87,7 +87,7 @@ START_TEST(test_checksum_fd)
test_checksum(file, LR_CHECKSUM_SHA512, CHKS_VAL_01_SHA512);
ck_assert_msg(remove(file) == 0, "Cannot delete temporary test file");
- lr_free(file);
+ g_free(file);
}
END_TEST
@@ -235,9 +235,9 @@ START_TEST(test_cached_checksum_value)
ck_assert(attr_ret == -1); // Cached checksum should not exists
lr_free(calculated);
- lr_free(filename);
- lr_free(timestamp_key);
- lr_free(checksum_key);
+ g_free(filename);
+ g_free(timestamp_key);
+ g_free(checksum_key);
lr_free(mtime_str);
}
END_TEST
@@ -294,7 +294,7 @@ START_TEST(test_cached_checksum_clear)
ck_assert(attr_ret != -1);
cleanup:
close(fd);
- lr_free(filename);
+ g_free(filename);
g_free(timestamp_key);
g_free(checksum_key);
}
diff --git a/tests/test_downloader.c b/tests/test_downloader.c
index 34958ab..a3fff20 100644
--- a/tests/test_downloader.c
+++ b/tests/test_downloader.c
@@ -52,7 +52,7 @@ START_TEST(test_downloader_single_file)
tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_XXXXXX", NULL);
fd1 = mkstemp(tmpfn1);
- lr_free(tmpfn1);
+ g_free(tmpfn1);
ck_assert_int_ge(fd1, 0);
t1 = lr_downloadtarget_new(handle, "index.html", NULL, fd1, NULL, NULL,
@@ -97,7 +97,7 @@ START_TEST(test_downloader_single_file_2)
tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_2_XXXXXX", NULL);
fd1 = mkstemp(tmpfn1);
- lr_free(tmpfn1);
+ g_free(tmpfn1);
ck_assert_int_ge(fd1, 0);
t1 = lr_downloadtarget_new(NULL, "http://seznam.cz/index.html", NULL,
@@ -154,8 +154,8 @@ START_TEST(test_downloader_two_files)
fd1 = mkstemp(tmpfn1);
fd2 = mkstemp(tmpfn2);
- lr_free(tmpfn1);
- lr_free(tmpfn2);
+ g_free(tmpfn1);
+ g_free(tmpfn2);
ck_assert_int_ge(fd1, 0);
ck_assert_int_ge(fd2, 0);
@@ -223,9 +223,9 @@ START_TEST(test_downloader_three_files_with_error)
fd1 = mkstemp(tmpfn1);
fd2 = mkstemp(tmpfn2);
fd3 = mkstemp(tmpfn3);
- lr_free(tmpfn1);
- lr_free(tmpfn2);
- lr_free(tmpfn3);
+ g_free(tmpfn1);
+ g_free(tmpfn2);
+ g_free(tmpfn3);
ck_assert_int_ge(fd1, 0);
ck_assert_int_ge(fd2, 0);
ck_assert_int_ge(fd3, 0);
@@ -329,7 +329,7 @@ START_TEST(test_downloader_checksum)
tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_XXXXXX", NULL);
fd1 = mkstemp(tmpfn1);
- lr_free(tmpfn1);
+ g_free(tmpfn1);
ck_assert_int_ge(fd1, 0);
checksum = lr_downloadtargetchecksum_new(LR_CHECKSUM_SHA512,
diff --git a/tests/test_metalink.c b/tests/test_metalink.c
index e425742..1440125 100644
--- a/tests/test_metalink.c
+++ b/tests/test_metalink.c
@@ -48,7 +48,7 @@ START_TEST(test_metalink_good_01)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_good_01", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -160,7 +160,7 @@ START_TEST(test_metalink_good_02)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_good_02", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -206,7 +206,7 @@ START_TEST(test_metalink_good_03)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_good_03", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -250,7 +250,7 @@ START_TEST(test_metalink_bad_01)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_bad_01", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -371,7 +371,7 @@ START_TEST(test_metalink_bad_02)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_bad_02", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -395,7 +395,7 @@ START_TEST(test_metalink_really_bad_01)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_really_bad_01", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -419,7 +419,7 @@ START_TEST(test_metalink_really_bad_02)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_really_bad_02", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -443,7 +443,7 @@ START_TEST(test_metalink_really_bad_03)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_really_bad_03", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
@@ -470,7 +470,7 @@ START_TEST(test_metalink_with_alternates)
path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR,
"metalink_with_alternates", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_metalink_init();
ck_assert_ptr_nonnull(ml);
diff --git a/tests/test_mirrorlist.c b/tests/test_mirrorlist.c
index cc00b7f..ec924b6 100644
--- a/tests/test_mirrorlist.c
+++ b/tests/test_mirrorlist.c
@@ -35,7 +35,7 @@ START_TEST(test_mirrorlist_01)
path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR,
"mirrorlist_01", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_mirrorlist_init();
ck_assert_ptr_nonnull(ml);
@@ -68,7 +68,7 @@ START_TEST(test_mirrorlist_02)
path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR,
"mirrorlist_02", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_mirrorlist_init();
ck_assert_ptr_nonnull(ml);
@@ -92,7 +92,7 @@ START_TEST(test_mirrorlist_03)
path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR,
"mirrorlist_03", NULL);
fd = open(path, O_RDONLY);
- lr_free(path);
+ g_free(path);
ck_assert_int_ge(fd, 0);
ml = lr_mirrorlist_init();
ck_assert_ptr_nonnull(ml);
diff --git a/tests/test_util.c b/tests/test_util.c
index d082445..96e82aa 100644
--- a/tests/test_util.c
+++ b/tests/test_util.c
@@ -68,43 +68,43 @@ START_TEST(test_pathconcat)
path = lr_pathconcat("", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("/tmp", "foo///", "bar", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "/tmp/foo/bar");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("foo", "bar/", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "foo/bar");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("foo", "/bar/", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "foo/bar");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("foo", "bar", "", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "foo/bar/");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("http://host.net", "path/to/somewhere", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "http://host.net/path/to/somewhere");
- lr_free(path);
+ g_free(path);
path = NULL;
path = lr_pathconcat("http://host.net?hello=1", "path/to/", "somewhere", NULL);
ck_assert_ptr_nonnull(path);
ck_assert_str_eq(path, "http://host.net/path/to/somewhere?hello=1");
- lr_free(path);
+ g_free(path);
path = NULL;
}
END_TEST
@@ -127,7 +127,7 @@ START_TEST(test_remove_dir)
ck_assert_int_ne(unlink(tmp_file), 0);
ck_assert_int_ne(rmdir(tmp_dir), 0);
g_free(tmp_dir);
- lr_free(tmp_file);
+ g_free(tmp_file);
}
END_TEST
--
2.37.1

51
SOURCES/0004-Use-g_strdup_vprintf-instead-of-manually-calculating.patch
Unescape View File

@ -0,0 +1,51 @@
From dc640e127f4c678c9dfbda776994972600d53e56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Tue, 16 Aug 2022 13:44:22 +0200
Subject: [PATCH] Use g_strdup_vprintf() instead of manually calculating
allocation space
Fixes an error introduced in d2508e206514bdbf841ee72f4971336766c16fe1 by
removing trailing NULLs, on which the size calculation code was relying.
Instead of this incosistent argument iteration, use g_strdup_vprintf(),
which allocates the new string correctly.
---
librepo/metadata_downloader.c | 19 ++-----------------
1 file changed, 2 insertions(+), 17 deletions(-)
diff --git a/librepo/metadata_downloader.c b/librepo/metadata_downloader.c
index 9e7d7e5..92a462b 100644
--- a/librepo/metadata_downloader.c
+++ b/librepo/metadata_downloader.c
@@ -98,26 +98,11 @@ void
lr_metadatatarget_append_error(LrMetadataTarget *target, char *format, ...)
{
va_list valist;
- size_t length = strlen(format);
- char *error_message = NULL;
-
- va_start(valist, format);
- while (1) {
- char *arg = va_arg(valist, char*);
- if (arg == NULL)
- break;
-
- length += strlen(arg);
- }
- length += RESERVE;
- va_end(valist);
-
va_start(valist, format);
- error_message = malloc(length * sizeof(char));
- vsnprintf(error_message, length, format, valist);
+ gchar *error_message = g_strdup_vprintf(format, valist);
va_end(valist);
- target->err = g_list_append(target->err, (gpointer) error_message);
+ target->err = g_list_append(target->err, error_message);
}
static gboolean
--
2.37.1

55
SOURCES/0005-Use-g_list_free_full-to-free-LRMetadataTarget-err.patch
Unescape View File

@ -0,0 +1,55 @@
From a5305e7f957666c92040fa0134d69d9fbeb5db70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Tue, 16 Aug 2022 15:41:44 +0200
Subject: [PATCH] Use g_list_free_full() to free LRMetadataTarget::err
Fixes a memory leak where the char * items in the list were not freed.
---
CMakeLists.txt | 2 +-
librepo.spec | 2 +-
librepo/metadata_downloader.c | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a45d5c4..b4007e3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,7 +28,7 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")
# Find necessare libraries
FIND_PACKAGE(PkgConfig)
-PKG_CHECK_MODULES(GLIB2 glib-2.0 REQUIRED)
+PKG_CHECK_MODULES(GLIB2 glib-2.0>=2.28 REQUIRED)
PKG_SEARCH_MODULE(LIBCRYPTO REQUIRED libcrypto openssl)
PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
FIND_PACKAGE(CURL 7.52.0 REQUIRED)
diff --git a/librepo.spec b/librepo.spec
index 5a733b2..88d6d6d 100644
--- a/librepo.spec
+++ b/librepo.spec
@@ -23,7 +23,7 @@ BuildRequires: cmake
BuildRequires: gcc
BuildRequires: check-devel
BuildRequires: doxygen
-BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(glib-2.0) >= 2.28
BuildRequires: gpgme-devel
BuildRequires: libattr-devel
BuildRequires: libcurl-devel >= %{libcurl_version}
diff --git a/librepo/metadata_downloader.c b/librepo/metadata_downloader.c
index 92a462b..cda1e40 100644
--- a/librepo/metadata_downloader.c
+++ b/librepo/metadata_downloader.c
@@ -89,8 +89,7 @@ lr_metadatatarget_free(LrMetadataTarget *target)
if (!target)
return;
g_string_chunk_free(target->chunk);
- if (target->err != NULL)
- g_list_free(target->err);
+ g_list_free_full(target->err, g_free);
g_free(target);
}
--
2.37.1

29
SOURCES/0006-Detailed-error-message-when-using-non-existing-TMPDI.patch
Unescape View File

@ -0,0 +1,29 @@
From a69522533248093c11f11f964a3d42cb08bf7822 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Mon, 22 Aug 2022 08:18:04 +0200
Subject: [PATCH] Detailed error message when using non-existing TMPDIR
(RhBug:2019993)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019993
---
librepo/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/librepo/util.c b/librepo/util.c
index 204572d..f4aa512 100644
--- a/librepo/util.c
+++ b/librepo/util.c
@@ -158,7 +158,7 @@ lr_gettmpfile(void)
template = g_build_filename(g_get_tmp_dir(), "librepo-tmp-XXXXXX", NULL);
fd = mkstemp(template);
if (fd < 0) {
- perror("Cannot create temporary file - mkstemp");
+ fprintf(stderr, "Cannot create temporary file - mkstemp '%s': %s\n", template, strerror(errno));
exit(1);
}
unlink(template);
--
2.37.1

226
SOURCES/0007-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch
Unescape View File

@ -0,0 +1,226 @@
From 08f02ded6de50949fa4ba650fa562643278e5093 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 12 Oct 2023 15:55:43 +0200
Subject: [PATCH] PGP: Set a default creation SELinux labels on GnuPG
directories
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is another way how to fix mismatching SELinux context on
/run/user directories without moving the directories to
/run/gnupg/user.
librepo used to precreate the directory in /run/user to make sure
a GnuPG agent executed by GPGME library places its socket there.
The directories there are normally created and removed by systemd
(logind PAM session). librepo created them for a case when a package
manager is invoked out of systemd session, before the super user logs
in. E.g. by a timer job to cache repository metadata.
A problem was when this out-of-session process was a SELinux-confined
process creating files with its own SELinux label different from a DNF
program. Then the directory was created with a SELinux label different
from the one expected by systemd and when logging out a corresponding
user, the mismatching label clashed with systemd.
This patch fixes the issue by choosing a SELinux label of those
directories to the label defined in a default SELinux file context
database.
This patch adds a new -DENABLE_SELINUX=OFF CMake option to disable the
new dependency on libselinux. A default behavior is to support SELinux
only if GPGME backend is selected with -DUSE_GPGME=ON.
https://issues.redhat.com/browse/RHEL-10720
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
CMakeLists.txt | 8 ++++++
librepo.spec | 9 +++++-
librepo/CMakeLists.txt | 4 +++
librepo/gpg.c | 64 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 84 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b4007e3..1a107bc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,6 +5,7 @@ OPTION (ENABLE_TESTS "Build test?" ON)
OPTION (ENABLE_DOCS "Build docs?" ON)
OPTION (WITH_ZCHUNK "Build with zchunk support" ON)
OPTION (ENABLE_PYTHON "Build Python bindings" ON)
+OPTION (ENABLE_SELINUX "Restore SELinux labels on GnuPG directories" ON)
INCLUDE (${CMAKE_SOURCE_DIR}/VERSION.cmake)
SET (VERSION "${LIBREPO_MAJOR}.${LIBREPO_MINOR}.${LIBREPO_PATCH}")
@@ -33,6 +34,9 @@ PKG_SEARCH_MODULE(LIBCRYPTO REQUIRED libcrypto openssl)
PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
FIND_PACKAGE(CURL 7.52.0 REQUIRED)
FIND_PACKAGE(Gpgme REQUIRED)
+IF (ENABLE_SELINUX)
+ PKG_CHECK_MODULES(SELINUX REQUIRED libselinux)
+ENDIF(ENABLE_SELINUX)
IF (WITH_ZCHUNK)
@@ -63,6 +67,10 @@ ENDIF (NOT CURL_FOUND)
INCLUDE_DIRECTORIES(${LIBXML2_INCLUDE_DIRS})
INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR})
#INCLUDE_DIRECTORIES(${CHECK_INCLUDE_DIR})
+IF (ENABLE_SELINUX)
+ INCLUDE_DIRECTORIES(${SELINUX_INCLUDE_DIRS})
+ ADD_DEFINITIONS(-DENABLE_SELINUX=1)
+ENDIF (ENABLE_SELINUX)
include (GNUInstallDirs)
# Python stuff
diff --git a/librepo.spec b/librepo.spec
index 88d6d6d..ae87425 100644
--- a/librepo.spec
+++ b/librepo.spec
@@ -8,6 +8,8 @@
%bcond_without zchunk
%endif
+%bcond_without selinux
+
%global dnf_conflict 2.8.8
Name: librepo
@@ -29,6 +31,9 @@ BuildRequires: libattr-devel
BuildRequires: libcurl-devel >= %{libcurl_version}
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libcrypto)
+%if %{with selinux}
+BuildRequires: pkgconfig(libselinux)
+%endif
BuildRequires: pkgconfig(openssl)
%if %{with zchunk}
BuildRequires: pkgconfig(zck) >= 0.9.11
@@ -66,7 +71,9 @@ Python 3 bindings for the librepo library.
%autosetup -p1
%build
-%cmake %{!?with_zchunk:-DWITH_ZCHUNK=OFF}
+%cmake \
+ %{!?with_zchunk:-DWITH_ZCHUNK=OFF} \
+ -DENABLE_SELINUX=%{?with_selinux:ON}%{!?with_selinux:OFF}
%cmake_build
%check
diff --git a/librepo/CMakeLists.txt b/librepo/CMakeLists.txt
index 4f00a5e..e759692 100644
--- a/librepo/CMakeLists.txt
+++ b/librepo/CMakeLists.txt
@@ -53,6 +53,10 @@ TARGET_LINK_LIBRARIES(librepo
${GPGME_VANILLA_LIBRARIES}
${GLIB2_LIBRARIES}
)
+IF (ENABLE_SELINUX)
+ TARGET_LINK_LIBRARIES(librepo ${SELINUX_LIBRARIES})
+ENDIF(ENABLE_SELINUX)
+
IF (WITH_ZCHUNK)
TARGET_LINK_LIBRARIES(librepo ${ZCHUNKLIB_LIBRARIES})
ENDIF (WITH_ZCHUNK)
diff --git a/librepo/gpg.c b/librepo/gpg.c
index a134d44..e4b6589 100644
--- a/librepo/gpg.c
+++ b/librepo/gpg.c
@@ -28,6 +28,11 @@
#include <gpgme.h>
#include <unistd.h>
+#if ENABLE_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#endif
+
#include "rcodes.h"
#include "util.h"
#include "gpg.h"
@@ -44,6 +49,14 @@
* Previous solution was to send the agent a "KILLAGENT" message, but that
* would cause a race condition with calling gpgme_release(), see [2], [3].
*
+ * Current solution with precreating /run/user/$UID showed problematic when
+ * this library was used out of an systemd-logind session. Then
+ * /run/user/$UID, normally maintained by systemd, was assigned a SELinux
+ * label unexpected by systemd causing errors on a user logout [4].
+ *
+ * We remedy it by choosing the label according to a default file context
+ * policy (ENABLE_SELINUX macro).
+ *
* Since the agent doesn't clean up its sockets properly, by creating this
* directory we make sure they are in a place that is not causing trouble with
* container images.
@@ -51,14 +64,65 @@
* [1] https://bugzilla.redhat.com/show_bug.cgi?id=1650266
* [2] https://bugzilla.redhat.com/show_bug.cgi?id=1769831
* [3] https://github.com/rpm-software-management/microdnf/issues/50
+ * [4] https://issues.redhat.com/browse/RHEL-10720
*/
void ensure_socket_dir_exists() {
char dirname[32];
+#if ENABLE_SELINUX
+ char *old_default_context = NULL;
+ int old_default_context_was_retrieved = 0;
+ struct selabel_handle *labeling_handle = NULL;
+
+ /* A purpose of this piece of code is to deal with applications whose
+ * security policy overrides a file context for temporary files but don't
+ * know that librepo executes GnuPG which expects a default file context. */
+ if (0 == getfscreatecon(&old_default_context)) {
+ old_default_context_was_retrieved = 1;
+ } else {
+ g_debug("Failed to retrieve a default SELinux context");
+ }
+ labeling_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (labeling_handle == NULL) {
+ g_debug("Failed to open a SELinux labeling handle: %s", strerror(errno));
+ }
+#endif
+
snprintf(dirname, sizeof(dirname), "/run/user/%u", getuid());
+
+#if ENABLE_SELINUX
+ if (labeling_handle != NULL) {
+ char *new_default_context = NULL;
+ if (selabel_lookup(labeling_handle, &new_default_context, dirname, 0700)) {
+ /* Here we could hard-code "system_u:object_r:user_tmp_t:s0", but
+ * that value should be really defined in default file context
+ * SELinux policy. Only log that the policy is incomplete. */
+ g_debug("Failed to look up a default SELinux label for \"%s\"", dirname);
+ } else {
+ if (setfscreatecon(new_default_context)) {
+ g_debug("Failed to set default SELinux context to \"%s\"",
+ new_default_context);
+ }
+ freecon(new_default_context);
+ }
+ }
+#endif
+
int res = mkdir(dirname, 0700);
if (res != 0 && errno != EEXIST) {
g_debug("Failed to create \"%s\": %d - %s\n", dirname, errno, strerror(errno));
}
+
+#if ENABLE_SELINUX
+ if (labeling_handle != NULL) {
+ selabel_close(labeling_handle);
+ }
+ if (old_default_context_was_retrieved) {
+ if (setfscreatecon(old_default_context)) {
+ g_debug("Failed to restore a default SELinux context");
+ }
+ }
+ freecon(old_default_context);
+#endif
}
gboolean
--
2.41.0

312
SPECS/librepo.spec
Unescape View File

@ -0,0 +1,312 @@
%global libcurl_version 7.52.0
%undefine __cmake_in_source_build
%if 0%{?rhel}
%bcond_with zchunk
%else
%bcond_without zchunk
%endif
%bcond_without selinux
%global dnf_conflict 2.8.8
Name: librepo
Version: 1.14.2
Release: 5%{?dist}
Summary: Repodata downloading library
License: LGPLv2+
URL: https://github.com/rpm-software-management/librepo
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0001: 0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch
Patch0002: 0002-Fix-alloc-free-mismatches-from-covscan.patch
Patch0003: 0003-More-covscan-fixes.patch
Patch0004: 0004-Use-g_strdup_vprintf-instead-of-manually-calculating.patch
Patch0005: 0005-Use-g_list_free_full-to-free-LRMetadataTarget-err.patch
Patch0006: 0006-Detailed-error-message-when-using-non-existing-TMPDI.patch
Patch0007: 0007-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch
BuildRequires: cmake
BuildRequires: gcc
BuildRequires: check-devel
BuildRequires: doxygen
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: gpgme-devel
BuildRequires: libattr-devel
BuildRequires: libcurl-devel >= %{libcurl_version}
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libcrypto)
%if %{with selinux}
BuildRequires: pkgconfig(libselinux)
%endif
BuildRequires: pkgconfig(openssl)
%if %{with zchunk}
BuildRequires: pkgconfig(zck) >= 0.9.11
%endif
Requires: libcurl%{?_isa} >= %{libcurl_version}
%description
A library providing C and Python (libcURL like) API to downloading repository
metadata.
%package devel
Summary: Repodata downloading library
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Development files for librepo.
%package -n python3-%{name}
Summary: Python 3 bindings for the librepo library
%{?python_provide:%python_provide python3-%{name}}
BuildRequires: python3-devel
BuildRequires: python3-gpg
BuildRequires: python3-pyxattr
BuildRequires: python3-requests
BuildRequires: python3-sphinx
Requires: %{name}%{?_isa} = %{version}-%{release}
# Obsoletes Fedora 27 package
Obsoletes: platform-python-%{name} < %{version}-%{release}
Conflicts: python3-dnf < %{dnf_conflict}
%description -n python3-%{name}
Python 3 bindings for the librepo library.
%prep
%autosetup -p1
%build
%cmake \
%{!?with_zchunk:-DWITH_ZCHUNK=OFF} \
-DENABLE_SELINUX=%{?with_selinux:ON}%{!?with_selinux:OFF}
%cmake_build
%check
%ctest
%install
%cmake_install
%if 0%{?rhel} && 0%{?rhel} <= 7
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%else
%ldconfig_scriptlets
%endif
%files
%license COPYING
%doc README.md
%{_libdir}/%{name}.so.*
%files devel
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
%{_includedir}/%{name}/
%files -n python3-%{name}
%{python3_sitearch}/%{name}/
%changelog
* Thu Oct 12 2023 Petr Pisar <ppisar@redhat.com> - 1.14.2-5
- Set default SELinux labels on GnuPG directories (RHEL-10720)
* Mon Sep 12 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.2-4
- Fix termination of va_list in lr_metadatatarget_append_error()
- Detailed error message when using non-existing TMPDIR
* Mon Jul 25 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.2-3
- Fix covscan issues
* Tue Jul 12 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.2-2
- Use nanosec precision for timestamp of checksum cache
* Tue Nov 09 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 1.14.2-1
- Update to 1.14.2
- Reduce time to load metadata
- Fix resource leaks and memory leaks
- Remove build dependency on python3-flask
* Fri Jun 25 2021 Marek Blaha <mblaha@redhat.com> - 1.14.0-2
- Recover from fsync fail on read-only filesystem (RhBug:1956361)
* Fri Apr 30 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 1.14.0-1
- Update to 1.14.0
- Fix the key string parsing in url_substitution
- When zchunk enabled and not using HTTP/S protocol, download the whole file (RhBug:1886706)
- Add an option LRO_SSLVERIFYSTATUS to check TLS certificate revocation status (using OCSP stapling) (RhBug:1814383)
- Fix: lr_perform() - Avoid 100% CPU usage
- Add support for working with certificates used with proxy
- Reposync does not re-download unchanged packages (RhBug:1931904)
- Fix memory leaks
* Tue Dec 15 2020 Marek Blaha <mblaha@redhat.com> - 1.12.0-3
- Add support for pkcs11 certificate and key for repository authorization (RhBug:1859495)
* Mon Aug 17 2020 Ales Matej <amatej@redhat.com> - 1.12.0-2
- Validate paths read from repomd.xml (RhBug:1866505)
* Wed Jun 03 2020 Nicola Sella <nsella@redhat.com> - 1.12.0-1
- Update to 1.12.0
- Decode package URL when using for local filename (RhBug:1817130)
- Fix memory leak in lr_download_metadata() and lr_yum_download_remote()
- Download sources work when at least one of specified is working (RhBug:1775184)
- Enable building on OSX
* Fri Apr 03 2020 Ales Matej <amatej@redhat.com> - 1.11.3-1
- Update to 1.11.3
- Prefer mirrorlist/metalink over baseurl (RhBug:1775184)
- Fix calling Python API without holding GIL (RhBug:1788918)
- Do not unref LrErr_Exception on exit (RhBug:1778854)
* Fri Dec 06 2019 Lukas Hrazky <lhrazky@redhat.com> - 1.11.0-2
- Create a directory for gpg sockets in /run/user/ (RhBug:1769831,1771012)
* Tue Nov 12 2019 Ales Matej <amatej@redhat.com> - 1.11.0-1
- Update to 1.11.0
- Retry mirrorlist/metalink downloads several times (RhBug:1741931)
- Improve variable substitutions in URLs and add ${variable} support
* Tue Oct 22 2019 Ales Matej <amatej@redhat.com> - 1.10.6-1
- Update to 1.10.6
- Imporove handling of xattr to re-download damadged files (RhBug:1690894)
- Rephrase repository GPG check error message (RhBug:1741442)
- Add sleep before next try when all mirrors were tried (RhBug:1741931)
- Raise logging level of error messages (RhBug:1737709)
- Handle webservers that don't support ranges when downloading zck
- Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141)
- Allow to use mirrors multiple times for a target (RhBug:1678588)
- Allow to try baseurl multiple times (RhBug:1678588)
* Fri Sep 06 2019 Marek Blaha <mblaha@redhat.com> - 1.10.3-3
- Backport patch: Fix: Verification of checksum from file attr
* Wed Jul 31 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 1.10.3-2
- Backport patch: Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141,1719830)
* Tue Jun 11 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 1.10.3-1
- Update to 1.10.3
- Exit gpg-agent after repokey import (RhBug:1650266)
* Mon May 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 1.10.1-1
- Update to 1.10.1
- Reduce download delays
- Add an option to preserve timestamps of the downloaded files (RhBug:1688537)
- Append the '?' part of repo URL after the path
- Fix memory leaks
* Tue Sep 25 2018 Jaroslav Mracek <jmracek@redhat.com> - 1.9.2-1
- Update to 1.9.2
- Bug 1626495 - major performance regression with libcurl-7.61.1
* Mon Aug 13 2018 Daniel Mach <dmach@redhat.com> - 1.9.1-1
- Update to 1.9.1
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Jaroslav Mracek <jmracek@redhat.com> - 1.9.0-3
- Rebuilt for Python 3.7
* Tue Jun 26 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9.0-2
- Fix ldconfig_scriptlets once more
* Tue Jun 26 2018 Jaroslav Mracek <jmracek@redhat.com> - 1.9.0-1
- Update to 1.9.0
* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 1.8.1-9
- Rebuilt for Python 3.7
* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 1.8.1-8
- Bootstrap for Python 3.7
* Thu Feb 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1-7
- Add if conditionals around pyxattr
* Wed Feb 07 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.8.1-6
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1-5
- Switch to %%ldconfig_scriptlets
* Tue Nov 07 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1-4
- Use better Obsoletes for platform-python
* Sat Nov 04 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1-3
- Fix typo in Obsoletes
* Fri Nov 03 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1-2
- Remove platform-python subpackage
* Fri Sep 15 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.8.1-1
- Update to 1.8.1
* Fri Sep 01 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.8.0-2
- Disable platform python on old releases
* Wed Aug 23 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.8.0-1
- Update to 1.8.0
* Fri Aug 18 2017 Tomas Orsava <torsava@redhat.com> - 1.7.20-9
- Added Patch 0 to fix a tearDown failure in the test suite
* Thu Aug 10 2017 Petr Viktorin <pviktori@redhat.com> - 1.7.20-8
- Add subpackage for platform-python (https://fedoraproject.org/wiki/Changes/Platform_Python_Stack)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.20-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.20-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.20-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Dec 13 2016 Charalampos Stratakis <cstratak@redhat.com> - 1.7.20-4
- Enable tests
* Tue Dec 13 2016 Charalampos Stratakis <cstratak@redhat.com> - 1.7.20-3
- Rebuild for Python 3.6
- Disable tests for now
* Sat Dec 10 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 1.7.20-2
- Rebuild for gpgme 1.18
* Thu Aug 25 2016 Tomas Mlcoch <tmlcoch@redhat.com> - 1.7.20-1
- Tests: Disable test_download_packages_with_resume_02 test
- Update build utils to match new fedora spec schema
* Wed Aug 24 2016 Tomas Mlcoch <tmlcoch@redhat.com> - 1.7.19-1
- Add yumrecord substitution mechanism (mluscon)
- Fix a memory leak in signature verification (cwalters)
* Tue Aug 09 2016 Igor Gnatenko <ignatenko@redhat.com> - 1.7.18-4
- Add %%{?system_python_abi}
- Trim ton of changelog
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.18-3
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Thu Apr 07 2016 Igor Gnatenko <ignatenko@redhat.com> - 1.7.18-2
- Adopt to new packaging guidelines
- Cleanups in spec file
* Fri Mar 4 2016 Tomas Mlcoch <tmlcoch@redhat.com> - 1.7.18-1
- Add new option LRO_FTPUSEEPSV
- Update AUTHORS
- downloader prepare_next_transfer(): simplify long line
- downloader prepare_next_transfer(): add missing error check
- downloader prepare_next_transfer(): cleanup error path
- downloader prepare_next_transfer() - fix memory leak on error path (Alan Jenkins)
- handle: Don't use proxy cache for downloads of metalink/mirrorlist
- handle: Don't set CURLOPT_HTTPHEADER into curl handle immediately when specified
- downloader: Implement logic for no_cache param in LrDownloadTarget (RhBug: 1297762)
- Add no_cache param to LrDownloadTarget and lr_downloadtarget_new()
- New test: always try to download from the fastest mirror (Alexander Todorov)
- Doc: Fixed minor doc typo (Philippe Ombredanne)
- Doc: Other updates
- Doc: Update default values in doc to reflect reality
Write Preview
Loading…
Cancel
Save