From 25fca631dce2d0794b1ca2425c7c3c9f6dba89fb Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 29 2021 00:28:47 +0000 Subject: import librepo-1.14.0-1.el8 ...and fix Hyperscale related topics. Notably four of the patches are now upstream. --- diff --git a/.gitignore b/.gitignore index bb3b302..d5eca14 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/librepo-1.12.0.tar.gz +SOURCES/librepo-1.14.0.tar.gz diff --git a/.librepo.metadata b/.librepo.metadata index 7d9c0bf..fcd9ed5 100644 --- a/.librepo.metadata +++ b/.librepo.metadata @@ -1 +1 @@ -1981d485743337c93d2b098920e5f738bd41fdc9 SOURCES/librepo-1.12.0.tar.gz +b09cf9ac3751e3c513e1c30a527d1a5e460853b7 SOURCES/librepo-1.14.0.tar.gz diff --git a/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch b/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch deleted file mode 100644 index aeb2858..0000000 --- a/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 699d3ee7b8968b5586ceb53e07d678e702735609 Mon Sep 17 00:00:00 2001 -From: Jaroslav Rohel -Date: Wed, 12 Aug 2020 08:35:28 +0200 -Subject: [PATCH] Validate path read from repomd.xml - ---- - librepo/yum.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/librepo/yum.c b/librepo/yum.c -index 3059188..529257b 100644 ---- a/librepo/yum.c -+++ b/librepo/yum.c -@@ -23,6 +23,7 @@ - #define BITS_IN_BYTE 8 - - #include -+#include - #include - #include - #include -@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle, - continue; - - char *location_href = record->location_href; -+ -+ char *dest_dir = realpath(handle->destdir, NULL); -+ path = lr_pathconcat(handle->destdir, record->location_href, NULL); -+ char *requested_dir = realpath(dirname(path), NULL); -+ lr_free(path); -+ if (!g_str_has_prefix(requested_dir, dest_dir)) { -+ g_debug("%s: Invalid path: %s", __func__, location_href); -+ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); -+ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); -+ free(requested_dir); -+ free(dest_dir); -+ return FALSE; -+ } -+ free(requested_dir); -+ free(dest_dir); -+ - gboolean is_zchunk = FALSE; - #ifdef WITH_ZCHUNK - if (handle->cachedir && record->header_checksum) --- -2.28.0 - diff --git a/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch b/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch deleted file mode 100644 index d4ab6f5..0000000 --- a/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1e7673d07308081f13e7bb1829cfed2ccd865ea0 Mon Sep 17 00:00:00 2001 -From: Masahiro Matsuya -Date: Fri, 13 Nov 2020 17:37:59 +0100 -Subject: [PATCH] Add support for pkcs11 certificate and key for repository - authorization - -msg: Add support for pkcs11 certificate and key for repository authorization -type: enhancement -resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859495 ---- - librepo/handle.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/librepo/handle.c b/librepo/handle.c -index d8728c4..33edf5d 100644 ---- a/librepo/handle.c -+++ b/librepo/handle.c -@@ -649,6 +649,9 @@ lr_handle_setopt(LrHandle *handle, - lr_free(handle->sslclientcert); - handle->sslclientcert = g_strdup(va_arg(arg, char *)); - c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERT, handle->sslclientcert); -+ if (c_rc == CURLE_OK && handle->sslclientcert && !strncasecmp(handle->sslclientcert, "pkcs11:", 7)) { -+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERTTYPE, "ENG"); -+ } - break; - - case LRO_SSLCLIENTKEY: -@@ -656,6 +659,9 @@ lr_handle_setopt(LrHandle *handle, - lr_free(handle->sslclientkey); - handle->sslclientkey = g_strdup(va_arg(arg, char *)); - c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEY, handle->sslclientkey); -+ if (c_rc == CURLE_OK && handle->sslclientkey && !strncasecmp(handle->sslclientkey, "pkcs11:", 7)) { -+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEYTYPE, "ENG"); -+ } - break; - - case LRO_SSLCACERT: --- -2.26.2 - diff --git a/SOURCES/211.patch b/SOURCES/211.patch deleted file mode 100644 index d13fb07..0000000 --- a/SOURCES/211.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ef9af538ccb532e15dc39ec0dc648a06c9c349a1 Mon Sep 17 00:00:00 2001 -From: Matthew Almond -Date: Fri, 13 Nov 2020 16:21:17 -0800 -Subject: [PATCH] Sync data before writing checksum xattr - -Writes to extended attributes are considered metadata, so can be -commited to storage before data is fully synced. The upshot of this is -that the checksum is cached but the file could be truncated. We attempt -to sync data first to mitigate this problem. ---- - librepo/checksum.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/librepo/checksum.c b/librepo/checksum.c -index 678803ce..dae9e0a7 100644 ---- a/librepo/checksum.c -+++ b/librepo/checksum.c -@@ -250,6 +250,12 @@ lr_checksum_fd_compare(LrChecksumType type, - - *matches = (strcmp(expected, checksum)) ? FALSE : TRUE; - -+ if (fsync(fd) != 0) { -+ g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE, -+ "fsync failed: %s", strerror(errno)); -+ return FALSE; -+ } -+ - if (caching && *matches) { - // Store checksum as extended file attribute if caching is enabled - struct stat st; diff --git a/SOURCES/234.patch b/SOURCES/234.patch deleted file mode 100644 index 3f23b0c..0000000 --- a/SOURCES/234.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d4aad76b9fd1da56ec42e1cde5d57e344cc9571d Mon Sep 17 00:00:00 2001 -From: Matthew Almond -Date: Thu, 11 Mar 2021 10:41:23 -0800 -Subject: [PATCH 1/2] Return "calculated" checksum if requested w/caching - -If a file is downloaded via librepo (e.g. `dnf install --downloadonly`) -then a request to get the checksum via `lr_checksum_fd_compare()` will -not work. It'll only return whether the checksum is valid, and not the -actual checksum. This is the simple fix. - -Addresses #233 ---- - librepo/checksum.c | 2 + - tests/test_checksum.c | 164 +++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 163 insertions(+), 3 deletions(-) - -diff --git a/librepo/checksum.c b/librepo/checksum.c -index 678803c..8917176 100644 ---- a/librepo/checksum.c -+++ b/librepo/checksum.c -@@ -239,6 +239,8 @@ lr_checksum_fd_compare(LrChecksumType type, - // xattr may contain null terminator (+1 byte) - *matches = (attr_size == expected_len || attr_size == expected_len + 1) && - memcmp(expected, buf, attr_size) == 0; -+ if (calculated) -+ *calculated = g_strdup(buf); - return TRUE; - } - } diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec index 106e048..ca5f4e3 100644 --- a/SPECS/librepo.spec +++ b/SPECS/librepo.spec @@ -1,21 +1,6 @@ -%global libcurl_version 7.28.0 +%global libcurl_version 7.52.0 -%if 0%{?rhel} && 0%{?rhel} <= 7 -# Do not build bindings for python3 for RHEL <= 7 -%bcond_with python3 -# python-flask is not in RHEL7 -%bcond_with pythontests -%else -%bcond_without python3 -%bcond_without pythontests -%endif - -%if 0%{?rhel} > 7 || 0%{?fedora} > 29 -# Do not build bindings for python2 for RHEL > 7 and Fedora > 29 -%bcond_with python2 -%else -%bcond_without python2 -%endif +%undefine __cmake_in_source_build %if 0%{?rhel} %bcond_with zchunk @@ -26,22 +11,20 @@ %global dnf_conflict 2.8.8 Name: librepo -Version: 1.12.0 -Release: 3.3%{?dist} +Version: 1.14.0 +Release: 1.1%{?dist} Summary: Repodata downloading library License: LGPLv2+ URL: https://github.com/rpm-software-management/librepo Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch1: 0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch -Patch2: 0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch -# https://github.com/rpm-software-management/librepo/pull/234.patch -# but backported to this release -Patch9997: 234.patch +# merged in 1.14, but still provided in Hyperscale SIG to signal these patches +# are present. Provides: librepo(pr234) -Patch9998: https://github.com/rpm-software-management/librepo/pull/211.patch Provides: librepo(pr211) + +# Unmerged Patch9999: https://github.com/rpm-software-management/librepo/pull/222.patch Provides: librepo(pr222) @@ -72,48 +55,14 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %description devel Development files for librepo. -%if %{with python2} -%package -n python2-%{name} -Summary: Python bindings for the librepo library -%{?python_provide:%python_provide python2-%{name}} -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: python-sphinx -%else -BuildRequires: python2-sphinx -%endif -BuildRequires: python2-devel -%if %{with pythontests} -BuildRequires: python2-flask -BuildRequires: python2-nose -BuildRequires: python2-requests -%if (0%{?rhel} && 0%{?rhel} <= 7) -BuildRequires: pyxattr -BuildRequires: pygpgme -%else -BuildRequires: python2-pyxattr -BuildRequires: python2-gpg -%endif -%endif -# endif with pythontests -Requires: %{name}%{?_isa} = %{version}-%{release} -Conflicts: python2-dnf < %{dnf_conflict} - -%description -n python2-%{name} -Python 2 bindings for the librepo library. -%endif - -%if %{with python3} %package -n python3-%{name} Summary: Python 3 bindings for the librepo library %{?python_provide:%python_provide python3-%{name}} BuildRequires: python3-devel -%if %{with pythontests} BuildRequires: python3-gpg BuildRequires: python3-flask -BuildRequires: python3-nose BuildRequires: python3-pyxattr BuildRequires: python3-requests -%endif BuildRequires: python3-sphinx Requires: %{name}%{?_isa} = %{version}-%{release} # Obsoletes Fedora 27 package @@ -122,56 +71,19 @@ Conflicts: python3-dnf < %{dnf_conflict} %description -n python3-%{name} Python 3 bindings for the librepo library. -%endif %prep %autosetup -p1 -mkdir build-py2 -mkdir build-py3 - %build -%if %{with python2} -pushd build-py2 - %cmake -DPYTHON_DESIRED:FILEPATH=%{__python2} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} .. - %make_build -popd -%endif - -%if %{with python3} -pushd build-py3 - %cmake -DPYTHON_DESIRED:FILEPATH=%{__python3} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} .. - %make_build -popd -%endif +%cmake %{!?with_zchunk:-DWITH_ZCHUNK=OFF} +%cmake_build %check -%if %{with python2} -pushd build-py2 - #ctest -VV - make ARGS="-V" test -popd -%endif - -%if %{with python3} -pushd build-py3 - #ctest -VV - make ARGS="-V" test -popd -%endif +%ctest %install -%if %{with python2} -pushd build-py2 - %make_install -popd -%endif - -%if %{with python3} -pushd build-py3 - %make_install -popd -%endif +%cmake_install %if 0%{?rhel} && 0%{?rhel} <= 7 %post -p /sbin/ldconfig @@ -190,17 +102,23 @@ popd %{_libdir}/pkgconfig/%{name}.pc %{_includedir}/%{name}/ -%if %{with python2} -%files -n python2-%{name} -%{python2_sitearch}/%{name}/ -%endif - -%if %{with python3} %files -n python3-%{name} %{python3_sitearch}/%{name}/ -%endif %changelog +* Mon Jun 28 2021 Matthew Almond - 1.14.0-1.1 +- Merge 1.14.0 update into hsx branch + +* Fri Apr 30 2021 Pavla Kratochvilova - 1.14.0-1 +- Update to 1.14.0 +- Fix the key string parsing in url_substitution +- When zchunk enabled and not using HTTP/S protocol, download the whole file (RhBug:1886706) +- Add an option LRO_SSLVERIFYSTATUS to check TLS certificate revocation status (using OCSP stapling) (RhBug:1814383) +- Fix: lr_perform() - Avoid 100% CPU usage +- Add support for working with certificates used with proxy +- Reposync does not re-download unchanged packages (RhBug:1931904) +- Fix memory leaks + * Thu Mar 18 2021 Matthew Almond - 1.12.0-3.3 - Use Provides in SIG code to signal that certain bugs/fixes are present