diff --git a/0001-Fix-additional-covscan-warnings.patch b/0001-Fix-additional-covscan-warnings.patch deleted file mode 100644 index 3d0fd27..0000000 --- a/0001-Fix-additional-covscan-warnings.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 949c391537a588bd7359a00a716359e37afcd4da Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= -Date: Mon, 19 Jul 2021 09:56:31 +0200 -Subject: [PATCH] Fix additional covscan warnings - -- check we actually got a filename in xml parsers and in decompression - function -- use g_malloc0 as we do in other places (it also takes care of checking - if allocation was successful) ---- - src/dumper_thread.c | 2 +- - src/misc.c | 6 ++++++ - src/xml_parser_filelists.c | 5 +++++ - src/xml_parser_primary.c | 5 +++++ - 4 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/dumper_thread.c b/src/dumper_thread.c -index 119f3bd8..ea10c774 100644 ---- a/src/dumper_thread.c -+++ b/src/dumper_thread.c -@@ -562,7 +562,7 @@ cr_dumper_thread(gpointer data, gpointer user_data) - // * this isn't the last task - // Then: save the task to the buffer - -- struct BufferedTask *buf_task = malloc(sizeof(struct BufferedTask)); -+ struct BufferedTask *buf_task = g_malloc0(sizeof(struct BufferedTask)); - buf_task->id = task->id; - buf_task->res = res; - buf_task->pkg = pkg; -diff --git a/src/misc.c b/src/misc.c -index adbc4af0..b59f304a 100644 ---- a/src/misc.c -+++ b/src/misc.c -@@ -622,6 +622,12 @@ cr_decompress_file_with_stat(const char *src, - - if (!in_dst || g_str_has_suffix(in_dst, "/")) { - char *filename = cr_get_filename(src); -+ if (!filename) { -+ g_debug("%s: Cannot get filename from: %s", __func__, src); -+ g_set_error(err, ERR_DOMAIN, CRE_NOFILE, -+ "Cannot get filename from: %s", src); -+ return CRE_NOFILE; -+ } - if (g_str_has_suffix(filename, c_suffix)) { - filename = g_strndup(filename, strlen(filename) - strlen(c_suffix)); - } else { -diff --git a/src/xml_parser_filelists.c b/src/xml_parser_filelists.c -index f4fe6c09..86ab6c80 100644 ---- a/src/xml_parser_filelists.c -+++ b/src/xml_parser_filelists.c -@@ -259,6 +259,11 @@ cr_end_handler(void *pdata, G_GNUC_UNUSED const xmlChar *element) - cr_PackageFile *pkg_file = cr_package_file_new(); - pkg_file->name = cr_safe_string_chunk_insert(pd->pkg->chunk, - cr_get_filename(pd->content)); -+ if (!pkg_file->name) { -+ g_set_error(&pd->err, ERR_DOMAIN, ERR_CODE_XML, -+ "Invalid element: %s", pd->content); -+ break; -+ } - pd->content[pd->lcontent - strlen(pkg_file->name)] = '\0'; - pkg_file->path = cr_safe_string_chunk_insert_const(pd->pkg->chunk, - pd->content); -diff --git a/src/xml_parser_primary.c b/src/xml_parser_primary.c -index 86e20519..e83eb044 100644 ---- a/src/xml_parser_primary.c -+++ b/src/xml_parser_primary.c -@@ -633,6 +633,11 @@ cr_end_handler(void *pdata, G_GNUC_UNUSED const xmlChar *element) - cr_PackageFile *pkg_file = cr_package_file_new(); - pkg_file->name = cr_safe_string_chunk_insert(pd->pkg->chunk, - cr_get_filename(pd->content)); -+ if (!pkg_file->name) { -+ g_set_error(&pd->err, ERR_DOMAIN, ERR_CODE_XML, -+ "Invalid element: %s", pd->content); -+ break; -+ } - pd->content[pd->lcontent - strlen(pkg_file->name)] = '\0'; - pkg_file->path = cr_safe_string_chunk_insert_const(pd->pkg->chunk, - pd->content); diff --git a/createrepo_c.spec b/createrepo_c.spec index b06d618..2d6fdcd 100644 --- a/createrepo_c.spec +++ b/createrepo_c.spec @@ -24,12 +24,11 @@ Summary: Creates a common metadata repository Name: createrepo_c -Version: 0.17.2 -Release: 5%{?dist} +Version: 0.17.7 +Release: 1%{?dist} License: GPLv2+ URL: https://github.com/rpm-software-management/createrepo_c Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch1: 0001-Fix-additional-covscan-warnings.patch BuildRequires: cmake BuildRequires: gcc @@ -176,6 +175,14 @@ ln -sr %{buildroot}%{_bindir}/modifyrepo_c %{buildroot}%{_bindir}/modifyrepo %{python3_sitearch}/%{name}-%{version}-py%{python3_version}.egg-info %changelog +* Mon Oct 25 2021 Pavla Kratochvilova - 0.17.7-1 +- Update to 0.17.7 +- Remove insecure hashes SHA-1 and MD5 from the default build (RhBug:1935486) +- Fix error when updating repo with removed modules metadata +- Exit with status code 1 when loading of repo's metadata fails +- Fix memory leaks (RhBug:1998426) +- Fix valgrind warnings caused by subprocess calls + * Mon Aug 16 2021 Pavla Kratochvilova - 0.17.2-5 - Fix issues detected by static analyzers diff --git a/sources b/sources index 3dae715..59beb46 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (createrepo_c-0.17.2.tar.gz) = 500315c1d099766c5c83bb1f18a92c97c49ed30d2632fe08f9d0c3faefd2afcdf2ed73e08ad675504ff59bc7ed7a4f95e9e80816940959a83ae7b25a12c28dce +SHA512 (createrepo_c-0.17.7.tar.gz) = 502708392c321586ff8eeb866fbe864658d473bfa5c76da865e9d6d214a29a0d0436ea405c91f9f55eef4d8d5de5f789e7a1ea2c4f2324c1bd7af88b68b208bf