From e6307d128969f86a92645d72dda941058b159464 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 11:47:28 +0000 Subject: import librepo-1.12.0-2.el8 --- diff --git a/.gitignore b/.gitignore index d591383..bb3b302 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/librepo-1.11.0.tar.gz +SOURCES/librepo-1.12.0.tar.gz diff --git a/.librepo.metadata b/.librepo.metadata index 77f8d67..7d9c0bf 100644 --- a/.librepo.metadata +++ b/.librepo.metadata @@ -1 +1 @@ -45b628df3c4a6b6a33674934db0c9b5219becb06 SOURCES/librepo-1.11.0.tar.gz +1981d485743337c93d2b098920e5f738bd41fdc9 SOURCES/librepo-1.12.0.tar.gz diff --git a/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch b/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch deleted file mode 100644 index 1dd0f80..0000000 --- a/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch +++ /dev/null @@ -1,109 +0,0 @@ -From d474bcad3fdca0e009f24e11d927a3cdc7fd6a55 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= -Date: Wed, 27 Nov 2019 16:15:20 +0100 -Subject: [PATCH] Create a directory for gpg sockets in /run/user/ - (RhBug:1769831,1771012) - -The solution of sending the "KILLAGENT" message to gpgagent to make it -clean up its sockets in gpg home dir is causing a race condition with -the gpgme_release() function. - -Instead of trying to make the agent clean up its sockets (which doesn't -seem to be reliably possible), take advantage of its feature to create -the sockets under '/run/user/$UID' if this directory is present. The -sockets shouldn't be causing any trouble in this directory. - -The commit creates the '/run/user/$UID' directory if it's not present on -the system. The sockets are then created there. - -https://bugzilla.redhat.com/show_bug.cgi?id=1769831 -https://bugzilla.redhat.com/show_bug.cgi?id=1771012 ---- - librepo/gpg.c | 56 +++++++++++++++++++++++++-------------------------- - 1 file changed, 28 insertions(+), 28 deletions(-) - -diff --git a/librepo/gpg.c b/librepo/gpg.c -index a019015..a134d44 100644 ---- a/librepo/gpg.c -+++ b/librepo/gpg.c -@@ -32,28 +32,33 @@ - #include "util.h" - #include "gpg.h" - --static void --kill_gpg_agent(gpgme_ctx_t context, const char *home_dir) --{ -- gpgme_error_t gpgerr; -- -- gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_ASSUAN); -- if (gpgerr != GPG_ERR_NO_ERROR) { -- g_warning("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr)); -- return; -- } -- if (home_dir) { -- gchar * gpg_agent_sock = g_build_filename(home_dir, "S.gpg-agent", NULL); -- gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_ASSUAN, gpg_agent_sock, home_dir); -- g_free(gpg_agent_sock); -- if (gpgerr != GPG_ERR_NO_ERROR) { -- g_warning("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr)); -- return; -- } -+/* -+ * Creates the '/run/user/$UID' directory if it doesn't exist. If this -+ * directory exists, gpgagent will create its sockets under -+ * '/run/user/$UID/gnupg'. -+ * -+ * If this directory doesn't exist, gpgagent will create its sockets in gpg -+ * home directory, which is under '/var/cache/yum/metadata/' and this was -+ * causing trouble with container images, see [1]. -+ * -+ * Previous solution was to send the agent a "KILLAGENT" message, but that -+ * would cause a race condition with calling gpgme_release(), see [2], [3]. -+ * -+ * Since the agent doesn't clean up its sockets properly, by creating this -+ * directory we make sure they are in a place that is not causing trouble with -+ * container images. -+ * -+ * [1] https://bugzilla.redhat.com/show_bug.cgi?id=1650266 -+ * [2] https://bugzilla.redhat.com/show_bug.cgi?id=1769831 -+ * [3] https://github.com/rpm-software-management/microdnf/issues/50 -+ */ -+void ensure_socket_dir_exists() { -+ char dirname[32]; -+ snprintf(dirname, sizeof(dirname), "/run/user/%u", getuid()); -+ int res = mkdir(dirname, 0700); -+ if (res != 0 && errno != EEXIST) { -+ g_debug("Failed to create \"%s\": %d - %s\n", dirname, errno, strerror(errno)); - } -- gpgerr = gpgme_op_assuan_transact_ext(context, "KILLAGENT", NULL, NULL, NULL, NULL, NULL, NULL, NULL); -- if (gpgerr != GPG_ERR_NO_ERROR) -- g_debug("%s: gpgme_op_assuan_transact_ext: %s", __func__, gpgme_strerror(gpgerr)); - } - - gboolean -@@ -239,6 +244,8 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err) - - assert(!err || *err == NULL); - -+ ensure_socket_dir_exists(); -+ - // Initialization - gpgme_check_version(NULL); - gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); -@@ -320,13 +327,6 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err) - - close(key_fd); - -- // Running gpg-agent kept opened sockets on the system. -- // It tries to exit gpg-agent. Path to the communication socket is derived from homedir. -- // The gpg-agent automaticaly removes all its socket before exit. -- // Newer gpg-agent creates sockets under [/var]/run/user/{pid}/... if directory exists. -- // In this case gpg-agent will not be exited. -- kill_gpg_agent(context, home_dir); -- - gpgme_release(context); - - return TRUE; --- -2.24.0 - diff --git a/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch b/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch new file mode 100644 index 0000000..aeb2858 --- /dev/null +++ b/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch @@ -0,0 +1,47 @@ +From 699d3ee7b8968b5586ceb53e07d678e702735609 Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Wed, 12 Aug 2020 08:35:28 +0200 +Subject: [PATCH] Validate path read from repomd.xml + +--- + librepo/yum.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/librepo/yum.c b/librepo/yum.c +index 3059188..529257b 100644 +--- a/librepo/yum.c ++++ b/librepo/yum.c +@@ -23,6 +23,7 @@ + #define BITS_IN_BYTE 8 + + #include ++#include + #include + #include + #include +@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle, + continue; + + char *location_href = record->location_href; ++ ++ char *dest_dir = realpath(handle->destdir, NULL); ++ path = lr_pathconcat(handle->destdir, record->location_href, NULL); ++ char *requested_dir = realpath(dirname(path), NULL); ++ lr_free(path); ++ if (!g_str_has_prefix(requested_dir, dest_dir)) { ++ g_debug("%s: Invalid path: %s", __func__, location_href); ++ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); ++ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); ++ free(requested_dir); ++ free(dest_dir); ++ return FALSE; ++ } ++ free(requested_dir); ++ free(dest_dir); ++ + gboolean is_zchunk = FALSE; + #ifdef WITH_ZCHUNK + if (handle->cachedir && record->header_checksum) +-- +2.28.0 + diff --git a/SOURCES/0002-Validate-path-read-from-repomd.xml-RhBug-1866498.patch b/SOURCES/0002-Validate-path-read-from-repomd.xml-RhBug-1866498.patch deleted file mode 100644 index aeb2858..0000000 --- a/SOURCES/0002-Validate-path-read-from-repomd.xml-RhBug-1866498.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 699d3ee7b8968b5586ceb53e07d678e702735609 Mon Sep 17 00:00:00 2001 -From: Jaroslav Rohel -Date: Wed, 12 Aug 2020 08:35:28 +0200 -Subject: [PATCH] Validate path read from repomd.xml - ---- - librepo/yum.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/librepo/yum.c b/librepo/yum.c -index 3059188..529257b 100644 ---- a/librepo/yum.c -+++ b/librepo/yum.c -@@ -23,6 +23,7 @@ - #define BITS_IN_BYTE 8 - - #include -+#include - #include - #include - #include -@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle, - continue; - - char *location_href = record->location_href; -+ -+ char *dest_dir = realpath(handle->destdir, NULL); -+ path = lr_pathconcat(handle->destdir, record->location_href, NULL); -+ char *requested_dir = realpath(dirname(path), NULL); -+ lr_free(path); -+ if (!g_str_has_prefix(requested_dir, dest_dir)) { -+ g_debug("%s: Invalid path: %s", __func__, location_href); -+ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); -+ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); -+ free(requested_dir); -+ free(dest_dir); -+ return FALSE; -+ } -+ free(requested_dir); -+ free(dest_dir); -+ - gboolean is_zchunk = FALSE; - #ifdef WITH_ZCHUNK - if (handle->cachedir && record->header_checksum) --- -2.28.0 - diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec index 94a19dd..fc8c142 100644 --- a/SPECS/librepo.spec +++ b/SPECS/librepo.spec @@ -26,15 +26,15 @@ %global dnf_conflict 2.8.8 Name: librepo -Version: 1.11.0 -Release: 3%{?dist} +Version: 1.12.0 +Release: 2%{?dist} Summary: Repodata downloading library License: LGPLv2+ URL: https://github.com/rpm-software-management/librepo Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch1: 0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch -Patch2: 0002-Validate-path-read-from-repomd.xml-RhBug-1866498.patch + +Patch1: 0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch BuildRequires: cmake BuildRequires: gcc @@ -84,7 +84,8 @@ BuildRequires: pygpgme BuildRequires: python2-pyxattr BuildRequires: python2-gpg %endif -%endif # with pythontests +%endif +# endif with pythontests Requires: %{name}%{?_isa} = %{version}-%{release} Conflicts: python2-dnf < %{dnf_conflict} @@ -191,8 +192,21 @@ popd %endif %changelog -* Mon Aug 17 2020 Ales Matej - 1.11.0-3 -- Validate paths read from repomd.xml (RhBug:1866498) +* Mon Aug 17 2020 Ales Matej - 1.12.0-2 +- Validate paths read from repomd.xml (RhBug:1866505) + +* Wed Jun 03 2020 Nicola Sella - 1.12.0-1 +- Update to 1.12.0 +- Decode package URL when using for local filename (RhBug:1817130) +- Fix memory leak in lr_download_metadata() and lr_yum_download_remote() +- Download sources work when at least one of specified is working (RhBug:1775184) +- Enable building on OSX + +* Fri Apr 03 2020 Ales Matej - 1.11.3-1 + - Update to 1.11.3 + - Prefer mirrorlist/metalink over baseurl (RhBug:1775184) + - Fix calling Python API without holding GIL (RhBug:1788918) + - Do not unref LrErr_Exception on exit (RhBug:1778854) * Fri Dec 06 2019 Lukas Hrazky - 1.11.0-2 - Create a directory for gpg sockets in /run/user/ (RhBug:1769831,1771012)