diff --git a/SOURCES/0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch b/SOURCES/0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch new file mode 100644 index 0000000..b59688e --- /dev/null +++ b/SOURCES/0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch @@ -0,0 +1,72 @@ +From e6f48ae9bff7b5dc8027d043aa1bffa53d507a42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= +Date: Thu, 5 May 2022 12:44:27 +0200 +Subject: [PATCH] Use nanosec precision for timestamp of checksum cache + (RhBug:2077864) + += changelog = +msg: Use nanosec precision for timestamp of checksum cache +type: bugfix +resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2077864 +--- + librepo/checksum.c | 7 +++++-- + tests/test_checksum.c | 6 +++++- + 2 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/librepo/checksum.c b/librepo/checksum.c +index 6bba53c..d82cb5c 100644 +--- a/librepo/checksum.c ++++ b/librepo/checksum.c +@@ -18,6 +18,7 @@ + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + ++#define _POSIX_C_SOURCE 200809L + #include + #include + #include +@@ -217,16 +218,18 @@ lr_checksum_fd_compare(LrChecksumType type, + return FALSE; + } + +- time_t timestamp = -1; ++ long long timestamp = -1; + + if (caching) { + struct stat st; + if (fstat(fd, &st) == 0) { + timestamp = st.st_mtime; ++ timestamp *= 1000000000; //convert sec timestamp to nanosec timestamp ++ timestamp += st.st_mtim.tv_nsec; + } + } + +- _cleanup_free_ gchar *timestamp_str = g_strdup_printf("%lli", (long long)timestamp); ++ _cleanup_free_ gchar *timestamp_str = g_strdup_printf("%lli", timestamp); + const char *type_str = lr_checksum_type_to_str(type); + _cleanup_free_ gchar *timestamp_key = g_strconcat(XATTR_CHKSUM_PREFIX, "mtime", NULL); + _cleanup_free_ gchar *checksum_key = g_strconcat(XATTR_CHKSUM_PREFIX, type_str, NULL); +diff --git a/tests/test_checksum.c b/tests/test_checksum.c +index cd28cd1..548f588 100644 +--- a/tests/test_checksum.c ++++ b/tests/test_checksum.c +@@ -1,3 +1,4 @@ ++#define _POSIX_C_SOURCE 200809L + #define _GNU_SOURCE + #include + #include +@@ -150,7 +151,10 @@ START_TEST(test_cached_checksum_matches) + // stored timestamp matches the file mtime + ret = stat(filename, &st); + ck_assert_int_eq(ret, 0); +- mtime_str = g_strdup_printf("%lli", (long long) st.st_mtime); ++ long long timestamp = st.st_mtime; ++ timestamp *= 1000000000; //convert sec timestamp to nanosec timestamp ++ timestamp += st.st_mtim.tv_nsec; ++ mtime_str = g_strdup_printf("%lli", timestamp); + attr_ret = GETXATTR(filename, timestamp_key, &buf, sizeof(buf)-1); + ck_assert(attr_ret != -1); + buf[attr_ret] = 0; +-- +2.36.1 + diff --git a/SOURCES/0002-Fix-alloc-free-mismatches-from-covscan.patch b/SOURCES/0002-Fix-alloc-free-mismatches-from-covscan.patch new file mode 100644 index 0000000..d18bed6 --- /dev/null +++ b/SOURCES/0002-Fix-alloc-free-mismatches-from-covscan.patch @@ -0,0 +1,296 @@ +From c904a6d07c78c4b3652560c3b5b275f79e5208de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= +Date: Fri, 15 Jul 2022 17:16:12 +0200 +Subject: [PATCH] Fix alloc / free mismatches from covscan + +--- + librepo/checksum.c | 6 +++--- + librepo/downloader.c | 2 +- + librepo/lrmirrorlist.c | 2 +- + librepo/package_downloader.c | 2 +- + librepo/repoconf.c | 2 +- + librepo/repoutil_yum.c | 4 ++-- + librepo/util.c | 6 +++--- + tests/test_checksum.c | 4 ++-- + tests/test_gpg.c | 2 +- + tests/test_main.c | 2 +- + tests/test_util.c | 24 ++++++++++++------------ + 11 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/librepo/checksum.c b/librepo/checksum.c +index d82cb5c..4831ddc 100644 +--- a/librepo/checksum.c ++++ b/librepo/checksum.c +@@ -205,8 +205,6 @@ lr_checksum_fd_compare(LrChecksumType type, + gchar **calculated, + GError **err) + { +- _cleanup_free_ gchar *checksum = NULL; +- + assert(fd >= 0); + assert(!err || *err == NULL); + +@@ -262,7 +260,7 @@ lr_checksum_fd_compare(LrChecksumType type, + } + } + +- checksum = lr_checksum_fd(type, fd, err); ++ char *checksum = lr_checksum_fd(type, fd, err); + if (!checksum) + return FALSE; + +@@ -274,6 +272,7 @@ lr_checksum_fd_compare(LrChecksumType type, + } else { + g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE, + "fsync failed: %s", strerror(errno)); ++ lr_free(checksum); + return FALSE; + } + } +@@ -287,6 +286,7 @@ lr_checksum_fd_compare(LrChecksumType type, + if (calculated) + *calculated = g_strdup(checksum); + ++ lr_free(checksum); + return TRUE; + } + +diff --git a/librepo/downloader.c b/librepo/downloader.c +index f4e8ba2..84739a9 100644 +--- a/librepo/downloader.c ++++ b/librepo/downloader.c +@@ -1974,7 +1974,7 @@ list_of_checksums_to_str(GSList *checksums) + tmp = g_strconcat(expected, chksum->value, "(", + chtype_str ? chtype_str : "UNKNOWN", + ") ", NULL); +- free(expected); ++ g_free(expected); + expected = tmp; + } + +diff --git a/librepo/lrmirrorlist.c b/librepo/lrmirrorlist.c +index c7e51b3..91cdc4b 100644 +--- a/librepo/lrmirrorlist.c ++++ b/librepo/lrmirrorlist.c +@@ -156,7 +156,7 @@ lr_lrmirrorlist_append_metalink(LrInternalMirrorlist *list, + LrInternalMirror *mirror = lr_lrmirror_new(url_copy, urlvars); + mirror->preference = metalinkurl->preference; + mirror->protocol = lr_detect_protocol(mirror->url); +- lr_free(url_copy); ++ g_free(url_copy); + list = g_slist_append(list, mirror); + + //g_debug("%s: Appending URL: %s", __func__, mirror->url); +diff --git a/librepo/package_downloader.c b/librepo/package_downloader.c +index adea459..353cac8 100644 +--- a/librepo/package_downloader.c ++++ b/librepo/package_downloader.c +@@ -173,7 +173,7 @@ lr_packagetarget_free(LrPackageTarget *target) + if (!target) + return; + g_string_chunk_free(target->chunk); +- g_free(target); ++ lr_free(target); + } + + gboolean +diff --git a/librepo/repoconf.c b/librepo/repoconf.c +index 948259e..34dbab4 100644 +--- a/librepo/repoconf.c ++++ b/librepo/repoconf.c +@@ -146,7 +146,7 @@ lr_yum_repoconfs_free(LrYumRepoConfs *repos) + return; + g_slist_free_full(repos->repos, (GDestroyNotify) lr_yum_repoconf_free); + g_slist_free_full(repos->files, (GDestroyNotify) lr_yum_repofile_free); +- g_free(repos); ++ lr_free(repos); + } + + GSList * +diff --git a/librepo/repoutil_yum.c b/librepo/repoutil_yum.c +index 02e796f..bb09ff5 100644 +--- a/librepo/repoutil_yum.c ++++ b/librepo/repoutil_yum.c +@@ -105,11 +105,11 @@ lr_repoutil_yum_parse_repomd(const char *in_path, + if (fd < 0) { + g_set_error(err, LR_REPOUTIL_YUM_ERROR, LRE_IO, + "open(%s, O_RDONLY) error: %s", path, g_strerror(errno)); +- lr_free(path); ++ g_free(path); + return FALSE; + } + +- lr_free(path); ++ g_free(path); + + ret = lr_yum_repomd_parse_file(repomd, fd, NULL, NULL, err); + close(fd); +diff --git a/librepo/util.c b/librepo/util.c +index 8ba7120..204572d 100644 +--- a/librepo/util.c ++++ b/librepo/util.c +@@ -170,7 +170,7 @@ lr_gettmpdir(void) + { + char *template = g_build_filename(g_get_tmp_dir(), "librepo-tmpdir-XXXXXX", NULL); + if (!mkdtemp(template)) { +- lr_free(template); ++ g_free(template); + return NULL; + } + return template; +@@ -206,7 +206,7 @@ lr_pathconcat(const char *first, ...) + + qmark_section = strchr(first, '?'); + +- res = lr_malloc(total_len + separator_len + 1); ++ res = g_malloc(total_len + separator_len + 1); + + next = first; + va_start(args, first); +@@ -273,7 +273,7 @@ lr_pathconcat(const char *first, ...) + assert(offset <= total_len); + + if (offset == 0) { +- lr_free(res); ++ g_free(res); + return g_strdup(first); + } + +diff --git a/tests/test_checksum.c b/tests/test_checksum.c +index 548f588..264782c 100644 +--- a/tests/test_checksum.c ++++ b/tests/test_checksum.c +@@ -295,8 +295,8 @@ START_TEST(test_cached_checksum_clear) + cleanup: + close(fd); + lr_free(filename); +- lr_free(timestamp_key); +- lr_free(checksum_key); ++ g_free(timestamp_key); ++ g_free(checksum_key); + } + END_TEST + +diff --git a/tests/test_gpg.c b/tests/test_gpg.c +index fd322e3..0af423a 100644 +--- a/tests/test_gpg.c ++++ b/tests/test_gpg.c +@@ -110,7 +110,7 @@ START_TEST(test_gpg_check_signature) + lr_free(_data_path); + lr_free(signature_path); + lr_free(_signature_path); +- lr_free(tmp_home_path); ++ g_free(tmp_home_path); + } + END_TEST + +diff --git a/tests/test_main.c b/tests/test_main.c +index 1076062..b323ce5 100644 +--- a/tests/test_main.c ++++ b/tests/test_main.c +@@ -39,7 +39,7 @@ init_test_globals(struct TestGlobals_s *tg, const char *testdata_dir) + static void + free_test_globals(struct TestGlobals_s *tg) + { +- lr_free(tg->tmpdir); ++ g_free(tg->tmpdir); + lr_free(tg->testdata_dir); + } + +diff --git a/tests/test_util.c b/tests/test_util.c +index 595b0fe..d082445 100644 +--- a/tests/test_util.c ++++ b/tests/test_util.c +@@ -54,7 +54,7 @@ START_TEST(test_gettmpdir) + char *tmp_dir = lr_gettmpdir(); + ck_assert_ptr_nonnull(tmp_dir); + ck_assert_int_eq(rmdir(tmp_dir), 0); +- lr_free(tmp_dir); ++ g_free(tmp_dir); + } + END_TEST + +@@ -126,7 +126,7 @@ START_TEST(test_remove_dir) + ck_assert_int_eq(rc, 0); + ck_assert_int_ne(unlink(tmp_file), 0); + ck_assert_int_ne(rmdir(tmp_dir), 0); +- lr_free(tmp_dir); ++ g_free(tmp_dir); + lr_free(tmp_file); + } + END_TEST +@@ -141,61 +141,61 @@ START_TEST(test_url_without_path) + new_url = lr_url_without_path(""); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, ""); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("hostname"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "hostname"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("hostname/foo/bar/"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "hostname"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("hostname:80"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "hostname:80"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("hostname:80/foo/bar"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "hostname:80"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("http://hostname:80/"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "http://hostname:80"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("http://hostname:80/foo/bar"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "http://hostname:80"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("ftp://foo.hostname:80/foo/bar"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "ftp://foo.hostname:80"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("file:///home/foobar"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "file://"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + + new_url = lr_url_without_path("file:/home/foobar"); + ck_assert_ptr_nonnull(new_url); + ck_assert_str_eq(new_url, "file://"); +- lr_free(new_url); ++ g_free(new_url); + new_url = NULL; + } + END_TEST +-- +2.37.1 + diff --git a/SOURCES/0003-More-covscan-fixes.patch b/SOURCES/0003-More-covscan-fixes.patch new file mode 100644 index 0000000..87beb40 --- /dev/null +++ b/SOURCES/0003-More-covscan-fixes.patch @@ -0,0 +1,578 @@ +From 3b94f6a77cb43aa1e5333d796353d9cd51346043 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= +Date: Thu, 21 Jul 2022 10:11:17 +0200 +Subject: [PATCH] More covscan fixes + +--- + librepo/metadata_downloader.c | 18 +++++++++--------- + librepo/metalink.c | 2 +- + librepo/repomd.c | 2 +- + librepo/xmlparser.c | 4 ++-- + librepo/xmlparser_internal.h | 2 +- + librepo/yum.c | 32 ++++++++++++++++---------------- + tests/test_checksum.c | 10 +++++----- + tests/test_downloader.c | 16 ++++++++-------- + tests/test_metalink.c | 18 +++++++++--------- + tests/test_mirrorlist.c | 6 +++--- + tests/test_util.c | 16 ++++++++-------- + 11 files changed, 63 insertions(+), 63 deletions(-) + +diff --git a/librepo/metadata_downloader.c b/librepo/metadata_downloader.c +index be6fe68..9e7d7e5 100644 +--- a/librepo/metadata_downloader.c ++++ b/librepo/metadata_downloader.c +@@ -192,7 +192,7 @@ handle_failure(LrMetadataTarget *target, + GSList **paths, + GError *err) + { +- lr_metadatatarget_append_error(target, err->message, NULL); ++ lr_metadatatarget_append_error(target, err->message); + fillInvalidationValues(fd_list, paths); + g_error_free(err); + } +@@ -221,13 +221,13 @@ create_repomd_xml_download_targets(GSList *targets, + handle = target->handle; + + if (!handle->urls && !handle->mirrorlisturl && !handle->metalinkurl) { +- lr_metadatatarget_append_error(target, "No LRO_URLS, LRO_MIRRORLISTURL nor LRO_METALINKURL specified", NULL); ++ lr_metadatatarget_append_error(target, "No LRO_URLS, LRO_MIRRORLISTURL nor LRO_METALINKURL specified"); + fillInvalidationValues(fd_list, paths); + continue; + } + + if (handle->repotype != LR_YUMREPO) { +- lr_metadatatarget_append_error(target, "Bad LRO_REPOTYPE specified", NULL); ++ lr_metadatatarget_append_error(target, "Bad LRO_REPOTYPE specified"); + fillInvalidationValues(fd_list, paths); + continue; + } +@@ -242,14 +242,14 @@ create_repomd_xml_download_targets(GSList *targets, + if (!lr_handle_prepare_internal_mirrorlist(handle, + handle->fastestmirror, + &err)) { +- lr_metadatatarget_append_error(target, "Cannot prepare internal mirrorlist: %s", err->message, NULL); ++ lr_metadatatarget_append_error(target, "Cannot prepare internal mirrorlist: %s", err->message); + fillInvalidationValues(fd_list, paths); + g_error_free(err); + continue; + } + + if (mkdir(handle->destdir, S_IRWXU) == -1 && errno != EEXIST) { +- lr_metadatatarget_append_error(target, "Cannot create tmpdir: %s %s", handle->destdir, g_strerror(errno), NULL); ++ lr_metadatatarget_append_error(target, "Cannot create tmpdir: %s %s", handle->destdir, g_strerror(errno)); + fillInvalidationValues(fd_list, paths); + g_error_free(err); + continue; +@@ -335,12 +335,12 @@ process_repomd_xml(GSList *targets, + handle->gnupghomedir = g_strdup(target->gnupghomedir); + + if (target->download_target->rcode != LRE_OK) { +- lr_metadatatarget_append_error(target, (char *) lr_strerror(target->download_target->rcode), NULL); ++ lr_metadatatarget_append_error(target, (char *) lr_strerror(target->download_target->rcode)); + goto fail; + } + + if (!lr_check_repomd_xml_asc_availability(handle, target->repo, fd_value, path->data, &error)) { +- lr_metadatatarget_append_error(target, error->message, NULL); ++ lr_metadatatarget_append_error(target, error->message); + g_error_free(error); + goto fail; + } +@@ -349,7 +349,7 @@ process_repomd_xml(GSList *targets, + ret = lr_yum_repomd_parse_file(target->repomd, fd_value, lr_xml_parser_warning_logger, + "Repomd xml parser", &error); + if (!ret) { +- lr_metadatatarget_append_error(target, "Parsing unsuccessful: %s", error->message, NULL); ++ lr_metadatatarget_append_error(target, "Parsing unsuccessful: %s", error->message); + g_error_free(error); + goto fail; + } +@@ -377,7 +377,7 @@ lr_metadata_download_cleanup(GSList *download_targets) + LrDownloadTarget *download_target = elem->data; + LrMetadataTarget *target = download_target->userdata; + if (download_target->err) +- lr_metadatatarget_append_error(target, download_target->err, NULL); ++ lr_metadatatarget_append_error(target, download_target->err); + + if (target->err != NULL) { + ret = FALSE; +diff --git a/librepo/metalink.c b/librepo/metalink.c +index 0f939de..1f839a9 100644 +--- a/librepo/metalink.c ++++ b/librepo/metalink.c +@@ -504,7 +504,7 @@ lr_metalink_parse_file(LrMetalink *metalink, + + // Parsing + +- ret = lr_xml_parser_generic(parser, pd, fd, &tmp_err); ++ ret = lr_xml_parser_generic(&parser, pd, fd, &tmp_err); + if (tmp_err) { + g_propagate_error(err, tmp_err); + goto err; +diff --git a/librepo/repomd.c b/librepo/repomd.c +index f0fd2ad..2905749 100644 +--- a/librepo/repomd.c ++++ b/librepo/repomd.c +@@ -570,7 +570,7 @@ lr_yum_repomd_parse_file(LrYumRepoMd *repomd, + + // Parsing + +- ret = lr_xml_parser_generic(parser, pd, fd, &tmp_err); ++ ret = lr_xml_parser_generic(&parser, pd, fd, &tmp_err); + if (tmp_err) + g_propagate_error(err, tmp_err); + +diff --git a/librepo/xmlparser.c b/librepo/xmlparser.c +index 793c272..88d16aa 100644 +--- a/librepo/xmlparser.c ++++ b/librepo/xmlparser.c +@@ -143,7 +143,7 @@ lr_xml_parser_strtoll(LrParserData *pd, + } + + gboolean +-lr_xml_parser_generic(XmlParser parser, ++lr_xml_parser_generic(XmlParser *parser, + LrParserData *pd, + int fd, + GError **err) +@@ -151,7 +151,7 @@ lr_xml_parser_generic(XmlParser parser, + /* Note: This function uses .err members of LrParserData! */ + + gboolean ret = TRUE; +- xmlParserCtxtPtr ctxt = xmlCreatePushParserCtxt(&parser, pd, NULL, 0, NULL); ++ xmlParserCtxtPtr ctxt = xmlCreatePushParserCtxt(parser, pd, NULL, 0, NULL); + ctxt->linenumbers = 1; + + assert(ctxt); +diff --git a/librepo/xmlparser_internal.h b/librepo/xmlparser_internal.h +index c9bacac..25a48a5 100644 +--- a/librepo/xmlparser_internal.h ++++ b/librepo/xmlparser_internal.h +@@ -159,7 +159,7 @@ lr_xml_parser_strtoll(LrParserData *pd, + /** Generic parser. + */ + gboolean +-lr_xml_parser_generic(XmlParser parser, ++lr_xml_parser_generic(XmlParser *parser, + LrParserData *pd, + int fd, + GError **err); +diff --git a/librepo/yum.c b/librepo/yum.c +index 3b287cd..56bca3e 100644 +--- a/librepo/yum.c ++++ b/librepo/yum.c +@@ -335,7 +335,7 @@ lr_prepare_repodata_dir(LrHandle *handle, + return FALSE; + } + } +- lr_free(path_to_repodata); ++ g_free(path_to_repodata); + + return TRUE; + } +@@ -356,7 +356,7 @@ lr_store_mirrorlist_files(LrHandle *handle, + g_debug("%s: Cannot create: %s", __func__, ml_file_path); + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot create %s: %s", ml_file_path, g_strerror(errno)); +- lr_free(ml_file_path); ++ g_free(ml_file_path); + return FALSE; + } + rc = lr_copy_content(handle->mirrorlist_fd, fd); +@@ -366,7 +366,7 @@ lr_store_mirrorlist_files(LrHandle *handle, + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot copy content of mirrorlist file %s: %s", + ml_file_path, g_strerror(errno)); +- lr_free(ml_file_path); ++ g_free(ml_file_path); + return FALSE; + } + repo->mirrorlist = ml_file_path; +@@ -391,7 +391,7 @@ lr_copy_metalink_content(LrHandle *handle, + g_debug("%s: Cannot create: %s", __func__, ml_file_path); + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot create %s: %s", ml_file_path, g_strerror(errno)); +- lr_free(ml_file_path); ++ g_free(ml_file_path); + return FALSE; + } + rc = lr_copy_content(handle->metalink_fd, fd); +@@ -401,7 +401,7 @@ lr_copy_metalink_content(LrHandle *handle, + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot copy content of metalink file %s: %s", + ml_file_path, g_strerror(errno)); +- lr_free(ml_file_path); ++ g_free(ml_file_path); + return FALSE; + } + repo->metalink = ml_file_path; +@@ -422,7 +422,7 @@ lr_prepare_repomd_xml_file(LrHandle *handle, + if (fd == -1) { + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot open %s: %s", *path, g_strerror(errno)); +- lr_free(*path); ++ g_free(*path); + return -1; + } + +@@ -458,13 +458,13 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle, + g_debug("%s: Cannot open: %s", __func__, signature); + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot open %s: %s", signature, g_strerror(errno)); +- lr_free(signature); ++ g_free(signature); + return FALSE; + } + + url = lr_pathconcat(handle->used_mirror, "repodata/repomd.xml.asc", NULL); + ret = lr_download_url(handle, url, fd_sig, &tmp_err); +- lr_free(url); ++ g_free(url); + close(fd_sig); + if (!ret) { + // Error downloading signature +@@ -474,7 +474,7 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle, + "repository does not support GPG verification: %s", tmp_err->message); + g_clear_error(&tmp_err); + unlink(signature); +- lr_free(signature); ++ g_free(signature); + return FALSE; + } else { + // Signature downloaded +@@ -483,7 +483,7 @@ lr_check_repomd_xml_asc_availability(LrHandle *handle, + path, + handle->gnupghomedir, + &tmp_err); +- lr_free(signature); ++ g_free(signature); + if (!ret) { + g_debug("%s: GPG signature verification failed: %s", + __func__, tmp_err->message); +@@ -680,7 +680,7 @@ prepare_repo_download_std_target(LrHandle *handle, + __func__, *path, g_strerror(errno)); + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot create/open %s: %s", *path, g_strerror(errno)); +- lr_free(*path); ++ g_free(*path); + g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); + return FALSE; + } +@@ -713,7 +713,7 @@ prepare_repo_download_zck_target(LrHandle *handle, + __func__, *path, g_strerror(errno)); + g_set_error(err, LR_YUM_ERROR, LRE_IO, + "Cannot create/open %s: %s", *path, g_strerror(errno)); +- lr_free(*path); ++ g_free(*path); + g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); + return FALSE; + } +@@ -778,7 +778,7 @@ prepare_repo_download_targets(LrHandle *handle, + char *dest_dir = realpath(handle->destdir, NULL); + path = lr_pathconcat(handle->destdir, record->location_href, NULL); + char *requested_dir = realpath(dirname(path), NULL); +- lr_free(path); ++ g_free(path); + if (!g_str_has_prefix(requested_dir, dest_dir)) { + g_debug("%s: Invalid path: %s", __func__, location_href); + g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); +@@ -850,7 +850,7 @@ prepare_repo_download_targets(LrHandle *handle, + + /* Because path may already exists in repo (while update) */ + lr_yum_repo_update(repo, record->type, path); +- lr_free(path); ++ g_free(path); + } + + return TRUE; +@@ -1130,7 +1130,7 @@ lr_yum_use_local_load_base(LrHandle *handle, + repo->mirrorlist = mrl_fn; + } else { + repo->mirrorlist = NULL; +- lr_free(mrl_fn); ++ g_free(mrl_fn); + } + } + +@@ -1142,7 +1142,7 @@ lr_yum_use_local_load_base(LrHandle *handle, + repo->metalink = mtl_fn; + } else { + repo->metalink = NULL; +- lr_free(mtl_fn); ++ g_free(mtl_fn); + } + } + +diff --git a/tests/test_checksum.c b/tests/test_checksum.c +index 264782c..efac88b 100644 +--- a/tests/test_checksum.c ++++ b/tests/test_checksum.c +@@ -87,7 +87,7 @@ START_TEST(test_checksum_fd) + test_checksum(file, LR_CHECKSUM_SHA512, CHKS_VAL_01_SHA512); + + ck_assert_msg(remove(file) == 0, "Cannot delete temporary test file"); +- lr_free(file); ++ g_free(file); + } + END_TEST + +@@ -235,9 +235,9 @@ START_TEST(test_cached_checksum_value) + ck_assert(attr_ret == -1); // Cached checksum should not exists + + lr_free(calculated); +- lr_free(filename); +- lr_free(timestamp_key); +- lr_free(checksum_key); ++ g_free(filename); ++ g_free(timestamp_key); ++ g_free(checksum_key); + lr_free(mtime_str); + } + END_TEST +@@ -294,7 +294,7 @@ START_TEST(test_cached_checksum_clear) + ck_assert(attr_ret != -1); + cleanup: + close(fd); +- lr_free(filename); ++ g_free(filename); + g_free(timestamp_key); + g_free(checksum_key); + } +diff --git a/tests/test_downloader.c b/tests/test_downloader.c +index 34958ab..a3fff20 100644 +--- a/tests/test_downloader.c ++++ b/tests/test_downloader.c +@@ -52,7 +52,7 @@ START_TEST(test_downloader_single_file) + tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_XXXXXX", NULL); + + fd1 = mkstemp(tmpfn1); +- lr_free(tmpfn1); ++ g_free(tmpfn1); + ck_assert_int_ge(fd1, 0); + + t1 = lr_downloadtarget_new(handle, "index.html", NULL, fd1, NULL, NULL, +@@ -97,7 +97,7 @@ START_TEST(test_downloader_single_file_2) + tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_2_XXXXXX", NULL); + + fd1 = mkstemp(tmpfn1); +- lr_free(tmpfn1); ++ g_free(tmpfn1); + ck_assert_int_ge(fd1, 0); + + t1 = lr_downloadtarget_new(NULL, "http://seznam.cz/index.html", NULL, +@@ -154,8 +154,8 @@ START_TEST(test_downloader_two_files) + + fd1 = mkstemp(tmpfn1); + fd2 = mkstemp(tmpfn2); +- lr_free(tmpfn1); +- lr_free(tmpfn2); ++ g_free(tmpfn1); ++ g_free(tmpfn2); + ck_assert_int_ge(fd1, 0); + ck_assert_int_ge(fd2, 0); + +@@ -223,9 +223,9 @@ START_TEST(test_downloader_three_files_with_error) + fd1 = mkstemp(tmpfn1); + fd2 = mkstemp(tmpfn2); + fd3 = mkstemp(tmpfn3); +- lr_free(tmpfn1); +- lr_free(tmpfn2); +- lr_free(tmpfn3); ++ g_free(tmpfn1); ++ g_free(tmpfn2); ++ g_free(tmpfn3); + ck_assert_int_ge(fd1, 0); + ck_assert_int_ge(fd2, 0); + ck_assert_int_ge(fd3, 0); +@@ -329,7 +329,7 @@ START_TEST(test_downloader_checksum) + tmpfn1 = lr_pathconcat(test_globals.tmpdir, "single_file_XXXXXX", NULL); + + fd1 = mkstemp(tmpfn1); +- lr_free(tmpfn1); ++ g_free(tmpfn1); + ck_assert_int_ge(fd1, 0); + + checksum = lr_downloadtargetchecksum_new(LR_CHECKSUM_SHA512, +diff --git a/tests/test_metalink.c b/tests/test_metalink.c +index e425742..1440125 100644 +--- a/tests/test_metalink.c ++++ b/tests/test_metalink.c +@@ -48,7 +48,7 @@ START_TEST(test_metalink_good_01) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_good_01", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -160,7 +160,7 @@ START_TEST(test_metalink_good_02) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_good_02", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -206,7 +206,7 @@ START_TEST(test_metalink_good_03) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_good_03", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -250,7 +250,7 @@ START_TEST(test_metalink_bad_01) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_bad_01", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -371,7 +371,7 @@ START_TEST(test_metalink_bad_02) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_bad_02", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -395,7 +395,7 @@ START_TEST(test_metalink_really_bad_01) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_really_bad_01", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -419,7 +419,7 @@ START_TEST(test_metalink_really_bad_02) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_really_bad_02", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -443,7 +443,7 @@ START_TEST(test_metalink_really_bad_03) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_really_bad_03", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +@@ -470,7 +470,7 @@ START_TEST(test_metalink_with_alternates) + path = lr_pathconcat(test_globals.testdata_dir, METALINK_DIR, + "metalink_with_alternates", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_metalink_init(); + ck_assert_ptr_nonnull(ml); +diff --git a/tests/test_mirrorlist.c b/tests/test_mirrorlist.c +index cc00b7f..ec924b6 100644 +--- a/tests/test_mirrorlist.c ++++ b/tests/test_mirrorlist.c +@@ -35,7 +35,7 @@ START_TEST(test_mirrorlist_01) + path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR, + "mirrorlist_01", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_mirrorlist_init(); + ck_assert_ptr_nonnull(ml); +@@ -68,7 +68,7 @@ START_TEST(test_mirrorlist_02) + path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR, + "mirrorlist_02", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_mirrorlist_init(); + ck_assert_ptr_nonnull(ml); +@@ -92,7 +92,7 @@ START_TEST(test_mirrorlist_03) + path = lr_pathconcat(test_globals.testdata_dir, MIRRORLIST_DIR, + "mirrorlist_03", NULL); + fd = open(path, O_RDONLY); +- lr_free(path); ++ g_free(path); + ck_assert_int_ge(fd, 0); + ml = lr_mirrorlist_init(); + ck_assert_ptr_nonnull(ml); +diff --git a/tests/test_util.c b/tests/test_util.c +index d082445..96e82aa 100644 +--- a/tests/test_util.c ++++ b/tests/test_util.c +@@ -68,43 +68,43 @@ START_TEST(test_pathconcat) + path = lr_pathconcat("", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, ""); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("/tmp", "foo///", "bar", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "/tmp/foo/bar"); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("foo", "bar/", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "foo/bar"); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("foo", "/bar/", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "foo/bar"); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("foo", "bar", "", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "foo/bar/"); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("http://host.net", "path/to/somewhere", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "http://host.net/path/to/somewhere"); +- lr_free(path); ++ g_free(path); + path = NULL; + + path = lr_pathconcat("http://host.net?hello=1", "path/to/", "somewhere", NULL); + ck_assert_ptr_nonnull(path); + ck_assert_str_eq(path, "http://host.net/path/to/somewhere?hello=1"); +- lr_free(path); ++ g_free(path); + path = NULL; + } + END_TEST +@@ -127,7 +127,7 @@ START_TEST(test_remove_dir) + ck_assert_int_ne(unlink(tmp_file), 0); + ck_assert_int_ne(rmdir(tmp_dir), 0); + g_free(tmp_dir); +- lr_free(tmp_file); ++ g_free(tmp_file); + } + END_TEST + +-- +2.37.1 + diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec index 5992046..c53e72b 100644 --- a/SPECS/librepo.spec +++ b/SPECS/librepo.spec @@ -12,13 +12,17 @@ Name: librepo Version: 1.14.2 -Release: 1%{?dist} +Release: 3%{?dist} Summary: Repodata downloading library License: LGPLv2+ URL: https://github.com/rpm-software-management/librepo Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0001: 0001-Use-nanosec-precision-for-timestamp-of-checksum-cach.patch +Patch0002: 0002-Fix-alloc-free-mismatches-from-covscan.patch +Patch0003: 0003-More-covscan-fixes.patch + BuildRequires: cmake BuildRequires: gcc BuildRequires: check-devel @@ -96,6 +100,12 @@ Python 3 bindings for the librepo library. %{python3_sitearch}/%{name}/ %changelog +* Mon Jul 25 2022 Lukas Hrazky - 1.14.2-3 +- Fix covscan issues + +* Tue Jul 12 2022 Lukas Hrazky - 1.14.2-2 +- Use nanosec precision for timestamp of checksum cache + * Mon Oct 25 2021 Pavla Kratochvilova - 1.14.2-1 - Update to 1.14.2 - Reduce time to load metadata