From f2814dc27499e5aed5ceed69afe8376ed738705c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2019 22:12:03 +0000 Subject: import libsolv-0.6.34-4.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1129db4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libsolv-0.6.34.tar.gz diff --git a/.libsolv.metadata b/.libsolv.metadata new file mode 100644 index 0000000..e392529 --- /dev/null +++ b/.libsolv.metadata @@ -0,0 +1 @@ +eae8f769fedd3086ab0e555bfce73b3c78a81237 SOURCES/libsolv-0.6.34.tar.gz diff --git a/SOURCES/0001-Make-sure-that-targeted-updates-dont-do-reinstalls.patch b/SOURCES/0001-Make-sure-that-targeted-updates-dont-do-reinstalls.patch new file mode 100644 index 0000000..1cd418a --- /dev/null +++ b/SOURCES/0001-Make-sure-that-targeted-updates-dont-do-reinstalls.patch @@ -0,0 +1,61 @@ +From 0e29e1188c19609e117478a0df1cb995a2f9e745 Mon Sep 17 00:00:00 2001 +From: Michael Schroeder +Date: Fri, 28 Sep 2018 14:48:14 +0200 +Subject: [PATCH] Make sure that targeted updates don't do reinstalls + +--- + src/solver.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/solver.c b/src/solver.c +index 6405f4a..a4e0c4b 100644 +--- a/src/solver.c ++++ b/src/solver.c +@@ -2957,7 +2957,9 @@ add_update_target(Solver *solv, Id p, Id how) + Pool *pool = solv->pool; + Solvable *s = pool->solvables + p; + Repo *installed = solv->installed; +- Id pi, pip; ++ Id pi, pip, identicalp; ++ int startcnt, endcnt; ++ + if (!solv->update_targets) + { + solv->update_targets = solv_calloc(1, sizeof(Queue)); +@@ -2968,6 +2970,8 @@ add_update_target(Solver *solv, Id p, Id how) + queue_push2(solv->update_targets, p, p); + return; + } ++ identicalp = 0; ++ startcnt = solv->update_targets->count; + FOR_PROVIDES(pi, pip, s->name) + { + Solvable *si = pool->solvables + pi; +@@ -2982,9 +2986,9 @@ add_update_target(Solver *solv, Id p, Id how) + if (how & SOLVER_CLEANDEPS) + add_cleandeps_updatepkg(solv, pi); + queue_push2(solv->update_targets, pi, p); +- /* check if it's ok to keep the installed package */ ++ /* remember an installed package that is identical to p */ + if (s->evr == si->evr && solvable_identical(s, si)) +- queue_push2(solv->update_targets, pi, pi); ++ identicalp = pi; + } + if (s->obsoletes) + { +@@ -3014,6 +3018,12 @@ add_update_target(Solver *solv, Id p, Id how) + } + } + } ++ /* also allow upgrading to an identical installed package */ ++ if (identicalp) ++ { ++ for (endcnt = solv->update_targets->count; startcnt < endcnt; startcnt += 2) ++ queue_push2(solv->update_targets, solv->update_targets->elements[startcnt], identicalp); ++ } + } + + static int +-- +libgit2 0.26.6 + diff --git a/SOURCES/0002-Fix-testsolv-segfault.patch b/SOURCES/0002-Fix-testsolv-segfault.patch new file mode 100644 index 0000000..9a21506 --- /dev/null +++ b/SOURCES/0002-Fix-testsolv-segfault.patch @@ -0,0 +1,25 @@ +From 95c3d1b3aad7a003d129b957cf449d11edaca67b Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Tue, 11 Dec 2018 10:22:09 +0100 +Subject: [PATCH] Fix: testsolv segfault + +--- + ext/testcase.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ext/testcase.c b/ext/testcase.c +index 33998d4..fe2636c 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -576,6 +576,8 @@ testcase_str2dep_complex(Pool *pool, const char **sp, int relop) + Id flags, id, id2, namespaceid = 0; + struct oplist *op; + ++ if (!s) ++ return 0; + while (*s == ' ' || *s == '\t') + s++; + if (!strncmp(s, "namespace:", 10)) +-- +libgit2 0.27.7 + diff --git a/SOURCES/0003-Fix-testsolv-segfaults.patch b/SOURCES/0003-Fix-testsolv-segfaults.patch new file mode 100644 index 0000000..fabc04f --- /dev/null +++ b/SOURCES/0003-Fix-testsolv-segfaults.patch @@ -0,0 +1,25 @@ +From 6de825c4d27022e48570824f0be77132c5b6d45a Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Tue, 11 Dec 2018 10:27:15 +0100 +Subject: [PATCH] Fix: testsolv segfaults + +--- + ext/testcase.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/testcase.c b/ext/testcase.c +index fe2636c..c8dd14e 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -2795,7 +2795,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res + { + int i = strlen(pieces[1]); + s = strchr(pieces[1], '('); +- if (!s && pieces[1][i - 1] != ')') ++ if (!s || pieces[1][i - 1] != ')') + { + pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]); + } +-- +libgit2 0.27.7 + diff --git a/SPECS/libsolv.spec b/SPECS/libsolv.spec new file mode 100644 index 0000000..9f4b24a --- /dev/null +++ b/SPECS/libsolv.spec @@ -0,0 +1,319 @@ +%global libname solv + +%bcond_without python2_bindings +%if 0%{?rhel} && 0%{?rhel} <= 7 +%bcond_with perl_bindings +%bcond_with ruby_bindings +%bcond_with python3_bindings +%else +%bcond_without perl_bindings +%bcond_without ruby_bindings +%bcond_without python3_bindings +%endif +# Creates special prefixed pseudo-packages from appdata metadata +%bcond_with appdata +# Creates special prefixed "group:", "category:" pseudo-packages +%bcond_without comps +# For rich dependencies +%bcond_without complex_deps +%if 0%{?rhel} +%bcond_with helix_repo +%bcond_with suse_repo +%bcond_with debian_repo +%bcond_with arch_repo +# For handling deb + rpm at the same time +%bcond_with multi_semantics +%else +%bcond_without helix_repo +%bcond_without suse_repo +%bcond_without debian_repo +%bcond_without arch_repo +# For handling deb + rpm at the same time +%bcond_without multi_semantics +%endif + +Name: lib%{libname} +Version: 0.6.34 +Release: 4%{?dist} +Summary: Package dependency solver + +License: BSD +URL: https://github.com/openSUSE/libsolv +Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0001: 0001-Make-sure-that-targeted-updates-dont-do-reinstalls.patch +Patch0002: 0002-Fix-testsolv-segfault.patch +Patch0003: 0003-Fix-testsolv-segfaults.patch + +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: pkgconfig(rpm) +BuildRequires: zlib-devel +BuildRequires: expat-devel +# -DFEDORA=1 +# -DENABLE_RPMDB=ON +BuildRequires: libdb-devel +# -DENABLE_LZMA_COMPRESSION=ON +BuildRequires: xz-devel +# -DENABLE_BZIP2_COMPRESSION=ON +BuildRequires: bzip2-devel + +%description +A free package dependency solver using a satisfiability algorithm. The +library is based on two major, but independent, blocks: + +- Using a dictionary approach to store and retrieve package + and dependency information. + +- Using satisfiability, a well known and researched topic, for + resolving package dependencies. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: rpm-devel%{?_isa} + +%description devel +Development files for %{name}. + +%package tools +Summary: Package dependency solver tools +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-test < 0.6.11-2 +# repo2solv dependencies. All of those are used in shell-script. +Requires: %{_bindir}/gzip +Requires: %{_bindir}/bzip2 +Requires: %{_bindir}/lzma +Requires: %{_bindir}/xz +Requires: %{_bindir}/cat +Requires: %{_bindir}/find + +%description tools +Package dependency solver tools. + +%package demo +Summary: Applications demoing the %{name} library +Requires: %{name}%{?_isa} = %{version}-%{release} +# solv dependencies. Used as execlp() and system() +Requires: %{_bindir}/curl +Requires: %{_bindir}/gpg2 + +%description demo +Applications demoing the %{name} library. + +%if %{with perl_bindings} +%package -n perl-%{libname} +Summary: Perl bindings for the %{name} library +BuildRequires: swig +BuildRequires: perl-devel +BuildRequires: perl-generators +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n perl-%{libname} +Perl bindings for the %{name} library. +%endif + +%if %{with ruby_bindings} +%package -n ruby-%{libname} +Summary: Ruby bindings for the %{name} library +BuildRequires: swig +BuildRequires: ruby-devel +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n ruby-%{libname} +Ruby bindings for the %{name} library. +%endif + +%if %{with python2_bindings} +%package -n python2-%{libname} +Summary: Python bindings for the %{name} library +%{?python_provide:%python_provide python2-%{libname}} +BuildRequires: swig +BuildRequires: python2-devel +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n python2-%{libname} +Python bindings for the %{name} library. + +Python 2 version. +%endif + +%if %{with python3_bindings} +%package -n python3-%{libname} +Summary: Python bindings for the %{name} library +%{?python_provide:%python_provide python3-%{libname}} +BuildRequires: swig +BuildRequires: python3-devel +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n python3-%{libname} +Python bindings for the %{name} library. + +Python 3 version. +%endif + +%prep +%autosetup -p1 + +%build +%cmake . -Bbuild \ + -DFEDORA=1 \ + -DENABLE_RPMDB=ON \ + -DENABLE_RPMDB_BYRPMHEADER=ON \ + -DENABLE_RPMDB_LIBRPM=OFF \ + -DENABLE_RPMPKG_LIBRPM=OFF \ + -DENABLE_RPMMD=ON \ + %{?with_comps:-DENABLE_COMPS=ON} \ + %{?with_appdata:-DENABLE_APPDATA=ON} \ + -DUSE_VENDORDIRS=ON \ + -DWITH_LIBXML2=OFF \ + -DENABLE_LZMA_COMPRESSION=ON \ + -DENABLE_BZIP2_COMPRESSION=ON \ + %{?with_helix_repo:-DENABLE_HELIXREPO=ON} \ + %{?with_suse_repo:-DENABLE_SUSEREPO=ON} \ + %{?with_debian_repo:-DENABLE_DEBIAN=ON} \ + %{?with_arch_repo:-DENABLE_ARCHREPO=ON} \ + %{?with_multi_semantics:-DMULTI_SEMANTICS=ON} \ + %{?with_complex_deps:-DENABLE_COMPLEX_DEPS=1} \ + %{?with_perl_bindings:-DENABLE_PERL=ON} \ + %{?with_ruby_bindings:-DENABLE_RUBY=ON} \ + %{?with_python2_bindings:-DENABLE_PYTHON=ON} \ + %{?with_python3_bindings:-DENABLE_PYTHON3=ON} \ + %{nil} +%make_build -C build + +%install +%make_install -C build + +mv %{buildroot}%{_bindir}/repo2solv{.sh,} + +%check +%make_build test -C build + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%license LICENSE* +%doc README +%{_libdir}/%{name}.so.* +%{_libdir}/%{name}ext.so.* + +%files devel +%{_libdir}/%{name}.so +%{_libdir}/%{name}ext.so +%{_includedir}/%{libname}/ +%{_libdir}/pkgconfig/%{name}.pc +%{_libdir}/pkgconfig/%{name}ext.pc +# Own directory because we don't want to depend on cmake +%dir %{_datadir}/cmake/Modules/ +%{_datadir}/cmake/Modules/FindLibSolv.cmake +%{_mandir}/man3/%{name}*.3* + +# Some small macro to list tools with mans +%global solv_tool() \ +%{_bindir}/%{1}\ +%{_mandir}/man1/%{1}.1* + +%files tools +%solv_tool deltainfoxml2solv +%solv_tool dumpsolv +%solv_tool installcheck +%solv_tool mergesolv +%solv_tool repomdxml2solv +%solv_tool rpmdb2solv +%solv_tool rpmmd2solv +%solv_tool rpms2solv +%solv_tool testsolv +%solv_tool updateinfoxml2solv +%if %{with comps} + %solv_tool comps2solv +%endif +%if %{with appdata} + %solv_tool appdata2solv +%endif +%if %{with debian_repo} + %solv_tool deb2solv +%endif +%if %{with arch_repo} + %solv_tool archpkgs2solv + %solv_tool archrepo2solv +%endif +%if %{with helix_repo} + %solv_tool helix2solv +%endif +%if %{with suse_repo} + %solv_tool susetags2solv +%endif + +%{_bindir}/repo2solv + +%files demo +%{_bindir}/solv + +%if %{with perl_bindings} +%files -n perl-%{libname} +%{perl_vendorarch}/%{libname}.pm +%{perl_vendorarch}/%{libname}.so +%endif + +%if %{with ruby_bindings} +%files -n ruby-%{libname} +%{ruby_vendorarchdir}/%{libname}.so +%endif + +%if %{with python2_bindings} +%files -n python2-%{libname} +%{python2_sitearch}/_%{libname}.so +%{python2_sitearch}/%{libname}.py* +%endif + +%if %{with python3_bindings} +%files -n python3-%{libname} +%{python3_sitearch}/_%{libname}.so +%{python3_sitearch}/%{libname}.py +%{python3_sitearch}/__pycache__/%{libname}.* +%endif + +%changelog +* Wed Mar 27 2019 Michal Domonkos - 0.6.34-4 +- Polish the changelog + +* Thu Mar 21 2019 Jaroslav Mracek - 0.6.34-3 +- Make sure that targeted updates don't do reinstalls +- Resolves: bug#1668256 +- Fix NULL pointer dereference (CVE-2018-20532, CVE-2018-20533) +- Resolves: bug#1669562 +- Resolves: bug#1669576 +- Fix illegal address access in pool_whatprovides (CVE-2018-20534) +- Resolves: bug#1670453 + +* Wed Jun 20 2018 Igor Gnatenko - 0.6.34-2 +- Add changelog + +* Wed Jun 20 2018 Igor Gnatenko - 0.6.34-1 +- Update to 0.6.34 + +* Fri Sep 22 2017 Igor Gnatenko - 0.6.26-2 +- Enable python bindings + +* Sun Feb 19 2017 Igor Gnatenko - 0.6.26-1 +- Update to 0.6.26 + +* Tue Feb 07 2017 Igor Gnatenko - 0.6.25-1 +- Update to 0.6.25 + +* Fri Nov 11 2016 Igor Gnatenko - 0.6.24-1 +- Update to 0.6.24 + +* Tue Jul 12 2016 Igor Gnatenko - 0.6.20-5 +- Make obsoletes non-architecture dependent (RHBZ #1354479) + +* Tue May 31 2016 Igor Gnatenko - 0.6.20-4 +- Properly obsolete -test subpkg + +* Mon May 30 2016 Igor Gnatenko - 0.6.20-3 +- Rebase to 0.6.20 with 2 critical patches (RHBZ #1334401) + +* Wed Jun 3 2015 Jan Silhan - 0.6.11-1 +- initial package for RHEL 7.2 without unnecessary bindings