From 31c20fa27dac96d33a915f4088c2943406c08bcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 2 Jul 2024 17:29:18 +0200
Subject: [PATCH] Fix a file descriptor and a memory leak in an error path of
 cr_detect_compression()

Resolves: RHEL-45645
---
 ...iptor-and-memory-leak-in-an-error-pa.patch | 43 +++++++++++++++++++
 createrepo_c.spec                             |  7 ++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-a-file-descriptor-and-memory-leak-in-an-error-pa.patch

diff --git a/0001-Fix-a-file-descriptor-and-memory-leak-in-an-error-pa.patch b/0001-Fix-a-file-descriptor-and-memory-leak-in-an-error-pa.patch
new file mode 100644
index 0000000..6b85530
--- /dev/null
+++ b/0001-Fix-a-file-descriptor-and-memory-leak-in-an-error-pa.patch
@@ -0,0 +1,43 @@
+From 424616d851d6fe58e89ae9b1b318853f8a899195 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 1 Jul 2024 15:30:31 +0200
+Subject: [PATCH] Fix a file descriptor and memory leak in an error path of
+ cr_detect_compression()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Covscan reported:
+
+    createrepo_c-1.1.2/src/compression_wrapper.c:197: error[resourceLeak]: Resource leak: file
+
+It's a real bug and this patch fixes it.
+
+Resolves: https://issues.redhat.com/browse/RHEL-45645
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/compression_wrapper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/compression_wrapper.c b/src/compression_wrapper.c
+index 60e8cbd..bcaa661 100644
+--- a/src/compression_wrapper.c
++++ b/src/compression_wrapper.c
+@@ -190,13 +190,13 @@ cr_detect_compression(const char *filename, GError **err)
+     }
+ 
+     size_t bytesRead = fread(magic, 1, sizeof(magic), file);
++    fclose(file);
+     if (bytesRead != sizeof(magic)) {
+         // Assume that if there's less than 5 bytes in the file, it's uncompressed
+         g_debug("%s: Unable to read bytes from file for magic number detection, assuming uncompressed (%s)",
+             __func__, filename);
+         return CR_CW_NO_COMPRESSION;
+     }
+-    fclose(file);
+ 
+     if (!memcmp(magic, "\x1F\x8B", 2)) {
+         return CR_CW_GZ_COMPRESSION;
+-- 
+2.45.2
+
diff --git a/createrepo_c.spec b/createrepo_c.spec
index ca984cc..705d388 100644
--- a/createrepo_c.spec
+++ b/createrepo_c.spec
@@ -35,10 +35,11 @@
 Summary:        Creates a common metadata repository
 Name:           createrepo_c
 Version:        1.1.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPL-2.0-or-later
 URL:            https://github.com/rpm-software-management/createrepo_c
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+Patch0:         0001-Fix-a-file-descriptor-and-memory-leak-in-an-error-pa.patch
 
 %global epoch_dep %{?epoch:%{epoch}:}
 
@@ -207,6 +208,10 @@ ln -sr %{buildroot}%{_bindir}/modifyrepo_c %{buildroot}%{_bindir}/modifyrepo
 %{python3_sitearch}/%{name}-%{version}-py%{python3_version}.egg-info
 
 %changelog
+* Tue Jul 02 2024 Petr Pisar <ppisar@redhat.com> - 1.1.2-3
+- Fix a file descriptor and a memory leak in an error path of
+  cr_detect_compression() (RHEL-45645)
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.1.2-2
 - Bump release for June 2024 mass rebuild