import drpm-0.4.1-3.el8

2020-11-03 07:00:04 -05:00 · 2020-11-03 07:00:04 -05:00 · d6de5539ad
parent 927bd74e31
commit d6de5539ad
2 changed files with 41 additions and 3 deletions
--- a/SOURCES/Fix-a-memory-leak-on-invalid-input.patch
+++ b/SOURCES/Fix-a-memory-leak-on-invalid-input.patch
@ -0,0 +1,31 @@
+From 47af5b2365a306532d1e0b786f0d7f9754f914cd Mon Sep 17 00:00:00 2001
+From: Peter Pentchev <roam@debian.org>
+Date: Mon, 1 Jun 2020 10:25:34 +0300
+Subject: [PATCH] Fix a memory leak on invalid input.
+
+---
+ src/drpm_decompstrm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/drpm_decompstrm.c b/src/drpm_decompstrm.c
+index d885dcf..ec3115e 100644
+--- a/src/drpm_decompstrm.c
+++ b/src/drpm_decompstrm.c
+@@ -746,14 +746,14 @@ int readchunk_zstd(struct decompstrm *strm)
+             return DRPM_ERR_IO;
+     }
+ 
+    if (in_len == 0)
+        return DRPM_ERR_FORMAT;
+
+     size_t const buffOutSize = ZSTD_DStreamOutSize();
+     void* const buffOut = malloc(buffOutSize);
+     if (buffOut == NULL)
+         return DRPM_ERR_MEMORY;
+ 
+-    if (in_len == 0)
+-        return DRPM_ERR_FORMAT;
+-
+     ZSTD_inBuffer input = { in_buffer, in_len, 0 };
+ 
+     while (input.pos < input.size) {
--- a/SPECS/drpm.spec
+++ b/SPECS/drpm.spec
@ -1,5 +1,5 @@
-# Do not build with zstd for RHEL
-%if 0%{?rhel} || (0%{?suse_version} && 0%{?suse_version} < 1500)
+# Do not build with zstd for RHEL < 8
+%if (0%{?rhel} && 0%{?rhel} < 8) || (0%{?suse_version} && 0%{?suse_version} < 1500)
 %bcond_with zstd
 %else
 %bcond_without zstd
@ -7,7 +7,7 @@

 Name:           drpm
 Version:        0.4.1
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        A library for making, reading and applying deltarpm packages
 # the entire source code is LGPLv2+, except src/drpm_diff.c and src/drpm_search.c which are BSD
 License:        LGPLv2+ and BSD
@ -17,6 +17,7 @@ Source:         %{url}/releases/download/%{version}/%{name}-%{version}.tar.bz2
 # add workaround for gcc7 on ppc64le temporary before it's fixed in gcc
 # https://bugzilla.redhat.com/show_bug.cgi?id=1420350
 Patch1:         drpm-0.3.0-workaround-ppc64le-gcc.patch
+Patch2:         Fix-a-memory-leak-on-invalid-input.patch

 BuildRequires:  cmake >= 2.8.5
 BuildRequires:  gcc
@ -85,6 +86,12 @@ popd
 %{_libdir}/pkgconfig/drpm.pc

 %changelog
+* Tue Aug 11 2020 Nicola Sella <nsella@redhat.com> - 0.4.1-3
+- Fix a memory leak on invalid input (RhBug:1866786)
+
+* Tue Jun 02 2020 Ales Matej <amatej@gmail.com> 0.4.1-2
+- Rebuild with zstd support (RhBug:1842036)
+
 * Wed Oct 23 2019 Ales Matej <amatej@gmail.com> 0.4.1-1
 - Update to 0.4.1
 - Relicense to LGPLv2+