import drpm-0.4.1-3.el8

.drpm.metadata

@@ -1 +1 @@
-5bba9e784193ba61ca76dc008c8e115628ca7f5b SOURCES/drpm-0.3.0.tar.bz2
+b94bdaf921cbdb1dfe06c3184eddb15e84205b55 SOURCES/drpm-0.4.1.tar.bz2

.gitignore

@@ -1 +1 @@
-SOURCES/drpm-0.3.0.tar.bz2
+SOURCES/drpm-0.4.1.tar.bz2

SOURCES/Fix-a-memory-leak-on-invalid-input.patch

@@ -0,0 +1,31 @@
+From 47af5b2365a306532d1e0b786f0d7f9754f914cd Mon Sep 17 00:00:00 2001
+From: Peter Pentchev <roam@debian.org>
+Date: Mon, 1 Jun 2020 10:25:34 +0300
+Subject: [PATCH] Fix a memory leak on invalid input.
+
+---
+ src/drpm_decompstrm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/drpm_decompstrm.c b/src/drpm_decompstrm.c
+index d885dcf..ec3115e 100644
+--- a/src/drpm_decompstrm.c
++++ b/src/drpm_decompstrm.c
+@@ -746,14 +746,14 @@ int readchunk_zstd(struct decompstrm *strm)
+             return DRPM_ERR_IO;
+     }
+ 
++    if (in_len == 0)
++        return DRPM_ERR_FORMAT;
++
+     size_t const buffOutSize = ZSTD_DStreamOutSize();
+     void* const buffOut = malloc(buffOutSize);
+     if (buffOut == NULL)
+         return DRPM_ERR_MEMORY;
+ 
+-    if (in_len == 0)
+-        return DRPM_ERR_FORMAT;
+-
+     ZSTD_inBuffer input = { in_buffer, in_len, 0 };
+ 
+     while (input.pos < input.size) {

SPECS/drpm.spec

@@ -1,18 +1,25 @@
-Name:           drpm
-Version:        0.3.0
-Release:        14%{?dist}
-Summary:        A library for making, reading and applying deltarpm packages
+# Do not build with zstd for RHEL < 8
+%if (0%{?rhel} && 0%{?rhel} < 8) || (0%{?suse_version} && 0%{?suse_version} < 1500)
+%bcond_with zstd
+%else
+%bcond_without zstd
+%endif
 
-# the entire source code is LGPLv3+, except src/drpm_diff.c and src/drpm_search.c which are BSD
-License:        LGPLv3+ and BSD
-URL:            https://fedorahosted.org/%{name}
-Source:         https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
+Name:           drpm
+Version:        0.4.1
+Release:        3%{?dist}
+Summary:        A library for making, reading and applying deltarpm packages
+# the entire source code is LGPLv2+, except src/drpm_diff.c and src/drpm_search.c which are BSD
+License:        LGPLv2+ and BSD
+URL:            https://github.com/rpm-software-management/%{name}
+Source:         %{url}/releases/download/%{version}/%{name}-%{version}.tar.bz2
 
 # add workaround for gcc7 on ppc64le temporary before it's fixed in gcc
 # https://bugzilla.redhat.com/show_bug.cgi?id=1420350
 Patch1:         drpm-0.3.0-workaround-ppc64le-gcc.patch
+Patch2:         Fix-a-memory-leak-on-invalid-input.patch
 
-BuildRequires:  cmake >= 2.8
+BuildRequires:  cmake >= 2.8.5
 BuildRequires:  gcc
 
 BuildRequires:  rpm-devel
@@ -20,6 +27,9 @@ BuildRequires:  openssl-devel
 BuildRequires:  zlib-devel
 BuildRequires:  bzip2-devel
 BuildRequires:  xz-devel
+%if %{with zstd}
+BuildRequires:  pkgconfig(libzstd)
+%endif
 
 BuildRequires:  pkgconfig
 BuildRequires:  doxygen
@@ -46,7 +56,7 @@ mkdir build
 
 %build
 pushd build
-%cmake ..
+%cmake .. -DWITH_ZSTD:BOOL=%{?with_zstd:ON}%{!?with_zstd:OFF} -DHAVE_LZLIB_DEVEL:BOOL=%{?suse_version:ON}%{!?suse_version:OFF} 
 %make_build
 make doc
 popd
@@ -61,10 +71,12 @@ pushd build
 ctest -VV
 popd
 
+%if (0%{?rhel} && 0%{?rhel} < 8) || 0%{?suse_version}
 %ldconfig_scriptlets
+%endif
 
 %files
-%license COPYING COPYING.LESSER LICENSE.BSD
+%license COPYING LICENSE.BSD
 %{_libdir}/libdrpm.so.*
 
 %files devel
@@ -74,6 +86,21 @@ popd
 %{_libdir}/pkgconfig/drpm.pc
 
 %changelog
+* Tue Aug 11 2020 Nicola Sella <nsella@redhat.com> - 0.4.1-3
+- Fix a memory leak on invalid input (RhBug:1866786)
+
+* Tue Jun 02 2020 Ales Matej <amatej@gmail.com> 0.4.1-2
+- Rebuild with zstd support (RhBug:1842036)
+
+* Wed Oct 23 2019 Ales Matej <amatej@gmail.com> 0.4.1-1
+- Update to 0.4.1
+- Relicense to LGPLv2+
+- Fix number of bugs mainly with drpm_make and drpm_apply
+- Add support for zstd drpms
+- CMake cleanups
+- Make running tests optional
+- Small spec improvements
+
 * Fri Aug  3 2018 Florian Weimer <fweimer@redhat.com> - 0.3.0-14
 - Honor %%{valgrind_arches}