rpms/gpgme
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix license and covscan issues

Browse Source 
Resolves: #1938732
This commit is contained in:
Jiri Kucera 2021-07-17 22:21:08 +02:00
parent 692cf7e264
commit 8a434cd787
5 changed files with 411 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -17,3 +17,4 @@
/gpgme-1.13.1.tar.bz2 /gpgme-1.13.1.tar.bz2
/gpgme-1.14.0.tar.bz2 /gpgme-1.14.0.tar.bz2
/gpgme-1.15.1.tar.bz2 /gpgme-1.15.1.tar.bz2
/gpgme-1.15.1.licenses.tar.bz2

377
gpgme-1.15.1-covscan.patch Normal file
View File

@ -0,0 +1,377 @@
From 3101e381eb7ff31138aa20438ae757365e390d2c Mon Sep 17 00:00:00 2001
From: Jiri Kucera <sanczes@gmail.com>
Date: Thu, 15 Jul 2021 22:41:37 +0200
Subject: [PATCH] lang/python/gpgme.i: Fix memleaks
---
lang/python/gpgme.i | 85 +++++++++++++++++++++++++++------------------
1 file changed, 52 insertions(+), 33 deletions(-)
diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i
index 87371af8..fabf9e2c 100644
--- a/lang/python/gpgme.i
+++ b/lang/python/gpgme.i
@@ -53,7 +53,7 @@
{
encodedInput = PyUnicode_AsUTF8String($input);
if (encodedInput == NULL)
- return NULL;
+ SWIG_fail;
$1 = PyBytes_AsString(encodedInput);
}
else if (PyBytes_Check($input))
@@ -62,7 +62,7 @@
PyErr_Format(PyExc_TypeError,
"arg %d: expected str, bytes, or None, got %s",
$argnum, $input->ob_type->tp_name);
- return NULL;
+ SWIG_fail;
}
}
%typemap(freearg) const char * {
@@ -70,14 +70,16 @@
}
/* Likewise for a list of strings. */
-%typemap(in) const char *[] (void *vector = NULL,
- size_t size,
+%typemap(arginit) const char *[] {
+ $1 = NULL;
+}
+%typemap(in) const char *[] (size_t size,
PyObject **pyVector = NULL) {
/* Check if is a list */
if (PyList_Check($input)) {
size_t i, j;
size = PyList_Size($input);
- $1 = (char **) (vector = malloc((size+1) * sizeof(char *)));
+ $1 = (char **) malloc((size+1) * sizeof(char *));
pyVector = calloc(sizeof *pyVector, size);
for (i = 0; i < size; i++) {
@@ -86,12 +88,7 @@
{
pyVector[i] = PyUnicode_AsUTF8String(o);
if (pyVector[i] == NULL)
- {
- free(vector);
- for (j = 0; j < i; j++)
- Py_XDECREF(pyVector[j]);
- return NULL;
- }
+ SWIG_fail;
$1[i] = PyBytes_AsString(pyVector[i]);
}
else if (PyString_Check(o))
@@ -101,8 +98,7 @@
"arg %d: list must contain only str or bytes, got %s "
"at position %d",
$argnum, o->ob_type->tp_name, i);
- free($1);
- return NULL;
+ SWIG_fail;
}
}
$1[i] = NULL;
@@ -110,14 +106,17 @@
PyErr_Format(PyExc_TypeError,
"arg %d: expected a list of str or bytes, got %s",
$argnum, $input->ob_type->tp_name);
- return NULL;
+ SWIG_fail;
}
}
%typemap(freearg) const char *[] {
- size_t i;
- free(vector$argnum);
- for (i = 0; i < size$argnum; i++)
- Py_XDECREF(pyVector$argnum[i]);
+ if (pyVector$argnum) {
+ size_t i;
+ for (i = 0; i < size$argnum; i++)
+ Py_XDECREF(pyVector$argnum[i]);
+ free(pyVector$argnum);
+ }
+ if ($1) free($1);
}
/* Release returned buffers as necessary. */
@@ -135,7 +134,7 @@
if (!PySequence_Check($input)) {
PyErr_Format(PyExc_ValueError, "arg %d: Expected a list of gpgme_key_t",
$argnum);
- return NULL;
+ SWIG_fail;
}
if((numb = PySequence_Length($input)) != 0) {
$1 = (gpgme_key_t*)malloc((numb+1)*sizeof(gpgme_key_t));
@@ -152,8 +151,7 @@
"arg %d: list must contain only gpgme_key_ts, got %s "
"at position %d",
$argnum, pypointer->ob_type->tp_name, i);
- free($1);
- return NULL;
+ SWIG_fail;
}
Py_DECREF(pypointer);
}
@@ -179,7 +177,7 @@
pypointer = _gpg_obj2gpgme_data_t($input, $argnum, &wrapper,
&bytesio, &view);
if (pypointer == NULL)
- return NULL;
+ SWIG_fail;
have_view = !! view.obj;
/* input = $input, 1 = $1, 1_descriptor = $1_descriptor */
@@ -189,7 +187,7 @@
if ((SWIG_ConvertPtr(pypointer,(void **) &$1, $1_descriptor,
SWIG_POINTER_EXCEPTION | $disown )) == -1) {
Py_DECREF(pypointer);
- return NULL;
+ SWIG_fail;
}
Py_DECREF(pypointer);
}
@@ -347,6 +345,10 @@
}
/* Those are for gpgme_data_read() and gpgme_strerror_r(). */
+%typemap(arginit) (void *buffer, size_t size), (char *buf, size_t buflen) {
+ $1 = NULL;
+ $2 = 0;
+}
%typemap(in) (void *buffer, size_t size), (char *buf, size_t buflen) {
{
long tmp$argnum;
@@ -359,12 +361,12 @@
else
{
PyErr_SetString(PyExc_TypeError, "Numeric argument expected");
- return NULL;
+ SWIG_fail;
}
if (tmp$argnum < 0) {
PyErr_SetString(PyExc_ValueError, "Positive integer expected");
- return NULL;
+ SWIG_fail;
}
$2 = (size_t) tmp$argnum;
$1 = ($1_ltype) malloc($2+1);
@@ -373,11 +375,11 @@
%typemap(argout) (void *buffer, size_t size), (char *buf, size_t buflen) {
Py_XDECREF($result); /* Blow away any previous result */
if (result < 0) { /* Check for I/O error */
- free($1);
+ if ($1) free($1);
return PyErr_SetFromErrno(PyExc_RuntimeError);
}
$result = PyBytes_FromStringAndSize($1,result);
- free($1);
+ if ($1) free($1);
}
/* For gpgme_data_write, but should be universal. */
@@ -390,11 +392,11 @@
{
encodedInput = PyUnicode_AsUTF8String($input);
if (encodedInput == NULL)
- return NULL;
+ SWIG_fail;
if (PyBytes_AsStringAndSize(encodedInput, (char **) &$1, &ssize) == -1)
{
Py_DECREF(encodedInput);
- return NULL;
+ SWIG_fail;
}
}
else if (PyBytes_Check($input))
@@ -403,7 +405,7 @@
PyErr_Format(PyExc_TypeError,
"arg %d: expected str, bytes, or None, got %s",
$argnum, $input->ob_type->tp_name);
- return NULL;
+ SWIG_fail;
}
if (! $1)
@@ -432,8 +434,17 @@
size++;
}
$result = PyList_New(size);
+ if ($result == NULL)
+ SWIG_fail;
for (i=0,curr=$1; i<size; i++,curr=curr->next) {
PyObject *o = SWIG_NewPointerObj(SWIG_as_voidptr(curr), $1_descriptor, %newpointer_flags);
+ if (o == NULL) {
+ int j;
+ for (j = 0; j < i; j++)
+ Py_XDECREF(PyList_GetItem($result, j));
+ Py_DECREF($result);
+ SWIG_fail;
+ }
PyList_SetItem($result, i, o);
}
}
@@ -446,6 +457,8 @@
PyObject *fragile;
fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor,
%newpointer_flags);
+ if (fragile == NULL)
+ SWIG_fail;
$result = _gpg_wrap_result(fragile, name);
Py_DECREF(fragile);
}
@@ -469,22 +482,28 @@ wrapresult(gpgme_vfs_mount_result_t, "VFSMountResult")
}
$result = PyList_New(size);
if ($result == NULL)
- return NULL; /* raise */
+ SWIG_fail; /* raise */
for (i=0,curr=$1; i<size; i++,curr=curr->next) {
PyObject *fragile, *o;
fragile = SWIG_NewPointerObj(SWIG_as_voidptr(curr), $1_descriptor,
%newpointer_flags);
if (fragile == NULL)
{
+ int j;
+ for (j = 0; j < i; j++)
+ Py_XDECREF(PyList_GetItem($result, j));
Py_DECREF($result);
- return NULL; /* raise */
+ SWIG_fail; /* raise */
}
o = _gpg_wrap_result(fragile, "EngineInfo");
Py_DECREF(fragile);
if (o == NULL)
{
+ int j;
+ for (j = 0; j < i; j++)
+ Py_XDECREF(PyList_GetItem($result, j));
Py_DECREF($result);
- return NULL; /* raise */
+ SWIG_fail; /* raise */
}
PyList_SetItem($result, i, o);
}
From b2815dcba2e75f79a6349191b3744952a9bd3311 Mon Sep 17 00:00:00 2001
From: Jiri Kucera <sanczes@gmail.com>
Date: Sat, 17 Jul 2021 01:12:08 +0200
Subject: [PATCH] lang/cpp/src/data.cpp: Fix memleaks
---
lang/cpp/src/data.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp
index 7a93cbc2..d08a29db 100644
--- a/lang/cpp/src/data.cpp
+++ b/lang/cpp/src/data.cpp
@@ -249,6 +249,7 @@ std::vector<GpgME::Key> GpgME::Data::toKeys(Protocol proto) const
}
if (gpgme_op_keylist_from_data_start (ctx->impl()->ctx, d->data, 0)) {
+ delete ctx;
return ret;
}
From eb3bf52fcb437b0508b2912f648ac25799daef55 Mon Sep 17 00:00:00 2001
From: Jiri Kucera <sanczes@gmail.com>
Date: Sat, 17 Jul 2021 01:12:45 +0200
Subject: [PATCH] src/engine-gpg.c: Fix memleaks
---
src/engine-gpg.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index b51ea173..af74714c 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1148,6 +1148,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
to avoid and given that we reach this here only
after a malloc failure for a small object, it is
probably better not to do anything. */
+ free_argv (argv);
return gpg_error (GPG_ERR_GENERAL);
}
/* If the data_type is FD, we have to do a dup2 here. */
@@ -1270,6 +1271,9 @@ read_status (engine_gpg_t gpg)
buffer = realloc (buffer, bufsize);
if (!buffer)
return gpg_error_from_syserror ();
+ /* Update buffer and bufsize here to prevent memory leaks. */
+ gpg->status.buffer = buffer;
+ gpg->status.bufsize = bufsize;
}
nread = _gpgme_io_read (gpg->status.fd[0],
@@ -1382,8 +1386,6 @@ read_status (engine_gpg_t gpg)
}
/* Update the gpg object. */
- gpg->status.bufsize = bufsize;
- gpg->status.buffer = buffer;
gpg->status.readpos = readpos;
return 0;
}
@@ -1423,6 +1425,9 @@ read_colon_line (engine_gpg_t gpg)
buffer = realloc (buffer, bufsize);
if (!buffer)
return gpg_error_from_syserror ();
+ /* Prevent memory leaks. */
+ gpg->colon.bufsize = bufsize;
+ gpg->colon.buffer = buffer;
}
nread = _gpgme_io_read (gpg->colon.fd[0], buffer+readpos, bufsize-readpos);
@@ -1502,8 +1507,6 @@ read_colon_line (engine_gpg_t gpg)
}
/* Update the gpg object. */
- gpg->colon.bufsize = bufsize;
- gpg->colon.buffer = buffer;
gpg->colon.readpos = readpos;
return 0;
}
From e94363045f104fe57188bd014c91462e3693ec24 Mon Sep 17 00:00:00 2001
From: Jiri Kucera <sanczes@gmail.com>
Date: Sat, 17 Jul 2021 01:14:14 +0200
Subject: [PATCH] src/engine-gpgsm.c: Fix memleaks
---
src/engine-gpgsm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index d5f0d7a9..7a8a049b 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1533,8 +1533,10 @@ gpgsm_export (void *engine, const char *pattern, gpgme_export_mode_t mode,
gpgsm->output_cb.data = keydata;
err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor"
: map_data_enc (gpgsm->output_cb.data));
- if (err)
+ if (err) {
+ free (cmd);
return err;
+ }
gpgsm_clear_fd (gpgsm, INPUT_FD);
gpgsm_clear_fd (gpgsm, MESSAGE_FD);
gpgsm->inline_data = NULL;
@@ -1634,8 +1636,10 @@ gpgsm_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode,
gpgsm->output_cb.data = keydata;
err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor"
: map_data_enc (gpgsm->output_cb.data));
- if (err)
+ if (err) {
+ free (line);
return err;
+ }
gpgsm_clear_fd (gpgsm, INPUT_FD);
gpgsm_clear_fd (gpgsm, MESSAGE_FD);
gpgsm->inline_data = NULL;

13
gpgme-1.15.1-glibc-closefrom.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/posix-io.c b/src/posix-io.c
index e712ef2..2a3a81f 100644
--- a/src/posix-io.c
+++ b/src/posix-io.c
@@ -570,7 +570,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
if (fd_list[i].fd > fd)
fd = fd_list[i].fd;
fd++;
-#if defined(__sun) || defined(__FreeBSD__)
+#if defined(__sun) || defined(__FreeBSD__) || defined(__GLIBC__)
closefrom (fd);
max_fds = fd;
#else /*!__sun */

23
gpgme.spec
View File

@ -9,11 +9,17 @@
Name: gpgme Name: gpgme
Summary: GnuPG Made Easy - high level crypto API Summary: GnuPG Made Easy - high level crypto API
Version: 1.15.1 Version: 1.15.1
Release: 3%{?dist} Release: 4%{?dist}
License: LGPLv2+ # /usr/bin/gpgme-tool is licensed under GPLv3+
# the rest is licensed under LGPLv2+
# Note: /usr/bin/gpgme-json contains bits of MIT licensed code, but its
# effective license remains LGPLv2+
# (see https://fedoraproject.org/wiki/Licensing:FAQ)
License: LGPLv2+ and GPLv3+
URL: https://gnupg.org/related_software/gpgme/ URL: https://gnupg.org/related_software/gpgme/
Source0: https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%{version}.tar.bz2 #Source0: https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%%{version}.tar.bz2
Source0: gpgme-%{version}.licenses.tar.bz2
Source2: gpgme-multilib.h Source2: gpgme-multilib.h
## downstream patches ## downstream patches
@ -23,6 +29,10 @@ Patch1001: 0001-don-t-add-extra-libraries-for-linking.patch
Patch1002: gpgme-1.3.2-largefile.patch Patch1002: gpgme-1.3.2-largefile.patch
# Let's fix stupid AX_PYTHON_DEVEL # Let's fix stupid AX_PYTHON_DEVEL
Patch1003: 0001-fix-stupid-ax_python_devel.patch Patch1003: 0001-fix-stupid-ax_python_devel.patch
# Fix static analysis issues
Patch1004: gpgme-1.15.1-covscan.patch
# glibc 2.34 introduces closefrom()
Patch1005: gpgme-1.15.1-glibc-closefrom.patch
#BuildRequires: autoconf #BuildRequires: autoconf
#BuildRequires: automake #BuildRequires: automake
@ -155,6 +165,7 @@ mv %{buildroot}%{_includedir}/gpgme.h \
install -m644 -p -D %{SOURCE2} %{buildroot}%{_includedir}/gpgme.h install -m644 -p -D %{SOURCE2} %{buildroot}%{_includedir}/gpgme.h
%endif %endif
chrpath -d %{buildroot}%{_bindir}/%{name}-tool chrpath -d %{buildroot}%{_bindir}/%{name}-tool
chrpath -d %{buildroot}%{_bindir}/%{name}-json
chrpath -d %{buildroot}%{_libdir}/lib%{name}pp.so* chrpath -d %{buildroot}%{_libdir}/lib%{name}pp.so*
chrpath -d %{buildroot}%{_libdir}/libq%{name}.so* chrpath -d %{buildroot}%{_libdir}/libq%{name}.so*
@ -168,7 +179,7 @@ make check
%endif %endif
%files %files
%license COPYING* %license COPYING* LICENSES
%doc AUTHORS NEWS README* %doc AUTHORS NEWS README*
%{_bindir}/%{name}-json %{_bindir}/%{name}-json
%{_libdir}/lib%{name}.so.11* %{_libdir}/lib%{name}.so.11*
@ -211,6 +222,10 @@ make check
%{python3_sitearch}/gpg/ %{python3_sitearch}/gpg/
%changelog %changelog
* Fri Jul 16 2021 Jiri Kucera <jkucera@redhat.com> - 1.15.1-4
- Fix license and covscan issues
Resolves: #1938732
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.15.1-3 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.15.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

2
sources
View File

@ -1 +1 @@
SHA512 (gpgme-1.15.1.tar.bz2) = 1d75a848cce6389f7cb8896b57a28dfe1dc5a447bfb4f128b0994a43e04134343400a3be063e971f03dfd595474cfd558519741d5d56afb3e84853ad4f2a45c2 SHA512 (gpgme-1.15.1.licenses.tar.bz2) = beeddb53166b21db31904b42a94c0f01189c62df32370d920f52cdaac58d81bc299990c4653ae313a5d0dbb5785929ef95e3a42ca693a51b67de5caa2721fa16