Resolves: #1984403 - 2.13.0 bump

.gitignore

@@ -58,3 +58,5 @@
 /modulemd-2.12.0.tar.xz
 /modulemd-2.12.1.tar.xz
 /modulemd-2.12.1.tar.xz.asc
+/modulemd-2.13.0.tar.xz
+/modulemd-2.13.0.tar.xz.asc

libmodulemd.spec

@@ -1,9 +1,19 @@
 %if  0%{?rhel} && 0%{?rhel} <= 7
-  %global meson_python_flags -Dwith_py2=true
+  # There is no python3-gobject-base in RHEL 7. But it exists in EPEL 7.
+  %global meson_python_flags -Dwith_py2=true -Dwith_py3=true
   %global build_python2 1
+  %global build_python3 1
 %else
-  %global meson_python_flags -Dwith_py2=false
+  %global meson_python_flags -Dwith_py2=false -Dwith_py3=true
   %global build_python2 0
+  %global build_python3 1
+%endif
+
+%if  0%{?rhel} && 0%{?rhel} <= 10
+  # Support module builds with an invalid buildorder in RHEL 8.
+  %global meson_accept_overflowed_buildorder_flag -Daccept_overflowed_buildorder=true
+%else
+  %global meson_accept_overflowed_buildorder_flag -Daccept_overflowed_buildorder=false
 %endif
 
 %global upstream_name libmodulemd
@@ -13,15 +23,23 @@
 %endif
 
 Name:           %{upstream_name}%{?v2_suffix}
-Version:        2.12.1
-Release:        2%{?dist}
+Version:        2.13.0
+Release:        1%{?dist}
 Summary:        Module metadata manipulation library
 
+# COPYING:      MIT
+## not in any binary package
+# contrib/coverity-modeling.c:  GPLv2+
+# contrib/release-tools/semver: GPLv3
 License:        MIT
 URL:            https://github.com/fedora-modularity/libmodulemd
-Source0:        %{url}/releases/download/%{upstream_name}-%{version}/modulemd-%{version}.tar.xz
-Source1:        %{url}/releases/download/%{upstream_name}-%{version}/modulemd-%{version}.tar.xz.asc
+Source0:        %{url}/releases/download/%{version}/modulemd-%{version}.tar.xz
+Source1:        %{url}/releases/download/%{version}/modulemd-%{version}.tar.xz.asc
+# Key exported from Petr Pisar's keyring
 Source2:        gpgkey-E3F42FCE156830A80358E6E94FD1AEC3365AF7BF.gpg
+# Accept invalid, but existing 18446744073709551615 buildorder when loading
+# modulemd-v2 documents, bug #1984402, proposed to the upstream
+Patch0:         modulemd-2.13.0-Accept-18446744073709551615-buildorder-if-accept_ove.patch
 
 BuildRequires:  gnupg2
 BuildRequires:  meson >= 0.47
@@ -39,8 +57,10 @@ BuildRequires:  file-devel
 BuildRequires:  python2-devel
 BuildRequires:  python-gobject-base
 %endif
+%if %{build_python3}
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-gobject-base
+%endif
 BuildRequires:  help2man
 
 
@@ -48,37 +68,38 @@ BuildRequires:  help2man
 
 
 %description
-C Library for manipulating module metadata files.
+C library for manipulating module metadata files.
 See https://github.com/fedora-modularity/libmodulemd/blob/master/README.md for
 more details.
 
 
 %if %{build_python2}
 %package -n python2-%{name}
-Summary: Python 2 bindings for %{name}
-Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires: python-gobject-base
-Requires: python-six
+Summary:        Python 2 bindings for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       python-gobject-base
+Requires:       python-six
 
 %description -n python2-%{name}
-Python 2 bindings for %{name}
+Python 2 bindings for %{name}.
 %endif
 
 
+%if %{build_python3}
 %package -n python%{python3_pkgversion}-%{name}
-Summary: Python 3 bindings for %{name}
-Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires: python%{python3_pkgversion}-gobject-base
-
+Summary:        Python 3 bindings for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       python%{python3_pkgversion}-gobject-base
 %if (0%{?rhel} && 0%{?rhel} <= 7)
 # The py3_dist macro on EPEL 7 doesn't work right at the moment
-Requires: python3.6dist(six)
+Requires:       python3.6dist(six)
 %else
-Requires: %{py3_dist six}
+Requires:       %{py3_dist six}
 %endif
 
 %description -n python%{python3_pkgversion}-%{name}
-Python %{python3_pkgversion} bindings for %{name}
+Python %{python3_pkgversion} bindings for %{name}.
+%endif
 
 
 %package devel
@@ -91,7 +112,7 @@ Conflicts:      libmodulemd-devel
 
 
 %description devel
-Development files for libmodulemd.
+Development files for %{name}.
 
 
 %prep
@@ -100,22 +121,22 @@ Development files for libmodulemd.
 
 
 %build
-%meson -Ddeveloper_build=false \
-       %{meson_python_flags}
-
+%meson \
+    %{meson_accept_overflowed_buildorder_flag} \
+    -Dlibmagic=enabled \
+    -Drpmio=enabled \
+    -Dskip_introspection=false \
+    -Dtest_installed_lib=false \
+    -Dwith_docs=true \
+    -Dwith_manpages=enabled \
+    %{meson_python_flags}
 %meson_build
 
 
 %check
-
 export LC_CTYPE=C.utf8
-
-# Don't run tests on ARM for now. There are problems with
-# performance on the builders and often these time out.
-%ifnarch %{arm} aarch64
 # The tests sometimes time out in CI, so give them a little extra time
 %{__meson} test -C %{_vpath_builddir} %{?_smp_mesonflags} --print-errorlogs -t 5
-%endif
 
 
 %install
@@ -137,7 +158,7 @@ mv %{buildroot}%{_mandir}/man1/modulemd-validator.1 \
 
 %files
 %license COPYING
-%doc README.md
+%doc NEWS README.md
 %{_bindir}/modulemd-validator%{?v2_suffix}
 %{_mandir}/man1/modulemd-validator%{?v2_suffix}.1*
 %{_libdir}/%{upstream_name}.so.2*
@@ -162,11 +183,16 @@ mv %{buildroot}%{_mandir}/man1/modulemd-validator.1 \
 %endif
 
 
+%if %{build_python3}
 %files -n python%{python3_pkgversion}-%{name}
 %{python3_sitearch}/gi/overrides/
+%endif
 
 
 %changelog
+* Tue Aug 10 2021 Petr Pisar <ppisar@redhat.com> - 2.13.0-1
+- 2.13.0 bump (bug #1984403)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.12.1-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688

modulemd-2.13.0-Accept-18446744073709551615-buildorder-if-accept_ove.patch

@@ -0,0 +1,192 @@
+From b0dd663edd6ab66ec26c48ff34a52afa040694e6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 22 Jul 2021 15:23:55 +0200
+Subject: [PATCH] Accept 18446744073709551615 buildorder if
+ accept_overflowed_buildorder build boolean is true
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+7c0158bcec05b692d27e37ff46a134f4e294d957 commit (Reject invalid signed
+integers (rpm buildorder), as found in 2.13.0 release, fortified
+parsing signed integers.
+
+It turned out that RHEL 8 delivers a few modules:
+
+container-tools:rhel8:8020120200601155013:ffd2803a
+container-tools:rhel8:8030020200923153805:2a301c24
+container-tools:rhel8:8030020201124131330:830d479e
+container-tools:rhel8:8030120210208205200:c127ee91
+
+which contain an invalid buildorder value 18446744073709551615. DNF
+then warned on loading them into an index and ignored them:
+
+    # dnf module list --repoid pulp-appstream
+    Last metadata expiration check: 3:59:10 ago on Wed 21 Jul 2021 12:38:00 PM CEST.
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 118 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 118 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 107 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 114 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 118 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 118 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 107 col 9]
+    Module yaml error: Failed to parse buildorder in component: 18446744073709551615: The integer value is larger than 9223372036854775807 [line 114 col 9]
+
+Those were probably built with a broken MBS/libmodulemd which
+loaded -1 and serialized it as an 64-bit unsigned integer
+18446744073709551615.
+
+Because the distributor does not change once-released builds, it
+became impossible to process them with libmodulemd-2.13.0.
+
+This patch adds an accept_overflowed_buildorder build option (disabled
+by default) which enables a workaround to accept 18446744073709551615
+string as -1 integer when parsing 64-bit signed integers. (The type is
+used only in buildorder field now).
+
+(Originally, I developed a more complicated patch only affecting
+loading while keeping validation strict. But that was not enough for
+DNF, creareterepo_c and probably many other tools. Thus I prepared
+even more complicated patch affecting both loading and validation of
+modulemd formats only (cf. modulemd-packager-v3) and that helped DNF.
+But the patch ugglified to code to much and considering it's only
+a temporary hack, I decided for this simple patch which affects
+loading and validation of all formats.)
+
+Petr Písař: Ported to 2.13.0 from
+37a688cc12d7fbab67fda95c47a4605405d7a154.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ meson.build                                |  1 +
+ meson_options.txt                          |  3 +++
+ modulemd/meson.build                       |  2 ++
+ modulemd/modulemd-yaml-util.c              | 11 +++++++++++
+ modulemd/tests/test-modulemd-parse_int64.c | 15 ++++++++++++++-
+ 5 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 37792b3..bbb56ba 100644
+--- a/meson.build
++++ b/meson.build
+@@ -215,6 +215,7 @@ if meson.version().version_compare('>=0.53')
+              'Python 2 Support': get_option('with_py2'),
+              'Python 3 Support': get_option('with_py3'),
+              'Skip Introspection': get_option('skip_introspection'),
++             'Accept overflowed buildorder': get_option('accept_overflowed_buildorder'),
+              'Test Installed Library': get_option('test_installed_lib'),
+             }, section: 'Build Configuration')
+ endif
+diff --git a/meson_options.txt b/meson_options.txt
+index 7873d42..3d84459 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -11,6 +11,9 @@
+ #
+ # REMEMBER TO UPDATE THE SUMMARY() IN meson.build when adding options here
+ 
++option('accept_overflowed_buildorder', type : 'boolean', value: 'false',
++       description : 'Accept overflowed 18446744073709551615 buildorder as -1. This breaks a specification, but some RHEL 8 module builds look like that.')
++
+ option('verbose_tests', type : 'boolean', value : true,
+        description : 'Tests that are run under the "debug" configuration will print all debug messages. Disable this option for valgrind checks, as it speeds it up substantially.')
+ 
+diff --git a/modulemd/meson.build b/modulemd/meson.build
+index 2a60364..0b74818 100644
+--- a/modulemd/meson.build
++++ b/modulemd/meson.build
+@@ -14,6 +14,7 @@
+ test_installed_lib = get_option('test_installed_lib')
+ skip_introspection = get_option('skip_introspection')
+ verbose_tests = get_option('verbose_tests')
++accept_overflowed_buildorder = get_option('accept_overflowed_buildorder')
+ clang_simple_version_script = find_program ('clang_simple_version.sh')
+ 
+ 
+@@ -144,6 +145,7 @@ cdata.set('HAVE_RPMIO', rpm.found())
+ cdata.set('HAVE_LIBMAGIC', magic.found())
+ cdata.set('HAVE_GDATE_AUTOPTR', has_gdate_autoptr)
+ cdata.set('HAVE_EXTEND_AND_STEAL', has_extend_and_steal)
++cdata.set('HAVE_OVERFLOWED_BUILDORDER', accept_overflowed_buildorder)
+ configure_file(
+   output : 'config.h',
+   configuration : cdata
+diff --git a/modulemd/modulemd-yaml-util.c b/modulemd/modulemd-yaml-util.c
+index 6cbf4cc..ad0bd3c 100644
+--- a/modulemd/modulemd-yaml-util.c
++++ b/modulemd/modulemd-yaml-util.c
+@@ -11,6 +11,7 @@
+  * For more information on free software, see <https://www.gnu.org/philosophy/free-sw.en.html>.
+  */
+ 
++#include "config.h"
+ #include "modulemd-errors.h"
+ #include "private/modulemd-subdocument-info-private.h"
+ #include "private/modulemd-util.h"
+@@ -441,6 +442,16 @@ modulemd_yaml_parse_int64 (yaml_parser_t *parser, GError **error)
+ 
+   if ((value == G_MAXINT64 && errno == ERANGE))
+     {
++#ifdef HAVE_OVERFLOWED_BUILDORDER
++      /* A temporary hack. Remove when RHEL 8 goes end of life. */
++      if (g_str_equal ((const gchar *)event.data.scalar.value,
++                       "18446744073709551615"))
++        {
++          g_debug ("Coercing an invalid signed 64-bit integer to -1: %s",
++                   (const gchar *)event.data.scalar.value);
++          return -1;
++        }
++#endif
+       g_set_error (error,
+                    MODULEMD_YAML_ERROR,
+                    MODULEMD_ERROR_VALIDATE,
+diff --git a/modulemd/tests/test-modulemd-parse_int64.c b/modulemd/tests/test-modulemd-parse_int64.c
+index 2ccfb53..8759c21 100644
+--- a/modulemd/tests/test-modulemd-parse_int64.c
++++ b/modulemd/tests/test-modulemd-parse_int64.c
+@@ -11,6 +11,7 @@
+  * For more information on free software, see <https://www.gnu.org/philosophy/free-sw.en.html>.
+  */
+ 
++#include "config.h"
+ #include <glib.h>
+ #include <locale.h>
+ #include <string.h>
+@@ -36,7 +37,7 @@ test (const char *input, gint64 expected_value, gboolean expected_error)
+     g_assert_nonnull (error);
+   else
+     g_assert_null (error);
+-  g_assert_cmpuint (parsed, ==, expected_value);
++  g_assert_cmpint (parsed, ==, expected_value);
+ }
+ 
+ static void
+@@ -69,6 +70,16 @@ test_int64_invalid_too_big (void)
+   test ("9223372036854775808", 0, TRUE);
+ }
+ 
++static void
++test_int64_invalid_overflowed (void)
++{
++#ifdef HAVE_OVERFLOWED_BUILDORDER
++  test ("18446744073709551615", -1, FALSE);
++#else
++  test ("18446744073709551615", 0, TRUE);
++#endif
++}
++
+ static void
+ test_int64_invalid_too_small (void)
+ {
+@@ -143,6 +154,8 @@ main (int argc, char *argv[])
+                    test_int64_invalid_too_big);
+   g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_too_small",
+                    test_int64_invalid_too_small);
++  g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_overflowed",
++                   test_int64_invalid_overflowed);
+ 
+   g_test_add_func ("/modulemd/v2/uint64/yaml/parse/valid", test_uint64_valid);
+   g_test_add_func ("/modulemd/v2/uint64/yaml/parse/invalid_no_digit",
+-- 
+2.31.1
+

sources

@@ -1,2 +1,2 @@
-SHA512 (modulemd-2.12.1.tar.xz) = 2bd4242f0f1aea561a5b899678237f7390652987e02c46652b72eadebde60d7cfb82d93e0a720e3c070261a7449245b9319b9fd755aba1c6f354660a959373b3
-SHA512 (modulemd-2.12.1.tar.xz.asc) = 072141c83a991ac7f1177d2e3ccf2b050c2d644453c5e815ad826b8fe4a994954d0754c9da5279727ccc74f182c193f89d5f227ff0580b0a8ab3e730ab52b287
+SHA512 (modulemd-2.13.0.tar.xz) = b2a4fa4120d4dca714ef724a9e8f805d4f8a306a950e670f86f6184467c070ddb93360fff3bb079eb3a442b52024fe796ceb1195800d62bbb1f5cb67f8889e05
+SHA512 (modulemd-2.13.0.tar.xz.asc) = f588c1333b91db297ab5ec7e67f1d62884d4f58032a75feed1b3c3ff2ae67eb0f13a4209605f4a32d00fe6ccb3561b6fab81c2196f1d4439222b0e141f541ff6