rpms/libsolv
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 0.7.19

Browse Source 
Resolves: rhbz#1951427
This commit is contained in:
Pavla Kratochvilova 2021-07-27 16:08:59 +02:00
parent a4f49babd8
commit 9a84ab7748
6 changed files with 20 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -57,3 +57,4 @@
/libsolv-0.7.14.tar.gz
/libsolv-0.7.15.tar.gz
/libsolv-0.7.17.tar.gz
/libsolv-0.7.19.tar.gz

0
0003-Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch → 0001-Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch
View File

42
0001-Fix-memory-leaks.patch
View File

@ -1,42 +0,0 @@
From 71c6b26096086926f48d8fced1a03ca52a1eb745 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Mon, 29 Mar 2021 12:46:31 +0200
Subject: [PATCH] Fix memory leaks
---
ext/repo_deb.c | 1 +
ext/testcase.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ext/repo_deb.c b/ext/repo_deb.c
index 8f63756..34f40fa 100644
--- a/ext/repo_deb.c
+++ b/ext/repo_deb.c
@@ -792,5 +792,6 @@ pool_deb_get_autoinstalled(Pool *pool, FILE *fp, Queue *q, int flags)
break;
}
}
+ solv_free(buf);
}
diff --git a/ext/testcase.c b/ext/testcase.c
index 8fb6d79..4e9e315 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -1477,11 +1477,11 @@ testcase_solverresult(Solver *solv, int resultflags)
queue_init(&q);
for (rid = 1; (rclass = solver_ruleclass(solv, rid)) != SOLVER_RULE_UNKNOWN; rid++)
{
- char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " ");
- prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0);
solver_ruleliterals(solv, rid, &q);
if (rclass == SOLVER_RULE_FEATURE && q.count == 1 && q.elements[0] == -SYSTEMSOLVABLE)
continue;
+ char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " ");
+ prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0);
for (i = 0; i < q.count; i++)
{
Id p = q.elements[i];
--
libgit2 1.0.1

279
0002-Fix-lzopen-zstdopen-zchunkopen.patch
View File

@ -1,279 +0,0 @@
From 6864aeffb0fa091dd2be1be339257825d7e80c54 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 6 Apr 2021 09:17:27 +0200
Subject: [PATCH 1/3] Fix: Use "solv_free" for memory allocated by
"solv_calloc"
---
ext/solv_xfopen.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/ext/solv_xfopen.c b/ext/solv_xfopen.c
index b3136cbb..a5de9e62 100644
--- a/ext/solv_xfopen.c
+++ b/ext/solv_xfopen.c
@@ -199,7 +199,7 @@ static LZFILE *lzopen(const char *path, const char *mode, int fd, int isxz)
if (ret != LZMA_OK)
{
fclose(fp);
- free(lzfile);
+ solv_free(lzfile);
return 0;
}
return lzfile;
@@ -232,7 +232,7 @@ static int lzclose(void *cookie)
}
lzma_end(&lzfile->strm);
rc = fclose(lzfile->file);
- free(lzfile);
+ solv_free(lzfile);
return rc;
}
@@ -432,7 +432,7 @@ static int zstdclose(void *cookie)
ZSTD_freeDStream(zstdfile->dstream);
}
rc = fclose(zstdfile->file);
- free(zstdfile);
+ solv_free(zstdfile);
return rc;
}
From ee8b8b9d72b816950e411ed26063c3a000b396ed Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Mon, 29 Mar 2021 17:16:54 +0200
Subject: [PATCH 2/3] Fix: lzopen and zstdopen: don't close supplied fd
In the case of failure of some functions, the `fp` file stream has been
closed. And the stream closed the associated supplied `fd` file descriptor.
The caller then closed the closed descriptor again (eg `curlfopen` in
`repoinfo_download.c`: `if (!Fp) close (fd);`) -> double_close.
In multithreaded software risk of race conditions. Another thread open
another file and reuse just closed file descriptor. The caller
then closes the file of another thread.
---
ext/solv_xfopen.c | 45 ++++++++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 19 deletions(-)
diff --git a/ext/solv_xfopen.c b/ext/solv_xfopen.c
index a5de9e62..4258fac1 100644
--- a/ext/solv_xfopen.c
+++ b/ext/solv_xfopen.c
@@ -165,7 +165,7 @@ static LZFILE *lzopen(const char *path, const char *mode, int fd, int isxz)
LZFILE *lzfile;
lzma_ret ret;
- if (!path && fd < 0)
+ if ((!path && fd < 0) || (path && fd >= 0))
return 0;
for (; *mode; mode++)
{
@@ -176,14 +176,7 @@ static LZFILE *lzopen(const char *path, const char *mode, int fd, int isxz)
else if (*mode >= '1' && *mode <= '9')
level = *mode - '0';
}
- if (fd != -1)
- fp = fdopen(fd, encoding ? "w" : "r");
- else
- fp = fopen(path, encoding ? "w" : "r");
- if (!fp)
- return 0;
lzfile = solv_calloc(1, sizeof(*lzfile));
- lzfile->file = fp;
lzfile->encoding = encoding;
lzfile->eof = 0;
lzfile->strm = stream_init;
@@ -198,10 +191,20 @@ static LZFILE *lzopen(const char *path, const char *mode, int fd, int isxz)
ret = lzma_auto_decoder(&lzfile->strm, 100 << 20, 0);
if (ret != LZMA_OK)
{
- fclose(fp);
solv_free(lzfile);
return 0;
}
+ if (!path)
+ fp = fdopen(fd, encoding ? "w" : "r");
+ else
+ fp = fopen(path, encoding ? "w" : "r");
+ if (!fp)
+ {
+ lzma_end(&lzfile->strm);
+ solv_free(lzfile);
+ return 0;
+ }
+ lzfile->file = fp;
return lzfile;
}
@@ -346,7 +349,7 @@ static ZSTDFILE *zstdopen(const char *path, const char *mode, int fd)
FILE *fp;
ZSTDFILE *zstdfile;
- if (!path && fd < 0)
+ if ((!path && fd < 0) || (path && fd >= 0))
return 0;
for (; *mode; mode++)
{
@@ -357,12 +360,6 @@ static ZSTDFILE *zstdopen(const char *path, const char *mode, int fd)
else if (*mode >= '1' && *mode <= '9')
level = *mode - '0';
}
- if (fd != -1)
- fp = fdopen(fd, encoding ? "w" : "r");
- else
- fp = fopen(path, encoding ? "w" : "r");
- if (!fp)
- return 0;
zstdfile = solv_calloc(1, sizeof(*zstdfile));
zstdfile->encoding = encoding;
if (encoding)
@@ -372,14 +369,12 @@ static ZSTDFILE *zstdopen(const char *path, const char *mode, int fd)
if (!zstdfile->cstream)
{
solv_free(zstdfile);
- fclose(fp);
return 0;
}
if (ZSTD_isError(ZSTD_initCStream(zstdfile->cstream, level)))
{
ZSTD_freeCStream(zstdfile->cstream);
solv_free(zstdfile);
- fclose(fp);
return 0;
}
zstdfile->out.dst = zstdfile->buf;
@@ -393,13 +388,25 @@ static ZSTDFILE *zstdopen(const char *path, const char *mode, int fd)
{
ZSTD_freeDStream(zstdfile->dstream);
solv_free(zstdfile);
- fclose(fp);
return 0;
}
zstdfile->in.src = zstdfile->buf;
zstdfile->in.pos = 0;
zstdfile->in.size = 0;
}
+ if (!path)
+ fp = fdopen(fd, encoding ? "w" : "r");
+ else
+ fp = fopen(path, encoding ? "w" : "r");
+ if (!fp)
+ {
+ if (encoding)
+ ZSTD_freeCStream(zstdfile->cstream);
+ else
+ ZSTD_freeDStream(zstdfile->dstream);
+ solv_free(zstdfile);
+ return 0;
+ }
zstdfile->file = fp;
return zstdfile;
}
From 725778574dda14dfa646f9a3f97568b15cdcbb2e Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 30 Mar 2021 08:42:31 +0200
Subject: [PATCH 3/3] Fix: zchunkopen: resources leaks, don't close supplied fd
System variant:
- resource leaks when `zck_init_read` or `zck_init_write` fails
- supplied fd will be closed if `zck_create` fails
Libsolv limited zchunk implementation:
- resource leak when `strcmp(mode, "r") != 0`
- supplied fd will be closed if `solv_zchunk_open` fails (Fix is thread
unsafe. However the original version caused a double-close in the caller
function and was thread unsafe too.)
---
ext/solv_xfopen.c | 44 ++++++++++++++++++++++++++++++++++----------
1 file changed, 34 insertions(+), 10 deletions(-)
diff --git a/ext/solv_xfopen.c b/ext/solv_xfopen.c
index 4258fac1..7dca41f0 100644
--- a/ext/solv_xfopen.c
+++ b/ext/solv_xfopen.c
@@ -548,9 +548,9 @@ static void *zchunkopen(const char *path, const char *mode, int fd)
{
zckCtx *f;
- if (!path && fd < 0)
+ if ((!path && fd < 0) || (path && fd >= 0))
return 0;
- if (fd == -1)
+ if (path)
{
if (*mode != 'w')
fd = open(path, O_RDONLY);
@@ -562,18 +562,29 @@ static void *zchunkopen(const char *path, const char *mode, int fd)
f = zck_create();
if (!f)
{
- close(fd);
+ if (path)
+ close(fd);
return 0;
}
if (*mode != 'w')
{
if(!zck_init_read(f, fd))
- return 0;
+ {
+ zck_free(&f);
+ if (path)
+ close(fd);
+ return 0;
+ }
}
else
{
if(!zck_init_write(f, fd))
- return 0;
+ {
+ zck_free(&f);
+ if (path)
+ close(fd);
+ return 0;
+ }
}
return cookieopen(f, mode, cookie_zckread, cookie_zckwrite, cookie_zckclose);
}
@@ -587,19 +598,32 @@ static void *zchunkopen(const char *path, const char *mode, int fd)
{
FILE *fp;
void *f;
- if (!path && fd < 0)
+ int tmpfd;
+ if ((!path && fd < 0) || (path && fd >= 0))
return 0;
- if (fd != -1)
+ if (strcmp(mode, "r") != 0)
+ return 0;
+ if (!path)
fp = fdopen(fd, mode);
else
fp = fopen(path, mode);
if (!fp)
return 0;
- if (strcmp(mode, "r") != 0)
- return 0;
f = solv_zchunk_open(fp, 1);
if (!f)
- fclose(fp);
+ {
+ /* When 0 is returned, fd passed by user must not be closed! */
+ /* Dup (save) the original fd to a temporary variable and then back. */
+ /* It is ugly and thread unsafe hack (non atomical sequence fclose dup2). */
+ if (!path)
+ tmpfd = dup(fd);
+ fclose(fp);
+ if (!path)
+ {
+ dup2(tmpfd, fd);
+ close(tmpfd);
+ }
+ }
return cookieopen(f, mode, (ssize_t (*)(void *, char *, size_t))solv_zchunk_read, 0, (int (*)(void *))solv_zchunk_close);
}

27
libsolv.spec
View File

@ -7,6 +7,7 @@
%bcond_without appdata
# Creates special prefixed "group:", "category:" pseudo-packages
%bcond_without comps
%bcond_without conda
# For rich dependencies
%bcond_without complex_deps
%bcond_without helix_repo
@ -21,16 +22,14 @@
%define __cmake_switch(b:) %[%{expand:%%{?with_%{-b*}}} ? "ON" : "OFF"]
Name: lib%{libname}
Version: 0.7.17
Release: 6%{?dist}
Version: 0.7.19
Release: 1%{?dist}
Summary: Package dependency solver
License: BSD
URL: https://github.com/openSUSE/libsolv
Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: 0001-Fix-memory-leaks.patch
Patch2: 0002-Fix-lzopen-zstdopen-zchunkopen.patch
Patch3: 0003-Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch
Patch1: 0001-Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch
BuildRequires: cmake
BuildRequires: gcc-c++
@ -74,7 +73,7 @@ Development files for %{name}.
Summary: Package dependency solver tools
Requires: %{name}%{?_isa} = %{version}-%{release}
# repo2solv dependencies. Used as execl()
Requires: %{_bindir}/find
Requires: /usr/bin/find
%description tools
Package dependency solver tools.
@ -83,8 +82,8 @@ Package dependency solver tools.
Summary: Applications demoing the %{name} library
Requires: %{name}%{?_isa} = %{version}-%{release}
# solv dependencies. Used as execlp() and system()
Requires: %{_bindir}/curl
Requires: %{_bindir}/gpg2
Requires: /usr/bin/curl
Requires: /usr/bin/gpg2
%description demo
Applications demoing the %{name} library.
@ -154,6 +153,7 @@ Python 3 version.
-DENABLE_ARCHREPO=%{__cmake_switch -b arch_repo} \
-DMULTI_SEMANTICS=%{__cmake_switch -b multi_semantics} \
-DENABLE_COMPLEX_DEPS=%{__cmake_switch -b complex_deps} \
-DENABLE_CONDA=%{__cmake_switch -b conda} \
-DENABLE_PERL=%{__cmake_switch -b perl_bindings} \
-DENABLE_RUBY=%{__cmake_switch -b ruby_bindings} \
-DENABLE_PYTHON=%{__cmake_switch -b python_bindings} \
@ -172,7 +172,7 @@ Python 3 version.
# Python smoke test (not tested in %%ctest):
export PYTHONPATH=%{buildroot}%{python3_sitearch}
export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
%{python3} -c 'import solv'
%python3 -c 'import solv'
%files
%license LICENSE*
@ -227,6 +227,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
%if %{with suse_repo}
%solv_tool susetags2solv
%endif
%if %{with conda}
%{_bindir}/conda2solv
%endif
%files demo
%solv_tool solv
@ -250,6 +253,12 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
%endif
%changelog
* Tue Jul 27 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.19-1
- Update to 0.7.19
- repo_add_conda: add flag to skip v2 packages
- fix rare segfault in resolve_jobrules() that could happen if new rules are learnt
- fix memory leaks
* Tue Jul 27 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.17-6
- Fix issues detected by static analyzers

2
sources
View File

@ -1 +1 @@
SHA512 (libsolv-0.7.17.tar.gz) = 82c8d4ab02f9aabeb620a70c1cae427c1e74ad2ee8c79d5b08840478f63dee74439dc903fd63ab63fe9ab7763024a3ce52498f1b9ab6d76c1ad47423e9f6386b
SHA512 (libsolv-0.7.19.tar.gz) = dfcebea314d549a15bf5af19db775ff1b1850bfc6fb147b68fe094e43bf1541fcfe22d2f6c6607a6393e01905a086cea606d0b25da2e3ce376d100c4ef4fee00