SOURCES/popt-1.18-imp-covscan-fixes.patch

@@ -0,0 +1,64 @@
+commit 7e60d11c1b046e54378cf79280f4a856741c8749
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date:   Sat Aug 22 14:09:58 2020 +0200
+
+    Close iconv in case of allocation error
+    
+    If memory allocation in strdup_locale_from_utf8 fails after calling
+    iconv_open, the returned conversion descriptor is not closed.
+
+diff --git a/src/poptint.c b/src/poptint.c
+index 0cec176..3a0919a 100644
+--- a/src/poptint.c
++++ b/src/poptint.c
+@@ -91,8 +91,10 @@ strdup_locale_from_utf8 (char * istr)
+ 	size_t ob = db;
+ 	size_t err;
+ 
+-	if (dstr == NULL)
++	if (dstr == NULL) {
++	    (void) iconv_close(cd);
+ 	    return NULL;
++	}
+ 	err = iconv(cd, NULL, NULL, NULL, NULL);
+ 	while (1) {
+ 	    *pout = '\0';
+commit 70011cc5763dca9a9b57e9539b465e00c9769996
+Author: Michal Domonkos <mdomonko@redhat.com>
+Date:   Mon Jul 19 14:41:03 2021 +0200
+
+    Fix potential mem leak in poptReadConfigFile()
+    
+    While it seems that the actual implementation of poptReadFile()
+    shouldn't allocate the passed buffer (b) if the number of bytes (nb) is
+    zero (see the read(2) call in that function), it's still up to the
+    caller to take care of this resource, so let's just do that by bailing
+    out via "exit" where the freeing happens.
+    
+    Also initialize t to NULL to avoid freeing an undefined pointer.
+    
+    Found by Coverity.
+
+diff --git a/src/poptconfig.c b/src/poptconfig.c
+index 8623ba2..7c52315 100644
+--- a/src/poptconfig.c
++++ b/src/poptconfig.c
+@@ -344,13 +344,15 @@ int poptReadConfigFile(poptContext con, const char * fn)
+     char * b = NULL, *be;
+     size_t nb = 0;
+     const char *se;
+-    char *t, *te;
++    char *t = NULL, *te;
+     int rc;
+ 
+     if ((rc = poptReadFile(fn, &b, &nb, POPT_READFILE_TRIMNEWLINES)) != 0)
+ 	return (errno == ENOENT ? 0 : rc);
+-    if (b == NULL || nb == 0)
+-	return POPT_ERROR_BADCONFIG;
++    if (b == NULL || nb == 0) {
++	rc = POPT_ERROR_BADCONFIG;
++	goto exit;
++    }
+ 
+     if ((t = malloc(nb + 1)) == NULL)
+ 	goto exit;

SPECS/popt.spec

@@ -1,12 +1,18 @@
+%define ver 1.18
+#define snap rc1
+%define srcver %{ver}%{?snap:-%{snap}}
+
 Summary:        C library for parsing command line parameters
 Name:           popt
-Version:	1.18
+Version:        %{ver}%{?snap:~%{snap}}
-Release:	1%{?dist}
+Release:        8%{?dist}
 License:        MIT
-Group:		System Environment/Libraries
 URL:            https://github.com/rpm-software-management/popt/
-Source:		http://ftp.rpm.org/popt/releases/popt-1.x/popt-%{version}.tar.gz
+Source0:        http://ftp.rpm.org/popt/releases/popt-1.x/%{name}-%{srcver}.tar.gz
-BuildRequires:	gcc gettext
+Patch0:         popt-1.18-imp-covscan-fixes.patch
+BuildRequires:  gcc
+BuildRequires:  gettext
+BuildRequires:  make
 
 %description
 Popt is a C library for parsing command line parameters. Popt was
@@ -20,7 +26,6 @@ shell-like rules.
 
 %package devel
 Summary:        Development files for the popt library
-Group:		Development/Libraries
 Requires:       %{name}%{?_isa} = %{version}-%{release}, pkgconfig
 
 %description devel
@@ -28,29 +33,31 @@ The popt-devel package includes header files and libraries necessary
 for developing programs which use the popt C library. It contains the
 API documentation of the popt library, too.
 
+%if 0%{!?_without_static:1}
 %package static
 Summary:        Static library for parsing command line parameters
-Group:		Development/Libraries
 Requires:       %{name}-devel%{?_isa} = %{version}-%{release}
 
 %description static
 The popt-static package includes static libraries of the popt library.
 Install it if you need to link statically with libpopt.
+%endif
 
 %prep
-%autosetup
+%autosetup -n %{name}-%{srcver} -p1
 
 %build
-%configure
+%configure %{?_without_static:--disable-static}
 %make_build
 
 %install
 %make_install
 
-# Multiple popt configurations are possible
+# Don't install any libtool .la files
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/popt.d
+rm -f $RPM_BUILD_ROOT%{_libdir}/libpopt.la
 
-rm -f $RPM_BUILD_ROOT/%{_libdir}/libpopt.la
+# Multiple popt configurations are possible
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/popt.d/
 
 %find_lang %{name}
 
@@ -62,7 +69,7 @@ make check
 %files -f %{name}.lang
 %license COPYING
 %doc CHANGES
-%{_sysconfdir}/popt.d
+%{_sysconfdir}/popt.d/
 %{_libdir}/libpopt.so.*
 
 %files devel
@@ -72,14 +79,57 @@ make check
 %{_includedir}/popt.h
 %{_mandir}/man3/popt.3*
 
+%if 0%{!?_without_static:1}
 %files static
 %{_libdir}/libpopt.a
+%endif
 
 %changelog
-* Thu Jan 07 2021 Panu Matilainen <pmatilai@redhat.com> - 1.18-1
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.18-8
-- Rebase to popt 1.18 (https://github.com/rpm-software-management/popt/releases/tag/popt-1.18-release)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-- Update URLs to rebooted upstream
+  Related: rhbz#1991688
-- Clean up ancient cruft from spec, use modern build macros
+
+* Tue Jul 20 2021 Michal Domonkos <mdomonko@redhat.com> - 1.18-7
+- Add gating.yaml
+
+* Mon Jul 19 2021 Michal Domonkos <mdomonko@redhat.com> - 1.18-6
+- Address important covscan issues (#1938846)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.18-5
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Sat Mar 06 2021 Robert Scheck <robert@fedoraproject.org> 1.18-4
+- Conditionalize static subpackage during build-time
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.18-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jun 24 2020 Panu Matilainen <pmatilai@redhat.com> - 1.18-1
+- Update to popt 1.18 final (no changes from rc1)
+
+* Fri May 29 2020 Panu Matilainen <pmatilai@redhat.com> - 1.18~rc1-1
+- Rebase to popt 1.18-rc1
+- Update URLs to the new upstream
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Oct 11 2018 Panu Matilainen <pmatilai@redhat.com> - 1.16-16
+- Use modern build helper macros
+- Drop support for pre-usrmove versions (Fedora < 17 and RHEL < 7)
+- Erm, dont nuke build-root at beginning of %%install
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild