rpms/python-pycurl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:imports/c9/python-pycurl-7.43.0.6-8.el9
rpms:imports/c9-beta/python-pycurl-7.43.0.6-8.el9
rpms:imports/c8-beta/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8-beta/python-pycurl-7.43.0.2-3.el8
rpms:imports/c8s/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8/python-pycurl-7.43.0.2-3.el8
..
compare: rpms:imports/c8/python-pycurl-7.43.0.2-3.el8
Branches Tags
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:c9s
rpms:imports/c9/python-pycurl-7.43.0.6-8.el9
rpms:imports/c9-beta/python-pycurl-7.43.0.6-8.el9
rpms:imports/c8-beta/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8-beta/python-pycurl-7.43.0.2-3.el8
rpms:imports/c8s/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8/python-pycurl-7.43.0.2-4.el8
rpms:imports/c8/python-pycurl-7.43.0.2-3.el8

No commits in common. "c8" and "imports/c8/python-pycurl-7.43.0.2-3.el8" have entirely different histories.
c8 ... imports/c8

3 changed files with 1 additions and 137 deletions
Show Stats Expand all files Collapse all files

93
SOURCES/0001-python-pycurl-7.43.0.2-static-analysis.patch
View File

@ -1,93 +0,0 @@
From 047bd00ee53a722eaf46e58e330888cf628d5a7c Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Jan 2019 16:54:19 +0100
Subject: [PATCH 1/2] do_curl_setopt_httppost: do not use uninitialized stack
variable
Detected by Coverity Analysis and Clang:
Error: UNINIT (CWE-457):
pycurl-7.43.0.2/src/easyopt.c:493: var_decl: Declaring variable "res" without initializer.
pycurl-7.43.0.2/src/easyopt.c:524: uninit_use_in_call: Using uninitialized value "(int)res" when calling "create_and_set_error_object".
522| if (PyText_AsStringAndSize(httppost_option, &cstr, &clen, &cencoded_obj)) {
523| PyText_EncodedDecref(nencoded_obj);
524|-> CURLERROR_SET_RETVAL();
525| goto error;
526| }
Error: CLANG_WARNING:
pycurl-7.43.0.2/src/easyopt.c:524:17: warning: 2nd function call argument is an uninitialized value
pycurl-7.43.0.2/src/pycurl.h:286:5: note: expanded from macro 'CURLERROR_SET_RETVAL'
pycurl-7.43.0.2/src/easyopt.c:493:5: note: 'res' declared without an initial value
pycurl-7.43.0.2/src/easyopt.c:496:9: note: Assuming 'len' is not equal to 0
pycurl-7.43.0.2/src/easyopt.c:496:5: note: Taking false branch
pycurl-7.43.0.2/src/easyopt.c:499:17: note: Assuming 'i' is < 'len'
pycurl-7.43.0.2/src/easyopt.c:499:5: note: Loop condition is true. Entering loop body
pycurl-7.43.0.2/src/easyopt.c:505:13: note: Assuming 'which_httppost_item' is not equal to 0
pycurl-7.43.0.2/src/easyopt.c:505:9: note: Taking false branch
pycurl-7.43.0.2/src/easyopt.c:509:13: note: Assuming the condition is false
pycurl-7.43.0.2/src/easyopt.c:509:9: note: Taking false branch
pycurl-7.43.0.2/src/easyopt.c:513:13: note: Assuming the condition is false
pycurl-7.43.0.2/src/easyopt.c:513:9: note: Taking false branch
pycurl-7.43.0.2/src/easyopt.c:519:13: note: Assuming the condition is true
pycurl-7.43.0.2/src/easyopt.c:519:9: note: Taking true branch
pycurl-7.43.0.2/src/easyopt.c:522:17: note: Assuming the condition is true
pycurl-7.43.0.2/src/easyopt.c:522:13: note: Taking true branch
pycurl-7.43.0.2/src/easyopt.c:524:17: note: 2nd function call argument is an uninitialized value
pycurl-7.43.0.2/src/pycurl.h:286:5: note: expanded from macro 'CURLERROR_SET_RETVAL'
---
src/easyopt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/easyopt.c b/src/easyopt.c
index 015fa93..471400c 100644
--- a/src/easyopt.c
+++ b/src/easyopt.c
@@ -521,7 +521,7 @@ do_curl_setopt_httppost(CurlObject *self, int option, int which, PyObject *obj)
if (PyText_AsStringAndSize(httppost_option, &cstr, &clen, &cencoded_obj)) {
PyText_EncodedDecref(nencoded_obj);
- CURLERROR_SET_RETVAL();
+ create_and_set_error_object(self, CURLE_BAD_FUNCTION_ARGUMENT);
goto error;
}
/* INFO: curl_formadd() internally does memdup() the data, so
--
2.17.2
From 6f0f7896412c107c390f4967dcdf94fd14d52047 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Jan 2019 16:57:14 +0100
Subject: [PATCH 2/2] do_multi_add_handle: execute clean-up code before return
Detected by Coverity Analysis:
Error: UNREACHABLE (CWE-561):
pycurl-7.43.0.2/src/multi.c:631: unreachable: This code cannot be reached: "PyDict_DelItem(self->easy_o...".
629| if (res != CURLM_OK) {
630| CURLERROR_MSG("curl_multi_add_handle() failed due to internal errors");
631|-> PyDict_DelItem(self->easy_object_dict, (PyObject *) obj);
632| }
633| obj->multi_stack = self;
---
src/multi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/multi.c b/src/multi.c
index 7ecedbf..3407423 100644
--- a/src/multi.c
+++ b/src/multi.c
@@ -627,8 +627,8 @@ do_multi_add_handle(CurlMultiObject *self, PyObject *args)
assert(obj->multi_stack == NULL);
res = curl_multi_add_handle(self->multi_handle, obj->handle);
if (res != CURLM_OK) {
- CURLERROR_MSG("curl_multi_add_handle() failed due to internal errors");
PyDict_DelItem(self->easy_object_dict, (PyObject *) obj);
+ CURLERROR_MSG("curl_multi_add_handle() failed due to internal errors");
}
obj->multi_stack = self;
Py_INCREF(self);
--
2.17.2

32
SOURCES/0003-python-pycurl-7.43.0.2-decode-cookie-info.patch
View File

@ -1,32 +0,0 @@
From f5141d34f54ec2ae3309324a99f0f5887f0a8201 Mon Sep 17 00:00:00 2001
From: Dmitriy Taychenachev <dmitriy.taychenachev@skypicker.com>
Date: Tue, 9 Apr 2019 11:23:58 +0200
Subject: [PATCH] decode_string_list: fix populating list of decoded strings
Under Python3 the call curl.getinfo(pycurl.INFO_COOKIELIST) returns
invalid list (for example [<NULL>]), which cases segmentation fault.
The cause is in function decode_string_list() (Python3 only) which
creates new list without populating it with elements. This commit
adds the setting of elements fixing the behaviour.
Upstream-commit: 5df7a0e5bb38a3db5f04721add571cd32c5e3eb8
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/easyinfo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/easyinfo.c b/src/easyinfo.c
index b3d731b..3712646 100644
--- a/src/easyinfo.c
+++ b/src/easyinfo.c
@@ -277,6 +277,7 @@ decode_string_list(PyObject *list)
if (decoded_item == NULL) {
goto err;
}
+ PyList_SetItem(decoded_list, i, decoded_item);
}
return decoded_list;
--
2.21.1

13
SPECS/python-pycurl.spec
View File

@ -16,23 +16,16 @@
Name: python-%{modname} Name: python-%{modname}
Version: 7.43.0.2 Version: 7.43.0.2
Release: 4%{?dist} Release: 3%{?dist}
Summary: A Python interface to libcurl Summary: A Python interface to libcurl
License: LGPLv2+ or MIT License: LGPLv2+ or MIT
URL: http://pycurl.sourceforge.net/ URL: http://pycurl.sourceforge.net/
Source0: https://dl.bintray.com/pycurl/pycurl/pycurl-%{version}.tar.gz Source0: https://dl.bintray.com/pycurl/pycurl/pycurl-%{version}.tar.gz
# fix programming mistakes detected by static analyzers
# upstream pull request: https://github.com/pycurl/pycurl/pull/550
Patch1: 0001-python-pycurl-7.43.0.2-static-analysis.patch
# drop link-time vs. run-time TLS backend check (#1446850) # drop link-time vs. run-time TLS backend check (#1446850)
Patch2: 0002-python-pycurl-7.43.0-tls-backend.patch Patch2: 0002-python-pycurl-7.43.0-tls-backend.patch
# fix populating list of decoded strings (#1792213)
Patch3: 0003-python-pycurl-7.43.0.2-decode-cookie-info.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
@ -162,10 +155,6 @@ rm -fv tests/fake-curl/libcurl/*.so
%endif %endif
%changelog %changelog
* Wed Jan 22 2020 Kamil Dudka <kdudka@redhat.com> - 7.43.0.2-4
- fix populating list of decoded strings (#1792213)
- fix programming mistakes detected by static analyzers (#1666003)
* Thu Dec 20 2018 Kamil Dudka <kdudka@redhat.com> - 7.43.0.2-3 * Thu Dec 20 2018 Kamil Dudka <kdudka@redhat.com> - 7.43.0.2-3
- drop build-time (%%check-only) dependency on pyflakes (#1661168) - drop build-time (%%check-only) dependency on pyflakes (#1661168)