!27 [sync] PR-26: upgrade libdnf-0.65.0

From: @openeuler-sync-bot Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
2022-03-31 11:47:17 +00:00 · 2022-03-31 11:47:17 +00:00 · 9f6e365fb2
commit 9f6e365fb2
parent ed2bc05357 3dc4a8841f
4 changed files with 10 additions and 113 deletions
--- a/CVE-2021-3445.patch
+++ b/CVE-2021-3445.patch
@ -1,104 +0,0 @@
-From 902898f29c99927b9a88df1542872adfcd343947 Mon Sep 17 00:00:00 2001
-From: wangxp006 <wangxp006@163.com>
-Date: Mon, 7 Jun 2021 22:12:46 +0800
-Subject: [PATCH] CVE-2021-3445
-
---
- libdnf/dnf-keyring.cpp | 52 ++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 50 insertions(+), 2 deletions(-)
-
-diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
-index 6797b11..c81df12 100644
--- a/libdnf/dnf-keyring.cpp
-+++ b/libdnf/dnf-keyring.cpp
-@@ -34,6 +34,8 @@
- #include <glib.h>
- #include <rpm/rpmlib.h>
- #include <rpm/rpmts.h>
-+#include <rpm/rpmlog.h>
-+#include <rpm/rpmcli.h>
- 
- #include "catch-error.hpp"
- #include "dnf-types.h"
-@@ -211,6 +213,26 @@ dnf_keyring_add_public_keys(rpmKeyring keyring, GError **error) try
-     return TRUE;
- } CATCH_TO_GERROR(FALSE)
- 
-+static int
-+rpmcliverifysignatures_log_handler_cb(rpmlogRec rec, rpmlogCallbackData data)
-+{
-+    GString **string =(GString **) data;
-+
-+    /* create string if required */
-+    if (*string == NULL)
-+        *string = g_string_new("");
-+
-+    /* if text already exists, join them */
-+    if ((*string)->len > 0)
-+        g_string_append(*string, ": ");
-+    g_string_append(*string, rpmlogRecMessage(rec));
-+
-+    /* remove the trailing /n which rpm does */
-+    if ((*string)->len > 0)
-+        g_string_truncate(*string,(*string)->len - 1);
-+    return 0;
-+}
-+
- /**
-  * dnf_keyring_check_untrusted_file:
-  */
-@@ -227,6 +249,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
-     rpmtd td = NULL;
-     rpmts ts = NULL;
- 
-+    char *path = g_strdup(filename);
-+    char *path_array[2] = {path, NULL};
-+    g_autoptr(GString) rpm_error = NULL;
-+
-     /* open the file for reading */
-     fd = Fopen(filename, "r.fdio");
-     if (fd == NULL) {
-@@ -247,9 +273,27 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
-         goto out;
-     }
- 
-    /* we don't want to abort on missing keys */
-     ts = rpmtsCreate();
-    rpmtsSetVSFlags(ts, _RPMVSF_NOSIGNATURES);
-+
-+    if (rpmtsSetKeyring(ts, keyring) < 0) {
-+        g_set_error_literal(error, DNF_ERROR, DNF_ERROR_INTERNAL_ERROR, "failed to set keyring");
-+        goto out;
-+    }
-+    rpmtsSetVfyLevel(ts, RPMSIG_SIGNATURE_TYPE);
-+    rpmlogSetCallback(rpmcliverifysignatures_log_handler_cb, &rpm_error);
-+
-+    // rpm doesn't provide any better API call than rpmcliVerifySignatures (which is for CLI):
-+    // - use path_array as input argument
-+    // - gather logs via callback because we don't want to print anything if check is successful
-+    if (rpmcliVerifySignatures(ts, (char * const*) path_array)) {
-+        g_set_error(error,
-+                DNF_ERROR,
-+                DNF_ERROR_GPG_SIGNATURE_INVALID,
-+                "%s could not be verified.\n%s",
-+                filename,
-+                (rpm_error ? rpm_error->str : "UNKNOWN ERROR"));
-+        goto out;
-+    }
- 
-     /* read in the file */
-     rc = rpmReadPackageFile(ts, fd, filename, &hdr);
-@@ -313,6 +357,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
-     g_debug("%s has been verified as trusted", filename);
-     ret = TRUE;
- out:
-+    rpmlogSetCallback(NULL, NULL);
-+
-+    if (path != NULL)
-+        g_free(path);
-     if (dig != NULL)
-         pgpFreeDig(dig);
-     if (td != NULL) {
-- 
-1.8.3.1
-
--- a/libdnf-0.48.0.tar.gz
+++ b/libdnf-0.48.0.tar.gz
--- a/libdnf-0.65.0.tar.gz
+++ b/libdnf-0.65.0.tar.gz
--- a/libdnf.spec
+++ b/libdnf.spec
@ -1,7 +1,7 @@
-%global libsolv_version 0.7.7
-%global libmodulemd_version 2.5.0
-%global librepo_version 1.12.0
-%global dnf_conflict 4.2.23-6
+%global libsolv_version 0.7.20
+%global libmodulemd_version 2.13.0
+%global librepo_version 1.13.1
+%global dnf_conflict 4.3.0
 %global swig_version 3.0.12

 %global requires_python3_sphinx python3-sphinx
@ -17,15 +17,13 @@
    %{nil}

 Name:                      libdnf
-Version:                   0.48.0
-Release:                   3
+Version:                   0.65.0
+Release:                   1
 Summary:                   Library providing simplified C and Python API to libsolv
 License:                   LGPLv2+
 URL:                       https://github.com/rpm-software-management/libdnf
 Source0:                   %{url}/archive/%{version}/%{name}-%{version}.tar.gz                    

-Patch1:                    CVE-2021-3445.patch
-
 BuildRequires:             cmake gcc gcc-c++ libsolv-devel >= %{libsolv_version} gettext
 BuildRequires:             pkgconfig(librepo) >= %{librepo_version} pkgconfig(check)              
 BuildRequires:             pkgconfig(gio-unix-2.0) >= 2.46.0 pkgconfig(gtk-doc) gpgme-devel
@ -65,7 +63,7 @@ Python 3 bindings for the libdnf library.
 %package -n                python3-hawkey
 Summary:                   Python 3 bindings for the hawkey library
 %{?python_provide:%python_provide python3-hawkey}
-BuildRequires:             python3-devel python3-nose
+BuildRequires:             python3-devel
 Requires:                  %{name} = %{version}-%{release}
 Requires:                  python3-%{name} = %{version}-%{release}
 Conflicts:                 python3-dnf < %{dnf_conflict}
@ -120,6 +118,9 @@ popd
 %{python3_sitearch}/hawkey/

 %changelog
+* Sat Dec 25 2021 hanhui <hanhui15@huawei.com> - 0.65.0-1
+- DESC:upgrade to libdnf-0.65.0
+
 * Thu Jul 15 2021 gaihuiying <gaihuiying1@huawei.com> - 0.48.0-3
 - Type:bugfix
 - ID:NA