packages/librepo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:bf207e5f05c66aebb7e94138a6b6e31a68d936d7
Branches Tags
packages:main
...
compare: packages:403dfa79baecc6964f0140064995346887e20078
Branches Tags
packages:main

10 Commits
bf207e5f05 ... 403dfa79ba

Author SHA1 Message Date
openeuler-ci-bot
403dfa79ba
!36 回合上游补丁 
From: @pshysimon 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-10-22 08:22:15 +00:00
Pshysimon
d0dddd93fa backport upstream commits, fix memory leak 2024-10-21 20:28:06 +08:00
openeuler-ci-bot
dee4679bea
!31 update to 1.15.2 
From: @dillon_chen 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2023-08-03 11:26:17 +00:00
dillon_chen
32e3689c32 update to 1.15.2 2023-08-03 17:49:49 +08:00
openeuler-ci-bot
68d5a5a756
!30 Upgrade to latest release [librepo -> 1.15.1] 
From: @Wangjunqi123 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2023-02-03 02:49:42 +00:00
Wangjunqi123
6bf14bd648 update version to 1.15.1 2023-02-02 14:59:00 +08:00
openeuler-ci-bot
a60f4c0ba1
!25 update to 1.14.5 
From: @dillon_chen 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2022-10-20 01:47:28 +00:00
dillon_chen
c57ff63938 update to 1.14.5 fix bug 2022-10-10 16:21:16 +08:00
openeuler-ci-bot
55ad555035
!24 update to 1.14.3 
From: @dillon_chen 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2022-06-27 06:55:09 +00:00
dillon_chen
fc2e1e9057 update to 1.14.3 2022-06-27 10:25:56 +08:00
4 changed files with 89 additions and 3 deletions
Show Stats Expand all files Collapse all files

69
backport-Fix-a-memory-leak-in-select_next_target.patch Normal file
View File

@ -0,0 +1,69 @@
From 3c85711f35b987bd0ce17dd0fbaa0d9f2521c444 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 11 Jul 2024 15:40:03 +0200
Subject: [PATCH] Fix a memory leak in select_next_target()
If a next target URL was found (non-NULL full_url) and then a transfer was
canceled or an off-line mode was requested, full_url string was not freed and a
memory leaked.
Discovered with Covscan:
16. librepo-1.18.0/librepo/downloader.c:891:13: alloc_fn: Storage is returned from allocation function "g_strdup_inline".
17. librepo-1.18.0/librepo/downloader.c:891:13: var_assign: Assigning: "full_url" = storage returned from "g_strdup_inline(target->target->path)".
22. librepo-1.18.0/librepo/downloader.c:919:9: noescape: Resource "full_url" is not freed or pointed-to in "lr_is_local_path".
24. librepo-1.18.0/librepo/downloader.c:924:13: noescape: Assuming resource "full_url" is not freed or pointed-to as ellipsis argument to "g_debug".
28. librepo-1.18.0/librepo/downloader.c:956:17: leaked_storage: Variable "full_url" going out of scope leaks the storage it points to.
# 954| "and no local URL is available",
# 955| target->target->path);
# 956|-> return FALSE;
# 957| }
# 958| }
16. librepo-1.18.0/librepo/downloader.c:891:13: alloc_fn: Storage is returned from allocation function "g_strdup_inline".
17. librepo-1.18.0/librepo/downloader.c:891:13: var_assign: Assigning: "full_url" = storage returned from "g_strdup_inline(target->target->path)".
22. librepo-1.18.0/librepo/downloader.c:919:9: noescape: Resource "full_url" is not freed or pointed-to in "lr_is_local_path".
24. librepo-1.18.0/librepo/downloader.c:924:13: noescape: Assuming resource "full_url" is not freed or pointed-to as ellipsis argument to "g_debug".
27. librepo-1.18.0/librepo/downloader.c:946:21: leaked_storage: Variable "full_url" going out of scope leaks the storage it points to.
# 944| g_set_error(err, LR_DOWNLOADER_ERROR, LRE_CBINTERRUPTED,
# 945| "Interrupted by LR_CB_ERROR from end callback");
# 946|-> return FALSE;
# 947| }
# 948| }
This patch fixes it.
The bug was introduced in 1.7.14 version
(08e4810fcdd753ce4728bd88b252f7b3d34b2cdb commit).
Reference:https://github.com/rpm-software-management/librepo/commit/3c85711f35b987bd0ce17dd0fbaa0d9f2521c444
Conflict:no
---
librepo/downloader.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/librepo/downloader.c b/librepo/downloader.c
index 364c0af..40dbeb2 100644
--- a/librepo/downloader.c
+++ b/librepo/downloader.c
@@ -943,6 +943,7 @@ select_next_target(LrDownload *dd,
"from end callback", __func__);
g_set_error(err, LR_DOWNLOADER_ERROR, LRE_CBINTERRUPTED,
"Interrupted by LR_CB_ERROR from end callback");
+ g_free(full_url);
return FALSE;
}
}
@@ -953,6 +954,7 @@ select_next_target(LrDownload *dd,
"Cannot download %s: Offline mode is specified "
"and no local URL is available",
target->target->path);
+ g_free(full_url);
return FALSE;
}
}
--
2.33.0

BIN
librepo-1.14.2.tar.gz
View File

Binary file not shown.

BIN
librepo-1.15.2.tar.gz Normal file
View File

Binary file not shown.

23
librepo.spec
View File

@ -5,13 +5,15 @@
%bcond_with zchunk
Name: librepo
Version: 1.14.2
Release: 1
Version: 1.15.2
Release: 2
Summary: Repodata downloading library
License: LGPLv2+
License: LGPL-2.0-or-later
URL: https://github.com/rpm-software-management/librepo
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: backport-Fix-a-memory-leak-in-select_next_target.patch
BuildRequires: cmake check-devel doxygen pkgconfig(glib-2.0) gcc
BuildRequires: libcurl-devel >= %{libcurl_version} pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(openssl) gpgme-devel libattr-devel pkgconfig(libcrypto)
@ -78,6 +80,21 @@ popd
%{python3_sitearch}/%{name}/
%changelog
* Mon Oct 21 2024 caixiaomeng <caixiaomeng2@huawei.com> - 1.15.2-2
- backport upstream commits, fix memory leak
* Thu Aug 3 2023 dillon chen <dillon.chen@gmail.com> - 1.15.2-1
- update to 1.15.2
* Thu Feb 02 2023 wangjunqi <wangjunqi@kylinos.cn> - 1.15.1-1
- update to 1.15.1
* Mon Oct 10 2022 dillon chen <dillon.chen@gmail.com> - 1.14.3-1
- update to 1.14.5
* Mon Jun 27 2022 dillon chen <dillon.chen@gmail.com> - 1.14.3-1
- update to 1.14.3
* Tue Nov 30 2021 fuanan <fuanan3@huawei.com> - 1.14.2-1
- update version to 1.14.2