Accepting request 914470 from system:packagemanager:dnf

- Update to 1.14.2 + Recover from fsync fail on read-only filesystem (rh#1956361) + Reduce time to load metadata + Fix resource leaks + Fix memory leaks OBS-URL: https://build.opensuse.org/request/show/914470 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/librepo?expand=0&rev=16
2021-08-31 17:54:51 +00:00 · 2021-08-31 17:54:51 +00:00 · 04e0bb8d0e
commit 04e0bb8d0e
parent 0209591edb de1325e54c
4 changed files with 24 additions and 7 deletions
--- a/librepo-1.14.0.tar.gz
+++ b/librepo-1.14.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d83835e468c71ae8970c896eb1df7cdb2e54298bdfe75465c396a7457838c61b
-size 824502
--- a/librepo-1.14.2.tar.gz
+++ b/librepo-1.14.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:436ead59dd22f45e87b4c0a408e100e0a159f825128b875ad33ed672204023be
+size 824195
--- a/librepo.changes
+++ b/librepo.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Aug 25 16:46:36 UTC 2021 - Neal Gompa <ngompa13@gmail.com>
+
+- Update to 1.14.2
+  + Recover from fsync fail on read-only filesystem (rh#1956361)
+  + Reduce time to load metadata
+  + Fix resource leaks
+  + Fix memory leaks
+
 -------------------------------------------------------------------
 Tue Apr 13 12:59:28 UTC 2021 - Neal Gompa <ngompa13@gmail.com>

@ -25,6 +34,14 @@ Sat Aug 22 20:18:17 UTC 2020 - Neal Gompa <ngompa13@gmail.com>

 - Upgrade to 1.12.1
  + Validate path read from repomd.xml (rh#1868639, CVE-2020-14352)
+- Dropped validate_path.patch to prevent directory traversal attacks
+  (boo#1175475, CVE-2020-14352) since it is upstream with version 1.12.1
+
+-------------------------------------------------------------------
+Thu Aug 20 10:30:12 UTC 2020 - Christian Vögl <christian.voegl@suse.com>
+
+- Add validate_path.patch to prevent directory traversal attacks
+  (boo#1175475, CVE-2020-14352)

 -------------------------------------------------------------------
 Tue Jul  7 10:38:49 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
--- a/librepo.spec
+++ b/librepo.spec
@ -1,7 +1,7 @@
 #
 # spec file for package librepo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2020-2021 Neal Gompa <ngompa13@gmail.com>.
 #
 # All modifications and additions to the file contributed by third parties
@ -37,7 +37,7 @@
 %define devname %{name}-devel

 Name:           librepo
-Version:        1.14.0
+Version:        1.14.2
 Release:        0
 Summary:        Repodata downloading library
 License:        LGPL-2.0-or-later
@ -51,9 +51,9 @@ BuildRequires:  doxygen
 BuildRequires:  gpgme-devel
 BuildRequires:  pkgconfig(check)
 BuildRequires:  pkgconfig(glib-2.0) >= 2.26.0
+BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(libcurl) >= 7.52.0
 BuildRequires:  pkgconfig(libxml-2.0)
-BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(openssl)
 %if %{with zchunk}
 BuildRequires:  pkgconfig(zck) >= 0.9.11
@ -88,8 +88,8 @@ Summary:        Python 3 bindings for the librepo library
 Group:          Development/Libraries/Python
 BuildRequires:  python3-devel
 %if %{with tests}
-BuildRequires:  python3-gpg
 BuildRequires:  python3-Flask
+BuildRequires:  python3-gpg
 BuildRequires:  python3-requests
 %endif
 BuildRequires:  python3-Sphinx