diff --git a/CVE-2021-3445.patch b/CVE-2021-3445.patch deleted file mode 100644 index 1a4dcc71149daf726bc20130309bc9c2354a9f3d..0000000000000000000000000000000000000000 --- a/CVE-2021-3445.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 902898f29c99927b9a88df1542872adfcd343947 Mon Sep 17 00:00:00 2001 -From: wangxp006 -Date: Mon, 7 Jun 2021 22:12:46 +0800 -Subject: [PATCH] CVE-2021-3445 - ---- - libdnf/dnf-keyring.cpp | 52 ++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 50 insertions(+), 2 deletions(-) - -diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp -index 6797b11..c81df12 100644 ---- a/libdnf/dnf-keyring.cpp -+++ b/libdnf/dnf-keyring.cpp -@@ -34,6 +34,8 @@ - #include - #include - #include -+#include -+#include - - #include "catch-error.hpp" - #include "dnf-types.h" -@@ -211,6 +213,26 @@ dnf_keyring_add_public_keys(rpmKeyring keyring, GError **error) try - return TRUE; - } CATCH_TO_GERROR(FALSE) - -+static int -+rpmcliverifysignatures_log_handler_cb(rpmlogRec rec, rpmlogCallbackData data) -+{ -+ GString **string =(GString **) data; -+ -+ /* create string if required */ -+ if (*string == NULL) -+ *string = g_string_new(""); -+ -+ /* if text already exists, join them */ -+ if ((*string)->len > 0) -+ g_string_append(*string, ": "); -+ g_string_append(*string, rpmlogRecMessage(rec)); -+ -+ /* remove the trailing /n which rpm does */ -+ if ((*string)->len > 0) -+ g_string_truncate(*string,(*string)->len - 1); -+ return 0; -+} -+ - /** - * dnf_keyring_check_untrusted_file: - */ -@@ -227,6 +249,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring, - rpmtd td = NULL; - rpmts ts = NULL; - -+ char *path = g_strdup(filename); -+ char *path_array[2] = {path, NULL}; -+ g_autoptr(GString) rpm_error = NULL; -+ - /* open the file for reading */ - fd = Fopen(filename, "r.fdio"); - if (fd == NULL) { -@@ -247,9 +273,27 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring, - goto out; - } - -- /* we don't want to abort on missing keys */ - ts = rpmtsCreate(); -- rpmtsSetVSFlags(ts, _RPMVSF_NOSIGNATURES); -+ -+ if (rpmtsSetKeyring(ts, keyring) < 0) { -+ g_set_error_literal(error, DNF_ERROR, DNF_ERROR_INTERNAL_ERROR, "failed to set keyring"); -+ goto out; -+ } -+ rpmtsSetVfyLevel(ts, RPMSIG_SIGNATURE_TYPE); -+ rpmlogSetCallback(rpmcliverifysignatures_log_handler_cb, &rpm_error); -+ -+ // rpm doesn't provide any better API call than rpmcliVerifySignatures (which is for CLI): -+ // - use path_array as input argument -+ // - gather logs via callback because we don't want to print anything if check is successful -+ if (rpmcliVerifySignatures(ts, (char * const*) path_array)) { -+ g_set_error(error, -+ DNF_ERROR, -+ DNF_ERROR_GPG_SIGNATURE_INVALID, -+ "%s could not be verified.\n%s", -+ filename, -+ (rpm_error ? rpm_error->str : "UNKNOWN ERROR")); -+ goto out; -+ } - - /* read in the file */ - rc = rpmReadPackageFile(ts, fd, filename, &hdr); -@@ -313,6 +357,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring, - g_debug("%s has been verified as trusted", filename); - ret = TRUE; - out: -+ rpmlogSetCallback(NULL, NULL); -+ -+ if (path != NULL) -+ g_free(path); - if (dig != NULL) - pgpFreeDig(dig); - if (td != NULL) { --- -1.8.3.1 - diff --git a/libdnf-0.48.0.tar.gz b/libdnf-0.48.0.tar.gz deleted file mode 100644 index ceccfb4e09b3543a6df52909d1d05f60605636b2..0000000000000000000000000000000000000000 Binary files a/libdnf-0.48.0.tar.gz and /dev/null differ diff --git a/libdnf-0.65.0.tar.gz b/libdnf-0.65.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..aabcf8aa1d643edbf7ab58b82fde5a07a4b15b8d Binary files /dev/null and b/libdnf-0.65.0.tar.gz differ diff --git a/libdnf.spec b/libdnf.spec index 1d48cb1ca0c6be1618b762e4c39187262a778962..6093cefcd493dc644d2a0d7dbc67c7b4f140f646 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -1,7 +1,7 @@ -%global libsolv_version 0.7.7 -%global libmodulemd_version 2.5.0 -%global librepo_version 1.12.0 -%global dnf_conflict 4.2.23-6 +%global libsolv_version 0.7.20 +%global libmodulemd_version 2.13.0 +%global librepo_version 1.13.1 +%global dnf_conflict 4.3.0 %global swig_version 3.0.12 %global requires_python3_sphinx python3-sphinx @@ -17,15 +17,13 @@ %{nil} Name: libdnf -Version: 0.48.0 -Release: 3 +Version: 0.65.0 +Release: 1 Summary: Library providing simplified C and Python API to libsolv License: LGPLv2+ URL: https://github.com/rpm-software-management/libdnf Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch1: CVE-2021-3445.patch - BuildRequires: cmake gcc gcc-c++ libsolv-devel >= %{libsolv_version} gettext BuildRequires: pkgconfig(librepo) >= %{librepo_version} pkgconfig(check) BuildRequires: pkgconfig(gio-unix-2.0) >= 2.46.0 pkgconfig(gtk-doc) gpgme-devel @@ -65,7 +63,7 @@ Python 3 bindings for the libdnf library. %package -n python3-hawkey Summary: Python 3 bindings for the hawkey library %{?python_provide:%python_provide python3-hawkey} -BuildRequires: python3-devel python3-nose +BuildRequires: python3-devel Requires: %{name} = %{version}-%{release} Requires: python3-%{name} = %{version}-%{release} Conflicts: python3-dnf < %{dnf_conflict} @@ -120,6 +118,9 @@ popd %{python3_sitearch}/hawkey/ %changelog +* Sat Dec 25 2021 hanhui - 0.65.0-1 +- DESC:upgrade to libdnf-0.65.0 + * Thu Jul 15 2021 gaihuiying - 0.48.0-3 - Type:bugfix - ID:NA