!92 上游补丁回合

From: @disandai 
Reviewed-by: @anonymous_z 
Signed-off-by: @anonymous_z

add-loongarch-support-for-libdnf.patch

@@ -0,0 +1,26 @@
+From 8e3be218d3b2e5e4a1ab549f561650754cb926e5 Mon Sep 17 00:00:00 2001
+From: konglidong <konglidong@uniontech.com>
+Date: Tue, 18 Jul 2023 14:56:23 +0800
+Subject: [PATCH 1/2] add loongarch support for libdnf
+
+Signed-off-by: konglidong <konglidong@uniontech.com>
+---
+ libdnf/dnf-context.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp
+index 91df0bd..e0eb163 100644
+--- a/libdnf/dnf-context.cpp
++++ b/libdnf/dnf-context.cpp
+@@ -111,6 +111,8 @@ static const struct {
+     { "sparc",      { "sparc", "sparc64", "sparc64v", "sparcv8",
+                       "sparcv9", "sparcv9v", NULL } },
+     { "x86_64",     { "x86_64", "amd64", "ia32e", NULL } },
++    { "loongarch32",    { "loongarch32", NULL } },
++    { "loongarch64",    { "loongarch64", NULL } },
+     { NULL,         { NULL } }
+ };
+ 
+-- 
+2.20.1
+

add-sw_64-support-for-libdnf.patch

@@ -0,0 +1,25 @@
+From f1d90ec3a9da8207e42e8afda3a6f9ec9ad5449c Mon Sep 17 00:00:00 2001
+From: konglidong <konglidong@uniontech.com>
+Date: Tue, 18 Jul 2023 15:11:18 +0800
+Subject: [PATCH] add sw_64 support for libdnf
+
+Signed-off-by: konglidong <konglidong@uniontech.com>
+---
+ libdnf/dnf-context.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp
+index 91df0bd..48e7747 100644
+--- a/libdnf/dnf-context.cpp
++++ b/libdnf/dnf-context.cpp
+@@ -111,6 +111,7 @@ static const struct {
+     { "sparc",      { "sparc", "sparc64", "sparc64v", "sparcv8",
+                       "sparcv9", "sparcv9v", NULL } },
+     { "x86_64",     { "x86_64", "amd64", "ia32e", NULL } },
++    { "sw_64",      { "sw_64", NULL } },
+     { NULL,         { NULL } }
+ };
+ 
+-- 
+2.20.1
+

backport-Fix-a-memory-leak-in-glob_for_cachedir.patch

@@ -0,0 +1,53 @@
+From b245193e881912cf730b53ece74c410ef573e292 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Wed, 17 Jul 2024 09:30:59 +0200
+Subject: [PATCH 1/1] Fix a memory leak in glob_for_cachedir()
+
+Covscan complains:
+
+    Error: RESOURCE_LEAK (CWE-772): [#def1] [important]
+    libdnf-0.73.1/libdnf/hy-iutil.cpp:100:5: alloc_arg: "wordexp" allocates memory that is stored into "word_vector.we_wordv".
+    libdnf-0.73.1/libdnf/hy-iutil.cpp:102:9: leaked_storage: Variable "word_vector" going out of scope leaks the storage "word_vector.we_wordv" points to.
+    #  100|       if (wordexp(p, &word_vector, 0)) {
+    #  101|           g_free(p);
+    #  102|->         return ret;
+    #  103|       }
+    #  104|       for (guint i = 0; i < word_vector.we_wordc; ++i) {
+
+The issue is that Covscan model thinks that word_vector should be
+freed after failing wordexp(). glibc's manual does not explain whether
+it is or isn't necessary. However, POSIX manual mentions that the
+memory is valid on WRDE_NOSPACE (not enough memory) error. Reading
+glibc sources confirms that wordexp() on any error except of
+WRDE_NOSPACE cleans up and returns original, intact word_vector.
+
+Therefore I recognize the missing wordfree() call as an error and
+this patch fixed it.
+---
+ libdnf/hy-iutil.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libdnf/hy-iutil.cpp b/libdnf/hy-iutil.cpp
+index 43314c60..4848c9f7 100644
+--- a/libdnf/hy-iutil.cpp
++++ b/libdnf/hy-iutil.cpp
+@@ -89,7 +89,7 @@ glob_for_cachedir(char *path)
+     if (!g_str_has_suffix(path, "XXXXXX"))
+         return ret;
+ 
+-    wordexp_t word_vector;
++    wordexp_t word_vector = {0};
+     char *p = g_strdup(path);
+     const int len = strlen(p);
+     struct stat s;
+@@ -98,6 +98,7 @@ glob_for_cachedir(char *path)
+     p[len-6] = '*';
+     p[len-5] = '\0';
+     if (wordexp(p, &word_vector, 0)) {
++        wordfree(&word_vector);
+         g_free(p);
+         return ret;
+     }
+-- 
+2.25.1
+

backport-Fix-countme-bucket-calculation.patch

@@ -0,0 +1,130 @@
+From a7ef27917f01b32e44d0a5bbf7b06104f8275ec5 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Wed, 8 May 2024 12:05:21 +0200
+Subject: [PATCH] Fix countme bucket calculation
+
+Actually use the system's installation time (if known) as the reference
+point, instead of the first-ever countme event recorded for the given
+repo.
+
+This is what the dnf.conf(5) man page always said about the countme
+option, the code just never lived up to that.
+
+This makes bucket calculation more accurate:
+
+1. System upgrades will no longer reset the bucket to 1 (this used to be
+   the case due to a new persistdir being created whenever $releasever
+   changed).
+
+2. Systems that only reach out to the repos after an initial time period
+   after being installed will no longer appear younger than they really
+   are.
+
+3. Prebuilt OS images that happen to include countme cookies created at
+   build time will no longer cause all the instances spawned from those
+   images (physical machines, VMs or containers) to appear older than
+   they really are.
+
+Use the machine-id(5) file's mtime to infer the installation time.  This
+file is semantically tied to the system's lifetime since it's typically
+populated at installation time or during the first boot by an installer
+tool or init system, respectively, and remains unchanged.
+
+The fact that it's a well-defined file with clear semantics ensures that
+OS images won't accidentally include a prepopulated version of this file
+with a timestamp corresponding to the image build, unlike our own cookie
+files (see point 3 above).
+
+In some cases, such as in OCI containers without an init system running,
+the machine-id file may be missing or empty, even though the system is
+still used long-term.  To cover those, keep the original, relative epoch
+as a fallback method.  System upgrades aren't really a thing for such
+systems so the above point 1 doesn't apply here.
+
+Some containers, such as those created by toolbox(1), may also choose to
+bind-mount the host's machine-id file, thus falling into the same bucket
+as their host.  Conveniently, that's what we want, since the purpose of
+such containers is to blend with the host as much as possible.
+
+Fixes: #1611
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/libdnf/commit/a7ef27917f01b32e44d0a5bbf7b06104f8275ec5
+---
+ libdnf/repo/Repo-private.hpp |  1 +
+ libdnf/repo/Repo.cpp         | 34 +++++++++++++++++++++++++++++++++-
+ 2 files changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/libdnf/repo/Repo-private.hpp b/libdnf/repo/Repo-private.hpp
+index 1f659e6fb..88cadf7d6 100644
+--- a/libdnf/repo/Repo-private.hpp
++++ b/libdnf/repo/Repo-private.hpp
+@@ -91,6 +91,7 @@ class Repo::Impl {
+     void fetch(const std::string & destdir, std::unique_ptr<LrHandle> && h);
+     std::string getCachedir() const;
+     std::string getPersistdir() const;
++    time_t getSystemEpoch() const;
+     int getAge() const;
+     void expire();
+     bool isExpired() const;
+diff --git a/libdnf/repo/Repo.cpp b/libdnf/repo/Repo.cpp
+index 40b0b68ec..ead986189 100644
+--- a/libdnf/repo/Repo.cpp
++++ b/libdnf/repo/Repo.cpp
+@@ -900,7 +900,7 @@ void Repo::Impl::addCountmeFlag(LrHandle *handle) {
+     // Load the cookie
+     std::string fname = getPersistdir() + "/" + COUNTME_COOKIE;
+     int ver = COUNTME_VERSION;      // file format version (for future use)
+-    time_t epoch = 0;               // position of first-ever counted window
++    time_t epoch = 0;               // position of first observed window
+     time_t win = COUNTME_OFFSET;    // position of last counted window
+     int budget = -1;                // budget for this window (-1 = generate)
+     std::ifstream(fname) >> ver >> epoch >> win >> budget;
+@@ -926,8 +926,15 @@ void Repo::Impl::addCountmeFlag(LrHandle *handle) {
+ 
+         // Compute the position of this window
+         win = now - (delta % COUNTME_WINDOW);
++
++        // Compute the epoch from this system's epoch or, if unknown, declare
++        // this window as the epoch (unless stored in the cookie previously).
++        time_t sysepoch = getSystemEpoch();
++        if (sysepoch)
++            epoch = sysepoch - ((sysepoch - COUNTME_OFFSET) % COUNTME_WINDOW);
+         if (!epoch)
+             epoch = win;
++
+         // Window step (0 at epoch)
+         int step = (win - epoch) / COUNTME_WINDOW;
+ 
+@@ -1221,6 +1228,31 @@ std::string Repo::Impl::getPersistdir() const
+     return result;
+ }
+ 
++/* Returns this system's installation time ("epoch") as a UNIX timestamp.
++ *
++ * Uses the machine-id(5) file's mtime as a good-enough source of truth.  This
++ * file is typically tied to the system's installation or first boot where it's
++ * populated by an installer tool or init system, respectively, and is never
++ * changed afterwards.
++ *
++ * Some systems, such as containers that don't run an init system, may have the
++ * file missing, empty or uninitialized, in which case this function returns 0.
++ */
++time_t Repo::Impl::getSystemEpoch() const
++{
++    std::string filename = "/etc/machine-id";
++    std::string id;
++    struct stat st;
++
++    if (stat(filename.c_str(), &st) != 0 || !st.st_size)
++        return 0;
++    std::ifstream(filename) >> id;
++    if (id == "uninitialized")
++        return 0;
++
++    return st.st_mtime;
++}
++
+ int Repo::Impl::getAge() const
+ {
+     return time(NULL) - mtime(getMetadataPath(MD_TYPE_PRIMARY).c_str());

backport-Fix-up-some-comments-in-addCountmeFlag.patch

@@ -0,0 +1,39 @@
+From a41a2803dc8b24c83ed85718746fa97c1502de3d Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Wed, 8 May 2024 12:05:16 +0200
+Subject: [PATCH] Fix up some comments in addCountmeFlag()
+
+The buckets aren't really an array that's indexed in the code, they're
+just sequential numbers for the URL flag.  Also clarify why we're using
+"this window" instead of "the current position of the sliding window" in
+the comments.
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/libdnf/commit/a41a2803dc8b24c83ed85718746fa97c1502de3d
+---
+ libdnf/repo/Repo.cpp | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libdnf/repo/Repo.cpp b/libdnf/repo/Repo.cpp
+index 73a3d7b42..40b0b68ec 100644
+--- a/libdnf/repo/Repo.cpp
++++ b/libdnf/repo/Repo.cpp
+@@ -873,6 +873,9 @@ void Repo::Impl::addCountmeFlag(LrHandle *handle) {
+      * This is to align the time window with an absolute point in time rather
+      * than the last counting event (which could facilitate tracking across
+      * multiple such events).
++     *
++     * In the below comments, the window's current position will be referred to
++     * as "this window" for brevity.
+      */
+     auto logger(Log::getLogger());
+ 
+@@ -933,7 +936,7 @@ void Repo::Impl::addCountmeFlag(LrHandle *handle) {
+         for (i = 0; i < COUNTME_BUCKETS.size(); ++i)
+             if (step < COUNTME_BUCKETS[i])
+                 break;
+-        int bucket = i + 1;  // Buckets are indexed from 1
++        int bucket = i + 1;  // Buckets are numbered from 1
+ 
+         // Set the flag
+         std::string flag = "countme=" + std::to_string(bucket);

backport-subject-py-Fix-memory-leak.patch

@@ -0,0 +1,29 @@
+From fd284bda6f7430b2e939f95c6836c972e22a2eb4 Mon Sep 17 00:00:00 2001
+From: Marek Blaha <mblaha@redhat.com>
+Date: Tue, 26 Mar 2024 14:09:47 +0100
+Subject: [PATCH 293/300] subject-py: Fix memory leak
+
+Posible memory leak was detected in get_best_solution() method.
+---
+ python/hawkey/subject-py.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/python/hawkey/subject-py.cpp b/python/hawkey/subject-py.cpp
+index a88d572a..3e1919e7 100644
+--- a/python/hawkey/subject-py.cpp
++++ b/python/hawkey/subject-py.cpp
+@@ -361,8 +361,10 @@ get_best_solution(_SubjectObject *self, PyObject *args, PyObject *kwds)
+     HyNevra nevra{nullptr};
+ 
+     UniquePtrPyObject q(get_solution(self, args, kwds, &nevra));
+-    if (!q)
++    if (!q) {
++        delete nevra;
+         return NULL;
++    }
+     PyObject *ret_dict = PyDict_New();
+     PyDict_SetItem(ret_dict, PyString_FromString("query"), q.get());
+     if (nevra) {
+-- 
+2.33.0
+

fix-to-avoid-add-duplicates-via-different-action.patch

@@ -0,0 +1,13 @@
+diff -ruNa libdnf-0.48.0-org/libdnf/transaction/private/Transaction.cpp libdnf-0.48.0/libdnf/transaction/private/Transaction.cpp
+--- libdnf-0.48.0-org/libdnf/transaction/private/Transaction.cpp	2021-12-07 15:39:58.903047892 +0800
++++ libdnf-0.48.0/libdnf/transaction/private/Transaction.cpp	2021-12-07 15:43:19.983719534 +0800
+@@ -169,9 +169,6 @@
+         if (i->getRepoid() != repoid) {
+             continue;
+         }
+-        if (i->getAction() != action) {
+-            continue;
+-        }
+         if (reason > i->getReason()) {
+             // use the more significant reason
+             i->setReason(reason);

libdnf.spec

@@ -20,7 +20,7 @@
 
 Name:                      libdnf
 Version:                   0.48.0
-Release:                   3
+Release:                   8
 Summary:                   Library providing simplified C and Python API to libsolv
 License:                   LGPLv2+
 URL:                       https://github.com/rpm-software-management/libdnf
@@ -28,6 +28,19 @@ Source0:                   %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
 Patch0:                    fix-python2-no-format-arguments-error.patch
 Patch1:                    CVE-2021-3445.patch
+%if %{?openEuler:1}0
+Patch2:                    fix-to-avoid-add-duplicates-via-different-action.patch
+%endif
+%ifarch loongarch64
+Patch3:                    add-loongarch-support-for-libdnf.patch
+%endif
+%ifarch sw_64
+Patch4:                    add-sw_64-support-for-libdnf.patch
+%endif
+Patch6001:                 backport-Fix-countme-bucket-calculation.patch
+Patch6002:                 backport-Fix-up-some-comments-in-addCountmeFlag.patch
+Patch6003:                 backport-subject-py-Fix-memory-leak.patch 
+Patch6004:                 backport-Fix-a-memory-leak-in-glob_for_cachedir.patch
 
 BuildRequires:             cmake gcc gcc-c++ libsolv-devel >= %{libsolv_version} gettext
 BuildRequires:             pkgconfig(librepo) >= %{librepo_version} pkgconfig(check)              
@@ -208,6 +221,24 @@ popd
 %endif
 
 %changelog
+* Mon Jul 29 2024 Wenhua Huang <huangwenhua@Kylinos.cn> - 0.48.0-8
+- Fix a memory leak in glob_for_cachedir()
+
+* Tue Jul 23 2024 LuWu <2398491106@qq.com> - 0.48.0-7
+- Fix memory leak detected in get_best_solution() method 
+
+* Wed Jul 17 2024 LuWu <2398491106@qq.com> - 0.48.0-6
+- Fix countme bucket calculation
+
+* Tue Jul 18 2023 konglidong <konglidong@uniontech.com> - 0.48.0-5
+- Add loongarch and sw_64 support for libdnf
+
+* Tue Dec 07 2021 gaihuiying <gaihuiying1@huawei.com> - 0.48.0-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:avoid adding duplicates via different action
+
 * Thu Jul 15 2021 gaihuiying <gaihuiying1@huawei.com> - 0.48.0-3
 - Type:bugfix
 - ID:NA