packages/librepo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:a2a8e83752c819722d9bfc4b0da3b4e539c1af92
Branches Tags
packages:main
...
compare: packages:6b0da4fba558e66b2f59d3989025d37006bdbfd4
Branches Tags
packages:main

10 Commits
a2a8e83752 ... 6b0da4fba5

Author SHA1 Message Date
openeuler-ci-bot
6b0da4fba5
!37 回合上游补丁 
From: @pshysimon 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-10-22 08:22:34 +00:00
Pshysimon
d3717c3c02 backport upstream commits, fix memory leak 2024-10-21 20:32:18 +08:00
openeuler-ci-bot
d8df9793e6 !18 [Backport]librepo:[add] backport patches from upstream 
From: @fly_fzc
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
 2021-05-29 11:32:43 +08:00
fuanan
d9b87861b1 [Backport]librepo:[add] backport patches from upstream 2021-05-29 10:57:20 +08:00
openeuler-ci-bot
040691b95b !15 Fix CVE-2020-14352 
From: @fly_fzc
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
 2021-01-25 19:43:35 +08:00
fuanan
1d8e2cb466 Fix CVE-2020-14352 2021-01-25 10:41:19 +08:00
openeuler-ci-bot
b24ae4a76d !4 upgrade librepo to 1.12.0 on branch 20.03-LTS. 
Merge pull request !4 from Sdrkun/openEuler-20.03-LTS
 2020-08-10 10:00:31 +08:00
Sdrkun
eac630641c upgrade librepo to 1.12.0. 2020-08-04 22:23:24 +08:00
openeuler-ci-bot
9ebda232bb !1 update to 1.11.0 
Merge pull request !1 from Anonymous_Z/anonymous_z
 2020-01-09 21:24:58 +08:00
zhangrui
5fee33f20e update to 1.11.0 2020-01-08 20:05:51 +08:00
10 changed files with 433 additions and 51 deletions
Show Stats Expand all files Collapse all files

50
backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch Normal file
View File

@ -0,0 +1,50 @@
From 7daea2a2429a54dad68b1de9b37a5f65c5cf2600 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Wed, 12 Aug 2020 08:35:28 +0200
Subject: [PATCH] Validate path read from repomd.xml (RhBug:1868639)
= changelog =
msg: Validate path read from repomd.xml
type: security
---
librepo/yum.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/librepo/yum.c b/librepo/yum.c
index 3059188..529257b 100644
--- a/librepo/yum.c
+++ b/librepo/yum.c
@@ -23,6 +23,7 @@
#define BITS_IN_BYTE 8
#include <stdio.h>
+#include <libgen.h>
#include <assert.h>
#include <stdlib.h>
#include <errno.h>
@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle,
continue;
char *location_href = record->location_href;
+
+ char *dest_dir = realpath(handle->destdir, NULL);
+ path = lr_pathconcat(handle->destdir, record->location_href, NULL);
+ char *requested_dir = realpath(dirname(path), NULL);
+ lr_free(path);
+ if (!g_str_has_prefix(requested_dir, dest_dir)) {
+ g_debug("%s: Invalid path: %s", __func__, location_href);
+ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href);
+ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free);
+ free(requested_dir);
+ free(dest_dir);
+ return FALSE;
+ }
+ free(requested_dir);
+ free(dest_dir);
+
gboolean is_zchunk = FALSE;
#ifdef WITH_ZCHUNK
if (handle->cachedir && record->header_checksum)
--
1.8.3.1

69
backport-Fix-a-memory-leak-in-select_next_target.patch Normal file
View File

@ -0,0 +1,69 @@
From 3c85711f35b987bd0ce17dd0fbaa0d9f2521c444 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 11 Jul 2024 15:40:03 +0200
Subject: [PATCH] Fix a memory leak in select_next_target()
If a next target URL was found (non-NULL full_url) and then a transfer was
canceled or an off-line mode was requested, full_url string was not freed and a
memory leaked.
Discovered with Covscan:
16. librepo-1.18.0/librepo/downloader.c:891:13: alloc_fn: Storage is returned from allocation function "g_strdup_inline".
17. librepo-1.18.0/librepo/downloader.c:891:13: var_assign: Assigning: "full_url" = storage returned from "g_strdup_inline(target->target->path)".
22. librepo-1.18.0/librepo/downloader.c:919:9: noescape: Resource "full_url" is not freed or pointed-to in "lr_is_local_path".
24. librepo-1.18.0/librepo/downloader.c:924:13: noescape: Assuming resource "full_url" is not freed or pointed-to as ellipsis argument to "g_debug".
28. librepo-1.18.0/librepo/downloader.c:956:17: leaked_storage: Variable "full_url" going out of scope leaks the storage it points to.
# 954| "and no local URL is available",
# 955| target->target->path);
# 956|-> return FALSE;
# 957| }
# 958| }
16. librepo-1.18.0/librepo/downloader.c:891:13: alloc_fn: Storage is returned from allocation function "g_strdup_inline".
17. librepo-1.18.0/librepo/downloader.c:891:13: var_assign: Assigning: "full_url" = storage returned from "g_strdup_inline(target->target->path)".
22. librepo-1.18.0/librepo/downloader.c:919:9: noescape: Resource "full_url" is not freed or pointed-to in "lr_is_local_path".
24. librepo-1.18.0/librepo/downloader.c:924:13: noescape: Assuming resource "full_url" is not freed or pointed-to as ellipsis argument to "g_debug".
27. librepo-1.18.0/librepo/downloader.c:946:21: leaked_storage: Variable "full_url" going out of scope leaks the storage it points to.
# 944| g_set_error(err, LR_DOWNLOADER_ERROR, LRE_CBINTERRUPTED,
# 945| "Interrupted by LR_CB_ERROR from end callback");
# 946|-> return FALSE;
# 947| }
# 948| }
This patch fixes it.
The bug was introduced in 1.7.14 version
(08e4810fcdd753ce4728bd88b252f7b3d34b2cdb commit).
Reference:https://github.com/rpm-software-management/librepo/commit/3c85711f35b987bd0ce17dd0fbaa0d9f2521c444
Conflict:no
---
librepo/downloader.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/librepo/downloader.c b/librepo/downloader.c
index 364c0af..40dbeb2 100644
--- a/librepo/downloader.c
+++ b/librepo/downloader.c
@@ -943,6 +943,7 @@ select_next_target(LrDownload *dd,
"from end callback", __func__);
g_set_error(err, LR_DOWNLOADER_ERROR, LRE_CBINTERRUPTED,
"Interrupted by LR_CB_ERROR from end callback");
+ g_free(full_url);
return FALSE;
}
}
@@ -953,6 +954,7 @@ select_next_target(LrDownload *dd,
"Cannot download %s: Offline mode is specified "
"and no local URL is available",
target->target->path);
+ g_free(full_url);
return FALSE;
}
}
--
2.33.0

32
backport-Fix-lr_fastestmirror_prepare-Resource-leaks.patch Normal file
View File

@ -0,0 +1,32 @@
From 9e9b29a8447403890bea6586804206e1060c27d1 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 6 May 2021 17:34:16 +0200
Subject: [PATCH] Fix: lr_fastestmirror_prepare: Resource leaks
---
librepo/fastestmirror.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/librepo/fastestmirror.c b/librepo/fastestmirror.c
index afa1f22..348483a 100644
--- a/librepo/fastestmirror.c
+++ b/librepo/fastestmirror.c
@@ -352,6 +352,7 @@ lr_fastestmirror_prepare(LrHandle *handle,
g_set_error(err, LR_FASTESTMIRROR_ERROR, LRE_CURL,
"curl_easy_setopt(_, CURLOPT_URL, %s) failed: %s",
url, curl_easy_strerror(curlcode));
+ curl_easy_cleanup(curlh);
ret = FALSE;
break;
}
@@ -361,6 +362,7 @@ lr_fastestmirror_prepare(LrHandle *handle,
g_set_error(err, LR_FASTESTMIRROR_ERROR, LRE_CURL,
"curl_easy_setopt(_, CURLOPT_CONNECT_ONLY, 1) failed: %s",
curl_easy_strerror(curlcode));
+ curl_easy_cleanup(curlh);
ret = FALSE;
break;
}
--
1.8.3.1

26
backport-Fix-lr_get_curl_handle-Check-curl_easy-handle-before.patch Normal file
View File

@ -0,0 +1,26 @@
From f889cdba3b71eec66c3f9756b11b709f74f8b388 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 6 May 2021 17:54:11 +0200
Subject: [PATCH] Fix: lr_get_curl_handle: Check curl_easy handle before use
---
librepo/handle.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/librepo/handle.c b/librepo/handle.c
index d59aad9..8db9c16 100644
--- a/librepo/handle.c
+++ b/librepo/handle.c
@@ -56,6 +56,9 @@ lr_get_curl_handle()
lr_global_init();
h = curl_easy_init();
+ if (!h)
+ return NULL;
+
curl_easy_setopt(h, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(h, CURLOPT_MAXREDIRS, 6);
curl_easy_setopt(h, CURLOPT_CONNECTTIMEOUT, LRO_CONNECTTIMEOUT_DEFAULT);
--
1.8.3.1

44
backport-Fix-memory-leaks.patch Normal file
View File

@ -0,0 +1,44 @@
From 2e905e313c80a2b6b187a3b3e831e2e291f9a1eb Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 23 Mar 2021 19:31:51 +0100
Subject: [PATCH] Fix: memory leaks
---
librepo/metadata_downloader.c | 1 +
librepo/yum.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/librepo/metadata_downloader.c b/librepo/metadata_downloader.c
index fa05cc1..be6fe68 100644
--- a/librepo/metadata_downloader.c
+++ b/librepo/metadata_downloader.c
@@ -307,6 +307,7 @@ create_repomd_xml_download_targets(GSList *targets,
(*fd_list) = appendFdValue((*fd_list), fd);
(*paths) = appendPath((*paths), path);
+ lr_free(path);
}
}
diff --git a/librepo/yum.c b/librepo/yum.c
index 4198d4a..7a26a8b 100644
--- a/librepo/yum.c
+++ b/librepo/yum.c
@@ -875,12 +875,14 @@ error_handling(GSList *targets, GError **dest_error, GError *src_error)
target->err,
NULL);
} else {
+ char *tmp = error_summary;
error_summary = g_strconcat(error_summary,
"; ",
target->path,
" - ",
target->err,
NULL);
+ g_free(tmp);
}
}
--
1.8.3.1

56
backport-Remove-may-be-used-uninitialized-compiler-warnings.patch Normal file
View File

@ -0,0 +1,56 @@
From ac36c6a4269f25878b838825590e37c3bdcd67c8 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 6 May 2021 18:16:38 +0200
Subject: [PATCH] Remove "may be used uninitialized" compiler warnings
warning: 'path' may be used uninitialized in this function
[-Wmaybe-uninitialized]
warning: 'file_basename' may be used uninitialized in this function
[-Wmaybe-uninitialized]
---
librepo/handle.c | 6 ++----
librepo/package_downloader.c | 3 +--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/librepo/handle.c b/librepo/handle.c
index c44ec61..8ac7234 100644
--- a/librepo/handle.c
+++ b/librepo/handle.c
@@ -905,8 +905,7 @@ lr_handle_prepare_mirrorlist(LrHandle *handle, gchar *localpath, GError **err)
return TRUE;
} else if (localpath && !handle->mirrorlisturl) {
// Just try to use mirrorlist of the local repository
- _cleanup_free_ gchar *path;
- path = lr_pathconcat(localpath, "mirrorlist", NULL);
+ _cleanup_free_ gchar *path = lr_pathconcat(localpath, "mirrorlist", NULL);
if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
g_debug("%s: Local mirrorlist found at %s", __func__, path);
@@ -1021,8 +1020,7 @@ lr_handle_prepare_metalink(LrHandle *handle, gchar *localpath, GError **err)
return TRUE;
} else if (localpath && !handle->metalinkurl) {
// Just try to use metalink of the local repository
- _cleanup_free_ gchar *path;
- path = lr_pathconcat(localpath, "metalink.xml", NULL);
+ _cleanup_free_ gchar *path = lr_pathconcat(localpath, "metalink.xml", NULL);
if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
g_debug("%s: Local metalink.xml found at %s", __func__, path);
diff --git a/librepo/package_downloader.c b/librepo/package_downloader.c
index 509f2a0..adea459 100644
--- a/librepo/package_downloader.c
+++ b/librepo/package_downloader.c
@@ -547,8 +547,7 @@ lr_check_packages(GSList *targets,
if (packagetarget->dest) {
if (g_file_test(packagetarget->dest, G_FILE_TEST_IS_DIR)) {
// Dir specified
- _cleanup_free_ gchar *file_basename;
- file_basename = g_path_get_basename(packagetarget->relative_url);
+ _cleanup_free_ gchar *file_basename = g_path_get_basename(packagetarget->relative_url);
local_path = g_build_filename(packagetarget->dest,
file_basename,
--
1.8.3.1

57
backport-lr_get_curl_handle-Strict-check-of-curl_easy_setopt-.patch Normal file
View File

@ -0,0 +1,57 @@
From bb7b40faae33b3b764429267df0f7c26c9f468b1 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 6 May 2021 17:59:00 +0200
Subject: [PATCH] lr_get_curl_handle: Strict check of `curl_easy_setopt` return
code
---
librepo/handle.c | 31 ++++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/librepo/handle.c b/librepo/handle.c
index 8db9c16..c44ec61 100644
--- a/librepo/handle.c
+++ b/librepo/handle.c
@@ -59,17 +59,30 @@ lr_get_curl_handle()
if (!h)
return NULL;
- curl_easy_setopt(h, CURLOPT_FOLLOWLOCATION, 1);
- curl_easy_setopt(h, CURLOPT_MAXREDIRS, 6);
- curl_easy_setopt(h, CURLOPT_CONNECTTIMEOUT, LRO_CONNECTTIMEOUT_DEFAULT);
- curl_easy_setopt(h, CURLOPT_LOW_SPEED_TIME, LRO_LOWSPEEDTIME_DEFAULT);
- curl_easy_setopt(h, CURLOPT_LOW_SPEED_LIMIT, LRO_LOWSPEEDLIMIT_DEFAULT);
- curl_easy_setopt(h, CURLOPT_SSL_VERIFYHOST, 2);
- curl_easy_setopt(h, CURLOPT_SSL_VERIFYPEER, 1);
- curl_easy_setopt(h, CURLOPT_FTP_USE_EPSV, LRO_FTPUSEEPSV_DEFAULT);
- curl_easy_setopt(h, CURLOPT_FILETIME, 0);
+ if (curl_easy_setopt(h, CURLOPT_FOLLOWLOCATION, 1) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_MAXREDIRS, 6) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_CONNECTTIMEOUT, LRO_CONNECTTIMEOUT_DEFAULT) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_LOW_SPEED_TIME, LRO_LOWSPEEDTIME_DEFAULT) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_LOW_SPEED_LIMIT, LRO_LOWSPEEDLIMIT_DEFAULT) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_SSL_VERIFYHOST, 2) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_SSL_VERIFYPEER, 1) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_FTP_USE_EPSV, LRO_FTPUSEEPSV_DEFAULT) != CURLE_OK)
+ goto err;
+ if (curl_easy_setopt(h, CURLOPT_FILETIME, 0) != CURLE_OK)
+ goto err;
return h;
+
+err:
+ curl_easy_cleanup(h);
+ return NULL;
}
void
--
1.8.3.1

BIN
librepo-1.12.0.tar.gz Normal file
View File

Binary file not shown.

BIN
librepo-1.9.1.tar.gz
View File

Binary file not shown.

150
librepo.spec
View File

@ -1,51 +1,66 @@
%global libcurl_version 7.28.0
%global dnf_conflict 2.8.8
Name: librepo
Version: 1.9.1
Release: 2
Summary: Repodata downloading library
License: LGPLv2.1
URL: https://github.com/rpm-software-management/librepo
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%bcond_without python3
%bcond_without pythontests
%bcond_with python2
%bcond_with zchunk
BuildRequires: cmake gcc doxygen pkgconfig(glib-2.0)
BuildRequires: check-devel gpgme-devel libattr-devel
BuildRequires: libcurl-devel >= 7.19.0
BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libcrypto) pkgconfig(openssl)
Name: librepo
Version: 1.12.0
Release: 4
Summary: Repodata downloading library
License: LGPLv2+
URL: https://github.com/rpm-software-management/librepo
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0: backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch
Patch1: backport-Fix-memory-leaks.patch
Patch2: backport-Fix-lr_fastestmirror_prepare-Resource-leaks.patch
Patch3: backport-Fix-lr_get_curl_handle-Check-curl_easy-handle-before.patch
Patch4: backport-lr_get_curl_handle-Strict-check-of-curl_easy_setopt-.patch
Patch5: backport-Remove-may-be-used-uninitialized-compiler-warnings.patch
Patch6: backport-Fix-a-memory-leak-in-select_next_target.patch
BuildRequires: cmake check-devel doxygen pkgconfig(glib-2.0) gcc
BuildRequires: libcurl-devel >= %{libcurl_version} pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(openssl) gpgme-devel libattr-devel pkgconfig(libcrypto)
Requires: libcurl >= %{libcurl_version}
%description
A library providing C and Python (libcURL like) API to downloading packages
and linux repository metadata in rpm-md format.
A library providing C and Python (libcURL like) API to downloading repository
metadata.
%package devel
Summary: Repodata downloading library
Requires: %{name}%{?_isa} = %{version}-%{release}
%package devel
Summary: Repodata downloading library
Requires: %{name} = %{version}-%{release}
%description devel
Development files for librepo.
%package -n python2-%{name}
Summary: Python 2 bindings for the librepo library
%if %{with python2}
%package -n python2-librepo
Summary: Python bindings for the librepo library
%{?python_provide:%python_provide python2-%{name}}
BuildRequires: python2-gpg python2-devel python2-flask
BuildRequires: python2-nose python2-sphinx python2-pyxattr
Requires: %{name}%{?_isa} = %{version}-%{release}
Obsoletes: platform-python-%{name} < %{version}-%{release}
Conflicts: python2-dnf < %{dnf_conflict}
BuildRequires: python2-sphinx python2-devel python2-flask python2-nose
BuildRequires: python2-requests python2-pyxattr python2-gpg
Requires: %{name} = %{version}-%{release}
Conflicts: python2-dnf < %{dnf_conflict}
%description -n python2-%{name}
Python 2 bindings for the librepo library.
%endif
%package -n python3-%{name}
Summary: Python 3 bindings for the librepo library
%package -n python3-librepo
Summary: Python 3 bindings for the librepo library
%{?python_provide:%python_provide python3-%{name}}
BuildRequires: python3-gpg python3-devel python3-flask
BuildRequires: python3-nose python3-sphinx python3-pyxattr
Requires: %{name}%{?_isa} = %{version}-%{release}
Obsoletes: platform-python-%{name} < %{version}-%{release}
Conflicts: python3-dnf < %{dnf_conflict}
BuildRequires: python3-devel python3-gpg python3-flask python3-nose
BuildRequires: python3-pyxattr python3-requests python3-sphinx
Requires: %{name} = %{version}-%{release}
Obsoletes: platform-python-%{name} < %{version}-%{release}
Conflicts: python3-dnf < %{dnf_conflict}
%description -n python3-%{name}
%description -n python3-%{name}
Python 3 bindings for the librepo library.
%prep
@ -55,35 +70,47 @@ mkdir build-py2
mkdir build-py3
%build
cd build-py2
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python2} ..
%if %{with python2}
pushd build-py2
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python2} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} ..
%make_build
cd ..
popd
%endif
cd build-py3
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python3} ..
%if %{with python3}
pushd build-py3
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python3} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} ..
%make_build
cd ..
popd
%endif
%check
cd build-py2
%if %{with python2}
pushd build-py2
#ctest -VV
make ARGS="-V" test
cd ..
popd
%endif
cd build-py3
%if %{with python3}
pushd build-py3
#ctest -VV
make ARGS="-V" test
cd ..
popd
%endif
%install
cd build-py2
%if %{with python2}
pushd build-py2
%make_install
cd ..
popd
%endif
cd build-py3
%if %{with python3}
pushd build-py3
%make_install
cd ..
popd
%endif
%ldconfig_scriptlets
@ -97,15 +124,36 @@ cd ..
%{_libdir}/pkgconfig/%{name}.pc
%{_includedir}/%{name}/
%if %{with python2}
%files -n python2-%{name}
%{python2_sitearch}/%{name}/
%endif
%if %{with python3}
%files -n python3-%{name}
%{python3_sitearch}/%{name}/
%endif
%changelog
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.1-2
- Support python2
* Mon Oct 21 2024 caixiaomeng <caixiaomeng2@huawei.com> - 1.12.0-4
- backport upstream commits, fix memory leak
* Fri Aug 17 2018 openEuler Buildteam <buildteam@openeuler.org> - 1.9.1-1
- Package init
* Sat May 29 2021 fuanan <fuanan3@huawei.com> - 1.12.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:[add] backport patches from upstream
Fix:memory leaks
Fix:lr_fastestmirror_prepare:Resource leaks
Fix:lr_get_curl_handle:Check curl_easy handle before use
lr_get_curl_handle:Strict check of curl_easy_setopt return code
Remove "may be used uninitialized" compiler warnings
* Mon Jan 25 2021 fuanan <fuanan3@huawei.com> - 1.12.0-2
- fix CVE-2020-14352
* Tue Aug 04 2020 shanzhikun <shanzhikun@huawei.com> - 1.12.0-1
- upgrade librepo to 1.12.0.
* Tue Jan 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.11.0-2
- Pakcage init