!20 backport patches

From: @quanhongfei
Reviewed-by: @anonymous_z
Signed-off-by: @anonymous_z

Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch

@@ -0,0 +1,31 @@
+From 8615575144e6fd3d708a30983ed2415db479ef4c Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Thu, 8 Apr 2021 12:17:09 +0200
+Subject: [PATCH] Fix: Memory leaks in SWIG generated code (for Python)
+
+There were memory leaks in the `Chksum_from_bin`, `Chksum_add`,
+`SolvFp_write` functions wrapper for Python.
+
+The problem was in "freearg" typemap argument defined in "solv.i".
+Therefore, the typemap was not applied.
+
+Conflict: NA
+Reference: https://github.com/openSUSE/libsolv/commit/8615575144e6fd3d708a30983ed2415db479ef4c
+
+---
+ bindings/solv.i | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings/solv.i b/bindings/solv.i
+index 1882b135..3bbeca04 100644
+--- a/bindings/solv.i
++++ b/bindings/solv.i
+@@ -63,7 +63,7 @@ typedef struct {
+   $2 = size;
+ }
+ 
+-%typemap(freearg,noblock=1,match="in") (const unsigned char *str, int len) {
++%typemap(freearg,noblock=1,match="in") (const unsigned char *str, size_t len) {
+   if (alloc$argnum == SWIG_NEWOBJ) %delete_array(buf$argnum);
+ }
+ 

Fix-memory-leaks.patch

@@ -0,0 +1,42 @@
+From 71c6b26096086926f48d8fced1a03ca52a1eb745 Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Mon, 29 Mar 2021 12:46:31 +0200
+Subject: [PATCH] Fix memory leaks
+
+Conflict: NA
+Reference: https://github.com/openSUSE/libsolv/commit/71c6b26096086926f48d8fced1a03ca52a1eb745
+
+---
+ ext/repo_deb.c | 1 +
+ ext/testcase.c | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/ext/repo_deb.c b/ext/repo_deb.c
+index 8f637567..34f40fa8 100644
+--- a/ext/repo_deb.c
++++ b/ext/repo_deb.c
+@@ -792,5 +792,6 @@ pool_deb_get_autoinstalled(Pool *pool, FILE *fp, Queue *q, int flags)
+ 	  break;
+ 	}
+     }
++    solv_free(buf);
+ }
+ 
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 8fb6d793..4e9e3154 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -1477,11 +1477,11 @@ testcase_solverresult(Solver *solv, int resultflags)
+       queue_init(&q);
+       for (rid = 1; (rclass = solver_ruleclass(solv, rid)) != SOLVER_RULE_UNKNOWN; rid++)
+ 	{
+-	  char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " ");
+-	  prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0);
+ 	  solver_ruleliterals(solv, rid, &q);
+ 	  if (rclass == SOLVER_RULE_FEATURE && q.count == 1 && q.elements[0] == -SYSTEMSOLVABLE)
+ 	    continue;
++	  char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " ");
++	  prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0);
+ 	  for (i = 0; i < q.count; i++)
+ 	    {
+ 	      Id p = q.elements[i];

Fix-segfault-in-resolve_jobrules.patch

@@ -0,0 +1,28 @@
+From 0ecd4f310318d9bd91db48e5c9dc7e749fbed82a Mon Sep 17 00:00:00 2001
+From: Thomas Lam <79589038+tl-hbk@users.noreply.github.com>
+Date: Tue, 30 Mar 2021 05:33:52 -0700
+Subject: [PATCH] Fix segfault in resolve_jobrules
+
+In selectandinstall sometimes rules are added and a realloc is required if there's
+no more memory available in the allocated block.  r-- would just decrement the old
+pointer but the realloc could return a completely different block of memory
+
+Conflict: NA
+Reference: https://github.com/openSUSE/libsolv/commit/0ecd4f310318d9bd91db48e5c9dc7e749fbed82a
+
+---
+ src/solver.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/solver.c b/src/solver.c
+index 9c02cc76..89a2ed10 100644
+--- a/src/solver.c
++++ b/src/solver.c
+@@ -1629,6 +1629,7 @@ resolve_jobrules(Solver *solv, int level, int disablerules, Queue *dq)
+ 	}
+       olevel = level;
+       level = selectandinstall(solv, level, dq, disablerules, i, SOLVER_REASON_RESOLVE_JOB);
++      r = solv->rules + i;    /* selectandinstall may have added more rules */
+       if (level <= olevel)
+ 	{
+ 	  if (level == olevel)

libsolv.spec

@@ -15,13 +15,17 @@
 
 Name:                  libsolv
 Version:               0.7.14
-Release:               4
+Release:               5
 Summary:               Package dependency solver                    
 License:               BSD
 URL:                   https://github.com/openSUSE/libsolv
 Source:                https://github.com/openSUSE/libsolv/archive/%{version}/%{name}-%{version}.tar.gz
 
-Patch0:                CVE-2021-3200.patch
+Patch0:                Fix-memory-leaks.patch
+Patch1:                Fix-segfault-in-resolve_jobrules.patch
+Patch2:                Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch
+Patch3:                use-memmove-for-overlapping-regions.patch
+Patch4:                CVE-2021-3200.patch
 
 BuildRequires:         cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel
 BuildRequires:         libxml2-devel xz-devel bzip2-devel libzstd-devel 
@@ -189,6 +193,12 @@ Python 3 version.
 %{_mandir}/man3/%{name}*.3*
 
 %changelog
+* Tue Nov 02 2021 quanhongfei <quanhongfei@huawei.com> - 0.7.14-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport patches
+
 * Tue Aur 3 2021 Jianmin <jianmin@iscas.ac.cn> - 0.7.14-4
 - Type:enhancement
 - ID:NA

use-memmove-for-overlapping-regions.patch

@@ -0,0 +1,25 @@
+From ccc2ec885a81de137c30fd0deb8c5475440e5287 Mon Sep 17 00:00:00 2001
+From: Wolf Vollprecht <w.vollprecht@gmail.com>
+Date: Thu, 8 Jul 2021 09:13:19 +0200
+Subject: [PATCH] use memmove for overlapping regions
+
+Conflict:NA
+Reference:https://github.com/openSUSE/libsolv/commit/ccc2ec885a81de137c30fd0deb8c5475440e5287.patch
+
+---
+ src/conda.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conda.c b/src/conda.c
+index 21ad6bfb..6f6a65a6 100644
+--- a/src/conda.c
++++ b/src/conda.c
+@@ -670,7 +670,7 @@ pool_conda_matchspec(Pool *pool, const char *name)
+   if (build)
+     {
+       *p++ = ' ';
+-      memcpy(p, build, buildend - build);
++      memmove(p, build, buildend - build);
+       p += buildend - build;
+     }
+   evrid = pool_strn2id(pool, version, p - version, 1);