diff --git a/0001-Fix-incorrect-pointer-comparisons-in-nevra-validatio.patch b/0001-Fix-incorrect-pointer-comparisons-in-nevra-validatio.patch new file mode 100644 index 0000000..d07ac02 --- /dev/null +++ b/0001-Fix-incorrect-pointer-comparisons-in-nevra-validatio.patch @@ -0,0 +1,55 @@ +From fe8f9d73a24b17a37519a0519dca2b20863cace0 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 25 Apr 2018 14:01:58 -0400 +Subject: [PATCH 1/2] Fix incorrect pointer comparisons in nevra validation + +Fixes: Coverity #276018 + +Signed-off-by: Stephen Gallagher +--- + modulemd/modulemd-util.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/modulemd/modulemd-util.c b/modulemd/modulemd-util.c +index 09eccb6ff08b065f5cc7730ab0411ffd2ca9a6a6..92adaffc2e22857dcc9d65a5ea5b9375835c48d1 100644 +--- a/modulemd/modulemd-util.c ++++ b/modulemd/modulemd-util.c +@@ -180,20 +180,20 @@ modulemd_validate_nevra (const gchar *nevra) + * This needs to come from an external source that's kept up to date or + * this will regularly break. + */ + + /* Process the "release" tag */ +- while (i > 0) ++ while (i >= tmp) + { + if (*i == '-') + { + break; + } + i--; + } + +- if (i <= 0) ++ if (i < tmp) + { + /* We hit the start of the string without hitting '-' */ + return FALSE; + } + +@@ -206,11 +206,11 @@ modulemd_validate_nevra (const gchar *nevra) + { + break; + } + i--; + } +- if (i <= 0) ++ if (i < tmp) + { + /* We hit the start of the string without hitting ':' */ + return FALSE; + } + +-- +2.17.0 + diff --git a/0002-Include-string.h-in-modulemd-util.c.patch b/0002-Include-string.h-in-modulemd-util.c.patch new file mode 100644 index 0000000..97ded3b --- /dev/null +++ b/0002-Include-string.h-in-modulemd-util.c.patch @@ -0,0 +1,29 @@ +From ed579bddb5fc359933c9c74167cf7fa9ee887e40 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 25 Apr 2018 14:04:50 -0400 +Subject: [PATCH 2/2] Include string.h in modulemd-util.c + +Signed-off-by: Stephen Gallagher +--- + modulemd/modulemd-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modulemd/modulemd-util.c b/modulemd/modulemd-util.c +index 92adaffc2e22857dcc9d65a5ea5b9375835c48d1..66a410871945490f3d797a9de97848940b318710 100644 +--- a/modulemd/modulemd-util.c ++++ b/modulemd/modulemd-util.c +@@ -20,10 +20,11 @@ + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + ++#include + #include "modulemd-util.h" + + GHashTable * + _modulemd_hash_table_deep_str_copy (GHashTable *orig) + { +-- +2.17.0 + diff --git a/libmodulemd.spec b/libmodulemd.spec index 44d3dec..945b7b2 100644 --- a/libmodulemd.spec +++ b/libmodulemd.spec @@ -6,7 +6,7 @@ Name: libmodulemd Version: %{majorminorversion}%{?patchversion:.%{patchversion}} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Module metadata manipulation library License: MIT @@ -23,6 +23,12 @@ BuildRequires: python3-gobject-base # Patches +# Upstream patch to fix pointer math error discovered by Coverity +Patch0001: 0001-Fix-incorrect-pointer-comparisons-in-nevra-validatio.patch + +# Upstream patch to fix -Werror=implicit-function-declaration error when +# building in Koji +Patch0002: 0002-Include-string.h-in-modulemd-util.c.patch %description C Library for manipulating module metadata files. @@ -71,6 +77,10 @@ export LC_CTYPE=C.utf8 %{_datadir}/gtk-doc/html/modulemd/ %changelog +* Wed Apr 25 2018 Stephen Gallagher - 1.4.0-2 +- Fix pointer math error +- Fix compilation failure in Fedora build system + * Wed Apr 25 2018 Stephen Gallagher - 1.4.0-1 - Update to version 1.4.0 - Adds new API for returning failed YAML subdocuments