Merge pull request #18 from stfc/v5.7.1

V5.7.1

.clang-tidy

@@ -0,0 +1,12 @@
+#
+# For a list of checks, run clang-tidy -checks=* --list-checks
+# or see https://clang.llvm.org/extra/clang-tidy/checks/list.html
+#
+---
+Checks:          '-*,clang-analyzer-core.*'
+WarningsAsErrors: ''
+HeaderFilterRegex: ''
+FormatStyle: none
+CheckOptions:
+  modernize-use-nullptr.NullMacros: 'NULL'
+...

.github/workflows/CI.yml

@@ -59,6 +59,7 @@ jobs:
           make \
           openssl \
           openssl-dev \
+          procps \
           py3-pip \
           py3-setuptools \
           py3-wheel \
@@ -86,7 +87,51 @@ jobs:
       run: |
         tests/post-install.sh
         tests/check-headers.sh
+        
+  centos7:
+    name: CentOS 7
+    runs-on: ubuntu-latest
+    container: centos:7
+
+    env:
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+      ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16
+      CMAKE_ARGS: "-DCMAKE_INSTALL_PREFIX=/usr;-DCMAKE_INSTALL_RPATH='$ORIGIN/../$LIB'"
+
+    steps:
+    - name: Use CentOS 7 Vault Repository URLs
+      run: |
+        sed -i -e '/mirrorlist/d' \
+               -e 's/# \?baseurl=/baseurl=/g' \
+               -e 's/mirror.centos.org/vault.centos.org/g' \
+               -e 's/$releasever/7.9.2009/g' \
+               /etc/yum.repos.d/*.repo
+        yum install -y centos-release-scl epel-release
+        sed -i -e '/mirrorlist/d' \
+               -e 's/# \?baseurl=/baseurl=/g' \
+               -e 's/mirror.centos.org/vault.centos.org/g' \
+               -e 's/$releasever/7.9.2009/g' \
+               /etc/yum.repos.d/*.repo
+
+    - name: Install dependencies
+      run: |
+        yum install -y epel-rpm-macros git rpmdevtools sudo yum-utils
 
+    - name: Clone repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Setup GitHub runner user within container
+      run: adduser --uid 1001 runner && chown -R runner:runner .
+
+    - name: Install XRootD build dependencies
+      run: yum-builddep -y xrootd.spec
+
+    - name: Build and Test with CTest
+      run: |
+        source /opt/rh/devtoolset-7/enable
+        su -p runner -c 'ctest3 -VV -S test.cmake'
   alma8:
     name: Alma 8
     runs-on: ubuntu-latest

.github/workflows/COV.yml

@@ -0,0 +1,58 @@
+name: COV
+
+on:
+  push:
+    branches:
+      - devel
+      - master
+    paths-ignore:
+      - .gitignore
+      - .gitlab-ci.yml
+      - .mailmap
+      - '**.md'
+      - 'docs/**'
+      - 'docker/**'
+    tags:
+  pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  CDASH: ${{ vars.CDASH }}
+  DEBIAN_FRONTEND: noninteractive
+
+jobs:
+  coverage:
+    name: Coverage Report
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Install dependencies
+      run: |
+        sudo ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+        sudo apt update -q
+        sudo apt install -y build-essential devscripts equivs gcovr git
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Install XRootD build dependencies
+      run: mk-build-deps --install --remove -s sudo debian/control <<< yes
+
+    - name: Build and Test with CTest
+      run: ctest -V --output-on-failure -C Debug -DCOVERAGE=1 -S test.cmake
+
+    - if: ${{ vars.CODECOV == 'true' }}
+      name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/RPM.yml

@@ -24,7 +24,25 @@ jobs:
     runs-on: ubuntu-latest
     container: centos:7
 
+    env:
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+      ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16
+
     steps:
+    - name: Use CentOS 7 Vault Repository URLs
+      run: |
+        sed -i -e '/mirrorlist/d' \
+               -e 's/# \?baseurl=/baseurl=/g' \
+               -e 's/mirror.centos.org/vault.centos.org/g' \
+               -e 's/$releasever/7.9.2009/g' \
+               /etc/yum.repos.d/*.repo
+        yum install -y centos-release-scl epel-release
+        sed -i -e '/mirrorlist/d' \
+               -e 's/# \?baseurl=/baseurl=/g' \
+               -e 's/mirror.centos.org/vault.centos.org/g' \
+               -e 's/$releasever/7.9.2009/g' \
+               /etc/yum.repos.d/*.repo
+
     - name: Install git
       run: yum install -y git
 
@@ -33,7 +51,6 @@ jobs:
 
     - name: Install RPM development tools
       run: |
-        yum install -y centos-release-scl epel-release
         yum install -y epel-rpm-macros rpmdevtools yum-utils
 
     - name: Install XRootD build dependencies
@@ -53,7 +70,7 @@ jobs:
       run: tests/post-install.sh
 
     - name: Move RPMs to Artifact Directory
-      run: mkdir RPMS && mv $(rpm -E '%{_rpmdir}')/ RPMS$(rpm -E '%{dist}' | tr . /)
+      run: mkdir RPMS && mv $(rpm -E '%{_rpmdir}')/*/*.rpm RPMS/
 
     - name: Upload Artifacts
       uses: actions/upload-artifact@v3
@@ -153,9 +170,9 @@ jobs:
         retention-days: 14
 
   fedora:
-    name: Fedora 39
+    name: Fedora 40
     runs-on: ubuntu-latest
-    container: fedora:39
+    container: fedora:40
 
     steps:
     - name: Install git

.gitlab-ci.yml

@@ -28,7 +28,19 @@ default:
 .rpm_build_yum: &rpm_build_yum
   stage: build
   script:
+    - |
+      sed -i -e '/mirrorlist/d' \
+             -e 's/# \?baseurl=/baseurl=/g' \
+             -e 's/mirror.centos.org/vault.centos.org/g' \
+             -e 's/$releasever/7.9.2009/g' \
+             /etc/yum.repos.d/*.repo
     - yum install -y centos-release-scl epel-release git
+    - |
+      sed -i -e '/mirrorlist/d' \
+             -e 's/# \?baseurl=/baseurl=/g' \
+             -e 's/mirror.centos.org/vault.centos.org/g' \
+             -e 's/$releasever/7.9.2009/g' \
+             /etc/yum.repos.d/*.repo
     - yum install -y epel-rpm-macros rpmdevtools yum-utils
     - yum-builddep -y xrootd.spec
     - rpmdev-setuptree
@@ -37,7 +49,7 @@ default:
     - yum install -y $(rpm -E '%{_rpmdir}')/*/*.rpm
     - tests/post-install.sh
     - mkdir -p RPMS
-    - mv $(rpm -E '%{_rpmdir}')/ RPMS$(rpm -E '%{dist}' | tr . /)
+    - mv $(rpm -E '%{_rpmdir}')/*/*.rpm RPMS/
   artifacts:
     paths: [ RPMS ]
     expire_in: 1d
@@ -70,6 +82,10 @@ Ubuntu 22.04:
   image: ubuntu:22.04
   <<: *deb_build
 
+Ubuntu 24.04:
+  image: ubuntu:24.04
+  <<: *deb_build
+
 CentOS 7:
   image: centos:7
   <<: *rpm_build_yum
@@ -88,10 +104,10 @@ AlmaLinux 9:
     - dnf config-manager --set-enabled crb
   <<: *rpm_build_dnf
 
-Fedora 38:
-  image: fedora:38
-  <<: *rpm_build_dnf
-
 Fedora 39:
   image: fedora:39
   <<: *rpm_build_dnf
+
+Fedora 40:
+  image: fedora:40
+  <<: *rpm_build_dnf

CMakeLists.txt

@@ -1,7 +1,7 @@
 #-------------------------------------------------------------------------------
 # Project description
 #-------------------------------------------------------------------------------
-cmake_minimum_required(VERSION 3.16...3.25)
+cmake_minimum_required(VERSION 3.16...3.30 FATAL_ERROR)
 
 project( XRootD )
 

SECURITY.md

@@ -0,0 +1,73 @@
+# XRootD Security and Vulnerability Disclosure
+
+This page describes the XRootD security policy and vulnerability
+disclosure information.
+
+## Report a Vulnerability
+
+We are extremely grateful for security researchers and users that report
+vulnerabilities in XRootD. All reports are thoroughly investigated by
+the XRootD development team.
+
+There are two options to report a security vulnerability in XRootD:
+
+ - Directly on GitHub, at https://github.com/xrootd/xrootd/security
+ - Via email, to the responsible people listed in our website at
+   http://xrootd.org/contact.html
+
+Please include in your report a description of the vulnerability, along
+with the details expected for regular bug reports, such as the affected
+XRootD version, relevant configuration directives, sample log files, etc.
+
+### When Should I Report a Vulnerability?
+
+ - You think you discovered a potential security vulnerability in XRootD
+   or in one of the projects that XRootD depends on
+
+### When Should I NOT Report a Vulnerability?
+
+ - You need help configuring XRootD authentication or security plugins
+ - You need help applying security related updates
+ - Your issue is not related to security
+
+## Security Policy
+
+### Security Vulnerability Response
+
+Each report shall be acknowledged and analyzed within 3 working days.
+This does not mean that a fix will be available within 3 days, but that
+a confirmation of receipt and an assessment of whether or not XRootD is
+affected by the vulnerability will be provided within this time frame.
+
+Any vulnerability information shared with the development team stays
+within the collaboration and will not be disseminated to other projects
+unless it is necessary to get the issue fixed.
+
+The reporter of a vulnerability will be kept up to date on progress as
+the security issue moves from triage, to identified fix, to release
+planning.
+
+### Public Disclosure Timing
+
+A public disclosure date is negotiated by the bug submitter and the
+XRootD development team. We prefer to fully disclose the bug as soon as
+possible once a mitigation is available. It is reasonable to delay
+disclosure when the bug or the fix are not yet fully understood, the
+solution is not well-tested, or for coordination to get the issue fixed.
+The time frame for disclosure is from immediate (especially if it's
+already publicly known) to a few weeks. For a vulnerability with a
+straightforward mitigation, we expect report date to disclosure date to
+be on the order of 1 week. The XRootD collaboration reserves the right
+to set a disclosure date based on all the factors as described above.
+
+## Security Announcements
+
+Security advisories will be published on the official repository on
+GitHub, at https://github.com/xrootd/xrootd/security. Announcements
+related to XRootD security will also be sent to the same recipients
+used for release announcements, including xrootd-l@slac.stanford.edu.
+If you would like to receive security announcements but do not want
+to subscribe to our users' mailing list, please use the contact page
+above to ask to be included in the list of recipients for security
+announcements. Instructions for subscribing to the users' mailing
+list can also be found on the contact page.

bindings/python/CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.16...3.25)
+cmake_minimum_required(VERSION 3.16...3.30 FATAL_ERROR)
 
 project(PyXRootD LANGUAGES CXX)
 

bindings/python/src/AsyncResponseHandler.hh

@@ -102,7 +102,7 @@ namespace PyXRootD
         //----------------------------------------------------------------------
         // Convert the host list
         //----------------------------------------------------------------------
-        PyObject *pyhostlist = PyList_New( 0 );
+        PyObject *pyhostlist = NULL;
         if ( hostList != NULL ) {
           pyhostlist = ConvertType<XrdCl::HostList>( hostList );
           if ( pyhostlist == NULL || PyErr_Occurred() ) {
@@ -118,6 +118,7 @@ namespace PyXRootD
         //----------------------------------------------------------------------
         // Build the callback arguments
         //----------------------------------------------------------------------
+        if (pyhostlist == NULL) pyhostlist = PyList_New( 0 );
         if (pyresponse == NULL) pyresponse = Py_BuildValue( "" );
         PyObject *args = Py_BuildValue( "(OOO)", pystatus, pyresponse, pyhostlist );
         if ( !args || PyErr_Occurred() ) {

bindings/python/src/Conversions.hh

@@ -125,7 +125,7 @@ namespace PyXRootD
   {
       static PyObject* Convert( XrdCl::StatInfo *info )
       {
-        return Py_BuildValue("{sOsOsOsOsO}",
+        return Py_BuildValue("{sNsNsNsNsN}",
             "id",         Py_BuildValue("s", info->GetId().c_str()),
             "size",       Py_BuildValue("k", info->GetSize()),
             "flags",      Py_BuildValue("I", info->GetFlags()),
@@ -194,10 +194,11 @@ namespace PyXRootD
           for ( unsigned int i = 0; i < list->size(); ++i ) {
             XrdCl::HostInfo *info = &list->at( i );
 
-            PyObject *url = PyObject_CallObject( (PyObject*) &URLType,
-                Py_BuildValue( "(s)", info->url.GetURL().c_str() ) );
+            PyObject *args = Py_BuildValue( "(s)", info->url.GetURL().c_str() ) ;
+            PyObject *url = PyObject_CallObject( (PyObject*) &URLType, args );
+            Py_XDECREF( args );
 
-            PyObject *pyhostinfo = Py_BuildValue( "{sIsIsOsO}",
+            PyObject *pyhostinfo = Py_BuildValue( "{sIsIsNsO}",
                 "flags",         info->flags,
                 "protocol",      info->protocol,
                 "load_balancer", PyBool_FromLong(info->loadBalancer),
@@ -222,7 +223,7 @@ namespace PyXRootD
         for ( XrdCl::LocationInfo::Iterator it = info->Begin(); it < info->End();
             ++it ) {
           PyList_SET_ITEM( locationList, i,
-              Py_BuildValue( "{sssIsIsOsO}",
+              Py_BuildValue( "{sssIsIsNsN}",
                   "address",     it->GetAddress().c_str(),
                   "type",        it->GetType(),
                   "accesstype",  it->GetAccessType(),
@@ -273,7 +274,7 @@ namespace PyXRootD
           delete[] (char*) chunk.buffer;
 
           PyList_SET_ITEM( pychunks, i,
-              Py_BuildValue( "{sOsOsO}",
+              Py_BuildValue( "{sNsNsO}",
                   "offset", Py_BuildValue( "k", chunk.offset ),
                   "length", Py_BuildValue( "I", chunk.length ),
                   "buffer", buffer ) );