From 1c12fac2a7262f65d06debce66fd401d51068644 Mon Sep 17 00:00:00 2001 From: rwx403335 Date: Thu, 11 Aug 2022 11:48:24 +0800 Subject: [PATCH] sync some patches from upstream --- ...ading-out-of-bounds-of-the-i18ntable.patch | 29 ++++++++++ ...Check-that-the-CRC-length-is-correct.patch | 27 ++++++++++ ...t-Close-file-before-replacing-signed.patch | 27 ++++++++++ ...__cplusplus-misspelled-as-_cplusplus.patch | 39 ++++++++++++++ ...port-Fix-memory-leak-in-pgpPrtParams.patch | 38 +++++++++++++ ...n-ts.check-argument-order-regression.patch | 32 +++++++++++ ...L-pointer-dereference-in-rpmfcClassi.patch | 39 ++++++++++++++ ...-Fix-use-after-free-in-haveSignature.patch | 33 ++++++++++++ ...ke-rpmfiSetFX-return-code-meaningful.patch | 51 ++++++++++++++++++ ...d-symlinks-in-setperms-RhBug-1900662.patch | 40 ++++++++++++++ ...-rpmkeys-exit-non-zero-on-I-O-errors.patch | 53 +++++++++++++++++++ ...ort-treat-0-as-valid-file-descriptor.patch | 27 ++++++++++ rpm.spec | 17 +++++- 13 files changed, 451 insertions(+), 1 deletion(-) create mode 100644 backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch create mode 100644 backport-Check-that-the-CRC-length-is-correct.patch create mode 100644 backport-Close-file-before-replacing-signed.patch create mode 100644 backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch create mode 100644 backport-Fix-memory-leak-in-pgpPrtParams.patch create mode 100644 backport-Fix-old-Python-ts.check-argument-order-regression.patch create mode 100644 backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch create mode 100644 backport-Fix-use-after-free-in-haveSignature.patch create mode 100644 backport-Make-rpmfiSetFX-return-code-meaningful.patch create mode 100644 backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch create mode 100644 backport-rpmkeys-exit-non-zero-on-I-O-errors.patch create mode 100644 backport-treat-0-as-valid-file-descriptor.patch diff --git a/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch new file mode 100644 index 0000000..d237fa5 --- /dev/null +++ b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch @@ -0,0 +1,29 @@ +From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sat, 12 Feb 2022 13:46:28 -0500 +Subject: [PATCH] Avoid reading out of bounds of the i18ntable + +If the i18ntable was smaller than the i18nstring entry an out of bounds +read could result. This should not happen in a valid package, but even +if RPM rejected such packages during load, this situation could still +result as a result of usage of the RPM API. +--- + lib/header.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/header.c b/lib/header.c +index 098ea5d..c939006 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td, + + /* For each entry in the header ... */ + for (langNum = 0, t = table->data, ed = entry->data; +- langNum < entry->info.count; ++ langNum < entry->info.count && langNum < table->info.count; + langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) { + + int match = headerMatchLocale(t, l, le); +-- +1.8.3.1 + diff --git a/backport-Check-that-the-CRC-length-is-correct.patch b/backport-Check-that-the-CRC-length-is-correct.patch new file mode 100644 index 0000000..8506a45 --- /dev/null +++ b/backport-Check-that-the-CRC-length-is-correct.patch @@ -0,0 +1,27 @@ +From 1f03aba8b2881a5717af97065038fb056e02a2b3 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Thu, 3 Feb 2022 20:42:02 -0500 +Subject: [PATCH] Check that the CRC length is correct + +Also fix a memory leak in an error path. +--- + rpmio/rpmpgp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 015c15a..d1966d3 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1444,7 +1444,8 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) + + crcdec = NULL; + crclen = 0; +- if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0) { ++ if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0 || crclen != 3) { ++ crcdec = _free(crcdec); + ec = PGPARMOR_ERR_CRC_DECODE; + goto exit; + } +-- +1.8.3.1 + diff --git a/backport-Close-file-before-replacing-signed.patch b/backport-Close-file-before-replacing-signed.patch new file mode 100644 index 0000000..33fd5a3 --- /dev/null +++ b/backport-Close-file-before-replacing-signed.patch @@ -0,0 +1,27 @@ +From 9b4c50dd67c337f2d3c927cdd01ae4433bb08b61 Mon Sep 17 00:00:00 2001 +From: Evgeniy Taishev +Date: Mon, 17 Jan 2022 22:07:13 +0300 +Subject: [PATCH] Close file before replacing signed + +--- + sign/rpmgensig.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index e88f9b7..b8c68ce 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -695,6 +695,10 @@ static int rpmSign(const char *rpm, int deleting, int flags) + if (copyFile(&fd, rpm, &ofd, trpm) == 0) { + struct stat st; + ++ /* File must be closed before deletion due to different file locking in some file systems*/ ++ if (fd) (void) closeFile(&fd); ++ if (ofd) (void) closeFile(&ofd); ++ + /* Move final target into place, restore file permissions. */ + if (stat(rpm, &st) == 0 && unlink(rpm) == 0 && + rename(trpm, rpm) == 0 && chmod(rpm, st.st_mode) == 0) { +-- +1.8.3.1 + diff --git a/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch b/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch new file mode 100644 index 0000000..26e5cb8 --- /dev/null +++ b/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch @@ -0,0 +1,39 @@ +From 989d7c593c7ab12e17ea8f486856bafac6a1ae37 Mon Sep 17 00:00:00 2001 +From: Peter Pentchev +Date: Sat, 27 Nov 2021 00:43:41 +0200 +Subject: [PATCH] Fix __cplusplus misspelled as _cplusplus. + +--- + sign/rpmsignfiles.h | 2 +- + sign/rpmsignverity.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sign/rpmsignfiles.h b/sign/rpmsignfiles.h +index 2ff623c..a21a006 100644 +--- a/sign/rpmsignfiles.h ++++ b/sign/rpmsignfiles.h +@@ -19,7 +19,7 @@ extern "C" { + RPM_GNUC_INTERNAL + rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass); + +-#ifdef _cplusplus ++#ifdef __cplusplus + } + #endif + +diff --git a/sign/rpmsignverity.h b/sign/rpmsignverity.h +index d869e8d..16e6c98 100644 +--- a/sign/rpmsignverity.h ++++ b/sign/rpmsignverity.h +@@ -29,7 +29,7 @@ RPM_GNUC_INTERNAL + rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key, + char *keypass, char *cert, uint16_t algo); + +-#ifdef _cplusplus ++#ifdef __cplusplus + } + #endif + +-- +1.8.3.1 + diff --git a/backport-Fix-memory-leak-in-pgpPrtParams.patch b/backport-Fix-memory-leak-in-pgpPrtParams.patch new file mode 100644 index 0000000..72db05c --- /dev/null +++ b/backport-Fix-memory-leak-in-pgpPrtParams.patch @@ -0,0 +1,38 @@ +From b6dffb6dc5ffa2ddc389743f0507876cab341315 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jan 2022 16:10:26 +0100 +Subject: [PATCH] Fix memory leak in pgpPrtParams() + +Make sure selfsig is freed in case we break out of the loop in this +block. + +Note that the tests added with the binding validation commit bd36c5d do +not cover this code path so valgrind won't show this. +--- + rpmio/rpmpgp.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 1e4f667..3560328 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1147,12 +1147,11 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + + if (selfsig) { + /* subkeys must be followed by binding signature */ +- if (prevtag == PGPTAG_PUBLIC_SUBKEY) { +- if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) +- break; +- } ++ int xx = 1; /* assume failure */ + +- int xx = pgpVerifySelf(digp, selfsig, all, i); ++ if (!(prevtag == PGPTAG_PUBLIC_SUBKEY && ++ selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)) ++ xx = pgpVerifySelf(digp, selfsig, all, i); + + selfsig = pgpDigParamsFree(selfsig); + if (xx) +-- +1.8.3.1 + diff --git a/backport-Fix-old-Python-ts.check-argument-order-regression.patch b/backport-Fix-old-Python-ts.check-argument-order-regression.patch new file mode 100644 index 0000000..a9bcff6 --- /dev/null +++ b/backport-Fix-old-Python-ts.check-argument-order-regression.patch @@ -0,0 +1,32 @@ +From f0c158cbc8a50a776b44de2c0fe744c451155a41 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 4 Jan 2022 15:57:10 +0200 +Subject: [PATCH] Fix old Python ts.check() argument order regression + +Commit fab2debfe440d677dbd072c3cd73d2c99876e7a5 managed to mess up the +order of the last two callback arguments, doh. + +Goes to show that nobody has missed this stuff in 12+ years, so it might +be more merciful to put this thing out of its misery... + +Fixes: #1871 +--- + python/rpm/transaction.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py +index 991fd9a..ba39881 100644 +--- a/python/rpm/transaction.py ++++ b/python/rpm/transaction.py +@@ -159,7 +159,7 @@ class TransactionSet(TransactionSetCore): + needver = "" + + res.append(((n, v, r), +- (needname, needver), needflags, sense, p.key)) ++ (needname, needver), needflags, p.key, sense)) + + return res + +-- +1.8.3.1 + diff --git a/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch b/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch new file mode 100644 index 0000000..cb718a4 --- /dev/null +++ b/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch @@ -0,0 +1,39 @@ +From 1c15d748d3536a21b6edbbf9254db76fefb4b275 Mon Sep 17 00:00:00 2001 +From: Dmitry Gerasimov +Date: Mon, 27 Dec 2021 12:27:57 +0300 +Subject: [PATCH] Fix possible NULL pointer dereference in rpmfcClassify + +Here is simplified overview of possible dereference: + + if (fc == NULL) { + rpmlog(RPMLOG_ERR, _("Empty file classifier\n")); + goto exit; + } + + // ... + + exit: + rpmstrPoolFreeze(fc->cdict, 0); + ~~~~~~~~~ + +This issue was found by Svace Static Analyzer. +--- + build/rpmfc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/rpmfc.c b/build/rpmfc.c +index eb51a36..cf2c203 100644 +--- a/build/rpmfc.c ++++ b/build/rpmfc.c +@@ -1168,7 +1168,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) + + if (fc == NULL) { + rpmlog(RPMLOG_ERR, _("Empty file classifier\n")); +- goto exit; ++ return RPMRC_FAIL; + } + + /* It is OK when we have no files to classify. */ +-- +1.8.3.1 + diff --git a/backport-Fix-use-after-free-in-haveSignature.patch b/backport-Fix-use-after-free-in-haveSignature.patch new file mode 100644 index 0000000..869d0d3 --- /dev/null +++ b/backport-Fix-use-after-free-in-haveSignature.patch @@ -0,0 +1,33 @@ +From ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jan 2022 13:57:24 +0100 +Subject: [PATCH] Fix use-after-free in haveSignature() + +pgpPrtParams() may leave sig2 unchanged and if we're not in the very +first iteration of the while() loop, we could pass a freed pointer to +pgpDigParamsCmp(). Fix by setting it to NULL after freeing. + +Found by Coverity, after commit bd36c5d (subkey binding validation), +although note that the commit didn't introduce this bug; it just seems +to have been a false negative that got "fixed" by the changes in +pgpPrtParams() in that commit. +--- + sign/rpmgensig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index d8c84e9..e88f9b7 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -364,7 +364,7 @@ static int haveSignature(rpmtd sigtd, Header h) + pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2); + if (pgpDigParamsCmp(sig1, sig2) == 0) + rc = 1; +- pgpDigParamsFree(sig2); ++ sig2 = pgpDigParamsFree(sig2); + } + pgpDigParamsFree(sig1); + rpmtdFreeData(&oldtd); +-- +1.8.3.1 + diff --git a/backport-Make-rpmfiSetFX-return-code-meaningful.patch b/backport-Make-rpmfiSetFX-return-code-meaningful.patch new file mode 100644 index 0000000..e1e475b --- /dev/null +++ b/backport-Make-rpmfiSetFX-return-code-meaningful.patch @@ -0,0 +1,51 @@ +From 318efbaec80a90f1d9ac76d0cd433f6ea3c103fa Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 10 Feb 2022 10:07:06 +0200 +Subject: [PATCH] Make rpmfiSetFX() return code meaningful + +Up to now, rpmfiSetFX() has returned the previous file index on success, +and -1 on error. Which seems okay on the outset, but on a just +initialized iterator the file index is at -1 which means the returned +-1 sometimes indicates an error and sometimes success. This is so broken +that none of the callers even try to use it (grep for it). Which is +lucky in the sense that it means we can change it. + +Simply return the newly set index on success and -1 on error, it may +not be the greatest return code on earth but at least it's +non-ambiguous. +--- + lib/rpmfi.c | 2 +- + lib/rpmfi.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/rpmfi.c b/lib/rpmfi.c +index 30e0738..4965aee 100644 +--- a/lib/rpmfi.c ++++ b/lib/rpmfi.c +@@ -314,9 +314,9 @@ int rpmfiSetFX(rpmfi fi, int fx) + int i = -1; + + if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) { +- i = fi->i; + fi->i = fx; + fi->j = rpmfilesDI(fi->files, fi->i); ++ i = fi->i; + } + return i; + } +diff --git a/lib/rpmfi.h b/lib/rpmfi.h +index 989582b..52310c6 100644 +--- a/lib/rpmfi.h ++++ b/lib/rpmfi.h +@@ -39,7 +39,7 @@ int rpmfiFX(rpmfi fi); + * Set current file index in file info set iterator. + * @param fi file info set iterator + * @param fx new file index +- * @return current file index ++ * @return new file index, -1 on error + */ + int rpmfiSetFX(rpmfi fi, int fx); + +-- +1.8.3.1 + diff --git a/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch b/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch new file mode 100644 index 0000000..1d09f82 --- /dev/null +++ b/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch @@ -0,0 +1,40 @@ +From ed07a187734addfa16be9ee922398e4ff9859f53 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Tue, 7 Dec 2021 08:08:37 +0100 +Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662) + +If a package contains a symlink in the buildroot which is declared as a +ghost or config file but is a regular file or directory on the system +where it's installed, a --setperms call will reset its permissions to +those of a symlink (777 on Linux), which almost certainly is not the +correct thing to do. + +To fix that, just skip files that were recorded as symlinks. + +This is a special case of a general issue in --setperms; since file +permission semantics may change depending on the file type, to stay on +the safe side, any (ghost or config) file whose type changes after +installation should probably be skipped. However, symlinks are the most +prominent case here, so let's just focus on that now and avoid adding +too much cleverness to a popt alias (this got us into trouble not too +long ago, see commits 38c2f6e and 0d83637). We may revisit this in the +eventual C implementation. +--- + rpmpopt.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmpopt.in b/rpmpopt.in +index 27d2986..d5a6b14 100644 +--- a/rpmpopt.in ++++ b/rpmpopt.in +@@ -44,6 +44,7 @@ rpm alias --scripts --qf '\ + --POPTdesc=$"list install/erase scriptlets from package(s)" + + rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ ++ \[ -n %{FILELINKTOS:shescape} \] || \ + ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ + chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ + --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ +-- +1.8.3.1 + diff --git a/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch b/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch new file mode 100644 index 0000000..ac18f35 --- /dev/null +++ b/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch @@ -0,0 +1,53 @@ +From fc8386be36a32f8462a0d16a2dd3e5e18f7fbc2d Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Mon, 12 Apr 2021 11:30:51 -0400 +Subject: [PATCH] rpmkeys: exit non-zero on I/O errors + +If writing to stdout or stderr fails, rpmkeys should exit with a +non-zero status code. +--- + rpmkeys.c | 4 ++++ + tests/rpmsigdig.at | 13 +++++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/rpmkeys.c b/rpmkeys.c +index 542601c..2c304de 100644 +--- a/rpmkeys.c ++++ b/rpmkeys.c +@@ -86,5 +86,9 @@ int main(int argc, char *argv[]) + exit: + rpmtsFree(ts); + rpmcliFini(optCon); ++ fflush(stderr); ++ fflush(stdout); ++ if (ferror(stdout) || ferror(stderr)) ++ return 255; /* I/O error */ + return ec; + } +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index c8b9f13..429163e 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -24,6 +24,19 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i38 + []) + AT_CLEANUP + ++# ------------------------------ ++# Test rpmkeys write errors ++AT_SETUP([[rpmkeys -K no space left on stdout]]) ++AT_KEYWORDS([rpmkeys digest]) ++AT_CHECK([ ++RPMDB_INIT[ ++ ++runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm >/dev/full ++]],255,,[[Error writing to log: No space left on device ++]]) ++AT_CLEANUP ++ ++ + AT_SETUP([rpmkeys -Kv 1]) + AT_KEYWORDS([rpmkeys digest]) + AT_CHECK([ +-- +1.8.3.1 + diff --git a/backport-treat-0-as-valid-file-descriptor.patch b/backport-treat-0-as-valid-file-descriptor.patch new file mode 100644 index 0000000..154e55a --- /dev/null +++ b/backport-treat-0-as-valid-file-descriptor.patch @@ -0,0 +1,27 @@ +From be64821b908fdb1ff3c12530430d1cf046839e60 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 20 Jan 2022 19:59:44 +0800 +Subject: [PATCH] treat 0 as valid file descriptor The descriptor is openned in + rpmpkgOpen, and we treat 0 as valid file descriptor. Here we should do the + same or fail earlier. + +--- + lib/backend/ndb/rpmpkg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/backend/ndb/rpmpkg.c b/lib/backend/ndb/rpmpkg.c +index 64d0493..0a041e4 100644 +--- a/lib/backend/ndb/rpmpkg.c ++++ b/lib/backend/ndb/rpmpkg.c +@@ -734,7 +734,7 @@ static int rpmpkgAddSlotPage(rpmpkgdb pkgdb) + + static int rpmpkgGetLock(rpmpkgdb pkgdb, int type) + { +- if (!pkgdb->fd) ++ if (pkgdb->fd < 0) + return RPMRC_FAIL; + if (flock(pkgdb->fd, type)) + return RPMRC_FAIL; +-- +1.8.3.1 + diff --git a/rpm.spec b/rpm.spec index fcdba6e..fa80bef 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 6 +Release: 7 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -41,6 +41,18 @@ Patch6008: backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch Patch6009: backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch Patch6010: backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch Patch6011: backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch +Patch6012: backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch +Patch6013: backport-Fix-old-Python-ts.check-argument-order-regression.patch +Patch6014: backport-Fix-memory-leak-in-pgpPrtParams.patch +Patch6015: backport-Fix-use-after-free-in-haveSignature.patch +Patch6016: backport-Close-file-before-replacing-signed.patch +Patch6017: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch +Patch6018: backport-treat-0-as-valid-file-descriptor.patch +Patch6019: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch +Patch6020: backport-Check-that-the-CRC-length-is-correct.patch +Patch6021: backport-Make-rpmfiSetFX-return-code-meaningful.patch +Patch6022: backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch +Patch6023: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -310,6 +322,9 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Thu Aug 11 2022 renhongxun - 4.17.0-7 +- sync some patches from upstream + * Thu Aug 11 2022 renhongxun - 4.17.0-6 - sync some patches from upstream