sync patches from upstream

backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch

@@ -0,0 +1,45 @@
+From af08077fb4c60dee516948ce7bf9bed91de62119 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 13 Sep 2022 10:26:05 +0300
+Subject: [PATCH] Fix possible descriptor leak in fsmOpenat()
+
+For the very unlikely case when openat() succeeded but fstatat()
+doesn't, the directory descriptor may be leaved opened. Rearrange
+the code a bit to ensure it'll always get closed when appropriate.
+
+Suggested-by: Pavel Kopylov <pkopylov@cloudlinux.com>
+Suggested-by: Dmitry Antipov <dantipov@cloudlinux.com>
+---
+ lib/fsm.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index e4ec07e..c9ab3e1 100644
+--- a/lib/fsm.c
++++ b/lib/fsm.c
+@@ -427,14 +427,16 @@ static int fsmOpenat(int dirfd, const char *path, int flags)
+      */
+     if (fd < 0 && errno == ELOOP && flags != sflags) {
+ 	int ffd = openat(dirfd, path, flags);
+-	if (ffd >= 0 && fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
+-	    if (fstat(ffd, &sb) == 0) {
+-		if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) {
+-		    fd = ffd;
+-		} else {
+-		    close(ffd);
++	if (ffd >= 0) {
++	    if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
++		if (fstat(ffd, &sb) == 0) {
++		    if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) {
++			fd = ffd;
++		    }
+ 		}
+ 	    }
++	    if (ffd != fd)
++		close(ffd);
+ 	}
+     }
+     return fd;
+-- 
+2.33.0
+

backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch

@@ -0,0 +1,26 @@
+From cf3150509ed7eb2407bdf1f5572cd613a30c2b86 Mon Sep 17 00:00:00 2001
+From: Vyacheslav Potoropin <vpotoropin@almalinux.org>
+Date: Thu, 25 Aug 2022 23:08:09 +0200
+Subject: [PATCH] Fix rpm lua rpm_vercmp error message if second argument is
+ broken
+
+---
+ rpmio/rpmlua.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index 3f0bdeb3f..615146fab 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -491,7 +491,7 @@ static int rpm_vercmp(lua_State *L)
+ 	} else {
+ 	    if (v1 == NULL)
+ 		luaL_argerror(L, 1, "invalid version ");
+-	    if (v1 == NULL)
++	    if (v2 == NULL)
+ 		luaL_argerror(L, 2, "invalid version ");
+ 	}
+ 	rpmverFree(v1);
+-- 
+2.33.0
+

backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch

@@ -0,0 +1,64 @@
+From dc9e8169790eba18130fb96c13f56ecba6c9b346 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 6 Sep 2022 09:28:10 +0300
+Subject: [PATCH] Make pgpPubkeyFingerprint() do something meaningful again
+
+Commit 4bbeec134aab33e24f960be28a7b2198359c1f67 "fixed" an old
+terminology confusion about keyid vs fingerprint, but in the process
+broke pgpPubkeyFingerprint() for any external callers, as it now only
+feeds on decoded packets whereas before it did the decoding by itself.
+Add the decoding step back to the public function to make it usable outside
+rpmpgp_internal.c again, retrieving a fingerprint seems like an useful
+(public) API to have.
+
+This is kind of a regression fix in that prior to commit
+4bbeec134aab33e24f960be28a7b2198359c1f67 pgpPubkeyFingerprint() returned
+meaningful data to the outside caller and afterwards it didn't, however
+that commit broke the API anyhow so it's kinda complicated.
+Maybe we should just call it a bugfix and be done with it.
+
+Related to #1549
+---
+ rpmio/rpmpgp.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index d4dd4b89d..8d0d76869 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -650,7 +650,7 @@ static int pgpPrtUserID(pgpTag tag, const uint8_t *h, size_t hlen,
+     return 0;
+ }
+ 
+-int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen,
++static int getPubkeyFingerprint(const uint8_t *h, size_t hlen,
+ 			  uint8_t **fp, size_t *fplen)
+ {
+     int rc = -1; /* assume failure */
+@@ -717,11 +717,22 @@ int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen,
+     return rc;
+ }
+ 
++int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
++                         uint8_t **fp, size_t *fplen)
++{
++    struct pgpPkt p;
++
++    if (decodePkt(pkt, pktlen, &p))
++	return -1;
++
++    return getPubkeyFingerprint(p.body, p.blen, fp, fplen);
++}
++
+ static int getKeyID(const uint8_t *h, size_t hlen, pgpKeyID_t keyid)
+ {
+     uint8_t *fp = NULL;
+     size_t fplen = 0;
+-    int rc = pgpPubkeyFingerprint(h, hlen, &fp, &fplen);
++    int rc = getPubkeyFingerprint(h, hlen, &fp, &fplen);
+     if (fp && fplen > 8) {
+ 	memcpy(keyid, (fp + (fplen-8)), 8);
+ 	free(fp);
+-- 
+2.33.0
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.17.0
-Release:       12
+Release:       13
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -79,6 +79,9 @@ Patch6044: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
 Patch6045: backport-CVE-2021-35938.patch
 Patch6046: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch
 Patch6047: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch
+Patch6048: backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch
+Patch6049: backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch
+Patch6050: backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
 BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -348,6 +351,9 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Tue Nov 01 2022 licunlong<licunlong1@huawei.com> - 4.17.0-13
+- sync patches from upstream
+
 * Fri Sep 09 2022 renhongxun<renhongxun@h-partners.com> - 4.17.0-12
 - sync patches from upstream