bugfix with upstream patches about fifo

backport-Add-a-test-for-special-device-node-installation.patch

@@ -0,0 +1,79 @@
+From 5dcc399cd21f607f13eb092a3abfc8b8daa59d4c Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 13 Jan 2023 10:44:28 +0200
+Subject: [PATCH] Add a test for special device node installation
+
+This is a bit theoretical as it does not work for regular users or in
+containers which are the typical scenarios for running the test-suite.
+---
+ tests/atlocal.in          |  6 ++++++
+ tests/data/SPECS/dev.spec | 14 ++++++++++++++
+ tests/rpmi.at             | 17 +++++++++++++++++
+ 3 files changed, 37 insertions(+)
+ create mode 100644 tests/data/SPECS/dev.spec
+
+diff --git a/tests/atlocal.in b/tests/atlocal.in
+index 70383bb46..a037de728 100644
+--- a/tests/atlocal.in
++++ b/tests/atlocal.in
+@@ -64,6 +64,12 @@ if grep -q '#define WITH_CAP 1' "${abs_top_builddir}/config.h"; then
+ else
+     CAP_DISABLED=true;
+ fi
++if mknod foodev c 123 123; then
++   MKNOD_DISABLED=false
++   rm -f foodev
++else
++   MKNOD_DISABLED=true
++fi
+ 
+ function setup_env()
+ {
+diff --git a/tests/data/SPECS/dev.spec b/tests/data/SPECS/dev.spec
+new file mode 100644
+index 000000000..d784fe114
+--- /dev/null
++++ b/tests/data/SPECS/dev.spec
+@@ -0,0 +1,14 @@
++Name: dev
++Version: 1.0
++Release: 1
++Group: Testing
++License: GPL
++Summary: Testing dev behavior
++BuildArch: noarch
++
++%description
++%{summary}
++
++%files
++%dev(c 11 22) /test-char
++%dev(b 33 44) /test-block
+diff --git a/tests/rpmi.at b/tests/rpmi.at
+index a2389de..f439e46 100644
+--- a/tests/rpmi.at
++++ b/tests/rpmi.at
+@@ -888,3 +888,20 @@ runroot rpm -Vv --nouser --nogroup fifo
+ ],
+ [])
+ AT_CLEANUP
++
++AT_SETUP([rpm -U dev])
++AT_KEYWORDS([install])
++AT_SKIP_IF([$MKNOD_DISABLED])
++AT_CHECK([
++RPMDB_INIT
++
++runroot rpmbuild -bb --quiet /data/SPECS/dev.spec
++runroot rpm -U --ignoreos /build/RPMS/noarch/dev-1.0-1.noarch.rpm
++runroot rpm -Vv --nouser --nogroup dev
++],
++[0],
++[.........    /test-block
++.........    /test-char
++],
++[])
++AT_CLEANUP
+-- 
+2.27.0
+

backport-Fix-install-of-block-and-character-special-files-219.patch

@@ -0,0 +1,110 @@
+From 28c92fd54c93371c3062664d8a938438a2be88d6 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 13 Jan 2023 08:57:27 +0200
+Subject: [PATCH] Fix install of block and character special files (#2195,
+ #2275)
+
+While it's possible to open special files, they are, well, special and
+have "side-effects" also known as, ahem, semantics. Opening a device
+file in Unix means accessing that *device*, and FIFOs have their own
+semantics.  In other words, for rpm's purposes, we should never EVER
+open these files as a part of the install / permission setting etc.
+Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.
+
+OTOH this forces us back to the less secure path based operations for
+these files, which is what we were trying to avoid in the first place.
+There always was a tiny race between create + open for these (because
+there's no atomic way to create + open anything but regular files) but
+this opens up the window quite a bit.
+Nobody should be placing device nodes in user-owned directories but
+FIFO's may be a different story.
+
+We haven't had tests for device nodes because it requires privileges the
+test-suite usually doesn't have, not testing FIFOs I have no excuse for.
+Add that test now.
+
+Fixes: #2195, #2275
+---
+ lib/fsm.c                  |  4 +++-
+ tests/data/SPECS/fifo.spec | 16 ++++++++++++++++
+ tests/Makefile.am          |  2 +-
+ tests/rpmi.at              | 15 +++++++++++++++
+ 4 files changed, 35 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/SPECS/fifo.spec
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index e38155df7..052416641 100644
+--- a/lib/fsm.c
++++ b/lib/fsm.c
+@@ -1014,7 +1014,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
+                     rc = RPMERR_UNKNOWN_FILETYPE;
+             }
+ 
+-	    if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) {
++	    /* Special files require path-based ops */
++	    int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode);
++	    if (!rc && fd == -1 && mayopen) {
+ 		/* Only follow safe symlinks, and never on temporary files */
+ 		fd = fsmOpenat(di.dirfd, fp->fpath,
+ 				fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0);
+diff --git a/tests/data/SPECS/fifo.spec b/tests/data/SPECS/fifo.spec
+new file mode 100644
+index 000000000..20b30b243
+--- /dev/null
++++ b/tests/data/SPECS/fifo.spec
+@@ -0,0 +1,16 @@
++Name: fifo
++Version: 1.0
++Release: 1
++Group: Testing
++License: GPL
++Summary: Testing fifo behavior
++BuildArch: noarch
++
++%description
++%{summary}
++
++%install
++mknod ${RPM_BUILD_ROOT}/test-fifo p
++
++%files
++/test-fifo
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 04fa1e5..1b12148 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -174,7 +174,7 @@ populate_testing:
+ 	for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done
+ 	for node in urandom stdin stderr stdout null full; do ln -s /dev/$${node} testing/dev/$${node}; done
+ 	for cf in hosts resolv.conf passwd shadow group gshadow mtab ; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done
+-	for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
++	for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
+ 	for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done
+ 	(cd testing/magic && file -C)
+ 	chmod -R u-w testing/
+diff --git a/tests/rpmi.at b/tests/rpmi.at
+index ee35bdc..a2389de 100644
+--- a/tests/rpmi.at
++++ b/tests/rpmi.at
+@@ -873,3 +873,18 @@ runroot rpm -e hlinktest
+ ],
+ [])
+ AT_CLEANUP
++
++AT_SETUP([rpm -U fifo])
++AT_KEYWORDS([install])
++AT_CHECK([
++RPMDB_INIT
++
++runroot rpmbuild -bb --quiet /data/SPECS/fifo.spec
++runroot rpm -U --ignoreos /build/RPMS/noarch/fifo-1.0-1.noarch.rpm
++runroot rpm -Vv --nouser --nogroup fifo
++],
++[0],
++[.........    /test-fifo
++],
++[])
++AT_CLEANUP
+-- 
+2.27.0
+

backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch

@@ -0,0 +1,46 @@
+From 932013698149d43720cc321c8df2f99f51866e18 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 13 Jan 2023 10:00:37 +0200
+Subject: [PATCH] Use fd-based ops for metadata in FA_TOUCH mode too,
+when
+ possible
+
+Fixes another brainfart in commit 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.
+---
+ lib/fsm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index 54fea90..e6fac40 100644
+--- a/lib/fsm.c
++++ b/lib/fsm.c
+@@ -1002,6 +1002,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
+     int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0;
+     int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0;
+     int firstlinkfile = -1;
++    int mayopen = 0;
+     char *tid = NULL;
+     struct filedata_s *fdata = xcalloc(fc, sizeof(*fdata));
+     struct filedata_s *firstlink = NULL;
+@@ -1136,8 +1137,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
+                     rc = RPMERR_UNKNOWN_FILETYPE;
+             }
+ 
++setmeta:
+ 	    /* Special files require path-based ops */
+-	    int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode);
++	    mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode);
+ 	    if (!rc && fd == -1 && mayopen) {
+ 		/* Only follow safe symlinks, and never on temporary files */
+ 		fd = fsmOpenat(di.dirfd, fp->fpath,
+@@ -1146,7 +1148,6 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
+ 		    rc = RPMERR_OPEN_FAILED;
+ 	    }
+ 
+-setmeta:
+ 	    if (!rc && fp->setmeta) {
+ 		rc = fsmSetmeta(fd, di.dirfd, fp->fpath,
+ 				fi, plugins, fp->action,
+-- 
+2.27.0
+

backport-Use-proper-type-for-copyTagsFromMainDebug.patch

@@ -0,0 +1,27 @@
+From 42694806bf73b07514554233d0d58d17a58cd863 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 9 Feb 2023 13:05:24 +0200
+Subject: [PATCH] Use proper type for copyTagsFromMainDebug
+
+The array contains a non-enum value (0), this is why headerCopyTags()
+uses rpmTagVal pointer, not rpmTag.
+---
+ build/files.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/build/files.c b/build/files.c
+index 666c66651..24b4d80bf 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -2858,7 +2858,7 @@ exit:
+     return rc;
+ }
+ 
+-static rpmTag copyTagsFromMainDebug[] = {
++static rpmTagVal copyTagsFromMainDebug[] = {
+     RPMTAG_ARCH,
+     RPMTAG_SUMMARY,
+     RPMTAG_DESCRIPTION,
+-- 
+2.27.0
+

backport-support-for-POSIX-getopt-behaviour.patch

@@ -0,0 +1,33 @@
+From 1f47b1cc0eddbb1921d81249a4bd604089c71495 Mon Sep 17 00:00:00 2001
+From: "(GalaxyMaster)" <galaxy4public@users.noreply.github.com>
+Date: Tue, 31 Jan 2023 18:24:55 +1100
+Subject: [PATCH] support for POSIX getopt() behaviour
+
+[POSIX defines optarg only for options with arguments](https://pubs.opengroup.org/onlinepubs/000095399/functions/getopt.html) and callback() is expecting optarg to be NULL for options without arguments, however, at least on musl optarg will carry a pointer to the argument of the previous option with argument.  This commit makes the behaviour deterministic and expected.
+---
+ rpmio/rgetopt.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rpmio/rgetopt.c b/rpmio/rgetopt.c
+index f789fa8fe..b14366a8a 100644
+--- a/rpmio/rgetopt.c
++++ b/rpmio/rgetopt.c
+@@ -28,6 +28,7 @@ int rgetopt(int argc, char * const argv[], const char *opts,
+     optind = 0;
+ #else
+     optind = 1;
++    optarg = NULL;
+ #endif
+ 
+     while ((c = getopt(argc, argv, opts)) != -1) {
+@@ -39,6 +40,7 @@ int rgetopt(int argc, char * const argv[], const char *opts,
+ 	    rc = -1;
+ 	    break;
+ 	}
++	optarg = NULL;
+     }
+     return (rc < 0) ? -optopt : optind;
+ }
+-- 
+2.27.0
+

rpm-fix-rpm-is-blocked-when-open-fifo-file.patch

@@ -1,32 +0,0 @@
-From 988df03f8a293f7aa1d6bb872b981c5dfc6493d9 Mon Sep 17 00:00:00 2001
-From: xujing <xujing125@huawei.com>
-Date: Tue, 8 Nov 2022 10:36:36 +0800
-Subject: [PATCH] rpm: fix rpm is blocked when open fifo file
-
----
- lib/fsm.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/lib/fsm.c b/lib/fsm.c
-index c9ab3e1..c1c86b0 100644
---- a/lib/fsm.c
-+++ b/lib/fsm.c
-@@ -1137,8 +1137,13 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
- 
- 	    if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) {
- 		/* Only follow safe symlinks, and never on temporary files */
--		fd = fsmOpenat(di.dirfd, fp->fpath,
--				fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0);
-+		int flags = fp->suffix ? AT_SYMLINK_NOFOLLOW : 0;
-+
-+		/* Open the FIFO file in O_RDWR mode to prevent process blocking */
-+		if (S_ISFIFO(fp->sb.st_mode))
-+		    flags |= O_RDWR;
-+
-+		fd = fsmOpenat(di.dirfd, fp->fpath, flags, 0);
- 		if (fd < 0)
- 		    rc = RPMERR_OPEN_FAILED;
- 	    }
--- 
-2.27.0
-

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.18.0
-Release:       6
+Release:       7
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -33,7 +33,11 @@ Patch6011: backport-Fix-memleak-when-fsmRename-failed-in-fsmCommit.patch
 Patch6012: backport-Fix-fileleak-and-memleak-in-rpmInstall.patch
 Patch6013: backport-Fix-fileleak-when-urlGetFile-fails-in-rpmInstall.patch
 
-Patch9000: rpm-fix-rpm-is-blocked-when-open-fifo-file.patch
+Patch6014: backport-Fix-install-of-block-and-character-special-files-219.patch
+Patch6015: backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch
+Patch6016: backport-Add-a-test-for-special-device-node-installation.patch
+Patch6017: backport-support-for-POSIX-getopt-behaviour.patch
+Patch6018: backport-Use-proper-type-for-copyTagsFromMainDebug.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
 BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -320,6 +324,9 @@ make clean
 %exclude %{_mandir}/man8/rpmspec.8.gz
 
 %changelog
+* Tue Feb 28 2023 renhongxun<renhongxun@h-partners.com> - 4.18.0-7
+- bugfix with upstream patches about fifo
+
 * Wed Feb 08 2023 gaoyusong<gaoyusong2@huawei.com> - 4.18.0-6
 - Revert digest list patches