From f189a4944a0982e1b1d7221a1c94f9bd7e34f447 Mon Sep 17 00:00:00 2001
From: gengqihu <2712504175@qq.com>
Date: Wed, 24 Jul 2024 10:20:07 +0800
Subject: [PATCH] Backport some patches from upstream

(cherry picked from commit dc2d4dc8f6325495fda6b2b2565b76b5b8d9a0fe)
---
 ...nt-memleak-on-caps-parsing-add-tests.patch | 34 ++++++++++
 ...-pointer-bogosity-in-rpmlog-callback.patch | 31 +++++++++
 ...tial-use-of-uninitialized-pgp-struct.patch | 35 ++++++++++
 ...tial-use-of-uninitialized-pipe-array.patch | 35 ++++++++++
 ...roper-type-for-copyTagsFromMainDebug.patch | 30 +++++++++
 ...egers-more-consistently-in-the-handl.patch | 66 +++++++++++++++++++
 rpm.spec                                      | 13 +++-
 7 files changed, 242 insertions(+), 2 deletions(-)
 create mode 100644 backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
 create mode 100644 backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
 create mode 100644 backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
 create mode 100644 backport-Fix-potential-use-of-uninitialized-pipe-array.patch
 create mode 100644 backport-Use-proper-type-for-copyTagsFromMainDebug.patch
 create mode 100644 backport-Use-unsigned-integers-more-consistently-in-the-handl.patch

diff --git a/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch b/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
new file mode 100644
index 0000000..bc0dd4d
--- /dev/null
+++ b/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
@@ -0,0 +1,34 @@
+From a385821780804b558ae18aec820d127e4144fafd Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 11 Apr 2024 12:08:04 +0300
+Subject: [PATCH] Fix an ancient memleak on %caps() parsing, add tests
+
+Conflict:don't modify tests because the test case depends on the gcc.
+Reference:https://github.com/rpm-software-management/rpm/commit/a385821780804b558ae18aec820d127e4144fafd
+
+This leak has been there ever since rpm 4.7.0, so pretty close to 15
+years. ASAN would've caught it, if it had it been tested. Oops.
+Of course, in the fakechroot era we couldn't have tested installation
+but we could've at least tested the parsing side.
+
+Add tests for parsing, query and install functionality, and fix the
+leak that is now very visible.
+---
+ build/files.c              |  1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/build/files.c b/build/files.c
+index 14e4c55ef..b059458a1 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -228,6 +228,7 @@ static void copyFileEntry(FileEntry src, FileEntry dest)
+ static void FileEntryFree(FileEntry entry)
+ {
+     argvFree(entry->langs);
++    free(entry->caps);
+     memset(entry, 0, sizeof(*entry));
+ }
+ 
+-- 
+2.33.0
+
diff --git a/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch b/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
new file mode 100644
index 0000000..d95cf48
--- /dev/null
+++ b/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
@@ -0,0 +1,31 @@
+From f8a72afbdb560dc534ca1ff390bc54e01d1144a6 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 8 Apr 2024 14:41:48 +0300
+Subject: [PATCH] Fix pointer bogosity in rpmlog callback
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/f8a72afbdb560dc534ca1ff390bc54e01d1144a6
+
+rpmlogCallbackData is already a pointer type, we don't want a pointer
+to a pointer for this. Kinda surprising it actually worked, but then
+it's just a void pointer so...
+---
+ rpmio/rpmlog.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpmio/rpmlog.c b/rpmio/rpmlog.c
+index 2bb5ab0e3..3ccbe2692 100644
+--- a/rpmio/rpmlog.c
++++ b/rpmio/rpmlog.c
+@@ -382,7 +382,7 @@ static void dolog(struct rpmlogRec_s *rec, int saverec)
+     int cbrc = RPMLOG_DEFAULT;
+     int needexit = 0;
+     FILE *clog = NULL;
+-    rpmlogCallbackData *cbdata = NULL;
++    rpmlogCallbackData cbdata = NULL;
+     rpmlogCallback cbfunc = NULL;
+     rpmlogCtx ctx = rpmlogCtxAcquire(saverec);
+ 
+-- 
+2.33.0
+
diff --git a/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch b/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
new file mode 100644
index 0000000..4595196
--- /dev/null
+++ b/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
@@ -0,0 +1,35 @@
+From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 7 Jun 2024 10:14:25 +0200
+Subject: [PATCH] Fix potential use of uninitialized pgp struct
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/1b90b8c7d176026b669ce28c6e185724a4b208b0
+
+We only call initPgpData() after base64 encoding the pubkey so if the
+latter fails, the kd struct will be left uninitialized and subsequently
+read from after skipping to the exit label.  Fix by initializing it.
+
+Found by Coverity.
+
+Fixes: RHEL-22605
+---
+ lib/rpmts.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/rpmts.c b/lib/rpmts.c
+index 3070b97e6..76964c60a 100644
+--- a/lib/rpmts.c
++++ b/lib/rpmts.c
+@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys,
+     int rc = -1;
+     int i;
+ 
++    memset(&kd, 0, sizeof(kd));
++
+     if ((enc = rpmPubkeyBase64(key)) == NULL)
+ 	goto exit;
+ 
+-- 
+2.33.0
+
diff --git a/backport-Fix-potential-use-of-uninitialized-pipe-array.patch b/backport-Fix-potential-use-of-uninitialized-pipe-array.patch
new file mode 100644
index 0000000..c90e429
--- /dev/null
+++ b/backport-Fix-potential-use-of-uninitialized-pipe-array.patch
@@ -0,0 +1,35 @@
+From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Thu, 6 Jun 2024 09:15:02 +0200
+Subject: [PATCH] Fix potential use of uninitialized pipe array
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/bff65aad8af719542c7b0c6429e09223c014a909
+
+We only call pipe(2) after the script is written to disk so if the
+latter fails, the array will be left uninitialized and subsequently read
+after skipping to the exit label.  Fix by initializing it.
+
+Found by Coverity.
+
+Fixes: RHEL-22604
+---
+ lib/rpmscript.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rpmscript.c b/lib/rpmscript.c
+index 281c55c53..1de4acf8e 100644
+--- a/lib/rpmscript.c
++++ b/lib/rpmscript.c
+@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
+     char * fn = NULL;
+     pid_t pid, reaped;
+     int status;
+-    int inpipe[2];
++    int inpipe[2] = { -1, -1 };
+     FILE *in = NULL;
+     const char *line;
+     char *mline = NULL;
+-- 
+2.33.0
+
diff --git a/backport-Use-proper-type-for-copyTagsFromMainDebug.patch b/backport-Use-proper-type-for-copyTagsFromMainDebug.patch
new file mode 100644
index 0000000..441920a
--- /dev/null
+++ b/backport-Use-proper-type-for-copyTagsFromMainDebug.patch
@@ -0,0 +1,30 @@
+From 42694806bf73b07514554233d0d58d17a58cd863 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 9 Feb 2023 13:05:24 +0200
+Subject: [PATCH] Use proper type for copyTagsFromMainDebug
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/42694806bf73b07514554233d0d58d17a58cd863
+
+The array contains a non-enum value (0), this is why headerCopyTags()
+uses rpmTagVal pointer, not rpmTag.
+---
+ build/files.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/build/files.c b/build/files.c
+index 666c66651..24b4d80bf 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -2858,7 +2858,7 @@ exit:
+     return rc;
+ }
+ 
+-static rpmTag copyTagsFromMainDebug[] = {
++static rpmTagVal copyTagsFromMainDebug[] = {
+     RPMTAG_ARCH,
+     RPMTAG_SUMMARY,
+     RPMTAG_DESCRIPTION,
+-- 
+2.33.0
+
diff --git a/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch b/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
new file mode 100644
index 0000000..4127e88
--- /dev/null
+++ b/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
@@ -0,0 +1,66 @@
+From 8e6108a5964c7289f3db70f3d188293276416528 Mon Sep 17 00:00:00 2001
+From: Daniel Alley <dalley@redhat.com>
+Date: Thu, 8 Dec 2022 09:40:00 -0500
+Subject: [PATCH] Use unsigned integers more consistently in the handling of
+ tag data
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/8e6108a5964c7289f3db70f3d188293276416528
+
+Not a functional change, it just makes the code more clear and
+self-consistent.
+---
+ lib/header.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index 004102dd2..72fb3d4fe 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -568,7 +568,7 @@ static int regionSwab(indexEntry entry, int il, int dl,
+ 	    }
+ 	}   break;
+ 	case RPM_INT32_TYPE:
+-	{   int32_t * it = ie.data;
++	{   uint32_t * it = ie.data;
+ 	    for (; ie.info.count > 0; ie.info.count--, it += 1) {
+ 		if (dataEnd && ((unsigned char *)it) >= dataEnd)
+ 		    return -1;
+@@ -576,7 +576,7 @@ static int regionSwab(indexEntry entry, int il, int dl,
+ 	    }
+ 	}   break;
+ 	case RPM_INT16_TYPE:
+-	{   int16_t * it = ie.data;
++	{   uint16_t * it = ie.data;
+ 	    for (; ie.info.count > 0; ie.info.count--, it += 1) {
+ 		if (dataEnd && ((unsigned char *)it) >= dataEnd)
+ 		    return -1;
+@@ -772,9 +772,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed,
+ 	    count = entry->info.count;
+ 	    src = entry->data;
+ 	    while (count--) {
+-		*((int32_t *)te) = htonl(*((int32_t *)src));
+-		te += sizeof(int32_t);
+-		src += sizeof(int32_t);
++		*((uint32_t *)te) = htonl(*((uint32_t *)src));
++		te += sizeof(uint32_t);
++		src += sizeof(uint32_t);
+ 	    }
+ 	    break;
+ 
+@@ -782,9 +782,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed,
+ 	    count = entry->info.count;
+ 	    src = entry->data;
+ 	    while (count--) {
+-		*((int16_t *)te) = htons(*((int16_t *)src));
+-		te += sizeof(int16_t);
+-		src += sizeof(int16_t);
++		*((uint16_t *)te) = htons(*((uint16_t *)src));
++		te += sizeof(uint16_t);
++		src += sizeof(uint16_t);
+ 	    }
+ 	    break;
+ 
+-- 
+2.33.0
+
diff --git a/rpm.spec b/rpm.spec
index c10214f..a3dcaac 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.18.2
-Release:       7
+Release:       8
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -33,6 +33,12 @@ Patch6011: backport-Fix-an-enum-int-type-mismatch-in-rpmfiArchiveReadToF.patch
 Patch6012: backport-Fix-an-enum-int-type-mismatch-in-transaction-verify-.patch
 Patch6013: backport-Fix-enum-type-mismatch-in-rpmTagGetValue.patch
 Patch6014: backport-Free-old-cookie-value-to-prevent-a-memory-leak.patch
+Patch6015: backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
+Patch6016: backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
+Patch6017: backport-Fix-potential-use-of-uninitialized-pipe-array.patch
+Patch6018: backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
+Patch6019: backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
+Patch6020: backport-Use-proper-type-for-copyTagsFromMainDebug.patch
 
 Patch9000: Add-digest-list-plugin.patch
 Patch9001: Add-IMA-digest-list-support.patch
@@ -331,7 +337,10 @@ make clean
 %exclude %{_mandir}/man8/rpmspec.8.gz
 
 %changelog
-* Tue Jul 23 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 4.18.2-7
+* Wed Jul 24 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-8
+- Backport some patches from upstream
+
+* Tue Jul 23 2024 zhangxingrong<zhangxingrong@uniontech.cn> - 4.18.2-7
 - Free old cookie value to prevent a memory leak
 
 * Mon Jun 3 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-6