!158 sync patches from upstream

From: @renxichen 
Reviewed-by: @xujing99 
Signed-off-by: @xujing99

backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch

@@ -0,0 +1,27 @@
+From 8f922eb38a096640e586ba0eda96adc093b74fc4 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 3 Aug 2022 17:19:02 +0200
+Subject: [PATCH] rpm2cpio.sh: only read needed bytes of file magic
+
+As we look at the first 4 bytes anyway there is no reason to read more.
+Reading more also hits a bug in bash on aarch64 (rhbz#2115206).
+---
+ scripts/rpm2cpio.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index 74aeed8..cea0da2 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -43,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in
++case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+-- 
+1.8.3.1
+

backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch

@@ -0,0 +1,35 @@
+From d499887c9261fdab4d03ea29316ea5e8fc646bd3 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 1 Jul 2022 14:49:09 +0200
+Subject: [PATCH] rpm2cpio.sh: strip null bytes with tr
+
+to avoid warnings
+---
+ scripts/rpm2cpio.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index f77d5f8..59e8bc5 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -43,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1)" in
++case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+@@ -54,7 +54,7 @@ sigsize=$rsize
+ calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
+ hdrsize=$rsize
+ 
+-case "$(_dd $offset bs=3 count=1)" in
++case "$(_dd $offset bs=3 count=1 | tr -d '\0')" in
+ 	"$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
+ 	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
+ 	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
+-- 
+1.8.3.1
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.17.0
-Release:       11
+Release:       12
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -77,6 +77,8 @@ Patch6042: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
 Patch6043: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
 Patch6044: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
 Patch6045: backport-CVE-2021-35938.patch
+Patch6046: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch
+Patch6047: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
 BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -346,6 +348,9 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Fri Sep 09 2022 renhongxun<renhongxun@h-partners.com> - 4.17.0-12
+- sync patches from upstream
+
 * Wed Aug 31 2022 Hongxun Ren<renhongxun@h-partners.com> - 4.17.0-11
 - fix CVE-2021-35937 CVE-2021-35938 CVE-2021-35939