!51 sync with master branch

From: @nettingsisyphus Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
2021-03-25 21:04:31 +08:00 · 2021-03-25 21:04:31 +08:00 · 13701de5ba
commit 13701de5ba
parent cba6f8a6ef 3594630671
3 changed files with 291 additions and 132 deletions
--- a/Add-digest-list-plugin.patch
+++ b/Add-digest-list-plugin.patch
@ -1,23 +1,30 @@
-From d614a279f7045ed7f520e8ee270d1365cff4670e Mon Sep 17 00:00:00 2001
+From 3766516cc1ecf457a4611b9a00ba9058afa6050f Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
 Date: Wed, 26 Feb 2020 15:54:24 +0100
-Subject: [PATCH] add-digest-list-plugin
+Subject: [PATCH] Add digest list plugin
-Signed-off-by: Anakin Zhang <benjamin93@163.com>
+This patch adds a plugin in rpm to support IMA Digest Lists:
 - When installing rpm packages, the plugin will mark xattrs for
  digest lists automatically and upload them to kernel.
 - When deleting rpm packages, the plugin will remove digest lists
  from kernel automatically.
 Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
 Signed-off-by: Tianxing Zhang <zhangtianxing3@huawei.com>
 ---
 macros.in             |   1 +
 plugins/Makefile.am   |   4 +
- plugins/digest_list.c | 566 ++++++++++++++++++++++++++++++++++++++++++
+ plugins/digest_list.c | 584 ++++++++++++++++++++++++++++++++++++++++++++++++++
 rpmio/digest.h        |   1 +
 rpmio/rpmpgp.c        |   3 +
- 5 files changed, 575 insertions(+)
+ 5 files changed, 593 insertions(+)
 create mode 100644 plugins/digest_list.c
 diff --git a/macros.in b/macros.in
-index 4027493..8619c13 100644
+index dedec4e..5b45d73 100644
 --- a/macros.in
 +++ b/macros.in
-@@ -1184,6 +1184,7 @@ package or when debugging this package.\
+@@ -1188,6 +1188,7 @@ package or when debugging this package.\
 %__transaction_ima		%{__plugindir}/ima.so
 %__transaction_prioreset	%{__plugindir}/prioreset.so
 %__transaction_audit		%{__plugindir}/audit.so
@ -39,10 +46,24 @@ index d4ef039..07aa358 100644
 +plugins_LTLIBRARIES += digest_list.la
 diff --git a/plugins/digest_list.c b/plugins/digest_list.c
 new file mode 100644
-index 0000000..6bc9415
+index 0000000..992a7e8
 --- /dev/null
 +++ b/plugins/digest_list.c
-@@ -0,0 +1,566 @@
+@@ -0,0 +1,584 @@
 +/*
 + * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH
 + *
 + * Author: Roberto Sassu <roberto.sassu@huawei.com>
 + *
 + * This program is free software; you can redistribute it and/or
 + * modify it under the terms of the GNU General Public License as
 + * published by the Free Software Foundation, version 2 of the
 + * License.
 + *
 + * File: digest_list.c
 + *      Plugin to load digest lists in the Linux kernel.
 + */
 +
 +#include "system.h"
 +#include "errno.h"
 +
@ -70,9 +91,6 @@ index 0000000..6bc9415
 +#define DIGEST_LIST_DEFAULT_PATH "/etc/ima/digest_lists"
 +#define RPM_PARSER "/usr/libexec/rpm_parser"
 +
 +#define DIGEST_LIST_OP_ADD 0
 +#define DIGEST_LIST_OP_DEL 1
 +
 +enum hash_algo {
 +	HASH_ALGO_MD4,
 +	HASH_ALGO_MD5,
@ -176,6 +194,12 @@ index 0000000..6bc9415
 +
 +	/* If the digest list is not signed, execute the RPM parser */
 +	if (!digest_list_signed) {
 +		if (stat(RPM_PARSER, &st) == -1) {
 +			rpmlog(RPMLOG_DEBUG, "digest_list: %s not found, "
 +			       "not uploading digest list\n", RPM_PARSER);
 +			return 0;
 +		}
 +
 +		if ((pid = fork()) == 0) {
 +			execlp(RPM_PARSER, RPM_PARSER, (type == TR_ADDED) ?
 +			       "add" : "del", path, NULL);
@ -409,12 +433,13 @@ index 0000000..6bc9415
 +	return ret;
 +}
 +
-+static int process_digest_list(rpmte te, int parser)
+static int process_digest_list(rpmte te, int parser, int pre)
 +{
 +	char *path = NULL, *path_sig = NULL;
 +	int digest_list_signed = 0;
 +	struct stat st;
 +	ssize_t size;
 +	int type = rpmteType(te);
 +	rpmRC ret = RPMRC_OK;
 +
 +	path = malloc(PATH_MAX);
@ -462,17 +487,9 @@ index 0000000..6bc9415
 +			 DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te),
 +			 rpmteR(te), rpmteA(te));
 +
-+	size = lgetxattr(path, "user.digest_list", NULL, 0);
+	size = lgetxattr(path, XATTR_NAME_IMA, NULL, 0);
 +
-+	/* Don't upload again if digest list was already processed */
+	if (type == TR_ADDED && !pre && size < 0) {
 +	if ((rpmteType(te) == TR_ADDED && size > 0) ||
 +	    (rpmteType(te) == TR_REMOVED && size < 0)) {
 +		rpmlog(RPMLOG_DEBUG, "digest_list: '%s' already processed, "
 +		       "nothing to do\n", path);
 +		goto out;
 +	}
 +
 +	if (rpmteType(te) == TR_ADDED) {
 +		if (!digest_list_signed) {
 +			/* Write RPM header to the disk */
 +			ret = write_rpm_digest_list(te, path);
@ -491,31 +508,29 @@ index 0000000..6bc9415
 +			ret = RPMRC_FAIL;
 +			goto out;
 +		}
 +	} else if (type == TR_ADDED && pre) {
 +		if (size < 0)
 +			goto out;
 +
-+		ret = lsetxattr(path, "user.digest_list", "1", 1, 0);
+		/* rpm is overwriting the digest list, remove from the kernel */
-+		if (ret < 0)
+		type = TR_REMOVED;
 +			rpmlog(RPMLOG_ERR, "digest_list: cannot add "
 +			       "user.digest_list to '%s'\n", path);
 +		else
 +			rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list "
 +			       "successfully added to '%s'\n", path);
 +	}
 +
 +	/* Upload digest list to securityfs */
-+	upload_digest_list(path, rpmteType(te), digest_list_signed);
+	upload_digest_list(path, type, digest_list_signed);
 +
-+	if (rpmteType(te) == TR_REMOVED) {
+	if (type == TR_REMOVED) {
 +		if (!digest_list_signed) {
 +			unlink(path);
 +			goto out;
 +		}
 +
-+		ret = lremovexattr(path, "user.digest_list");
+		ret = lremovexattr(path, XATTR_NAME_IMA);
 +		if (ret < 0)
 +			rpmlog(RPMLOG_ERR, "digest_list: cannot remove "
-+			       "user.digest_list from '%s'\n", path);
+			       "security.ima from '%s'\n", path);
 +		else
-+			rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list "
+			rpmlog(RPMLOG_DEBUG, "digest_list: security.ima "
 +			       "successfully removed from '%s'\n", path);
 +	}
 +out:
@ -530,8 +545,8 @@ index 0000000..6bc9415
 +static rpmRC digest_list_psm_pre(rpmPlugin plugin, rpmte te)
 +{
 +	Header rpm = rpmteHeader(te);
-+	rpmtd dirnames;
+	rpmtd dirnames, dirindexes;
-+	int i;
+	int i = -1;
 +
 +	digest_list_counter = 0;
 +
@ -540,13 +555,26 @@ index 0000000..6bc9415
 +
 +	while ((i = rpmtdNext(dirnames)) >= 0) {
 +		char *dirname = (char *) rpmtdGetString(dirnames);
 +
 +		if (!strncmp(dirname, DIGEST_LIST_DEFAULT_PATH,
-+			     sizeof(DIGEST_LIST_DEFAULT_PATH) - 1))
+			     sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) &&
-+			digest_list_counter++;
+		    dirname[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] == '/')
 +			break;
 +	}
 +
 +	rpmtdFree(dirnames);
 +
 +	if (i == -1)
 +		return RPMRC_OK;
 +
 +	dirindexes = rpmtdNew();
 +	headerGet(rpm, RPMTAG_DIRINDEXES, dirindexes, 0);
 +	while (rpmtdNext(dirindexes) >= 0)
 +		if (rpmtdGetNumber(dirindexes) == i)
 +			digest_list_counter++;
 +
 +	rpmtdFree(dirindexes);
 +
 +	cur_te = te;
 +	return RPMRC_OK;
 +}
@ -566,26 +594,23 @@ index 0000000..6bc9415
 +	if (!pre && res != RPMRC_OK)
 +		return res;
 +
-+	if ((pre && action != FA_ERASE) ||
+	if (!pre && rpmteType(cur_te) != TR_ADDED)
 +	    (!pre && action != FA_CREATE))
 +		return RPMRC_OK;
 +
-+	if (digest_list_counter) {
+	if (pre && action == FA_SKIP)
 +		if (!pre) {
 +			if (!strncmp(path, DIGEST_LIST_DEFAULT_PATH,
 +				     sizeof(DIGEST_LIST_DEFAULT_PATH) - 1))
 +				digest_list_counter--;
 +		} else {
 +			digest_list_counter = 0;
 +		}
 +
 +		if (digest_list_counter)
 +		return RPMRC_OK;
 +	}
 +
-+	process_digest_list(cur_te, 0);
+	if (strncmp(path, DIGEST_LIST_DEFAULT_PATH,
 +		    sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) ||
 +	    path[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] != '/')
 +		return RPMRC_OK;
 +
 +	if (!pre && --digest_list_counter)
 +		return RPMRC_OK;
 +
 +	process_digest_list(cur_te, 0, pre);
 +	if (!strcmp(rpmteN(cur_te), "digest-list-tools"))
-+		process_digest_list(cur_te, 1);
+		process_digest_list(cur_te, 1, pre);
 +
 +	return RPMRC_OK;
 +}
@ -650,5 +675,5 @@ index 46cd0f3..3c6b18b 100644
 	}
     }	break;
 -- 
-2.23.0.windows.1
+1.8.3.1
--- a/Generate-digest-lists.patch
+++ b/Generate-digest-lists.patch
@ -1,25 +1,30 @@
-From 4d1801825c754171962050ee9c36c2d69c630ece Mon Sep 17 00:00:00 2001
+From e71679d585d352d13c92b3b12d7ada95cfd6fee4 Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
 Date: Thu, 12 Mar 2020 17:29:55 +0100
-Subject: [PATCH 1/3] Generate digest lists
+Subject: [PATCH] Generate digest lists
 This patch helps to generate digest lists during rpm building process.
 Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
 Signed-off-by: Tianxing Zhang <zhangtianxing3@huawei.com>
 ---
- build/files.c | 176 ++++++++++++++++++++++++++++++++++++++++++++++++--
+ build/files.c | 301 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 169 insertions(+), 7 deletions(-)
+ 1 file changed, 291 insertions(+), 10 deletions(-)
 diff --git a/build/files.c b/build/files.c
-index 6dfd801c8..ab6938d8c 100644
+index c43deb5..613de67 100644
 --- a/build/files.c
 +++ b/build/files.c
-@@ -50,6 +50,7 @@
+@@ -50,6 +50,8 @@
 #define DEBUG_LIB_PREFIX	"/usr/lib/debug/"
 #define DEBUG_ID_DIR		"/usr/lib/debug/.build-id"
 #define DEBUG_DWZ_DIR 		"/usr/lib/debug/.dwz"
 +#define DIGEST_LIST_DIR	"/.digest_lists"
 +#define DEST_DIGEST_LIST_DIR	"/etc/ima/digest_lists"
 #undef HASHTYPE
 #undef HTKEYTYPE
-@@ -129,6 +130,8 @@ typedef struct AttrRec_s {
+@@ -129,6 +131,8 @@ typedef struct AttrRec_s {
 /* list of files */
 static StringBuf check_fileList = NULL;
@ -28,7 +33,7 @@ index 6dfd801c8..ab6938d8c 100644
 typedef struct FileEntry_s {
     rpmfileAttrs attrFlags;
-@@ -193,6 +196,10 @@ typedef struct FileList_s {
+@@ -193,6 +197,10 @@ typedef struct FileList_s {
     struct FileEntry_s cur;
 } * FileList;
@ -39,48 +44,111 @@ index 6dfd801c8..ab6938d8c 100644
 static void nullAttrRec(AttrRec ar)
 {
     memset(ar, 0, sizeof(*ar));
-@@ -984,11 +991,13 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+@@ -980,6 +988,139 @@ static int seenHardLink(FileRecords files, FileListRec flp, rpm_ino_t *fileid)
- {
+  * @param pkg		(sub) package
-     FileListRec flp;
+  * @param isSrc		pass 1 for source packages 0 otherwise
-     char buf[BUFSIZ];
+  */
 +static void genDigestListInput(FileList fl, Package pkg, int isSrc)
 +{
 +    FileListRec flp;
 +    char buf[BUFSIZ];
 +    char file_info[BUFSIZ];
 +    char file_digest[128 * 2 + 1];
-     int i, npaths = 0;
+    int i, gen_digest_lists = 1;
-     uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo;
+    uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo;
-     rpm_loff_t totalFileSize = 0;
+    Header h = pkg->header; /* just a shortcut */
-     Header h = pkg->header; /* just a shortcut */
+
-    int override_date = 0;
+    /*
-+    int override_date = 0, processed = 0;
+     * See if non-md5 file digest algorithm is requested. If not
-     time_t source_date_epoch;
+     * specified, quietly assume md5. Otherwise check if supported type.
-     char *srcdate = getenv("SOURCE_DATE_EPOCH");
+     */
- 
+    digestalgo = rpmExpandNumeric(isSrc ? "%{_source_filedigest_algorithm}" :
-@@ -1058,8 +1067,9 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+					  "%{_binary_filedigest_algorithm}");
-     
+    if (digestalgo == 0) {
-     pkg->dpaths = xmalloc((fl->files.used + 1) * sizeof(*pkg->dpaths));
+	digestalgo = defaultalgo;
- 
+    }
-+process_files:
+
-     /* Generate the header. */
+    if (rpmDigestLength(digestalgo) == 0) {
-    for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) {
+	rpmlog(RPMLOG_WARNING,
-+    for (i = processed, flp = fl->files.recs + processed; i < fl->files.used; i++, flp++) {
+	       _("Unknown file digest algorithm %u, falling back to MD5\n"),
- 	rpm_ino_t fileid = flp - fl->files.recs;
+	       digestalgo);
- 
+	digestalgo = defaultalgo;
-  	/* Merge duplicate entries. */
+    }
-@@ -1190,7 +1200,8 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+
- 	    (void) rpmDoDigest(digestalgo, flp->diskPath, 1, 
+    /* Sort the big list */
- 			       (unsigned char *)buf);
+    if (fl->files.recs) {
- 	headerPutString(h, RPMTAG_FILEDIGESTS, buf);
+	qsort(fl->files.recs, fl->files.used,
-	
+	      sizeof(*(fl->files.recs)), compareFileListRecs);
 +    }
 +
 +    /* Generate the header. */
 +    for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) {
 +	/* Merge duplicate entries. */
 +	while (i < (fl->files.used - 1) &&
 +	    rstreq(flp->cpioPath, flp[1].cpioPath)) {
 +
 +	    /* Two entries for the same file found, merge the entries. */
 +	    /* Note that an %exclude is a duplication of a file reference */
 +
 +	    /* file flags */
 +	    flp[1].flags |= flp->flags;
 +
 +	    if (!(flp[1].flags & RPMFILE_EXCLUDE))
 +		rpmlog(RPMLOG_WARNING, _("File listed twice: %s\n"),
 +			flp->cpioPath);
 +
 +	    /* file mode */
 +	    if (S_ISDIR(flp->fl_mode)) {
 +		if ((flp[1].specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE)) <
 +		    (flp->specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE)))
 +			flp[1].fl_mode = flp->fl_mode;
 +	    } else {
 +		if ((flp[1].specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE)) <
 +		    (flp->specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE)))
 +			flp[1].fl_mode = flp->fl_mode;
 +	    }
 +
 +	    /* uid */
 +	    if ((flp[1].specdFlags & (SPECD_UID | SPECD_DEFUID)) <
 +		(flp->specdFlags & (SPECD_UID | SPECD_DEFUID)))
 +	    {
 +		flp[1].fl_uid = flp->fl_uid;
 +		flp[1].uname = flp->uname;
 +	    }
 +
 +	    /* gid */
 +	    if ((flp[1].specdFlags & (SPECD_GID | SPECD_DEFGID)) <
 +		(flp->specdFlags & (SPECD_GID | SPECD_DEFGID)))
 +	    {
 +		flp[1].fl_gid = flp->fl_gid;
 +		flp[1].gname = flp->gname;
 +	    }
 +
 +	    /* verify flags */
 +	    if ((flp[1].specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY)) <
 +		(flp->specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY)))
 +		    flp[1].verifyFlags = flp->verifyFlags;
 +
 +	    /* XXX to-do: language */
 +
 +	    flp++; i++;
 +	}
 +
 +	/* Skip files that were marked with %exclude. */
 +	if (flp->flags & RPMFILE_EXCLUDE)
 +	{
 +	    argvAdd(&pkg->fileExcludeList, flp->cpioPath);
 +	    continue;
 +	}
 +
 +	buf[0] = '\0';
 +	if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
 +	    (void) rpmDoDigest(digestalgo, flp->diskPath, 1,
 +			       (unsigned char *)buf);
 +	headerPutString(h, RPMTAG_FILEDIGESTS, buf);
 +	snprintf(file_digest, sizeof(file_digest), "%s", buf);
 +
- 	buf[0] = '\0';
+	if (check_fileList_bin_pkg && S_ISREG(flp->fl_mode) &&
 	if (S_ISLNK(flp->fl_mode)) {
 	    ssize_t llen = readlink(flp->diskPath, buf, BUFSIZ-1);
@@ -1230,7 +1241,33 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 	flp->flags &= PARSEATTR_MASK;
 	headerPutUint32(h, RPMTAG_FILEFLAGS, &(flp->flags) ,1);
 +
 +	if (!processed && check_fileList_bin_pkg && S_ISREG(flp->fl_mode) &&
 +		!(flp->flags & RPMFILE_GHOST)) {
 +	    appendStringBuf(check_fileList_bin_pkg, "path=");
 +	    appendStringBuf(check_fileList_bin_pkg, flp->diskPath);
@ -93,23 +161,75 @@ index 6dfd801c8..ab6938d8c 100644
 +		strlen(flp->caps) ? flp->caps : "");
 +	    appendStringBuf(check_fileList_bin_pkg, file_info);
 +	}
 +
 +	if (S_ISREG(flp->fl_mode) &&
 +	    !strncmp(flp->cpioPath, DEST_DIGEST_LIST_DIR,
 +		     sizeof(DEST_DIGEST_LIST_DIR) - 1))
 +		gen_digest_lists = 0;
 +    }
 +
-+    if (!processed) {
+    if (gen_digest_lists &&
-+	if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) {
+		genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0)
 +	fl->processingFailed = 1;
 +	} else if (i < fl->files.used) {
 +	    pkg->dpaths = xrealloc(pkg->dpaths,
 +				   (fl->files.used + 1) * sizeof(*pkg->dpaths));
 +	    processed = i;
 +	    goto process_files;
 +}
     }
 +
-     pkg->dpaths[npaths] = NULL;
+/**
 + * Add file entries to header.
 + * @todo Should directories have %doc/%config attributes? (#14531)
 + * @todo Remove RPMTAG_OLDFILENAMES, add dirname/basename instead.
 + * @param fl		package file tree walk data
 + * @param pkg		(sub) package
 + * @param isSrc		pass 1 for source packages 0 otherwise
 + */
 static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 {
     FileListRec flp;
@@ -991,6 +1132,11 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
     int override_date = 0;
     time_t source_date_epoch;
     char *srcdate = getenv("SOURCE_DATE_EPOCH");
 +    struct rpmtd_s oldfiledigests;
 +
 +    headerGet(h, RPMTAG_FILEDIGESTS, &oldfiledigests, HEADERGET_ALLOC);
 +    headerDel(h, RPMTAG_FILEDIGESTS);
 +    rpmtdInit(&oldfiledigests);
-     if (totalFileSize < UINT32_MAX) {
+     /* Limit the maximum date to SOURCE_DATE_EPOCH if defined
-@@ -1343,8 +1380,8 @@ static int validFilename(const char *fn)
+      * similar to the tar --clamp-mtime option
@@ -1184,13 +1330,18 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 	if (fl->haveCaps) {
 	    headerPutString(h, RPMTAG_FILECAPS, flp->caps);
 	}
 -	
 +
 	buf[0] = '\0';
 -	if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
 -	    (void) rpmDoDigest(digestalgo, flp->diskPath, 1, 
 -			       (unsigned char *)buf);
 -	headerPutString(h, RPMTAG_FILEDIGESTS, buf);
 -	
 +	if (strstr(flp->diskPath, DIGEST_LIST_DIR) || !oldfiledigests.count) {
 +	    if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
 +	        (void) rpmDoDigest(digestalgo, flp->diskPath, 1,
 +				   (unsigned char *)buf);
 +	    headerPutString(h, RPMTAG_FILEDIGESTS, buf);
 +	} else {
 +	    headerPutString(h, RPMTAG_FILEDIGESTS,
 +			    rpmtdNextString(&oldfiledigests));
 +	}
 +
 	buf[0] = '\0';
 	if (S_ISLNK(flp->fl_mode)) {
 	    ssize_t llen = readlink(flp->diskPath, buf, BUFSIZ-1);
@@ -1269,6 +1420,7 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 	/* Binary packages with dirNames cannot be installed by legacy rpm. */
 	(void) rpmlibNeedsFeature(pkg, "CompressedFileNames", "3.0.4-1");
     }
 +    rpmtdFreeData(&oldfiledigests);
 }
 static FileRecords FileRecordsFree(FileRecords files)
@@ -1343,8 +1495,8 @@ static int validFilename(const char *fn)
  * @param statp		file stat (possibly NULL)
  * @return		RPMRC_OK on success
  */
@ -120,7 +240,7 @@ index 6dfd801c8..ab6938d8c 100644
 {
     size_t plen = strlen(diskPath);
     char buf[plen + 1];
-@@ -1355,6 +1392,10 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1355,6 +1507,10 @@ static rpmRC addFile(FileList fl, const char * diskPath,
     gid_t fileGid;
     const char *fileUname;
     const char *fileGname;
@ -131,7 +251,7 @@ index 6dfd801c8..ab6938d8c 100644
     rpmRC rc = RPMRC_FAIL; /* assume failure */
     /* Strip trailing slash. The special case of '/' path is handled below. */
-@@ -1390,6 +1431,33 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1390,6 +1546,33 @@ static rpmRC addFile(FileList fl, const char * diskPath,
     if (*cpioPath == '\0')
 	cpioPath = "/";
@ -165,7 +285,7 @@ index 6dfd801c8..ab6938d8c 100644
     /*
      * Unless recursing, we dont have stat() info at hand. Handle the
      * various cases, preserving historical behavior wrt %dev():
-@@ -1527,6 +1595,8 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1527,6 +1710,8 @@ static rpmRC addFile(FileList fl, const char * diskPath,
 	}
 	flp->flags = fl->cur.attrFlags;
@ -174,11 +294,10 @@ index 6dfd801c8..ab6938d8c 100644
 	flp->specdFlags = fl->cur.specdFlags;
 	flp->verifyFlags = fl->cur.verifyFlags;
-@@ -1547,6 +1617,32 @@ exit:
+@@ -1548,6 +1733,32 @@ exit:
     return rc;
 }
-+/**
+ /**
 + * Add a file to the package manifest.
 + * @param fl		package file tree walk data
 + * @param diskPath	path to file
@ -204,10 +323,11 @@ index 6dfd801c8..ab6938d8c 100644
 +	return addFile_common(fl, diskPath, statp, 1);
 +}
 +
- /**
+/**
  * Add directory (and all of its files) to the package manifest.
  * @param fl		package file tree walk data
-@@ -2556,6 +2652,58 @@ static void addPackageFileList (struct FileList_s *fl, Package pkg,
+  * @param diskPath	path to file
@@ -2556,6 +2767,58 @@ static void addPackageFileList (struct FileList_s *fl, Package pkg,
     argvFree(fileNames);
 }
@ -266,7 +386,7 @@ index 6dfd801c8..ab6938d8c 100644
 static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 				 Package pkg, int didInstall, int test)
 {
-@@ -2569,6 +2717,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
+@@ -2569,6 +2832,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 	if (readFilesManifest(spec, pkg, *fp))
 	    return RPMRC_FAIL;
     }
@ -277,7 +397,17 @@ index 6dfd801c8..ab6938d8c 100644
     /* Init the file list structure */
     memset(&fl, 0, sizeof(fl));
-@@ -2630,6 +2782,7 @@ exit:
+@@ -2624,12 +2891,17 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
     if (checkHardLinks(&fl.files))
 	(void) rpmlibNeedsFeature(pkg, "PartialHardlinkSets", "4.0.4-1");
 +    genDigestListInput(&fl, pkg, 0);
 +    if (fl.processingFailed)
 +	goto exit;
 +
     genCpioListAndHeader(&fl, pkg, 0);
 exit:
     FileListFree(&fl);
     specialDirFree(specialDoc);
     specialDirFree(specialLic);
@ -285,7 +415,7 @@ index 6dfd801c8..ab6938d8c 100644
     return fl.processingFailed ? RPMRC_FAIL : RPMRC_OK;
 }
-@@ -3092,6 +3245,7 @@ static void addPackageDeps(Package from, Package to, enum rpmTag_e tag)
+@@ -3093,6 +3365,7 @@ static void addPackageDeps(Package from, Package to, enum rpmTag_e tag)
 rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 			int didInstall, int test)
 {
@ -293,7 +423,7 @@ index 6dfd801c8..ab6938d8c 100644
     Package pkg;
     rpmRC rc = RPMRC_OK;
     char *buildroot;
-@@ -3108,7 +3262,14 @@ rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
+@@ -3109,7 +3382,14 @@ rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
     check_fileList = newStringBuf();
     genSourceRpmName(spec);
     buildroot = rpmGenPath(spec->rootDir, spec->buildRoot, NULL);
@ -309,7 +439,7 @@ index 6dfd801c8..ab6938d8c 100644
     if (rpmExpandNumeric("%{?_debuginfo_subpackages}")) {
 	maindbg = findDebuginfoPackage(spec);
 	if (maindbg) {
-@@ -3214,6 +3375,7 @@ exit:
+@@ -3215,6 +3495,7 @@ exit:
     check_fileList = freeStringBuf(check_fileList);
     _free(buildroot);
     _free(uniquearch);
@ -319,5 +449,5 @@ index 6dfd801c8..ab6938d8c 100644
     return rc;
 }
 -- 
-2.27.GIT
+1.8.3.1
--- a/rpm.spec
+++ b/rpm.spec
@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       21
+Release:       22
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@ -78,8 +78,6 @@ Patch66: backport-Always-open-and-initialize-the-entire-database-at-on.patch
 Patch67: backport-Stop-on-first-failure-when-trying-to-open-a-database.patch
 Patch68: backport-Only-attempt-loading-the-keyring-once-the-rpmdb-is-o.patch
 Patch69: Generate-digest-lists-before-calling-genCpioAndHeader.patch
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel 
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
 BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils
@ -346,6 +344,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 %changelog
 * Thu Mar 25 2021 Anakin Zhang <benjamin93@163.com> - 4.15.1-22
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:sync with master branch
 * Sat Feb 27 2021 Anakin Zhang <benjamin93@163.com> - 4.15.1-21
 - Type:bugfix
 - ID:NA