sync patches from upstream

backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch

@@ -0,0 +1,55 @@
+From 55849d2d6e16096dbd30fd3a5c751f13bb03484b Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 27 Mar 2022 12:04:46 -0400
+Subject: [PATCH] Add a hashed flag to pgpPrtSubtype()
+
+This is needed for key usage flags parsing, as key usage flags outside
+of the hashed region must be ignored.  For now, just use it to
+unconditionally ignore unhashed creation time subpackets.
+---
+ rpmio/rpmpgp.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 59c80d7c4..9b8503e27 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -437,7 +437,7 @@ int pgpSignatureType(pgpDigParams _digp)
+ }
+ 
+ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, 
+-			 pgpDigParams _digp)
++			 pgpDigParams _digp, int hashed)
+ {
+     const uint8_t *p = h;
+     size_t plen = 0, i;
+@@ -474,6 +474,8 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
+ 		pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
+ 	    break;
+ 	case PGPSUBTYPE_SIG_CREATE_TIME:  /* signature creation time */
++	    if (!hashed)
++		break; /* RFC 4880 §5.2.3.4 creation time MUST be hashed */
+ 	    if (plen-1 != sizeof(_digp->time))
+ 		break; /* other lengths not understood */
+ 	    if (_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME)
+@@ -666,7 +668,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	    _digp->hashlen = sizeof(*v) + plen;
+ 	    _digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen);
+ 	}
+-	if (pgpPrtSubType(p, plen, v->sigtype, _digp))
++	if (pgpPrtSubType(p, plen, v->sigtype, _digp, 1))
+ 	    return 1;
+ 	p += plen;
+ 
+@@ -680,7 +682,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	if ((p + plen) > (h + hlen))
+ 	    return 1;
+ 
+-	if (pgpPrtSubType(p, plen, v->sigtype, _digp))
++	if (pgpPrtSubType(p, plen, v->sigtype, _digp, 0))
+ 	    return 1;
+ 	p += plen;
+ 
+-- 
+2.27.0
+

backport-Add-optional-callback-on-directory-changes-during-rp.patch

@@ -51,10 +51,10 @@ index 4673fbb85..e8e7d08bf 100644
  
      if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {
 +	int dx = fi->j;
- 	i = fi->i;
++	i = fi->i;
  	fi->i = fx;
  	fi->j = rpmfilesDI(fi->files, fi->i);
-+	i = fi->i;
+ 	i = fi->i;
 +
 +	if (fi->j != dx && fi->onChdir) {
 +	    int chrc = fi->onChdir(fi, fi->onChdirData);

backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch

@@ -0,0 +1,95 @@
+From 0a91d1f62d5b6e1cac4d0a7c2ac9f75faad50534 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Fri, 9 Apr 2021 13:34:12 -0400
+Subject: [PATCH] Avoid double frees if EVP_PKEY_assign_RSA fails
+
+Previously, the bignums would be left as dangling and double-freed.
+---
+ rpmio/digest_openssl.c | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
+index 20c272df8..02f34a90f 100644
+--- a/rpmio/digest_openssl.c
++++ b/rpmio/digest_openssl.c
+@@ -292,8 +292,8 @@ struct pgpDigKeyRSA_s {
+ 
+     BIGNUM *n; /* Common Modulus */
+     BIGNUM *e; /* Public Exponent */
+-
+     EVP_PKEY *evp_pkey; /* Fully constructed key */
++    unsigned char immutable; /* if set, this key cannot be mutated */
+ };
+ 
+ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
+@@ -301,33 +301,34 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
+     if (key->evp_pkey) {
+         /* We've already constructed it, so just reuse it */
+         return 1;
+-    }
++    } else if (key->immutable)
++	return 0;
++    key->immutable = 1;
+ 
+     /* Create the RSA key */
+     RSA *rsa = RSA_new();
+     if (!rsa) return 0;
+ 
+-    if (!RSA_set0_key(rsa, key->n, key->e, NULL)) {
+-        RSA_free(rsa);
+-        return 0;
+-    }
++    if (RSA_set0_key(rsa, key->n, key->e, NULL) <= 0)
++	goto exit;
++    key->n = key->e = NULL;
+ 
+     /* Create an EVP_PKEY container to abstract the key-type. */
+-    key->evp_pkey = EVP_PKEY_new();
+-    if (!key->evp_pkey) {
+-        RSA_free(rsa);
+-        return 0;
+-    }
++    if (!(key->evp_pkey = EVP_PKEY_new()))
++	goto exit;
+ 
+     /* Assign the RSA key to the EVP_PKEY structure.
+        This will take over memory management of the RSA key */
+     if (!EVP_PKEY_assign_RSA(key->evp_pkey, rsa)) {
+         EVP_PKEY_free(key->evp_pkey);
+         key->evp_pkey = NULL;
+-        RSA_free(rsa);
++	goto exit;
+     }
+ 
+     return 1;
++exit:
++    RSA_free(rsa);
++    return 0;
+ }
+ 
+ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+@@ -335,9 +336,10 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+     size_t mlen = pgpMpiLen(p) - 2;
+     struct pgpDigKeyRSA_s *key = pgpkey->data;
+ 
+-    if (!key) {
++    if (!key)
+         key = pgpkey->data = xcalloc(1, sizeof(*key));
+-    }
++    else if (key->immutable)
++	return 1;
+ 
+     switch (num) {
+     case 0:
+@@ -347,7 +349,7 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+             return 1;
+         }
+ 
+-        key->nbytes = mlen;
++	key->nbytes = mlen;
+         /* Create a BIGNUM from the pointer.
+            Note: this assumes big-endian data as required by PGP */
+         key->n = BN_bin2bn(p+2, mlen, NULL);
+-- 
+2.27.0
+

backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch

@@ -0,0 +1,29 @@
+From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sat, 12 Feb 2022 13:46:28 -0500
+Subject: [PATCH] Avoid reading out of bounds of the i18ntable
+
+If the i18ntable was smaller than the i18nstring entry an out of bounds
+read could result.  This should not happen in a valid package, but even
+if RPM rejected such packages during load, this situation could still
+result as a result of usage of the RPM API.
+---
+ lib/header.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index 098ea5d01..c939006ab 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td,
+ 
+ 	/* For each entry in the header ... */
+ 	for (langNum = 0, t = table->data, ed = entry->data;
+-	     langNum < entry->info.count;
++	     langNum < entry->info.count && langNum < table->info.count;
+ 	     langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) {
+ 
+ 	    int match = headerMatchLocale(t, l, le);
+-- 
+2.27.0
+

backport-Avoid-unneded-MPI-reparsing.patch

@@ -0,0 +1,39 @@
+From 8948ec79f6c300e91319469ba72b9bd3480fe686 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 27 Mar 2022 12:54:36 -0400
+Subject: [PATCH] Avoid unneded MPI reparsing
+
+Modify pgpPrtSig() to ignore the MPIs of a signature if its `tag`
+parameter is 0.  The only caller that sets `tag` to 0 is
+pgpPrtParamSubkeys() (via parseSubkeySig()), which does not actually
+check any cryptographic signatures.  The subkey binding signature has
+been checked earlier in pgpPrtParams().
+---
+ rpmio/rpmpgp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 22ac9c816..2b936619b 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -618,7 +618,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 
+ 	p = ((uint8_t *)v) + sizeof(*v);
+ 	_digp->data = p;
+-	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
++	rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0;
+     }	break;
+     case 4:
+     {   pgpPktSigV4 v = (pgpPktSigV4)h;
+@@ -680,7 +680,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	    return 1;
+ 
+ 	_digp->data = p;
+-	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
++	rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0;
+     }	break;
+     default:
+ 	rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version);
+-- 
+2.27.0
+

backport-Check-that-the-CRC-length-is-correct.patch

@@ -0,0 +1,27 @@
+From 1f03aba8b2881a5717af97065038fb056e02a2b3 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Thu, 3 Feb 2022 20:42:02 -0500
+Subject: [PATCH] Check that the CRC length is correct
+
+Also fix a memory leak in an error path.
+---
+ rpmio/rpmpgp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 015c15a5c..d1966d322 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1444,7 +1444,8 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
+ 
+ 	    crcdec = NULL;
+ 	    crclen = 0;
+-	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0) {
++	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0 || crclen != 3) {
++		crcdec = _free(crcdec);
+ 		ec = PGPARMOR_ERR_CRC_DECODE;
+ 		goto exit;
+ 	    }
+-- 
+2.27.0
+

backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch

@@ -0,0 +1,40 @@
+From 5bfb49d6b7539691d5ca4b81577082fe27036f24 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 25 Jan 2021 13:38:53 +0200
+Subject: [PATCH] Conditionalize macro traceback dump on rpm verbosity level
+
+Only dump out macro tracebacks in verbose mode, which incidentally
+rpmbuild normally runs in.
+
+Sadly our tracebacks are not as useful as they could be, but improving
+that is a separate topic...
+---
+ rpmio/macro.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/rpmio/macro.c b/rpmio/macro.c
+index a342b2403..6b53c6e2e 100644
+--- a/rpmio/macro.c
++++ b/rpmio/macro.c
+@@ -458,7 +458,6 @@ expandMacro(macroBuf mk, const char *src, size_t slen)
+ 	mbErr(mb, 1,
+ 		_("Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.\n"));
+ 	mb->depth--;
+-	mb->expand_trace = 1;
+ 	goto exit;
+     }
+ 
+@@ -471,7 +470,9 @@ expandMacro(macroBuf mk, const char *src, size_t slen)
+ 
+     mb->buf[mb->tpos] = '\0';
+     mb->depth--;
+-    if (mb->error != 0 || mb->expand_trace)
++    if (mb->error && rpmIsVerbose())
++	mb->expand_trace = 1;
++    if (mb->expand_trace)
+ 	printExpansion(mb, mb->buf+tpos, mb->buf+mb->tpos);
+     mb->macro_trace = store_macro_trace;
+     mb->expand_trace = store_expand_trace;
+-- 
+2.27.0
+

backport-Fix-OpenPGP-key-ID-parsing-regression.patch

@@ -0,0 +1,28 @@
+From 7f830132fe717d4b31c035bb3d08379451e3cd81 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Thu, 14 Apr 2022 15:38:11 -0400
+Subject: [PATCH] Fix OpenPGP key ID parsing regression
+
+This fixes a regression in 598a771d8b4f4f480d4990ccf59b978d537201dd,
+which caused RPM to parse key flags from a hashed key ID subpacket.  As
+a result, RPM would wrongly reject a signature that had both key ID and
+key usage flags subpackets in the hashed section.
+---
+ rpmio/rpmpgp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 93c1be2b5..ea3905bf8 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -323,6 +323,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
+ 		_digp->saved |= PGPDIG_SAVED_ID;
+ 		memcpy(_digp->signid, p+1, sizeof(_digp->signid));
+ 	    }
++	    break;
+ 	case PGPSUBTYPE_KEY_FLAGS: /* Key usage flags */
+ 	    /* Subpackets in the unhashed section cannot be trusted */
+ 	    if (!hashed)
+-- 
+2.27.0
+

backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch

@@ -0,0 +1,30 @@
+From 1a7de551a74d73f01eb40cb744c1dbba5faeb651 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 30 May 2022 14:24:45 +0300
+Subject: [PATCH] Fix changelog parsing affecting caller timezone state
+
+We meddle with TZ environ which then propagates to other values through
+mktime() implicitly calling tzset(), but that other data doesn't get
+reset by just restoring the TZ variable. Restore initial state by explicitly
+call tzset() after we're done with it.
+
+Fixes: #1821
+---
+ build/parseChangelog.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/build/parseChangelog.c b/build/parseChangelog.c
+index 65c0952a6..c59786f25 100644
+--- a/build/parseChangelog.c
++++ b/build/parseChangelog.c
+@@ -175,6 +175,7 @@ static int dateToTimet(const char * datestr, time_t * secs, int * date_words)
+ 	setenv("TZ", tz, 1);
+ 	free(tz);
+     }
++    tzset();
+ 
+     if (*secs == -1) goto exit;
+ 
+-- 
+2.27.0
+

backport-Fix-memory-leak-in-pgpPrtParams-2.patch

@@ -0,0 +1,25 @@
+From 10ac962bf2f71af927c8eaaea427135441663497 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Thu, 17 Mar 2022 03:16:59 -0400
+Subject: [PATCH] Fix memory leak in pgpPrtParams()
+
+Found by leak sanitizer on a fuzzed test case.
+---
+ rpmio/rpmpgp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index eb5701bc7..f9e265827 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1163,6 +1163,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+     rc = (digp && (p == pend) && expect == 0) ? 0 : -1;
+ 
+     free(all);
++    selfsig = pgpDigParamsFree(selfsig);
+     if (ret && rc == 0) {
+ 	*ret = digp;
+     } else {
+-- 
+2.27.0
+

backport-Fix-return-value-checks-in-OpenSSL-code.patch

@@ -0,0 +1,131 @@
+From 1ddaeddffa52f02db198417ebf73cb6c5d432250 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 7 Feb 2021 16:46:31 -0500
+Subject: [PATCH] Fix return value checks in OpenSSL code
+
+According to `man 3ssl` the only successful return value for
+EVP_PKEY_verify_init() is 1, and EVP_PKEY_CTX_set_rsa_padding() and
+EVP_PKEY_CTX_set_signature_md() can both return 0 or a negative number
+on failure or any positive number on success.  BN_bn2binpad() returns -1
+on error, but 0 (an empty key or signature) is also not valid.
+Therefore use != 1 to check the return value of EVP_PKEY_verify_init(),
+<= 0 to check the return values of the other three functions mentioned
+above.  Also delete a bunch of cruft.
+---
+ rpmio/digest_openssl.c | 55 +++++++++---------------------------------
+ 1 file changed, 12 insertions(+), 43 deletions(-)
+
+diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
+index 0cb781e57..20c272df8 100644
+--- a/rpmio/digest_openssl.c
++++ b/rpmio/digest_openssl.c
+@@ -450,7 +450,7 @@ static void pgpFreeSigRSA(pgpDigAlg pgpsig)
+ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
+                            uint8_t *hash, size_t hashlen, int hash_algo)
+ {
+-    int rc, ret;
++    int rc = 1; /* assume failure */
+     EVP_PKEY_CTX *pkey_ctx = NULL;
+     struct pgpDigSigRSA_s *sig = pgpsig->data;
+ 
+@@ -458,53 +458,32 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
+ 
+     struct pgpDigKeyRSA_s *key = pgpkey->data;
+ 
+-    if (!constructRSASigningKey(key)) {
+-        rc = 1;
++    if (!constructRSASigningKey(key))
+         goto done;
+-    }
+ 
+     pkey_ctx = EVP_PKEY_CTX_new(key->evp_pkey, NULL);
+-    if (!pkey_ctx) {
+-        rc = 1;
++    if (!pkey_ctx)
+         goto done;
+-    }
+ 
+-    ret = EVP_PKEY_verify_init(pkey_ctx);
+-    if (ret < 0) {
+-        rc = 1;
++    if (EVP_PKEY_verify_init(pkey_ctx) != 1)
+         goto done;
+-    }
+ 
+-    ret = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING);
+-    if (ret < 0) {
+-        rc = 1;
++    if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING) <= 0)
+         goto done;
+-    }
+ 
+-    ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo));
+-    if (ret < 0) {
+-        rc = 1;
++    if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)) <= 0)
+         goto done;
+-    }
+ 
+     int pkey_len = EVP_PKEY_size(key->evp_pkey);
+     padded_sig = xcalloc(1, pkey_len);
+-    if (!BN_bn2binpad(sig->bn, padded_sig, pkey_len)) {
+-        rc = 1;
++    if (BN_bn2binpad(sig->bn, padded_sig, pkey_len) <= 0)
+         goto done;
+-    }
+ 
+-    ret = EVP_PKEY_verify(pkey_ctx, padded_sig, pkey_len, hash, hashlen);
+-    if (ret == 1)
++    if (EVP_PKEY_verify(pkey_ctx, padded_sig, pkey_len, hash, hashlen) == 1)
+     {
+         /* Success */
+         rc = 0;
+     }
+-    else
+-    {
+-        /* Failure */
+-        rc = 1;
+-    }
+ 
+ done:
+     EVP_PKEY_CTX_free(pkey_ctx);
+@@ -735,32 +714,22 @@ static void pgpFreeSigDSA(pgpDigAlg pgpsig)
+ static int pgpVerifySigDSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
+                            uint8_t *hash, size_t hashlen, int hash_algo)
+ {
+-    int rc, ret;
++    int rc = 1; /* assume failure */
+     struct pgpDigSigDSA_s *sig = pgpsig->data;
+ 
+     struct pgpDigKeyDSA_s *key = pgpkey->data;
+ 
+-    if (!constructDSASigningKey(key)) {
+-        rc = 1;
++    if (!constructDSASigningKey(key))
+         goto done;
+-    }
+ 
+-    if (!constructDSASignature(sig)) {
+-        rc = 1;
++    if (!constructDSASignature(sig))
+         goto done;
+-    }
+ 
+-    ret = DSA_do_verify(hash, hashlen, sig->dsa_sig, key->dsa_key);
+-    if (ret == 1)
++    if (DSA_do_verify(hash, hashlen, sig->dsa_sig, key->dsa_key) == 1)
+     {
+         /* Success */
+         rc = 0;
+     }
+-    else
+-    {
+-        /* Failure */
+-        rc = 1;
+-    }
+ 
+ done:
+     return rc;
+-- 
+2.27.0
+

backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch

@@ -0,0 +1,104 @@
+From a9cca032a2b7c0c6bcacc6ab4ecd25c95cc75305 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 27 Mar 2022 12:49:07 -0400
+Subject: [PATCH] Ignore subkeys that cannot be used for signing
+
+This ensures that a signature is only accepted if the subkey that made
+it is actually allowed to sign.  Test 265 verifies that RPM ignores
+subkeys that cannot sign.
+
+A subkey is considered to be capable of signing if, and only if, its
+subkey binding signature has a hashed key flags subpacket that contains
+the flag 0x02.  RFC4880 requires that the subkey binding signature be
+v4, which this requirement enforces implicitly.  RFC4880 also requires
+that primary key binding signatures be present and checked.  This is not
+yet implemented, but may be implemented later.
+
+Fixes #1911.
+---
+ rpmio/rpmpgp.c     | 48 +++++++++++++++++++++++++++++++++++++++++++++-
+ tests/rpmsigdig.at |  2 --
+ 2 files changed, 47 insertions(+), 3 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 66837b18f..22ac9c816 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1117,6 +1117,31 @@ static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig,
+     return rc;
+ }
+ 
++static int parseSubkeySig(const struct pgpPkt *pkt, uint8_t tag,
++			  pgpDigParams *params_p) {
++    pgpDigParams params = *params_p = NULL; /* assume failure */
++
++    if (pkt->tag != PGPTAG_SIGNATURE)
++	goto fail;
++
++    params = pgpDigParamsNew(tag);
++
++    if (pgpPrtSig(tag, pkt->body, pkt->blen, params))
++	goto fail;
++
++    if (params->sigtype != PGPSIGTYPE_SUBKEY_BINDING &&
++	params->sigtype != PGPSIGTYPE_SUBKEY_REVOKE)
++    {
++	goto fail;
++    }
++
++    *params_p = params;
++    return 0;
++fail:
++    pgpDigParamsFree(params);
++    return -1;
++}
++
+ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ 		 pgpDigParams * ret)
+ {
+@@ -1238,7 +1263,28 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
+ 		pgpDigParamsFree(digps[count]);
+ 		continue;
+ 	    }
+-	    count++;
++
++	    pgpDigParams subkey_sig = NULL;
++	    if (decodePkt(p, pend - p, &pkt) ||
++	        parseSubkeySig(&pkt, 0, &subkey_sig))
++	    {
++		pgpDigParamsFree(digps[count]);
++		break;
++	    }
++
++	    /* Is the subkey revoked or incapable of signing? */
++	    int ignore = subkey_sig->sigtype != PGPSIGTYPE_SUBKEY_BINDING ||
++			 !((subkey_sig->saved & PGPDIG_SIG_HAS_KEY_FLAGS) &&
++			   (subkey_sig->key_flags & 0x02));
++	    if (ignore) {
++		pgpDigParamsFree(digps[count]);
++	    } else {
++		digps[count]->key_flags = subkey_sig->key_flags;
++		digps[count]->saved |= PGPDIG_SIG_HAS_KEY_FLAGS;
++		count++;
++	    }
++	    p += (pkt.body - pkt.head) + pkt.blen;
++	    pgpDigParamsFree(subkey_sig);
+ 	}
+     }
+     rc = (p == pend) ? 0 : -1;
+diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
+index 5d781d89f..ab9b47393 100644
+--- a/tests/rpmsigdig.at
++++ b/tests/rpmsigdig.at
+@@ -247,8 +247,6 @@ UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ==
+ gpg(rpm.org RSA testkey <rsa@rpm.org>) = 4:4344591e1964c5fc-58e63918
+ gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918
+ gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918
+-gpg(f00650f8) = 4:185e6146f00650f8-58e63918
+-gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918
+ ],
+ [])
+ AT_CLEANUP
+-- 
+2.27.0
+

backport-Make-rpmfiSetFX-return-code-meaningful.patch

@@ -0,0 +1,51 @@
+From 318efbaec80a90f1d9ac76d0cd433f6ea3c103fa Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 10 Feb 2022 10:07:06 +0200
+Subject: [PATCH] Make rpmfiSetFX() return code meaningful
+
+Up to now, rpmfiSetFX() has returned the previous file index on success,
+and -1 on error. Which seems okay on the outset, but on a just
+initialized iterator the file index is at -1 which means the returned
+-1 sometimes indicates an error and sometimes success. This is so broken
+that none of the callers even try to use it (grep for it). Which is
+lucky in the sense that it means we can change it.
+
+Simply return the newly set index on success and -1 on error, it may
+not be the greatest return code on earth but at least it's
+non-ambiguous.
+---
+ lib/rpmfi.c | 2 +-
+ lib/rpmfi.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/rpmfi.c b/lib/rpmfi.c
+index 30e073869..4965aeeeb 100644
+--- a/lib/rpmfi.c
++++ b/lib/rpmfi.c
+@@ -314,9 +314,9 @@ int rpmfiSetFX(rpmfi fi, int fx)
+     int i = -1;
+ 
+     if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {
+-	i = fi->i;
+ 	fi->i = fx;
+ 	fi->j = rpmfilesDI(fi->files, fi->i);
++	i = fi->i;
+     }
+     return i;
+ }
+diff --git a/lib/rpmfi.h b/lib/rpmfi.h
+index 989582bc3..52310c6fe 100644
+--- a/lib/rpmfi.h
++++ b/lib/rpmfi.h
+@@ -39,7 +39,7 @@ int rpmfiFX(rpmfi fi);
+  * Set current file index in file info set iterator.
+  * @param fi		file info set iterator
+  * @param fx		new file index
+- * @return		current file index
++ * @return		new file index, -1 on error
+  */
+ int rpmfiSetFX(rpmfi fi, int fx);
+ 
+-- 
+2.27.0
+

backport-Parse-key-usage-flags.patch

@@ -0,0 +1,77 @@
+From 598a771d8b4f4f480d4990ccf59b978d537201dd Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 27 Mar 2022 12:07:34 -0400
+Subject: [PATCH] Parse key usage flags
+
+RPM needs to know if a subkey can be used for signing.  Signatures made
+by a subkey that cannot be used for signing are invalid.  Add a
+key_flags member to pgpDigParams_s to store this information, and a
+PGPDIG_SIG_HAS_KEY_FLAGS flag to indicate that it is valid.  The key
+usage flags are reset for every signature.  Key usage flags in the
+unhashed section are ignored.  If there is more than one key usage flags
+subpacket in the hashed section, the signature is rejected.
+---
+ rpmio/digest.h |  2 ++
+ rpmio/rpmpgp.c | 12 +++++++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/rpmio/digest.h b/rpmio/digest.h
+index ec7f3392f..6a326d20e 100644
+--- a/rpmio/digest.h
++++ b/rpmio/digest.h
+@@ -27,6 +27,7 @@ struct pgpDigParams_s {
+     const uint8_t * data;
+     uint8_t tag;
+ 
++    uint8_t key_flags;		/*!< key usage flags */
+     uint8_t version;		/*!< version number. */
+     uint32_t time;		/*!< key/signature creation time. */
+     uint8_t pubkey_algo;		/*!< public key algorithm. */
+@@ -41,6 +42,7 @@ struct pgpDigParams_s {
+ #define	PGPDIG_SAVED_TIME	(1 << 0)
+ #define	PGPDIG_SAVED_ID		(1 << 1)
+ #define	PGPDIG_SIG_HAS_CREATION_TIME	(1 << 2)
++#define	PGPDIG_SIG_HAS_KEY_FLAGS	(1 << 3)
+ 
+     pgpDigAlg alg;
+ };
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 9b8503e27..66837b18f 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -500,6 +500,16 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
+ 		_digp->saved |= PGPDIG_SAVED_ID;
+ 		memcpy(_digp->signid, p+1, sizeof(_digp->signid));
+ 	    }
++	case PGPSUBTYPE_KEY_FLAGS: /* Key usage flags */
++	    /* Subpackets in the unhashed section cannot be trusted */
++	    if (!hashed)
++		break;
++	    /* Reject duplicate key usage flags */
++	    if (_digp->saved & PGPDIG_SIG_HAS_KEY_FLAGS)
++		return 1;
++	    _digp->saved |= PGPDIG_SIG_HAS_KEY_FLAGS;
++	    _digp->key_flags = plen >= 2 ? p[1] : 0;
++	    break;
+ 	case PGPSUBTYPE_EXPORTABLE_CERT:
+ 	case PGPSUBTYPE_TRUST_SIG:
+ 	case PGPSUBTYPE_REGEX:
+@@ -510,7 +521,6 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
+ 	case PGPSUBTYPE_PREFER_KEYSERVER:
+ 	case PGPSUBTYPE_PRIMARY_USERID:
+ 	case PGPSUBTYPE_POLICY_URL:
+-	case PGPSUBTYPE_KEY_FLAGS:
+ 	case PGPSUBTYPE_SIGNER_USERID:
+ 	case PGPSUBTYPE_REVOKE_REASON:
+ 	case PGPSUBTYPE_FEATURES:
+@@ -602,6 +612,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 
+     /* Reset the saved flags */
+     _digp->saved &= PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID;
++    _digp->key_flags = 0;
+ 
+     if (pgpVersion(h, hlen, &version))
+ 	return rc;
+-- 
+2.27.0
+

backport-Prevent-NULL-deref-in-rpmfsGetStates.patch

@@ -0,0 +1,25 @@
+From d747bf045ea20b0cb5813a83c13bdfb4ca424699 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Mon, 14 Mar 2022 14:20:56 +0100
+Subject: [PATCH] Prevent NULL deref in rpmfsGetStates()
+
+---
+ lib/rpmfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rpmfs.c b/lib/rpmfs.c
+index 84887a004..5f91cd28d 100644
+--- a/lib/rpmfs.c
++++ b/lib/rpmfs.c
+@@ -98,7 +98,7 @@ rpmfileState rpmfsGetState(rpmfs fs, unsigned int ix)
+ 
+ rpm_fstate_t * rpmfsGetStates(rpmfs fs)
+ {
+-    return fs->states;
++    return (fs != NULL) ? fs->states : NULL;
+ }
+ 
+ rpmFileAction rpmfsGetAction(rpmfs fs, unsigned int ix)
+-- 
+2.27.0
+

backport-Require-creation-time-to-be-unique-and-hashed.patch

@@ -0,0 +1,100 @@
+From 7e7266c9af883ce49b3516a5bd099d218e8e3fac Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sun, 6 Feb 2022 15:52:48 -0500
+Subject: [PATCH] Require creation time to be unique and hashed
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+According to RFC 4880 §5.2.3.4 the signature creation time MUST be a
+hashed subpacket.  Enforce this requirement in RPM.  Also set the saved
+flags to PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID |
+PGPDIG_SAVED_CREATION_TIME for v3 signatures, and do not overwrite an
+already saved key ID with one taken from a v3 signature.
+---
+ rpmio/digest.h |  4 +++-
+ rpmio/rpmpgp.c | 29 +++++++++++++++++++----------
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/rpmio/digest.h b/rpmio/digest.h
+index 3b72a2870..ec7f3392f 100644
+--- a/rpmio/digest.h
++++ b/rpmio/digest.h
+@@ -36,9 +36,11 @@ struct pgpDigParams_s {
+     uint32_t hashlen;
+     uint8_t signhash16[2];
+     pgpKeyID_t signid;
+-    uint8_t saved;
++    uint8_t saved;		/*!< Various flags.  `PGPDIG_SAVED_*` are never reset.
++				 * `PGPDIG_SIG_HAS_*` are reset for each signature. */
+ #define	PGPDIG_SAVED_TIME	(1 << 0)
+ #define	PGPDIG_SAVED_ID		(1 << 1)
++#define	PGPDIG_SIG_HAS_CREATION_TIME	(1 << 2)
+ 
+     pgpDigAlg alg;
+ };
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index f9e265827..02009000e 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -441,15 +441,15 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
+ 	    for (i = 1; i < plen; i++)
+ 		pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
+ 	    break;
+-	case PGPSUBTYPE_SIG_CREATE_TIME:
+-	    if (!(_digp->saved & PGPDIG_SAVED_TIME) &&
+-		(sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
+-	    {
+-		if (plen-1 != sizeof(_digp->time))
+-		    break;
+-		_digp->saved |= PGPDIG_SAVED_TIME;
++	case PGPSUBTYPE_SIG_CREATE_TIME:  /* signature creation time */
++	    if (plen-1 != sizeof(_digp->time))
++		break; /* other lengths not understood */
++	    if (_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME)
++		return 1; /* duplicate timestamps not allowed */
++	    if (!(_digp->saved & PGPDIG_SAVED_TIME))
+ 		_digp->time = pgpGrab(p+1, sizeof(_digp->time));
+-	    }
++	    _digp->saved |= PGPDIG_SAVED_TIME | PGPDIG_SIG_HAS_CREATION_TIME;
++	    break;
+ 	case PGPSUBTYPE_SIG_EXPIRE_TIME:
+ 	case PGPSUBTYPE_KEY_EXPIRE_TIME:
+ 	    pgpPrtTime(" ", p+1, plen-1);
+@@ -598,6 +598,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+     unsigned int plen;
+     int rc = 1;
+ 
++    /* Reset the saved flags */
++    _digp->saved &= PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID;
++
+     if (pgpVersion(h, hlen, &version))
+ 	return rc;
+ 
+@@ -625,8 +628,11 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	    _digp->hashlen = v->hashlen;
+ 	    _digp->sigtype = v->sigtype;
+ 	    _digp->hash = memcpy(xmalloc(v->hashlen), &v->sigtype, v->hashlen);
+-	    _digp->time = pgpGrab(v->time, sizeof(v->time));
+-	    memcpy(_digp->signid, v->signid, sizeof(_digp->signid));
++	    if (!(_digp->saved & PGPDIG_SAVED_TIME))
++		_digp->time = pgpGrab(v->time, sizeof(v->time));
++	    if (!(_digp->saved & PGPDIG_SAVED_ID))
++		memcpy(_digp->signid, v->signid, sizeof(_digp->signid));
++	    _digp->saved = PGPDIG_SAVED_TIME | PGPDIG_SIG_HAS_CREATION_TIME | PGPDIG_SAVED_ID;
+ 	    _digp->pubkey_algo = v->pubkey_algo;
+ 	    _digp->hash_algo = v->hash_algo;
+ 	    memcpy(_digp->signhash16, v->signhash16, sizeof(_digp->signhash16));
+@@ -664,6 +670,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	    return 1;
+ 	p += plen;
+ 
++	if (!(_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME))
++	    return 1; /* RFC 4880 §5.2.3.4 creation time MUST be hashed */
++
+ 	if (pgpGet(p, 2, h + hlen, &plen))
+ 	    return 1;
+ 	p += 2;
+-- 
+2.27.0
+

backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch

@@ -0,0 +1,52 @@
+From c145a6c86a1c30808006857e34dee4d398ce57c7 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 25 Jan 2021 12:18:27 +0200
+Subject: [PATCH] Revert "Redirect macro stack backtrace printing to debug
+ log."
+
+The rationale behind the change was to suppress the excessive output
+when trying to expand a recursive macro definition (RhBug:613010) but
+this is not so good as it effectively suppresses *all* backtrace output,
+include those requested by %trace where the other half is printed to
+stderr and the other half in the debug log because of the change.
+
+Besides making things consistent, this also avoids deadlock on
+`rpm -vv --eval '%trace'`.
+
+This reverts commit 7f220202f20c69d6f3fd957325cdbe692bbabedd.
+
+Fixes: #1418
+---
+ rpmio/macro.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/rpmio/macro.c b/rpmio/macro.c
+index 7993e9e5d..a342b2403 100644
+--- a/rpmio/macro.c
++++ b/rpmio/macro.c
+@@ -358,7 +358,7 @@ static void
+ printExpansion(MacroBuf mb, const char * t, const char * te)
+ {
+     if (!(te > t)) {
+-	rpmlog(RPMLOG_DEBUG, _("%3d<%*s(empty)\n"), mb->depth, (2 * mb->depth + 1), "");
++	fprintf(stderr, _("%3d<%*s(empty)\n"), mb->depth, (2 * mb->depth + 1), "");
+ 	return;
+     }
+ 
+@@ -374,10 +374,10 @@ printExpansion(MacroBuf mb, const char * t, const char * te)
+ 
+     }
+ 
+-    rpmlog(RPMLOG_DEBUG,"%3d<%*s", mb->depth, (2 * mb->depth + 1), "");
++    fprintf(stderr, "%3d<%*s", mb->depth, (2 * mb->depth + 1), "");
+     if (te > t)
+-	rpmlog(RPMLOG_DEBUG, "%.*s", (int)(te - t), t);
+-    rpmlog(RPMLOG_DEBUG, "\n");
++	fprintf(stderr, "%.*s", (int)(te - t), t);
++    fprintf(stderr, "\n");
+ }
+ 
+ #define	SKIPBLANK(_s, _c)	\
+-- 
+2.27.0
+

backport-rpm2archive-Add-more-error-handling.patch

@@ -0,0 +1,51 @@
+From f1634250587479d664b34b6de1a6546b2c2b9de5 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Mon, 18 Jan 2021 15:02:34 +0100
+Subject: [PATCH] rpm2archive: Add more error handling
+
+Cleanly error out if file can't be written instead of segfaulting
+
+Resolves: #1091
+---
+ rpm2archive.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/rpm2archive.c b/rpm2archive.c
+index 646f1663d..15c5da016 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -119,9 +119,14 @@ static int process_package(rpmts ts, char * filename)
+ 
+     /* create archive */
+     a = archive_write_new();
+-    archive_write_add_filter_gzip(a);
+-    archive_write_set_format_pax_restricted(a);
+-
++    if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
++	fprintf(stderr, "Error: Could not create gzip output filter\n");
++	exit(EXIT_FAILURE);
++    }
++    if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) {
++	fprintf(stderr, "Error: Format pax restricted is not supported\n");
++	exit(EXIT_FAILURE);
++    }
+     if (!strcmp(filename, "-")) {
+ 	if (isatty(STDOUT_FILENO)) {
+ 	    fprintf(stderr, "Error: refusing to output archive data to a terminal.\n");
+@@ -130,9 +135,11 @@ static int process_package(rpmts ts, char * filename)
+ 	archive_write_open_fd(a, STDOUT_FILENO);
+     } else {
+ 	char * outname = rstrscat(NULL, filename, ".tgz", NULL);
+-	archive_write_open_filename(a, outname);
++	if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
++	    fprintf(stderr, "Error: Can't open output file: %s\n", outname);
++	    exit(EXIT_FAILURE);
++	}
+ 	_free(outname);
+-	// XXX error handling
+     }
+ 
+     entry = archive_entry_new();
+-- 
+2.27.0
+

backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch

@@ -0,0 +1,49 @@
+From 98565f9ed227f5d7d8741c5b16d434e72685f0a1 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Mon, 18 Jan 2021 15:04:47 +0100
+Subject: [PATCH] rpm2archive: Use last part of URL as file name
+
+when getting a file from an URL. This prevents trying to write the file
+at the location of the full URL which fails most of the time.
+
+Related: #1091
+---
+ rpm2archive.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/rpm2archive.c b/rpm2archive.c
+index 15c5da016..d96db006e 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -7,7 +7,7 @@
+ #include <rpm/rpmtag.h>
+ #include <rpm/rpmio.h>
+ #include <rpm/rpmpgp.h>
+-
++#include <rpm/rpmurl.h>
+ #include <rpm/rpmts.h>
+ 
+ #include <archive.h>
+@@ -134,7 +134,18 @@ static int process_package(rpmts ts, char * filename)
+ 	}
+ 	archive_write_open_fd(a, STDOUT_FILENO);
+     } else {
+-	char * outname = rstrscat(NULL, filename, ".tgz", NULL);
++	char * outname;
++	if (urlIsURL(filename)) {
++	    const char * fname = strrchr(filename, '/');
++	    if (fname != NULL) {
++		fname++;
++	    } else {
++		fname = filename;
++	    }
++	    outname = rstrscat(NULL, fname, ".tgz", NULL);
++	} else {
++	    outname = rstrscat(NULL, filename, ".tgz", NULL);
++	}
+ 	if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
+ 	    fprintf(stderr, "Error: Can't open output file: %s\n", outname);
+ 	    exit(EXIT_FAILURE);
+-- 
+2.27.0
+

backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch

@@ -0,0 +1,35 @@
+From a18a11924a715ace4b2d8e101688d164390cb188 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 1 Jul 2022 14:44:11 +0200
+Subject: [PATCH] rpm2cpio.sh: Don't drop newlines from header sizes
+
+This script converts binary header sizes to decimal numbers. Shell is
+not that well suited for this task as it drops newlines at the end of
+command substitutions. Add a . character at the end and strip it right
+after that to avoid this problem.
+
+Resolves: rhbz#1983015
+---
+ scripts/rpm2cpio.sh | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index c1c505fc2..f77d5f8cd 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -27,7 +27,11 @@ calcsize() {
+ 
+ 	i=0
+ 	while [ $i -lt 8 ]; do
+-		b="$(_dd $(($offset + $i)) bs=1 count=1)"
++		# add . to not loose \n
++		# strip \0 as it gets dropped with warning otherwise
++		b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)"
++		b=${b%.}    # strip . again
++
+ 		[ -z "$b" ] &&
+ 			b="0" ||
+ 			b="$(exec printf '%u\n' "'$b")"
+-- 
+2.27.0
+

backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch

@@ -0,0 +1,27 @@
+From 8f922eb38a096640e586ba0eda96adc093b74fc4 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 3 Aug 2022 17:19:02 +0200
+Subject: [PATCH] rpm2cpio.sh: only read needed bytes of file magic
+
+As we look at the first 4 bytes anyway there is no reason to read more.
+Reading more also hits a bug in bash on aarch64 (rhbz#2115206).
+---
+ scripts/rpm2cpio.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index 74aeed851..cea0da21b 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -43,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in
++case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+-- 
+2.27.0
+

backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch

@@ -0,0 +1,35 @@
+From d499887c9261fdab4d03ea29316ea5e8fc646bd3 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 1 Jul 2022 14:49:09 +0200
+Subject: [PATCH] rpm2cpio.sh: strip null bytes with tr
+
+to avoid warnings
+---
+ scripts/rpm2cpio.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index f77d5f8cd..59e8bc518 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -43,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1)" in
++case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+@@ -54,7 +54,7 @@ sigsize=$rsize
+ calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
+ hdrsize=$rsize
+ 
+-case "$(_dd $offset bs=3 count=1)" in
++case "$(_dd $offset bs=3 count=1 | tr -d '\0')" in
+ 	"$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
+ 	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
+ 	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
+-- 
+2.27.0
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       39
+Release:       40
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -106,7 +106,6 @@ Patch92: backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch
 Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch
 Patch94: backport-Fix-memory-leak-in-decodePkts.patch
 Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch
-
 Patch96: backport-Ensure-database-creation-on-initial-installation.patch
 Patch97: backport-Honor-requested-file-permissions-when-creating-ndb-d.patch
 Patch98: backport-Fix-rpmtsInitDB-argument-confusion.patch
@@ -140,27 +139,49 @@ Patch121: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch
 Patch122: backport-treat-0-as-valid-file-descriptor.patch
 Patch123: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch
 Patch124: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch
+Patch125: backport-Check-that-the-CRC-length-is-correct.patch
+Patch126: backport-Make-rpmfiSetFX-return-code-meaningful.patch
+Patch127: backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
 
-Patch125: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
-Patch126: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
-Patch127: backport-Refactor-file-install-and-remove-around-a-common-str.patch
-Patch128: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
-Patch129: backport-Drop-unused-filename-variable.patch
-Patch130: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
-Patch131: backport-Handle-file-install-failures-more-gracefully.patch
-Patch132: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
-Patch133: backport-Make-file-open-and-close-in-fsm-debuggable.patch
-Patch134: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
-Patch135: backport-Add-diagnostics-to-archive-unpacking.patch
-Patch136: backport-Add-optional-callback-on-directory-changes-during-rp.patch
-Patch137: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
-Patch138: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
-Patch139: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
-Patch140: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
-Patch141: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
-Patch142: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
-Patch143: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
-Patch144: backport-0001-CVE-2021-35938.patch
+Patch128: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
+Patch129: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
+Patch130: backport-Refactor-file-install-and-remove-around-a-common-str.patch
+Patch131: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
+Patch132: backport-Drop-unused-filename-variable.patch
+Patch133: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
+Patch134: backport-Handle-file-install-failures-more-gracefully.patch
+Patch135: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
+Patch136: backport-Make-file-open-and-close-in-fsm-debuggable.patch
+Patch137: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
+Patch138: backport-Add-diagnostics-to-archive-unpacking.patch
+Patch139: backport-Add-optional-callback-on-directory-changes-during-rp.patch
+Patch140: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
+Patch141: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
+Patch142: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
+Patch143: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
+Patch144: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
+Patch145: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
+Patch146: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
+Patch147: backport-0001-CVE-2021-35938.patch
+
+Patch148: backport-rpm2archive-Add-more-error-handling.patch
+Patch149: backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch
+Patch150: backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch
+Patch151: backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch
+Patch152: backport-Prevent-NULL-deref-in-rpmfsGetStates.patch
+Patch153: backport-Fix-memory-leak-in-pgpPrtParams-2.patch
+Patch154: backport-Fix-return-value-checks-in-OpenSSL-code.patch
+Patch155: backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch
+Patch156: backport-Require-creation-time-to-be-unique-and-hashed.patch
+Patch157: backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch
+Patch158: backport-Parse-key-usage-flags.patch
+Patch159: backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch
+Patch160: backport-Avoid-unneded-MPI-reparsing.patch
+Patch161: backport-Fix-OpenPGP-key-ID-parsing-regression.patch
+Patch162: backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch
+Patch163: backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch
+Patch164: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch
+Patch165: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -444,6 +465,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Mon Nov 07 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-40
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync patches from upstream
+
 * Fri Nov 04 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-39
 - Type:bugfix
 - ID:NA