sync patches from upstream

backport-Check-file-iterator-for-being-NULL-consistently.patch

@@ -0,0 +1,61 @@
+From 470498bd5a51f8d98ae8e721beea58ef81c19a51 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 22 Sep 2021 16:10:53 +0200
+Subject: [PATCH] Check file iterator for being NULL consistently
+
+No point in allowing NULL only for one of the arguments.
+
+Thanks to ex0z3 (https://github.com/ex0z3) for reporting!
+
+Resolves: #1782
+---
+ lib/rpmfi.c | 13 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/lib/rpmfi.c b/lib/rpmfi.c
+index c6c9699f6..b67680c17 100644
+--- a/lib/rpmfi.c
++++ b/lib/rpmfi.c
+@@ -735,7 +735,7 @@ uint32_t rpmfilesFLinks(rpmfiles fi, int ix, const int ** files)
+ 
+ uint32_t rpmfiFLinks(rpmfi fi, const int ** files)
+ {
+-    return rpmfilesFLinks(fi->files, fi ? fi->i : -1, files);
++    return rpmfilesFLinks(fi ? fi->files : NULL, fi ? fi->i : -1, files);
+ }
+ 
+ uint32_t rpmfilesFNlink(rpmfiles fi, int ix)
+@@ -1862,17 +1862,17 @@ const char * rpmfiOFN(rpmfi fi)
+ 
+ const unsigned char * rpmfiFDigest(rpmfi fi, int *algo, size_t *len)
+ {
+-    return rpmfilesFDigest(fi->files, fi ? fi->i : -1, algo, len);
++    return rpmfilesFDigest(fi ? fi->files : NULL, fi ? fi->i : -1, algo, len);
+ }
+ 
+ const unsigned char * rpmfiFSignature(rpmfi fi, size_t *len)
+ {
+-    return rpmfilesFSignature(fi->files, fi ? fi->i : -1, len);
++    return rpmfilesFSignature(fi ? fi->files : NULL, fi ? fi->i : -1, len);
+ }
+ 
+ uint32_t rpmfiFDepends(rpmfi fi, const uint32_t ** fddictp)
+ {
+-    return rpmfilesFDepends(fi->files,  fi ? fi->i : -1, fddictp);
++    return rpmfilesFDepends(fi ? fi->files : NULL,  fi ? fi->i : -1, fddictp);
+ }
+ 
+ int rpmfiStat(rpmfi fi, int flags, struct stat *sb)
+@@ -1983,7 +1983,8 @@ int rpmfiStat(rpmfi fi, int flags, struct stat *sb)
+ 
+ int rpmfiCompare(const rpmfi afi, const rpmfi bfi)
+ {
+-    return rpmfilesCompare(afi->files, afi ? afi->i : -1, bfi->files, bfi ? bfi->i : -1);
++    return rpmfilesCompare(afi ? afi->files : NULL, afi ? afi->i : -1,
++			   bfi ? bfi->files : NULL, bfi ? bfi->i : -1);
+ }
+ 
+ rpmVerifyAttrs rpmfiVerify(rpmfi fi, rpmVerifyAttrs omitMask)
+-- 
+2.27.0
+

backport-Close-file-before-replacing-signed.patch

@@ -0,0 +1,27 @@
+From 9b4c50dd67c337f2d3c927cdd01ae4433bb08b61 Mon Sep 17 00:00:00 2001
+From: Evgeniy Taishev <e.taishev@omp.ru>
+Date: Mon, 17 Jan 2022 22:07:13 +0300
+Subject: [PATCH] Close file before replacing signed
+
+---
+ sign/rpmgensig.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index e88f9b748..b8c68cee9 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -695,6 +695,10 @@ static int rpmSign(const char *rpm, int deleting, int flags)
+ 	if (copyFile(&fd, rpm, &ofd, trpm) == 0) {
+ 	    struct stat st;
+ 
++	    /* File must be closed before deletion due to different file locking in some file systems*/
++	    if (fd) (void) closeFile(&fd);
++	    if (ofd) (void) closeFile(&ofd);
++
+ 	    /* Move final target into place, restore file permissions. */
+ 	    if (stat(rpm, &st) == 0 && unlink(rpm) == 0 &&
+ 			rename(trpm, rpm) == 0 && chmod(rpm, st.st_mode) == 0) {
+-- 
+2.27.0
+

backport-Don-t-segfault-on-missing-priority-tag.patch

@@ -0,0 +1,39 @@
+From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 20 Aug 2021 15:14:16 +0200
+Subject: [PATCH] Don't segfault on missing priority tag
+
+Resolves: #1636
+Related: #1638
+---
+ lib/rpmtriggers.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
+index fc809a65e..d541974e8 100644
+--- a/lib/rpmtriggers.c
++++ b/lib/rpmtriggers.c
+@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
+ 	if (matchFunc(ts, te, pfx, sense)) {
+ 	    for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) {
+ 		struct rpmtd_s priorities;
+-		unsigned int priority;
++		unsigned int priority = 0;
++		unsigned int *priority_ptr;
+ 		unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i);
+ 		unsigned int tix = rpmdbIndexIteratorTagNum(ii, i);
+ 
+@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
+ 		trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset);
+ 		headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM);
+ 		rpmtdSetIndex(&priorities, tix);
+-		priority = *rpmtdGetUint32(&priorities);
++		priority_ptr = rpmtdGetUint32(&priorities);
++		if (priority_ptr)
++		    priority = *priority_ptr;
+ 		headerFree(trigH);
+ 
+ 		/* Store file trigger in array */
+-- 
+2.27.0
+

backport-Ensure-database-creation-on-initial-installation.patch

@@ -0,0 +1,47 @@
+From 86f593d5135b00a9dbf7dc6d5efc8b341002aa08 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 16 Apr 2021 14:06:00 +0300
+Subject: [PATCH] Ensure database creation on initial installation
+
+Disabling implicit database creation on read-only handles in commit
+afbc2b07839c9ffe9f274f3a4bc2395c76d65472 broke number of handy
+use-cases such as install to an empty chroot directory, both with
+rpm itself and dnf/yum at least, probably others too.
+
+This minimally resurrects the desired part of the behavior: if people are
+asking us to install something, creating a missing database is probably
+okay to create without requiring an explicit --initdb action first.
+It'll still spit some ugly errors from trying to load the keyring but
+at least it'll work. The harmless errors we can try to deal with
+separately later on.
+---
+ lib/depends.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/depends.c b/lib/depends.c
+index 28a4a784d..ed5994290 100644
+--- a/lib/depends.c
++++ b/lib/depends.c
+@@ -4,6 +4,8 @@
+ 
+ #include "system.h"
+ 
++#include <fcntl.h>
++
+ #include <rpm/rpmlib.h>		/* rpmVersionCompare, rpmlib provides */
+ #include <rpm/rpmtag.h>
+ #include <rpm/rpmlog.h>
+@@ -414,6 +416,10 @@ static int addPackage(rpmts ts, Header h,
+     if (isSource)
+ 	op = RPMTE_INSTALL;
+ 
++    /* Ensure database creation on initial installs */
++    if (!isSource && rpmtsGetDBMode(ts) == O_RDONLY)
++	rpmtsSetDBMode(ts, (O_RDWR|O_CREAT));
++
+     /* Do lazy (readonly?) open of rpm database for upgrades. */
+     if (op != RPMTE_INSTALL && rpmtsGetRdb(ts) == NULL && rpmtsGetDBMode(ts) != -1) {
+ 	if ((ec = rpmtsOpenDB(ts, rpmtsGetDBMode(ts))) != 0)
+-- 
+2.27.0
+

backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch

@@ -0,0 +1,25 @@
+From 989d7c593c7ab12e17ea8f486856bafac6a1ae37 Mon Sep 17 00:00:00 2001
+From: Peter Pentchev <roam@ringlet.net>
+Date: Sat, 27 Nov 2021 00:43:41 +0200
+Subject: [PATCH] Fix __cplusplus misspelled as _cplusplus.
+
+---
+ sign/rpmsignfiles.h  | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/sign/rpmsignfiles.h b/sign/rpmsignfiles.h
+index 2ff623cdf..a21a00612 100644
+--- a/sign/rpmsignfiles.h
++++ b/sign/rpmsignfiles.h
+@@ -19,7 +19,7 @@ extern "C" {
+ RPM_GNUC_INTERNAL
+ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass);
+ 
+-#ifdef _cplusplus
++#ifdef __cplusplus
+ }
+ #endif
+ 
+-- 
+2.27.0
+

backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch

@@ -0,0 +1,26 @@
+From 5c5cd9f30b31f0255a484f7d2e3f9cfacc0ec3bf Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 15 Dec 2021 10:01:41 +0200
+Subject: [PATCH] Fix a memleak in ndb from opened but not closed dbis.
+
+Fixes: #1861
+---
+ lib/backend/ndb/glue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c
+index 7ba3056be..d528ebcea 100644
+--- a/lib/backend/ndb/glue.c
++++ b/lib/backend/ndb/glue.c
+@@ -77,7 +77,7 @@ static int ndb_Close(dbiIndex dbi, unsigned int flags)
+     }
+     if (rdb->db_dbenv)
+ 	closeEnv(rdb);
+-    dbi->dbi_db = 0;
++    dbiFree(dbi);
+     return 0;
+ }
+ 
+-- 
+2.27.0
+

backport-Fix-hash-context-leak.patch

@@ -0,0 +1,34 @@
+From 6e9531430d70fe80b67782ed57f1526aec9ed711 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@sequoia-pgp.org>
+Date: Thu, 28 Oct 2021 13:32:22 +0200
+Subject: [PATCH] Fix hash context leak
+
+The hash context is duplicated unconditionally, but there is an
+execution path exiting the function without it being finalized.
+---
+ rpmio/rpmpgp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 861f6704c..1e4f66782 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1310,6 +1310,7 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)
+     }
+ 
+     rpmDigestFinal(ctx, (void **)&hash, &hashlen, 0);
++    ctx = NULL;
+ 
+     /* Compare leading 16 bits of digest for quick check. */
+     if (hash == NULL || memcmp(hash, sig->signhash16, 2) != 0)
+@@ -1333,6 +1334,7 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)
+ 
+ exit:
+     free(hash);
++    rpmDigestFinal(ctx, NULL, NULL, 0);
+     return res;
+ 
+ }
+-- 
+2.27.0
+

backport-Fix-hashlen-overflow.patch

@@ -0,0 +1,46 @@
+From 3f142b210ae0c01e1b21c2c057b12db574386e7a Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@sequoia-pgp.org>
+Date: Wed, 27 Oct 2021 09:51:13 +0200
+Subject: [PATCH] Fix hashlen overflow
+
+struct pgpDigParams_s keeps a copy of the verbatim key material for
+hashing.  The length of this data is kept in 'hashlen' which
+previously was a uint8_t.  However, the size of the signature's hashed
+subpacket area can be up to 2^16 bytes, and one needs to hash some of
+the signature packet's fields on top of that.
+
+Hence, 'hashlen' must be at least a uint32_t.
+
+This overflow happens in practice as soon as the signature's hashed
+subpacket area contains an embedded signature.  See section 11.1 of
+RFC4880:
+
+   Each Subkey packet MUST be followed by one Signature packet, which
+   should be a subkey binding signature issued by the top-level key.
+   For subkeys that can issue signatures, the subkey binding signature
+   MUST contain an Embedded Signature subpacket with a primary key
+   binding signature (0x19) issued by the subkey on the top-level key.
+
+While the embedded signature may be in the unhashed subpacket area
+because it is self-authenticating, it is more robust to put it in the
+hashed area.
+---
+ rpmio/digest.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpmio/digest.h b/rpmio/digest.h
+index 690d17619..3b72a2870 100644
+--- a/rpmio/digest.h
++++ b/rpmio/digest.h
+@@ -33,7 +33,7 @@ struct pgpDigParams_s {
+ 
+     uint8_t hash_algo;
+     uint8_t sigtype;
+-    uint8_t hashlen;
++    uint32_t hashlen;
+     uint8_t signhash16[2];
+     pgpKeyID_t signid;
+     uint8_t saved;
+-- 
+2.27.0
+

backport-Fix-memory-leak-in-pgpPrtParams.patch

@@ -0,0 +1,38 @@
+From b6dffb6dc5ffa2ddc389743f0507876cab341315 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 7 Jan 2022 16:10:26 +0100
+Subject: [PATCH] Fix memory leak in pgpPrtParams()
+
+Make sure selfsig is freed in case we break out of the loop in this
+block.
+
+Note that the tests added with the binding validation commit bd36c5d do
+not cover this code path so valgrind won't show this.
+---
+ rpmio/rpmpgp.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 1e4f66782..35603286f 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1147,12 +1147,11 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ 
+ 	if (selfsig) {
+ 	    /* subkeys must be followed by binding signature */
+-	    if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
+-		if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
+-		    break;
+-	    }
++	    int xx = 1; /* assume failure */
+ 
+-	    int xx = pgpVerifySelf(digp, selfsig, all, i);
++	    if (!(prevtag == PGPTAG_PUBLIC_SUBKEY &&
++		  selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING))
++		xx = pgpVerifySelf(digp, selfsig, all, i);
+ 
+ 	    selfsig = pgpDigParamsFree(selfsig);
+ 	    if (xx)
+-- 
+2.27.0
+

backport-Fix-old-Python-ts.check-argument-order-regression.patch

@@ -0,0 +1,32 @@
+From f0c158cbc8a50a776b44de2c0fe744c451155a41 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 4 Jan 2022 15:57:10 +0200
+Subject: [PATCH] Fix old Python ts.check() argument order regression
+
+Commit fab2debfe440d677dbd072c3cd73d2c99876e7a5 managed to mess up the
+order of the last two callback arguments, doh.
+
+Goes to show that nobody has missed this stuff in 12+ years, so it might
+be more merciful to put this thing out of its misery...
+
+Fixes: #1871
+---
+ python/rpm/transaction.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py
+index 991fd9a91..ba39881f1 100644
+--- a/python/rpm/transaction.py
++++ b/python/rpm/transaction.py
+@@ -159,7 +159,7 @@ class TransactionSet(TransactionSetCore):
+                 needver = ""
+ 
+             res.append(((n, v, r),
+-                        (needname, needver), needflags, sense, p.key))
++                        (needname, needver), needflags, p.key, sense))
+ 
+         return res
+ 
+-- 
+2.27.0
+

backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch

@@ -0,0 +1,39 @@
+From 1c15d748d3536a21b6edbbf9254db76fefb4b275 Mon Sep 17 00:00:00 2001
+From: Dmitry Gerasimov <d.gerasimov@omp.ru>
+Date: Mon, 27 Dec 2021 12:27:57 +0300
+Subject: [PATCH] Fix possible NULL pointer dereference in rpmfcClassify
+
+Here is simplified overview of possible dereference:
+
+        if (fc == NULL) {
+            rpmlog(RPMLOG_ERR, _("Empty file classifier\n"));
+            goto exit;
+        }
+
+        // ...
+
+    exit:
+        rpmstrPoolFreeze(fc->cdict, 0);
+                         ~~~~~~~~~
+
+This issue was found by Svace Static Analyzer.
+---
+ build/rpmfc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/build/rpmfc.c b/build/rpmfc.c
+index eb51a3663..cf2c20316 100644
+--- a/build/rpmfc.c
++++ b/build/rpmfc.c
+@@ -1168,7 +1168,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
+ 
+     if (fc == NULL) {
+ 	rpmlog(RPMLOG_ERR, _("Empty file classifier\n"));
+-	goto exit;
++	return RPMRC_FAIL;
+     }
+ 
+     /* It is OK when we have no files to classify. */
+-- 
+2.27.0
+

backport-Fix-rpmtsInitDB-argument-confusion.patch

@@ -0,0 +1,70 @@
+From 6e6be7d6ebd5e85c5c8ee7474b476c1038d07af8 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 2 Feb 2021 14:00:32 +0200
+Subject: [PATCH] Fix rpmtsInitDB() argument confusion
+
+Since it's introduction, rpmtsInitDB() has passed the second argument
+directly to rpmdbInit() as permission bits. However commit
+81fef9848051e5068694cde9b3c2be743d5a93e1 incorrectly documented this
+as being related to the db mode read/write *mode*, and also used it
+that way in the python bindings.
+---
+ lib/rpmts.c       | 4 ++--
+ lib/rpmts.h       | 5 ++---
+ python/rpmts-py.c | 2 +-
+ 3 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/lib/rpmts.c b/lib/rpmts.c
+index 8c8ae420a..8a6683f9a 100644
+--- a/lib/rpmts.c
++++ b/lib/rpmts.c
+@@ -104,12 +104,12 @@ int rpmtsOpenDB(rpmts ts, int dbmode)
+     return rc;
+ }
+ 
+-int rpmtsInitDB(rpmts ts, int dbmode)
++int rpmtsInitDB(rpmts ts, int perms)
+ {
+     rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE);
+     int rc = -1;
+     if (txn)
+-	    rc = rpmdbInit(ts->rootDir, dbmode);
++	    rc = rpmdbInit(ts->rootDir, perms);
+     rpmtxnEnd(txn);
+     return rc;
+ }
+diff --git a/lib/rpmts.h b/lib/rpmts.h
+index e04d9e5e2..eca179009 100644
+--- a/lib/rpmts.h
++++ b/lib/rpmts.h
+@@ -272,12 +272,11 @@ int rpmtsOpenDB(rpmts ts, int dbmode);
+ 
+ /** \ingroup rpmts
+  * Initialize the database used by the transaction.
+- * @deprecated An explicit rpmdbInit() is almost never needed.
+  * @param ts		transaction set
+- * @param dbmode	O_RDONLY or O_RDWR
++ * @param perms		database permissions (ie mode bits)
+  * @return		0 on success
+  */
+-int rpmtsInitDB(rpmts ts, int dbmode);
++int rpmtsInitDB(rpmts ts, int perms);
+ 
+ /** \ingroup rpmts
+  * Return the transaction database mode
+diff --git a/python/rpmts-py.c b/python/rpmts-py.c
+index 27caa0388..4aae43712 100644
+--- a/python/rpmts-py.c
++++ b/python/rpmts-py.c
+@@ -347,7 +347,7 @@ rpmts_InitDB(rpmtsObject * s)
+ {
+     int rc;
+ 
+-    rc = rpmtsInitDB(s->ts, O_RDONLY);
++    rc = rpmtsInitDB(s->ts, 0644);
+     if (rc == 0)
+ 	rc = rpmtsCloseDB(s->ts);
+ 
+-- 
+2.27.0
+

backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch

@@ -0,0 +1,35 @@
+From 3aa1abc4cabaa77bd9d3d05064466990d7e68a59 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 18 Nov 2021 11:53:17 +0200
+Subject: [PATCH] Fix some Lua stack leaks in our initialization code
+
+---
+ rpmio/rpmlua.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index 8459cd874..6ad9119a5 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -131,14 +131,18 @@ rpmlua rpmluaNew()
+ 
+     for (lib = extlibs; lib->name; lib++) {
+ 	luaL_requiref(L, lib->name, lib->func, 1);
++	lua_pop(L, 1);
+     }
+     lua_pushcfunction(L, rpm_print);
+     lua_setglobal(L, "print");
+ 
+     lua_getglobal(L, "os");
+     luaL_setfuncs(L, os_overrides, 0);
++    lua_pop(L, 1);
++
+     lua_getglobal(L, "posix");
+     luaL_setfuncs(L, posix_overrides, 0);
++    lua_pop(L, 1);
+ 
+     lua_getglobal(L, "package");
+     lua_pushfstring(L, "%s/%s", rpmConfigDir(), "/lua/?.lua");
+-- 
+2.27.0
+

backport-Fix-use-after-free-in-haveSignature.patch

@@ -0,0 +1,33 @@
+From ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 7 Jan 2022 13:57:24 +0100
+Subject: [PATCH] Fix use-after-free in haveSignature()
+
+pgpPrtParams() may leave sig2 unchanged and if we're not in the very
+first iteration of the while() loop, we could pass a freed pointer to
+pgpDigParamsCmp().  Fix by setting it to NULL after freeing.
+
+Found by Coverity, after commit bd36c5d (subkey binding validation),
+although note that the commit didn't introduce this bug; it just seems
+to have been a false negative that got "fixed" by the changes in
+pgpPrtParams() in that commit.
+---
+ sign/rpmgensig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index d8c84e937..e88f9b748 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -364,7 +364,7 @@ static int haveSignature(rpmtd sigtd, Header h)
+ 	pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2);
+ 	if (pgpDigParamsCmp(sig1, sig2) == 0)
+ 	    rc = 1;
+-	pgpDigParamsFree(sig2);
++	sig2 = pgpDigParamsFree(sig2);
+     }
+     pgpDigParamsFree(sig1);
+     rpmtdFreeData(&oldtd);
+-- 
+2.27.0
+

backport-Honor-requested-file-permissions-when-creating-ndb-d.patch

@@ -0,0 +1,55 @@
+From 77062e68f8675a678a6d136b85fbe1dd2bdb75f1 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 2 Feb 2021 14:26:48 +0200
+Subject: [PATCH] Honor requested file permissions when creating ndb database
+ files
+
+Prior to this, ndb files were using hardcoded 0666 permissions whereas
+rpm generally defaults to 0644.
+---
+ lib/backend/ndb/glue.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c
+index a1599d8fa..96ab88679 100644
+--- a/lib/backend/ndb/glue.c
++++ b/lib/backend/ndb/glue.c
+@@ -129,13 +129,13 @@ static int ndb_Open(rpmdb rdb, rpmDbiTagVal rpmtag, dbiIndex * dbip, int flags)
+ 	char *path = rstrscat(NULL, dbhome, "/", rdb->db_ops->path, NULL);
+ 	rpmlog(RPMLOG_DEBUG, "opening  db index       %s mode=0x%x\n", path, rdb->db_mode);
+ 	if ((rdb->db_flags & RPMDB_FLAG_SALVAGE) == 0)
+-	    rc = rpmpkgOpen(&pkgdb, path, oflags, 0666);
++	    rc = rpmpkgOpen(&pkgdb, path, oflags, rdb->db_perms);
+ 	else
+ 	    rc = rpmpkgSalvage(&pkgdb, path);
+  	if (rc && errno == ENOENT && (rdb->db_flags & RPMDB_FLAG_SALVAGE) == 0) {
+ 	    oflags = O_RDWR|O_CREAT;
+ 	    dbi->dbi_flags |= DBI_CREATED;
+-	    rc = rpmpkgOpen(&pkgdb, path, oflags, 0666);
++	    rc = rpmpkgOpen(&pkgdb, path, oflags, rdb->db_perms);
+ 	}
+ 	if (rc) {
+ 	    perror("rpmpkgOpen");
+@@ -161,16 +161,16 @@ static int ndb_Open(rpmdb rdb, rpmDbiTagVal rpmtag, dbiIndex * dbip, int flags)
+ 
+ 	    /* Open indexes readwrite if possible */
+ 	    ioflags = O_RDWR;
+-	    rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666);
++	    rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms);
+ 	    if (rc && (errno == EACCES || errno == EROFS)) {
+ 		/* If it is not asked for rw explicitly, try to open ro */
+ 		if (!(oflags & O_RDWR)) {
+ 		    ioflags = O_RDONLY;
+-		    rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666);
++		    rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms);
+ 		}
+ 	    } else if (rc && errno == ENOENT) {
+ 		ioflags = O_CREAT|O_RDWR;
+-		rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666);
++		rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms);
+ 		created = 1;
+ 	    }
+ 	    if (rc) {
+-- 
+2.27.0
+

backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch

@@ -0,0 +1,32 @@
+From 26bb41e1cb7f7836302b3555cff8f20f9fc19188 Mon Sep 17 00:00:00 2001
+From: licunlong1 <licunlong1@huawei.com>
+Date: Thu, 21 Oct 2021 21:29:25 +0800
+Subject: [PATCH] don not skip abnormal files
+
+This reverts 2d52726bd55f008ea23262c2a3a31ae689cd2af4, as when removing
+the same file of different archs, if the file state is WRONGCOLOR, it
+sets the action to `skip`. This will result in some elf files left over.
+
+---
+ lib/transaction.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/transaction.c b/lib/transaction.c
+index e51cff2..57f7e4a 100644
+--- a/lib/transaction.c
++++ b/lib/transaction.c
+@@ -673,10 +673,8 @@ assert(otherFi != NULL);
+ 	    }
+ 	    if (XFA_SKIPPING(rpmfsGetAction(fs, i)))
+ 		break;
+-	    if (rpmfilesFState(fi, i) != RPMFILE_STATE_NORMAL) {
+-		rpmfsSetAction(fs, i, FA_SKIP);
++	    if (rpmfilesFState(fi, i) != RPMFILE_STATE_NORMAL)
+ 		break;
+-	    }
+ 		
+ 	    /* Pre-existing modified config files need to be saved. */
+ 	    if (rpmfilesConfigConflict(fi, i)) {
+-- 
+2.27.0
+

backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch

@@ -0,0 +1,39 @@
+From d41143cb5f6d88eb6e8bd999ad5ea2992bfb10f7 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 18 Nov 2021 13:38:20 +0200
+Subject: [PATCH] Simplify rpm_print(), fixing a Lua stack leak as a bonus
+
+Rather than laborously call tostring() in Lua, use the C-side equivalent
+of luaL_tostring(). This was new as of Lua 5.2, which explains why the
+original version from 2004 did things the hard way.
+
+Also fixes a stack leak from not popping "tostring" function after use.
+---
+ rpmio/rpmlua.c | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index 6ad9119a5..74023071a 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -688,16 +688,9 @@ static int rpm_print (lua_State *L)
+     int n = lua_gettop(L);  /* number of arguments */
+     int i;
+     if (!lua) return 0;
+-    lua_getglobal(L, "tostring");
+     for (i = 1; i <= n; i++) {
+-	const char *s;
+ 	size_t sl;
+-	lua_pushvalue(L, -1);  /* function to be called */
+-	lua_pushvalue(L, i);   /* value to print */
+-	lua_call(L, 1, 1);
+-	s = lua_tolstring(L, -1, &sl);  /* get result */
+-	if (s == NULL)
+-	    return luaL_error(L, "`tostring' must return a string to `print'");
++	const char *s = luaL_tolstring(L, i, &sl);
+ 	if (lua->printbuf) {
+ 	    rpmluapb prbuf = lua->printbuf;
+ 	    if (prbuf->used+sl+1 > prbuf->alloced) {
+-- 
+2.27.0
+

backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch

@@ -0,0 +1,40 @@
+From ed07a187734addfa16be9ee922398e4ff9859f53 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Tue, 7 Dec 2021 08:08:37 +0100
+Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662)
+
+If a package contains a symlink in the buildroot which is declared as a
+ghost or config file but is a regular file or directory on the system
+where it's installed, a --setperms call will reset its permissions to
+those of a symlink (777 on Linux), which almost certainly is not the
+correct thing to do.
+
+To fix that, just skip files that were recorded as symlinks.
+
+This is a special case of a general issue in --setperms; since file
+permission semantics may change depending on the file type, to stay on
+the safe side, any (ghost or config) file whose type changes after
+installation should probably be skipped.  However, symlinks are the most
+prominent case here, so let's just focus on that now and avoid adding
+too much cleverness to a popt alias (this got us into trouble not too
+long ago, see commits 38c2f6e and 0d83637).  We may revisit this in the
+eventual C implementation.
+---
+ rpmpopt.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmpopt.in b/rpmpopt.in
+index 27d298651..d5a6b140b 100644
+--- a/rpmpopt.in
++++ b/rpmpopt.in
+@@ -44,6 +44,7 @@ rpm	alias --scripts --qf '\
+ 	--POPTdesc=$"list install/erase scriptlets from package(s)"
+ 
+ rpm	alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
++        \[ -n %{FILELINKTOS:shescape} \] || \
+         ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
+         chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
+ 		   --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
+-- 
+2.27.0
+

backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch

@@ -0,0 +1,57 @@
+From a34bf5bdf601d6d0ae5d28193090a29b9ef12600 Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Mon, 22 Nov 2021 11:12:20 +0100
+Subject: [PATCH] Switch the floating point type in rpmhook from float to
+ double
+
+There's no real reason why it should be float. Plus, the test if
+the number is an integer does not work for big integers that
+do not fit into a float.
+---
+ rpmio/rpmhook.c | 2 +-
+ rpmio/rpmhook.h | 2 +-
+ rpmio/rpmlua.c  | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/rpmio/rpmhook.c b/rpmio/rpmhook.c
+index 9fe2a21f7..119798313 100644
+--- a/rpmio/rpmhook.c
++++ b/rpmio/rpmhook.c
+@@ -187,7 +187,7 @@ static rpmhookArgs rpmhookArgsParse(const char *argt, va_list ap)
+ 		args->argv[i].i = va_arg(ap, int);
+ 		break;
+ 	    case 'f':
+-		args->argv[i].f = (float)va_arg(ap, double);
++		args->argv[i].f = va_arg(ap, double);
+ 		break;
+ 	    case 'p':
+ 		args->argv[i].p = va_arg(ap, void *);
+diff --git a/rpmio/rpmhook.h b/rpmio/rpmhook.h
+index 52f5634ca..842c12646 100644
+--- a/rpmio/rpmhook.h
++++ b/rpmio/rpmhook.h
+@@ -4,7 +4,7 @@
+ typedef union {
+     const char * s;
+     int i;
+-    float f;
++    double f;
+     void * p;
+ } rpmhookArgv;
+ 
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index fe2e51361..c5bdf4293 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -873,7 +873,7 @@ static int rpm_call(lua_State *L)
+ 		    args->argv[i].p = NULL;
+ 		    break;
+ 		case LUA_TNUMBER: {
+-		    float f = (float)lua_tonumber(L, i+1);
++		    double f = (double)lua_tonumber(L, i+1);
+ 		    if (f == (int)f) {
+ 			argt[i] = 'i';
+ 			args->argv[i].i = (int)f;
+-- 
+2.27.0
+

backport-rpmkeys-exit-non-zero-on-I-O-errors.patch

@@ -0,0 +1,53 @@
+From fc8386be36a32f8462a0d16a2dd3e5e18f7fbc2d Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Mon, 12 Apr 2021 11:30:51 -0400
+Subject: [PATCH] rpmkeys: exit non-zero on I/O errors
+
+If writing to stdout or stderr fails, rpmkeys should exit with a
+non-zero status code.
+---
+ rpmkeys.c          |  4 ++++
+ tests/rpmsigdig.at | 13 +++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/rpmkeys.c b/rpmkeys.c
+index 542601c87..2c304de20 100644
+--- a/rpmkeys.c
++++ b/rpmkeys.c
+@@ -86,5 +86,9 @@ int main(int argc, char *argv[])
+ exit:
+     rpmtsFree(ts);
+     rpmcliFini(optCon);
++    fflush(stderr);
++    fflush(stdout);
++    if (ferror(stdout) || ferror(stderr))
++	return 255; /* I/O error */
+     return ec;
+ }
+diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
+index c8b9f139e..429163e3d 100644
+--- a/tests/rpmsigdig.at
++++ b/tests/rpmsigdig.at
+@@ -24,6 +24,19 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i38
+ [])
+ AT_CLEANUP
+ 
++# ------------------------------
++# Test rpmkeys write errors
++AT_SETUP([[rpmkeys -K no space left on stdout]])
++AT_KEYWORDS([rpmkeys digest])
++AT_CHECK([
++RPMDB_INIT[
++
++runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm >/dev/full
++]],255,,[[Error writing to log: No space left on device
++]])
++AT_CLEANUP
++
++
+ # ------------------------------
+ # Test corrupted package verification (corrupted signature)
+ AT_SETUP([rpmkeys -Kv <corrupted unsigned> 1])
+-- 
+2.27.0
+

backport-treat-0-as-valid-file-descriptor.patch

@@ -0,0 +1,27 @@
+From be64821b908fdb1ff3c12530430d1cf046839e60 Mon Sep 17 00:00:00 2001
+From: licunlong <licunlong1@huawei.com>
+Date: Thu, 20 Jan 2022 19:59:44 +0800
+Subject: [PATCH] treat 0 as valid file descriptor The descriptor is openned in
+ rpmpkgOpen, and we treat 0 as valid file descriptor. Here we should do the
+ same or fail earlier.
+
+---
+ lib/backend/ndb/rpmpkg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/backend/ndb/rpmpkg.c b/lib/backend/ndb/rpmpkg.c
+index 64d049350..0a041e4c0 100644
+--- a/lib/backend/ndb/rpmpkg.c
++++ b/lib/backend/ndb/rpmpkg.c
+@@ -734,7 +734,7 @@ static int rpmpkgAddSlotPage(rpmpkgdb pkgdb)
+ 
+ static int rpmpkgGetLock(rpmpkgdb pkgdb, int type)
+ {
+-    if (!pkgdb->fd)
++    if (pkgdb->fd < 0)
+ 	return RPMRC_FAIL;
+     if (flock(pkgdb->fd, type))
+ 	return RPMRC_FAIL;
+-- 
+2.27.0
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       38
+Release:       39
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -107,36 +107,60 @@ Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch
 Patch94: backport-Fix-memory-leak-in-decodePkts.patch
 Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch
 
-Patch96: fix-lsetxattr-error-in-container.patch
-Patch97: backport-Reduce-undefined-pointer-arithmetic.patch
-Patch98: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch
-Patch99: backport-0001-CVE-2021-3521.patch
-Patch100: backport-0002-CVE-2021-3521.patch
-Patch101: backport-0003-CVE-2021-3521.patch
+Patch96: backport-Ensure-database-creation-on-initial-installation.patch
+Patch97: backport-Honor-requested-file-permissions-when-creating-ndb-d.patch
+Patch98: backport-Fix-rpmtsInitDB-argument-confusion.patch
+Patch99: backport-Don-t-segfault-on-missing-priority-tag.patch
+Patch100: backport-Check-file-iterator-for-being-NULL-consistently.patch
 
-Patch102: rpm-selinux-plugin-check-context-file-exist.patch
-Patch103: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch
+Patch101: fix-lsetxattr-error-in-container.patch
+Patch102: backport-Reduce-undefined-pointer-arithmetic.patch
+Patch103: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch
+Patch104: backport-0001-CVE-2021-3521.patch
+Patch105: backport-0002-CVE-2021-3521.patch
+Patch106: backport-0003-CVE-2021-3521.patch
 
-Patch104: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
-Patch105: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
-Patch106: backport-Refactor-file-install-and-remove-around-a-common-str.patch
-Patch107: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
-Patch108: backport-Drop-unused-filename-variable.patch
-Patch109: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
-Patch110: backport-Handle-file-install-failures-more-gracefully.patch
-Patch111: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
-Patch112: backport-Make-file-open-and-close-in-fsm-debuggable.patch
-Patch113: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
-Patch114: backport-Add-diagnostics-to-archive-unpacking.patch
-Patch115: backport-Add-optional-callback-on-directory-changes-during-rp.patch
-Patch116: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
-Patch117: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
-Patch118: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
-Patch119: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
-Patch120: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
-Patch121: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
-Patch122: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
-Patch123: backport-0001-CVE-2021-35938.patch
+Patch107: backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch
+Patch108: backport-Fix-hash-context-leak.patch
+Patch109: backport-Fix-hashlen-overflow.patch
+Patch110: backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch
+Patch111: backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch
+Patch112: backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch
+
+Patch113: rpm-selinux-plugin-check-context-file-exist.patch
+Patch114: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch
+
+Patch115: backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch
+Patch116: backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch
+Patch117: backport-Fix-old-Python-ts.check-argument-order-regression.patch
+Patch118: backport-Fix-memory-leak-in-pgpPrtParams.patch
+Patch119: backport-Fix-use-after-free-in-haveSignature.patch
+Patch120: backport-Close-file-before-replacing-signed.patch
+Patch121: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch
+Patch122: backport-treat-0-as-valid-file-descriptor.patch
+Patch123: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch
+Patch124: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch
+
+Patch125: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
+Patch126: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
+Patch127: backport-Refactor-file-install-and-remove-around-a-common-str.patch
+Patch128: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
+Patch129: backport-Drop-unused-filename-variable.patch
+Patch130: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
+Patch131: backport-Handle-file-install-failures-more-gracefully.patch
+Patch132: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
+Patch133: backport-Make-file-open-and-close-in-fsm-debuggable.patch
+Patch134: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
+Patch135: backport-Add-diagnostics-to-archive-unpacking.patch
+Patch136: backport-Add-optional-callback-on-directory-changes-during-rp.patch
+Patch137: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
+Patch138: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
+Patch139: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
+Patch140: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
+Patch141: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
+Patch142: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
+Patch143: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
+Patch144: backport-0001-CVE-2021-35938.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -420,6 +444,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Fri Nov 04 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-39
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync patches from upstream
+
 * Wed Nov 02 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-38
 - Type:bugfix
 - ID:NA