sync patches from upstream

backport-Allow-database-probing-if-_db_backend-is-not-set.patch

@@ -0,0 +1,75 @@
+From 0644e4e79c841b03d606fc8bb035ec311f4bfb17 Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Tue, 1 Dec 2020 13:42:45 +0100
+Subject: [PATCH] Allow database probing if _db_backend is not set
+
+There is no harm in allowing read access in this case. We still
+error out in the database rebuild case, just to be on the safe
+side. We now have the following logic:
+
+_db_backend unset:
+  * error out for rebuilddb or read-write access
+  * use detected backend and print a debug message
+_db_backend unknown:
+  * error out for rebuilddb or read-write access
+  * use detected backend and print a warning message
+_db_backend set:
+  * use detected backend and print a warning message if it
+    does not match the configured backend
+---
+ lib/backend/dbi.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index 8fbe5f374..809d013bf 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -5,6 +5,7 @@
+ #include "system.h"
+ 
+ #include <stdlib.h>
++#include <fcntl.h>
+ #include <rpm/rpmtypes.h>
+ #include <rpm/rpmstring.h>
+ #include <rpm/rpmmacro.h>
+@@ -77,7 +78,7 @@ dbDetectBackend(rpmdb rdb)
+ 	}
+     }
+ 
+-    if (!cfg) {
++    if (!cfg && ((rdb->db_mode & O_ACCMODE) != O_RDONLY || (rdb->db_flags & RPMDB_FLAG_REBUILD) != 0)) {
+ 	rpmlog(RPMLOG_WARNING, _("invalid %%_db_backend: %s\n"), db_backend);
+ 	goto exit;
+     }
+@@ -93,15 +94,20 @@ dbDetectBackend(rpmdb rdb)
+ 
+ 	/* On-disk database differs from configuration */
+ 	if (ondisk && ondisk != cfg) {
+-	    if (rdb->db_flags & RPMDB_FLAG_REBUILD) {
+-		rpmlog(RPMLOG_WARNING,
+-			_("Converting database from %s to %s backend\n"),
+-			ondisk->name, cfg->name);
++	    if (*db_backend) {
++		if (rdb->db_flags & RPMDB_FLAG_REBUILD) {
++		    rpmlog(RPMLOG_WARNING,
++			    _("Converting database from %s to %s backend\n"),
++			    ondisk->name, db_backend);
++		} else {
++		    rpmlog(RPMLOG_WARNING,
++			_("Found %s %s database while attempting %s backend: "
++			"using %s backend.\n"),
++			ondisk->name, ondisk->path, db_backend, ondisk->name);
++		}
+ 	    } else {
+-		rpmlog(RPMLOG_WARNING,
+-		    _("Found %s %s database while attempting %s backend: "
+-		    "using %s backend.\n"),
+-		    ondisk->name, ondisk->path, db_backend, ondisk->name);
++		rpmlog(RPMLOG_DEBUG, "Found %s %s database: using %s backend.\n",
++		    ondisk->name, ondisk->path, ondisk->name);
+ 	    }
+ 	    rdb->db_ops = ondisk;
+ 	}
+-- 
+2.27.0
+

backport-Always-free-the-arg-list-passed-to-rpmGlob.patch

@@ -0,0 +1,31 @@
+From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 25 Jun 2021 11:21:46 +0200
+Subject: [PATCH] Always free the arg list passed to rpmGlob()
+
+Even though the actual implementation of rpmGlob() does not allocate the
+passed arg list (av) if the return code (rc) is non-zero or arg count
+(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
+free that memory, so make sure we do that irrespectively of the above
+conditions.
+
+Found by Coverity.
+---
+ lib/rpminstall.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/rpminstall.c b/lib/rpminstall.c
+index 724126e94..302ec0ba1 100644
+--- a/lib/rpminstall.c
++++ b/lib/rpminstall.c
+@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
+ 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
+ 	    }
+ 	    eiu->numFailed++;
++	    argvFree(av);
+ 	    continue;
+ 	}
+ 
+-- 
+2.27.0
+

backport-Avoid-incrementing-a-pointer-past-the-end.patch

@@ -0,0 +1,35 @@
+From 165330b7bf0757e30fa8a6de9998a564fb62796f Mon Sep 17 00:00:00 2001
+From: "Demi M. Obenour" <demiobenour@gmail.com>
+Date: Tue, 29 Dec 2020 22:59:36 -0500
+Subject: [PATCH] Avoid incrementing a pointer past the end
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The ‘end’ parameter to ‘strtaglen’ might point past the end of an
+allocation.  Therefore, if ‘start’ becomes equal to ‘end’, exit the loop
+without calling ‘memchr’ on it.
+---
+ lib/header.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index c0a989691..98eda4138 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -412,10 +412,8 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
+     const char *s;
+ 
+     if (end) {
+-	if (str >= end)
+-	    return -1;
+-	while ((s = memchr(start, '\0', end-start))) {
+-	    if (--c == 0 || s > end)
++	while (end > start && (s = memchr(start, '\0', end-start))) {
++	    if (--c == 0)
+ 		break;
+ 	    start = s + 1;
+ 	}
+-- 
+2.27.0
+

backport-Better-sanity-check-for-header-entry-counts.patch

@@ -0,0 +1,44 @@
+From d8fbddfa5051bdc1c71e16cb11f14d9fdc7f5c5e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 18 Mar 2021 10:39:38 +0200
+Subject: [PATCH] Better sanity check for header entry counts
+
+The count can never be larger than header data size, which can never be
+larger than 256MB. Most datatypes have further restrictions of course, this
+is merely an outer perimeter check to catch impossibly large values that
+could otherwise overflow all manner of trivial calculations.
+
+Addresses the point I missed in PR #1493 but with a much tighter limit.
+---
+ lib/header.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index ebba9c2b0..34d291e91 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -131,10 +131,9 @@ static const size_t headerMaxbytes = (256*1024*1024);
+ 
+ /**
+  * Reasonableness check on count values.
+- * Catches nasty stuff like negative or zero counts, which would cause
+- * integer underflows in strtaglen().
++ * Most types have further restrictions, these are just the outer perimeter.
+  */
+-#define hdrchkCount(_count) ((_count) == 0)
++#define hdrchkCount(_dl, _count) ((_count) < 1 || (_count) > (_dl))
+ 
+ /**
+  * Sanity check on type values.
+@@ -287,7 +286,7 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg)
+ 	    goto err;
+ 	if (hdrchkType(info.type))
+ 	    goto err;
+-	if (hdrchkCount(info.count))
++	if (hdrchkCount(blob->dl, info.count))
+ 	    goto err;
+ 	if (hdrchkAlign(info.type, info.offset))
+ 	    goto err;
+-- 
+2.27.0
+

backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch

@@ -0,0 +1,40 @@
+From ca72e2b923fe16ac23172edb8d5459c917a9b727 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 21 Oct 2019 15:14:32 +0300
+Subject: [PATCH] Document dummy backend in macros, warn on dummy fallback
+
+As the dummy backend supports no operations whatsoever, using it as
+a fallback if all else fails needs to emit a warning, not debug goo.
+---
+ lib/backend/dbi.c | 2 +-
+ macros.in         | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index a4a40a846..c7c33c7c6 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -84,7 +84,7 @@ dbDetectBackend(rpmdb rdb)
+ 
+     if (rdb->db_ops == NULL) {
+ 	rdb->db_ops = &dummydb_dbops;
+-	rpmlog(RPMLOG_DEBUG, "using dummy database, installs not possible\n");
++	rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n");
+     }
+ 
+     if (db_backend)
+diff --git a/macros.in b/macros.in
+index ff9270ac8..4f7efb2ae 100644
+--- a/macros.in
++++ b/macros.in
+@@ -622,6 +622,7 @@ package or when debugging this package.\
+ # bdb Berkeley DB
+ # lmdb Lightning Memory-mapped Database
+ # ndb new data base format
++# dummy dummy backend (no actual functionality)
+ #
+ %_db_backend	      bdb
+ 
+-- 
+2.27.0
+

backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch

@@ -0,0 +1,27 @@
+From 822c3dc2046c29718e34ac2da16a9757a9be11da Mon Sep 17 00:00:00 2001
+From: Peter Pentchev <roam@ringlet.net>
+Date: Wed, 30 Jun 2021 10:24:50 +0300
+Subject: [PATCH] Exclude the xlateTags symbol from librpm's public API.
+
+The d6a86b5e69e46cc283b1e06c92343319beb42e21 commit introduced
+a new variable that is only used internally by headerMergeLegacySigs().
+---
+ lib/package.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/package.c b/lib/package.c
+index 4b6b16497..281275029 100644
+--- a/lib/package.c
++++ b/lib/package.c
+@@ -31,7 +31,7 @@ struct pkgdata_s {
+     rpmRC rc;
+ };
+ 
+-struct taglate_s {
++static struct taglate_s {
+     rpmTagVal stag;
+     rpmTagVal xtag;
+     rpm_count_t count;
+-- 
+2.27.0
+

backport-Fix-a-tiny-memory-leak.patch

@@ -0,0 +1,29 @@
+From 9747a6af016a3458d54fe060777c95e3900b5fa4 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <athena@invisiblethingslab.com>
+Date: Tue, 2 Mar 2021 12:47:29 -0500
+Subject: [PATCH] Fix a tiny memory leak
+
+Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
+---
+ lib/headerutil.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/headerutil.c b/lib/headerutil.c
+index 22e36c74d..fab210ff2 100644
+--- a/lib/headerutil.c
++++ b/lib/headerutil.c
+@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
+     rpmds hds, nvrds;
+ 
+     /* Generate provides for this package name-version-release. */
+-    if (!(name && pEVR))
++    if (!(name && pEVR)) {
++	free(pEVR);
+ 	return;
++    }
+ 
+     /*
+      * Rpm prior to 3.0.3 does not have versioned provides.
+-- 
+2.27.0
+

backport-Fix-memory-leak-in-decodePkts.patch

@@ -0,0 +1,32 @@
+From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Tue, 15 Jun 2021 13:34:21 +0200
+Subject: [PATCH] Fix memory leak in decodePkts()
+
+Found by Coverity.
+---
+ rpmio/rpmpgp.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index c59185dce..ee5c81e24 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
+ 	    crc = pgpCRC(dec, declen);
+ 	    if (crcpkt != crc) {
+ 		ec = PGPARMOR_ERR_CRC_CHECK;
++		_free(dec);
+ 		goto exit;
+ 	    }
+-	    if (pkt) *pkt = dec;
++	    if (pkt)
++		*pkt = dec;
++	    else
++		_free(dec);
+ 	    if (pktlen) *pktlen = declen;
+ 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
+ 	    goto exit;
+-- 
+2.27.0
+

backport-Fix-memory-leak-in-fts_build.patch

@@ -0,0 +1,40 @@
+From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 14 Jun 2021 12:34:23 +0200
+Subject: [PATCH] Fix memory leak in fts_build()
+
+Turns out this leak is already fixed in glibc's current version of fts.c
+(where our copy originates from), so let's just backport that.
+
+Original commit in glibc:
+https://sourceware.org/git/?p=glibc.git;\
+a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
+
+Found by Coverity.
+---
+ misc/fts.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/misc/fts.c b/misc/fts.c
+index caf27495d..f7fce0eaa 100644
+--- a/misc/fts.c
++++ b/misc/fts.c
+@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
+ 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
+ 		cur->fts_info = FTS_ERR;
+ 		SET(FTS_STOP);
++		fts_lfree(head);
+ 		return (NULL);
+ 	}
+ 
+@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
+ 	if (!nitems) {
+ 		if (type == BREAD)
+ 			cur->fts_info = FTS_DP;
++		fts_lfree(head);
+ 		return (NULL);
+ 	}
+ 
+-- 
+2.27.0
+

backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch

@@ -0,0 +1,34 @@
+From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 21 Jun 2021 17:51:14 +0200
+Subject: [PATCH] Fix memory leak with multiple %lang-s in one line
+
+We permit two equivalent forms of specifying a list of languages per
+file:
+
+  %lang(xx,yy,zz) /path/to/file
+  %lang(xx) %lang(yy) %lang(zz) /path/to/file
+
+The leak was when parsing the second form.
+
+Found by Coverity.
+---
+ build/files.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/build/files.c b/build/files.c
+index f8153ad2b..0c8859f6c 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
+ 
+ 	if (*pe == ',') pe++;	/* skip , if present */
+     }
++
++    q = _free(q);
+   }
+ 
+     rc = RPMRC_OK;
+-- 
+2.27.0
+

backport-Fix-memory-leaks-in-Lua-rex-extension.patch

@@ -0,0 +1,53 @@
+From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 25 Jun 2021 15:15:08 +0200
+Subject: [PATCH] Fix memory leaks in Lua rex extension
+
+This covers the following usage:
+
+expr = rex.newPOSIX(<regex>)
+expr:match(<string>)           # A leak occurred here
+expr:gmatch(<string>, <func>)  # A leak occurred here
+
+Found by Coverity.
+---
+ luaext/lrexlib.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
+index 09c5a6454..0f29b6371 100644
+--- a/luaext/lrexlib.c
++++ b/luaext/lrexlib.c
+@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
+ 
+ static int rex_match(lua_State *L)
+ {
++  int rc = 0;
+   int res;
+ #ifdef REG_BASIC
+   size_t len;
+@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
+     lua_pushstring(L, "n");
+     lua_pushnumber(L, ncapt);
+     lua_rawset(L, -3);
+-    return 3;
+-  } else
+-    return 0;
++    rc = 3;
++  }
++  free(match);
++  return rc;
+ }
+ 
+ static int rex_gmatch(lua_State *L)
+@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
+       break;
+   }
+   lua_pushnumber(L, nmatch);
++  free(match);
+   return 1;
+ }
+ 
+-- 
+2.27.0
+

backport-Fix-regression-causing-segfault-on-database-autodete.patch

@@ -0,0 +1,28 @@
+From 853c48ba6468ce1a516621a2fa6d1fc51e4f7410 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 2 Apr 2020 09:14:36 +0300
+Subject: [PATCH] Fix regression causing segfault on database autodetection
+
+If configuration points to non-existent backend, tryBackend() will
+segfault on the first call. Duh. Regression introduced in commit
+3eb0eed3806b41efdf86f0433d0b5d7d6c953561.
+---
+ lib/backend/dbi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index b51fc7ba3..94823b14c 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -52,7 +52,7 @@ dbiIndex dbiNew(rpmdb rdb, rpmDbiTagVal rpmtag)
+ static int tryBackend(const char *dbhome, const struct rpmdbOps_s *be)
+ {
+     int rc = 0;
+-    if (be->path) {
++    if (be && be->path) {
+ 	char *path = rstrscat(NULL, dbhome, "/", be->path, NULL);
+ 	rc = (access(path, F_OK) == 0);
+ 	free(path);
+-- 
+2.27.0
+

backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch

@@ -0,0 +1,45 @@
+From 34f28c1492240c0a02b0abb13af7f1870197e41d Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 18 Feb 2021 11:22:41 +0200
+Subject: [PATCH] Fix regression from commit
+ 165330b7bf0757e30fa8a6de9998a564fb62796f
+
+With the changed logic, the if-clause can fall through without ever
+initializing s. The exit code condition is getting more complicated
+now so move it to helper variable, assume failure for a safe default.
+
+Fixes: 165330b7bf0757e30fa8a6de9998a564fb62796f
+---
+ lib/header.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index bd5dc2918..ea39e679f 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -409,7 +409,8 @@ unsigned headerSizeof(Header h, int magicp)
+ static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
+ {
+     const char *start = str;
+-    const char *s;
++    const char *s = NULL;
++    int len = -1; /* assume failure */
+ 
+     if (end) {
+ 	while (end > start && (s = memchr(start, '\0', end-start))) {
+@@ -424,7 +425,11 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
+ 	    start = s + 1;
+ 	}
+     }
+-    return (c > 0) ? -1 : (s - str + 1);
++
++    if (s != NULL && c == 0)
++	len = s - str + 1;
++
++    return len;
+ }
+ 
+ /**
+-- 
+2.27.0
+

backport-Fix-resource-leak-in-Fts_children.patch

@@ -0,0 +1,33 @@
+From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 14 Jun 2021 10:21:25 +0200
+Subject: [PATCH] Fix resource leak in Fts_children()
+
+This function is not used anywhere within our codebase (and neither is
+it part of the public API) so it's basically a no-op... Still, rather
+than yanking it completely, let's just silence the Coverity error here.
+
+Found by Coverity.
+---
+ misc/fts.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/misc/fts.c b/misc/fts.c
+index d3ebb2946..caf27495d 100644
+--- a/misc/fts.c
++++ b/misc/fts.c
+@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
+ 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
+ 		return (NULL);
+ 	sp->fts_child = fts_build(sp, instr);
+-	if (__fchdir(fd))
++	if (__fchdir(fd)) {
++		(void)__close(fd);
+ 		return (NULL);
++	}
+ 	(void)__close(fd);
+ 	return (sp->fts_child);
+ }
+-- 
+2.27.0
+

backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch

@@ -0,0 +1,110 @@
+From bd796058197420dc9eec63ef701206f9ce408d3f Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 23 Oct 2019 12:44:47 +0300
+Subject: [PATCH] Handle setting db_descr centrally from the backend name
+
+Now that we can, set db_descr centrally on database open instead of
+relying on backends to do it (and forget, or leak memory, as has been
+the case). Also don't bother mallocing, the name of the backend is
+quite enough.
+
+With backends knowing their own names we could probably eliminate db_descr
+entirely but leaving that for another rainy day, it's possible there
+are code paths that assume it being set to something.
+---
+ lib/backend/db3.c    | 4 ----
+ lib/backend/dbi.c    | 2 ++
+ lib/backend/dbi.h    | 2 +-
+ lib/backend/lmdb.c   | 4 ----
+ lib/rpmdb.c          | 5 ++---
+ 5 files changed, 5 insertions(+), 12 deletions(-)
+
+diff --git a/lib/backend/db3.c b/lib/backend/db3.c
+index ab2f11f61..ff0fe4305 100644
+--- a/lib/backend/db3.c
++++ b/lib/backend/db3.c
+@@ -415,10 +415,6 @@ static int db_init(rpmdb rdb, const char * dbhome)
+     if (rdb->db_dbenv != NULL) {
+ 	rdb->db_opens++;
+ 	return 0;
+-    } else {
+-	/* On first call, set backend description to something... */
+-	free(rdb->db_descr);
+-	rasprintf(&rdb->db_descr, "db%u", DB_VERSION_MAJOR);
+     }
+ 
+     /*
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index 9e8d667..5443325 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -112,6 +112,8 @@ dbDetectBackend(rpmdb rdb)
+ 	rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n");
+     }
+ 
++    rdb->db_descr = rdb->db_ops->name;
++
+     if (db_backend)
+ 	free(db_backend);
+ }
+diff --git a/lib/backend/dbi.h b/lib/backend/dbi.h
+index 3fc9345c9..b2b9717c4 100644
+--- a/lib/backend/dbi.h
++++ b/lib/backend/dbi.h
+@@ -49,7 +49,7 @@ struct rpmdb_s {
+     int		db_flags;
+     int		db_mode;	/*!< open mode */
+     int		db_perms;	/*!< open permissions */
+-    char	* db_descr;	/*!< db backend description (for error msgs) */
++    const char	* db_descr;	/*!< db backend description (for error msgs) */
+     struct dbChk_s * db_checked;/*!< headerCheck()'ed package instances */
+     rpmdb	db_next;
+     int		db_opens;
+diff --git a/lib/backend/lmdb.c b/lib/backend/lmdb.c
+index 801f50e54..badd317c9 100644
+--- a/lib/backend/lmdb.c
++++ b/lib/backend/lmdb.c
+@@ -137,10 +137,6 @@ static int db_init(rpmdb rdb, const char * dbhome)
+     if (rdb->db_dbenv != NULL) {
+ 	rdb->db_opens++;
+ 	return 0;
+-    } else {
+-	/* On first call, set backend description to something... */
+-	free(rdb->db_descr);
+-	rdb->db_descr = xstrdup("lmdb");
+     }
+ 
+     MDB_dbi maxdbs = 32;
+diff --git a/lib/rpmdb.c b/lib/rpmdb.c
+index b97274e7b..9cd50e7d9 100644
+--- a/lib/rpmdb.c
++++ b/lib/rpmdb.c
+@@ -408,7 +408,6 @@ int rpmdbClose(rpmdb db)
+     db->db_fullpath = _free(db->db_fullpath);
+     db->db_checked = dbChkFree(db->db_checked);
+     db->db_indexes = _free(db->db_indexes);
+-    db->db_descr = _free(db->db_descr);
+ 
+     if (next) {
+         *prev = next->db_next;
+@@ -473,7 +472,6 @@ static rpmdb newRpmdb(const char * root, const char * home,
+     db->db_tags = dbiTags;
+     db->db_ndbi = sizeof(dbiTags) / sizeof(rpmDbiTag);
+     db->db_indexes = xcalloc(db->db_ndbi, sizeof(*db->db_indexes));
+-    db->db_descr = xstrdup("unknown db");
+     db->nrefs = 0;
+     return rpmdbLink(db);
+ }
+@@ -522,7 +522,8 @@ static int openDatabase(const char * prefix,
+ 	}
+ 
+ 	rc = doOpen(db, justPkgs);
+-
++        if (!db->db_descr)
++	    db->db_descr = "unknown db";
+     }
+ 
+     if (rc || justCheck || dbp == NULL)
+-- 
+2.27.0
+

backport-Restore-some-compiler-sanity.patch

@@ -0,0 +1,33 @@
+From 5ee567ebd600c1dec4a9ceb6161d877d891d8594 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 18 Mar 2021 13:02:16 +0200
+Subject: [PATCH] Restore (some) compiler sanity
+
+-fno-strict-overflow tells gcc and clang to handle signed integer and
+(at least on gcc) pointer arithmetic wraparound using twos-complement
+representation like deity intended.
+
+-fno-delete-null-pointer-checks tells gcc not to "optimize" away
+programmer added safeguards. Really.
+
+Suggested by Demi Marie Obenour.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fb9627d99..f2bbf2276 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -37,7 +37,7 @@ fi
+ AS=${AS-as}
+ AC_SUBST(AS)
+ if test "$GCC" = yes; then
+-    cflags_to_try="-fno-strict-aliasing -fstack-protector -Wempty-body"
++    cflags_to_try="-fno-strict-aliasing -fstack-protector -fno-strict-overflow -fno-delete-null-pointer-checks -Wempty-body"
+     AC_MSG_CHECKING([supported compiler flags])
+     old_cflags=$CFLAGS
+     echo
+-- 
+2.27.0
+

backport-Rework-and-clarify-database-backend-detection-logic.patch

@@ -0,0 +1,109 @@
+From 3eb0eed3806b41efdf86f0433d0b5d7d6c953561 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 11 Mar 2020 15:12:23 +0200
+Subject: [PATCH] Rework and clarify database backend detection logic
+
+Try the configured backend first, and only if that fails try autodetection.
+The former logic did not anticipate multiple backends handling same
+files and gets mightily confused when both bdb and bdb-ro are enabled,
+causing half the test-suite failing in "make check".
+
+Also emit a different message when database rebuild is in progress,
+the old message is quite confusing in that case.
+
+Loosely based on a similar patch by Michael Schroeder.
+---
+ lib/backend/dbi.c | 61 +++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 43 insertions(+), 18 deletions(-)
+
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index 784144088..ddd52bc10 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -51,40 +51,65 @@ dbiIndex dbiNew(rpmdb rdb, rpmDbiTagVal rpmtag)
+     return dbi;
+ }
+ 
++/* Test whether there's a database for this backend, return true/false */
++static int tryBackend(const char *dbhome, const struct rpmdbOps_s *be)
++{
++    int rc = 0;
++    if (be->path) {
++	char *path = rstrscat(NULL, dbhome, "/", be->path, NULL);
++	rc = (access(path, F_OK) == 0);
++	free(path);
++    }
++    return rc;
++}
++
+ static void
+ dbDetectBackend(rpmdb rdb)
+ {
+     const char *dbhome = rpmdbHome(rdb);
+     char *db_backend = rpmExpand("%{?_db_backend}", NULL);
+-    char *path = NULL;
+     const struct rpmdbOps_s **ops;
++    const struct rpmdbOps_s *cfg = NULL;
++    const struct rpmdbOps_s *ondisk = NULL;
+ 
++    /* Find configured backend */
+     for (ops = backends; ops && *ops; ops++) {
+ 	if (rstreq(db_backend, (*ops)->name)) {
+-	    rdb->db_ops = *ops;
++	    cfg = *ops;
+ 	    break;
+ 	}
+     }
+ 
+-    for (ops = backends; ops && *ops; ops++) {
+-	int stop = 0;
+-	if ((*ops)->path == NULL)
+-	    continue;
+-
+-	path = rstrscat(NULL, dbhome, "/", (*ops)->path, NULL);
+-	if (access(path, F_OK) == 0 && rdb->db_ops != *ops) {
+-	    rpmlog(RPMLOG_WARNING,
+-		_("Found %s %s database while attempting %s backend: "
+-		"using %s backend.\n"),
+-		(*ops)->name, (*ops)->path, db_backend, (*ops)->name);
+-	    rdb->db_ops = *ops;
+-	    stop = 1;
++    /* If configured database doesn't exist, try autodetection */
++    if (!tryBackend(dbhome, cfg)) {
++	for (ops = backends; ops && *ops; ops++) {
++	    if (tryBackend(dbhome, *ops)) {
++		ondisk = *ops;
++		break;
++	    }
++	}
++
++	/* On-disk database differs from configuration */
++	if (ondisk && ondisk != cfg) {
++	    if (rdb->db_flags & RPMDB_FLAG_REBUILD) {
++		rpmlog(RPMLOG_WARNING,
++			_("Converting database from %s to %s backend\n"),
++			ondisk->name, cfg->name);
++	    } else {
++		rpmlog(RPMLOG_WARNING,
++		    _("Found %s %s database while attempting %s backend: "
++		    "using %s backend.\n"),
++		    ondisk->name, ondisk->path, db_backend, ondisk->name);
++	    }
++	    rdb->db_ops = ondisk;
+ 	}
+-	free(path);
+-	if (stop)
+-	    break;
+     }
+ 
++    /* Newly created database, use configured backend */
++    if (rdb->db_ops == NULL && cfg)
++	rdb->db_ops = cfg;
++
++    /* If all else fails... */
+     if (rdb->db_ops == NULL) {
+ 	rdb->db_ops = &dummydb_dbops;
+ 	rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n");
+-- 
+2.27.0
+

backport-Tag-data-must-have-count-greater-than-zero.patch

@@ -0,0 +1,41 @@
+From 5e40166380a450a36b302914be60fd004624f724 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demiobenour@gmail.com>
+Date: Wed, 13 Jan 2021 15:54:17 -0500
+Subject: [PATCH] Tag data must have count greater than zero
+
+Zero counts are invalid, and they cause problems elsewhere.  For
+instance, strtaglen() will suffer an integer underflow.
+---
+ lib/header.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/header.c b/lib/header.c
+index fc52c3178..41c2da94f 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -128,6 +128,13 @@ static const size_t headerMaxbytes = (256*1024*1024);
+  **/
+ #define hdrchkTag(_tag) ((_tag) < HEADER_I18NTABLE)
+ 
++/**
++ * Reasonableness check on count values.
++ * Catches nasty stuff like negative or zero counts, which would cause
++ * integer underflows in strtaglen().
++ */
++#define hdrchkCount(_count) ((_count) == 0)
++
+ /**
+  * Sanity check on type values.
+  */
+@@ -279,6 +286,8 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg)
+ 	    goto err;
+ 	if (hdrchkType(info.type))
+ 	    goto err;
++	if (hdrchkCount(info.count))
++	    goto err;
+ 	if (hdrchkAlign(info.type, info.offset))
+ 	    goto err;
+ 	if (hdrchkRange(blob->dl, info.offset))
+-- 
+2.27.0
+

backport-Verify-that-data-does-not-overlap-region-trailer.patch

@@ -0,0 +1,33 @@
+From f29c43728c492b1dbfe50136d33bf12f3704d8a0 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demiobenour@gmail.com>
+Date: Sat, 9 Jan 2021 23:42:56 -0500
+Subject: [PATCH] Verify that data does not overlap region trailer
+
+This is already checked for other header entries.
+---
+ lib/header.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/header.c b/lib/header.c
+index 0c450bea2..fc52c3178 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -292,6 +292,15 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg)
+ 	end = info.offset + len;
+ 	if (hdrchkRange(blob->dl, end) || len <= 0)
+ 	    goto err;
++	if (blob->regionTag) {
++	    /*
++	     * Verify that the data does not overlap the region trailer.  The
++	     * region trailer is skipped by this loop, so the other checks
++	     * don’t catch this case.
++	     */
++	    if (end > blob->rdl - REGION_TAG_COUNT && info.offset < blob->rdl)
++		goto err;
++	}
+     }
+     return 0; /* Everything ok */
+ 
+-- 
+2.27.0
+

backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch

@@ -0,0 +1,47 @@
+From 471b7be4bd5cc7f245f9aa00c7784a7056e439b7 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 27 Aug 2020 10:43:37 +0300
+Subject: [PATCH] Warn and fall back to dummy database on unknown database
+ backend config
+
+The rpmdb is our most precious piece of data, don't make assumptions on
+invalid configuration. Together with our crazy create-db-on-read behavior,
+total database loss is just one 'rpmdb --rebuilddb' away in some scenarios
+with the former behavior: access an sqlite/ndb database with older
+version not supporting those, silently fallback to creating empty bdb,
+and if db is now rebuilt, poof the data is gone.
+
+Detect and warn on unknown/invalid %_db_backend configuration and fall
+back to using dummy backend where no damage can occur. Doesn't help with
+the old versions out there, but lets at least be saner going forward.
+---
+ lib/backend/dbi.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c
+index 94823b14c..8fbe5f374 100644
+--- a/lib/backend/dbi.c
++++ b/lib/backend/dbi.c
+@@ -77,6 +77,11 @@ dbDetectBackend(rpmdb rdb)
+ 	}
+     }
+ 
++    if (!cfg) {
++	rpmlog(RPMLOG_WARNING, _("invalid %%_db_backend: %s\n"), db_backend);
++	goto exit;
++    }
++
+     /* If configured database doesn't exist, try autodetection */
+     if (!tryBackend(dbhome, cfg)) {
+ 	for (ops = backends; ops && *ops; ops++) {
+@@ -106,6 +111,7 @@ dbDetectBackend(rpmdb rdb)
+     if (rdb->db_ops == NULL && cfg)
+ 	rdb->db_ops = cfg;
+ 
++exit:
+     /* If all else fails... */
+     if (rdb->db_ops == NULL) {
+ 	rdb->db_ops = &dummydb_dbops;
+-- 
+2.27.0
+

backport-Work-around-buggy-signature-region-preventing-resign.patch

@@ -0,0 +1,49 @@
+From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 13 Aug 2020 13:29:10 +0300
+Subject: [PATCH] Work around buggy signature region preventing resigning
+ (RhBug:1851508)
+
+Various proprietary packages in the wild have subtly malformed data
+in the signature header, in particular wrt the immutable region size,
+presumably from using some in-house/3rd party signing tools which do
+not understand the immutable region business at all. This can prevent
+resigning and signature deletion on such packages due to the more
+thorough checking that rpmsign does.
+
+As the old wisdom goes, be liberal in what you accept... we can easily
+work around the crud by just taking a fresh copy of the contents that
+are legit as such (otherwise the package would be uninstallable).
+---
+ sign/rpmgensig.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index 80720f47b..3eecdb7fa 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -399,11 +399,19 @@ exit:
+ static void unloadImmutableRegion(Header *hdrp, rpmTagVal tag)
+ {
+     struct rpmtd_s td;
++    Header oh = NULL;
+ 
+     if (headerGet(*hdrp, tag, &td, HEADERGET_DEFAULT)) {
+-	Header oh = headerCopyLoad(td.data);
+-	Header nh = headerCopy(oh);
++	oh = headerCopyLoad(td.data);
+ 	rpmtdFreeData(&td);
++    } else {
++	/* XXX should we warn if the immutable region is corrupt/missing? */
++	oh = headerLink(*hdrp);
++    }
++
++    if (oh) {
++	/* Perform a copy to eliminate crud from buggy signing tools etc */
++	Header nh = headerCopy(oh);
+ 	headerFree(*hdrp);
+ 	*hdrp = headerLink(nh);
+ 	headerFree(nh);
+-- 
+2.27.0
+

backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch

@@ -0,0 +1,31 @@
+From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001
+From: Vitaly Chikunov <vt@altlinux.org>
+Date: Wed, 6 Jan 2021 23:43:41 +0300
+Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used
+
+When there is number after "T" (suggested number of threads or "0" for
+getncpus), lzopen_internal() mode parser would skip one byte, and when
+it's at the end of the string it would then parse undesired garbage from
+the memory, making intermittent compression failures.
+
+Fixes: 7740d1098 ("Add support for multithreaded xz compression")
+Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
+---
+ rpmio/rpmio.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
+index ed1e25140..9d32ec6d9 100644
+--- a/rpmio/rpmio.c
++++ b/rpmio/rpmio.c
+@@ -798,6 +798,7 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
+ 		 * should've processed
+ 		 * */
+ 		while (isdigit(*++mode));
++		--mode;
+ 	    }
+ #ifdef HAVE_LZMA_MT
+ 	    else
+-- 
+2.27.0
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       37
+Release:       38
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -84,35 +84,59 @@ Patch71: CVE-2021-20266.patch
 Patch72: backport-build-prioritize-large-packages.patch
 Patch73: backport-Fix-data-race-in-packageBinaries-function.patch
 
-Patch74: fix-lsetxattr-error-in-container.patch
-Patch75: backport-Reduce-undefined-pointer-arithmetic.patch
-Patch76: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch
-Patch77: backport-0001-CVE-2021-3521.patch
-Patch78: backport-0002-CVE-2021-3521.patch
-Patch79: backport-0003-CVE-2021-3521.patch
-Patch80: rpm-selinux-plugin-check-context-file-exist.patch
-Patch81: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch
+Patch74: backport-Work-around-buggy-signature-region-preventing-resign.patch
+Patch75: backport-Verify-that-data-does-not-overlap-region-trailer.patch
+Patch76: backport-Tag-data-must-have-count-greater-than-zero.patch
+Patch77: backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
+Patch78: backport-Avoid-incrementing-a-pointer-past-the-end.patch
+Patch79: backport-Fix-a-tiny-memory-leak.patch
+Patch80: backport-Restore-some-compiler-sanity.patch
+Patch81: backport-Better-sanity-check-for-header-entry-counts.patch
+Patch82: backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch
+Patch83: backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch
+Patch84: backport-Rework-and-clarify-database-backend-detection-logic.patch
+Patch85: backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch
+Patch86: backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch
+Patch87: backport-Allow-database-probing-if-_db_backend-is-not-set.patch
+Patch88: backport-Fix-regression-causing-segfault-on-database-autodete.patch
+Patch89: backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch
+Patch90: backport-Fix-memory-leak-in-fts_build.patch
+Patch91: backport-Fix-resource-leak-in-Fts_children.patch
+Patch92: backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch
+Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch
+Patch94: backport-Fix-memory-leak-in-decodePkts.patch
+Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch
 
-Patch82: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
-Patch83: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
-Patch84: backport-Refactor-file-install-and-remove-around-a-common-str.patch
-Patch85: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
-Patch86: backport-Drop-unused-filename-variable.patch
-Patch87: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
-Patch88: backport-Handle-file-install-failures-more-gracefully.patch
-Patch89: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
-Patch90: backport-Make-file-open-and-close-in-fsm-debuggable.patch
-Patch91: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
-Patch92: backport-Add-diagnostics-to-archive-unpacking.patch
-Patch93: backport-Add-optional-callback-on-directory-changes-during-rp.patch
-Patch94: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
-Patch95: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
-Patch96: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
-Patch97: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
-Patch98: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
-Patch99: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
-Patch100: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
-Patch101: backport-0001-CVE-2021-35938.patch
+Patch96: fix-lsetxattr-error-in-container.patch
+Patch97: backport-Reduce-undefined-pointer-arithmetic.patch
+Patch98: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch
+Patch99: backport-0001-CVE-2021-3521.patch
+Patch100: backport-0002-CVE-2021-3521.patch
+Patch101: backport-0003-CVE-2021-3521.patch
+
+Patch102: rpm-selinux-plugin-check-context-file-exist.patch
+Patch103: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch
+
+Patch104: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch
+Patch105: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch
+Patch106: backport-Refactor-file-install-and-remove-around-a-common-str.patch
+Patch107: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch
+Patch108: backport-Drop-unused-filename-variable.patch
+Patch109: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch
+Patch110: backport-Handle-file-install-failures-more-gracefully.patch
+Patch111: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch
+Patch112: backport-Make-file-open-and-close-in-fsm-debuggable.patch
+Patch113: backport-Streamline-consolidate-the-hardlink-handling-logic.patch
+Patch114: backport-Add-diagnostics-to-archive-unpacking.patch
+Patch115: backport-Add-optional-callback-on-directory-changes-during-rp.patch
+Patch116: backport-0001-CVE-2021-35939-CVE-2021-35937.patch
+Patch117: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch
+Patch118: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch
+Patch119: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch
+Patch120: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch
+Patch121: backport-Move-file-metadata-setting-back-to-unpack-stage.patch
+Patch122: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch
+Patch123: backport-0001-CVE-2021-35938.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -396,6 +420,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Wed Nov 02 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-38
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync patches from upstream
+
 * Wed Sep 7 2022 xujing<xujing125@huawei.com> - 4.15.1-37
 - Type:CVE
 - ID:NA