开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 3

_service:tar_scm:rpm.spec Changed

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.18.2
-Release:       8
+Release:       14
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -39,6 +39,12 @@
 Patch6018: backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
 Patch6019: backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
 Patch6020: backport-Use-proper-type-for-copyTagsFromMainDebug.patch
+Patch6021: backport-Reset-recursion-depth-for-error-message.patch
+Patch6022: backport-Fix-division-by-zero-in-elfdeps-RhBug-2299414.patch
+Patch6023: backport-Make-sure-dirs-are-not-relocated-twice.patch
+Patch6024: backport-Fix-root-relocation-regression.patch
+Patch6025: backport-Fix-crash-on-Lua-file-trigger-exiting-with-return-ed.patch
+Patch6026: backport-Fix-V-option-usage-in-our-tests.patch
 
 Patch9000: Add-digest-list-plugin.patch
 Patch9001: Add-IMA-digest-list-support.patch
@@ -337,6 +343,24 @@
 %exclude %{_mandir}/man8/rpmspec.8.gz
 
 %changelog
+* Wed Sep 4 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-14
+- Backport some patches from upstream
+
+* Tue Sep 3 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-13
+- Backport some patches from upstream
+
+* Thu Aug 22 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-12
+- Fix the calculation of hdr size
+
+* Tue Aug 20 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-11
+- Fix the wrong IMA signature header check
+
+* Mon Aug 19 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-10
+- Fix the judgement of digests count
+
+* Fri Aug 16 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-9
+- IMA digest list plugin support signature within IMA header
+
 * Wed Jul 24 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-8
 - Backport some patches from upstream

_service:tar_scm:Add-digest-list-plugin.patch Changed

@@ -1,19 +1,20 @@
-From bc3ce3b2cb903ce0f2dca39964f11c4e79256a35 Mon Sep 17 00:00:00 2001
+From 3b2fb7d5a40d25c3295e02eb3695a45189342369 Mon Sep 17 00:00:00 2001
 From: zhoushuiqing <zhoushuiqing2@huawei.com>
 Date: Fri, 16 Jun 2023 11:21:37 +0800
 Subject: PATCH Add-digest-list-plugin
 
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
 ---
- plugins/digest_list.c | 670 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 670 insertions(+)
+ plugins/digest_list.c | 680 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 680 insertions(+)
  create mode 100644 plugins/digest_list.c
 
 diff --git a/plugins/digest_list.c b/plugins/digest_list.c
 new file mode 100644
-index 0000000..70cae82
+index 0000000..715b8d6
 --- /dev/null
 +++ b/plugins/digest_list.c
-@@ -0,0 +1,670 @@
+@@ -0,0 +1,680 @@
 +/*
 + * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH
 + *
@@ -114,22 +115,11 @@
 +	uint8_t sig0;		/* signature payload */
 +} __attribute__((packed));
 +
-+static int upload_digest_list(char *path, int type, int digest_list_signed)
++static int digest_list_count_is_zero(void)
 +{
-+	size_t size;
-+	char buf21;
-+	const char *ima_path = DIGEST_LIST_DATA_PATH;
-+	struct stat st;
-+	pid_t pid;
-+	int ret = 0, fd;
-+
-+	if (type == TR_REMOVED)
-+		ima_path = DIGEST_LIST_DATA_DEL_PATH;
-+
-+	if (stat(ima_path, &st) == -1)
-+		return 0;
++	int fd = 0, ret = 0;
++	char first = 0;
 +
-+	/* First determine if kernel interface can accept new digest lists */
 +	fd = open(DIGEST_LIST_COUNT, O_RDONLY);
 +	if (fd < 0) {
 +		rpmlog(RPMLOG_ERR, "digest_list: could not open IMA interface "
@@ -137,24 +127,39 @@
 +		return -EACCES;
 +	}
 +
-+	ret = read(fd, buf, sizeof(buf));
-+	close(fd);
-+
++	ret = read(fd, &first, 1);
 +	if (ret <= 0) {
 +		rpmlog(RPMLOG_ERR, "digest_list: could not read from IMA "
 +		       "interface '%s': %s\n", DIGEST_LIST_COUNT,
 +		       strerror(errno));
++		close(fd);
 +		return -EACCES;
 +	}
 +
-+	/* Last character is newline */
-+	bufret - 1 = '\0';
++	close(fd);
++	return (first == '0');
++}
 +
-+	rpmlog(RPMLOG_DEBUG, "digest_list: digests count %s\n", buf);
++static int upload_digest_list(char *path, int type, int digest_list_signed)
++{
++	int ret = 0, fd = 0;
++	pid_t pid = 0;
++	size_t size = 0;
++	struct stat st;
++	const char *ima_path = NULL;
 +
-+	if (*buf == '0') {
-+		rpmlog(RPMLOG_DEBUG, "digest_list: not uploading '%s' to IMA "
-+		       "interface '%s'\n", path, ima_path);
++	ima_path = (type == TR_REMOVED) ? DIGEST_LIST_DATA_DEL_PATH :
++					  DIGEST_LIST_DATA_PATH;
++	if (stat(ima_path, &st) == -1) {
++		rpmlog(RPMLOG_DEBUG, "digest_list: '%s' interface "
++		       "not exist\n", ima_path);
++		return RPMRC_OK;
++	}
++
++	/* First determine if kernel interface can accept new digest lists */
++	if (digest_list_count_is_zero()) {
++		rpmlog(RPMLOG_DEBUG, "digest_list: the count is 0, not "
++		       "upload '%s' to IMA interface '%s'\n", path, ima_path);
 +		return RPMRC_OK;
 +	}
 +
@@ -163,7 +168,7 @@
 +		if (stat(RPM_PARSER, &st) == -1) {
 +			rpmlog(RPMLOG_DEBUG, "digest_list: %s not found, "
 +			       "not uploading digest list\n", RPM_PARSER);
-+			return 0;
++			return RPMRC_OK;
 +		}
 +
 +		if ((pid = fork()) == 0) {
@@ -176,12 +181,13 @@
 +		if (ret != 0)
 +			rpmlog(RPMLOG_ERR, "digest_list: %s returned %d\n",
 +			       RPM_PARSER, ret);
-+		return 0;
++		return RPMRC_OK;
 +	}
 +
++	/* If the digest list is signed, write path to the IMA interface */
 +	fd = open(ima_path, O_WRONLY);
 +	if (fd < 0) {
-+		rpmlog(RPMLOG_ERR, "digest_list: could not open IMA interface "
++		rpmlog(RPMLOG_ERR, "digest_list: rcould not open IMA interface "
 +		       "'%s': %s\n", ima_path, strerror(errno));
 +		return -EACCES;
 +	}
@@ -205,12 +211,11 @@
 +static int write_rpm_digest_list(rpmte te, char *path)
 +{
 +	FD_t fd;
-+	ssize_t written;
-+	Header rpm = rpmteHeader(te);
-+	rpmtd immutable;
 +	int ret = 0;
++	ssize_t written = 0;
++	Header rpm = rpmteHeader(te);
++	rpmtd immutable = rpmtdNew();
 +
-+	immutable = rpmtdNew();
 +	headerGet(rpm, RPMTAG_HEADERIMMUTABLE, immutable, 0);
 +
 +	fd = Fopen(path, "w.ufdio");
@@ -221,7 +226,6 @@
 +
 +	written = Fwrite(rpm_header_magic, sizeof(uint8_t),
 +			 sizeof(rpm_header_magic), fd);
-+
 +	if (written != sizeof(rpm_header_magic)) {
 +		ret = -EIO;
 +		goto out;
@@ -239,20 +243,18 @@
 +
 +static int write_rpm_digest_list_ima_xattr(rpmte te, char *path)
 +{
-+	rpmtd signature;
-+	ssize_t written;
++	FD_t fd;
++	ssize_t written = 0;
++	int ret = 0, sig_size = 0, sig_size_rounded = 0;
 +	uint8_t sig2048 = { 0 };
 +	pgpDigParams sigp = NULL;
 +	struct signature_v2_hdr *sig_hdr = (struct signature_v2_hdr *)sig;
 +	Header rpm = rpmteHeader(te);
-+	FD_t fd;
-+	int ret = 0, sig_size, sig_size_rounded;
++	rpmtd signature = rpmtdNew();
 +
-+	signature = rpmtdNew();
 +	headerGet(rpm, RPMTAG_RSAHEADER, signature, 0);
 +	ret = pgpPrtParams(signature->data, signature->count,
 +			   PGPTAG_SIGNATURE, &sigp);
-+
 +	if (ret) {
 +		ret = -ENOENT;
 +		goto out;
@@ -323,22 +325,16 @@
 +	return ret;
 +}
 +
-+static int write_digest_list_ima_xattr(rpmte te, char *path, char *path_sig)
++static int fill_pgp_signature_header(rpmte te, struct signature_v2_hdr *sig_hdr)
 +{
-+	rpmtd signature;
-+	uint8_t sig2048 = { 0 };
++	int ret = 0;
 +	pgpDigParams sigp = NULL;
-+	struct signature_v2_hdr *sig_hdr = (struct signature_v2_hdr *)sig;
 +	Header rpm = rpmteHeader(te);
-+	FD_t fd;
-+	struct stat st;
-+	int ret = 0, sig_size;
++	rpmtd signature = rpmtdNew();
 +
-+	signature = rpmtdNew();
 +	headerGet(rpm, RPMTAG_RSAHEADER, signature, 0);
 +	ret = pgpPrtParams(signature->data, signature->count,
 +			   PGPTAG_SIGNATURE, &sigp);
-+
 +	if (ret) {
 +		ret = -ENOENT;

_service:tar_scm:backport-Fix-V-option-usage-in-our-tests.patch Added

@@ -0,0 +1,242 @@
+From 826cbb8869e7d640fe3c2582a3a8dacf393e1ee0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Wed, 21 Aug 2024 15:02:36 +0200
+Subject: PATCH Fix -V option usage in our tests
+
+Conflict:adapt context because 760eb8638 is not merged
+Reference:https://github.com/rpm-software-management/rpm/commit/826cbb8869e7d640fe3c2582a3a8dacf393e1ee0
+
+Coupling -V with -a when querying for specific packages makes little
+sense and only causes the order of the output lines to depend on the
+database ordering.
+
+This is known to vary between the ndb and sqlite backends in particular,
+confusing some of the tests that expect the lines to be in a specific
+order.
+
+While at it, fix all such questionable usages, even those that only
+entail one package argument.
+
+Fixes: #3242
+---
+ tests/rpme.at      | 16 ++++++++--------
+ tests/rpmverify.at | 38 +++++++++++++++++++-------------------
+ 2 files changed, 27 insertions(+), 27 deletions(-)
+
+diff --git a/tests/rpme.at b/tests/rpme.at
+index ead757579..058d929fd 100644
+--- a/tests/rpme.at
++++ b/tests/rpme.at
+@@ -293,9 +293,9 @@ done
+ RPMTEST_CHECK(
+ runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm
+ runroot rpm -U --ignoreos --excludepath=/usr/share /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+-runroot rpm -Vav --nogroup --nouser conflicta conflictb
++runroot rpm -Vv --nogroup --nouser conflicta conflictb
+ runroot rpm -e conflicta
+-runroot rpm -Vav --nogroup --nouser conflictb
++runroot rpm -Vv --nogroup --nouser conflictb
+ runroot rpm -e conflictb
+ runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+ ,
+@@ -310,9 +310,9 @@ missing     /usr/share/my.version
+ RPMTEST_CHECK(
+ runroot rpm -U --ignoreos --excludepath=/usr/share /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm
+ runroot rpm -U --ignoreos /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+-runroot rpm -Vav --nogroup --nouser conflicta conflictb
++runroot rpm -Vv --nogroup --nouser conflicta conflictb
+ runroot rpm -e conflicta
+-runroot rpm -Vav --nogroup --nouser conflictb
++runroot rpm -Vv --nogroup --nouser conflictb
+ runroot rpm -e conflictb
+ runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+ ,
+@@ -327,9 +327,9 @@ missing     /usr/share/my.version
+ RPMTEST_CHECK(
+ runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm 
+ runroot rpm -U --ignoreos --force /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+-runroot rpm -Vav --nogroup --nouser conflicta conflictb
++runroot rpm -Vv --nogroup --nouser conflicta conflictb
+ runroot rpm -e conflicta
+-runroot rpm -Vav --nogroup --nouser conflictb
++runroot rpm -Vv --nogroup --nouser conflictb
+ runroot rpm -e conflictb
+ runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+ ,
+@@ -344,9 +344,9 @@ missing     /usr/share/my.version
+ RPMTEST_CHECK(
+ runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm
+ runroot rpm -U --ignoreos --force /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm
+-runroot rpm -Vav --nogroup --nouser conflicta conflictb
++runroot rpm -Vv --nogroup --nouser conflicta conflictb
+ runroot rpm -e conflictb
+-runroot rpm -Vav --nogroup --nouser conflicta
++runroot rpm -Vv --nogroup --nouser conflicta
+ runroot rpm -e conflicta
+ ,
+ 0,
+diff --git a/tests/rpmverify.at b/tests/rpmverify.at
+index 3a87b085f..32427021d 100644
+--- a/tests/rpmverify.at
++++ b/tests/rpmverify.at
+@@ -304,13 +304,13 @@ touch -t 201703171717 ${tf}
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	 /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm
+-runroot rpm -Va --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ cat "${tf}"
+ 
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ cat "${tf}"
+ 
+ echo "xx" > "${tf}"
+@@ -319,7 +319,7 @@ cat "${tf}"
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-4.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ cat "${tf}"
+ 
+ touch -t 201703171717 ${tf}
+@@ -327,7 +327,7 @@ touch -t 201703171717 ${tf}
+ runroot rpm -U --oldpackage \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ cat "${tf}"
+ ,
+ 0,
+@@ -352,7 +352,7 @@ touch -t 201703171717 ${tf}
+ runroot rpm -Uvv --fsmdebug \
+ 	--define "_minimize_writes 1" \
+ 	 /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm > output.txt 2>&1
+-runroot rpm -Va --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c "touch" output.txt
+ cat "${tf}"
+ 
+@@ -360,7 +360,7 @@ cat "${tf}"
+ runroot rpm -Uvv --fsmdebug \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm  > output.txt 2>&1
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c "touch" output.txt
+ cat "${tf}"
+ echo "xx" > "${tf}"
+@@ -369,7 +369,7 @@ cat "${tf}"
+ runroot rpm -Uvv --fsmdebug \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-4.0-1.noarch.rpm  > output.txt 2>&1
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c "touch" output.txt
+ cat "${tf}"
+ 
+@@ -378,7 +378,7 @@ touch -t 201703171717 ${tf}
+ runroot rpm -U -Uvv --fsmdebug  --oldpackage \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm  > output.txt 2>&1
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c  "touch" output.txt
+ cat "${tf}"
+ ,
+@@ -449,13 +449,13 @@ readlink "${tf}"
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	 /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm
+-runroot rpm -Va --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ readlink "${tf}"
+ 
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ readlink "${tf}"
+ 
+ ln -sf "xx" "${tf}"
+@@ -464,13 +464,13 @@ readlink "${tf}"
+ runroot rpm -U \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-4.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ readlink "${tf}"
+ 
+ runroot rpm -U --oldpackage \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ readlink "${tf}"
+ ,
+ 0,
+@@ -494,7 +494,7 @@ readlink "${tf}"
+ runroot rpm -Uvv --fsmdebug \
+ 	--define "_minimize_writes 1" \
+ 	 /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm > output.txt 2>&1
+-runroot rpm -Va --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c "touch" output.txt
+ readlink "${tf}"
+ 
+@@ -502,7 +502,7 @@ readlink "${tf}"
+ runroot rpm -Uvv --fsmdebug \
+ 	--define "_minimize_writes 1" \
+ 	/build/RPMS/noarch/replacetest-3.0-1.noarch.rpm > output.txt 2>&1
+-runroot rpm -Va  --nouser --nogroup replacetest
++runroot rpm -V --nouser --nogroup replacetest
+ grep -c "touch" output.txt

_service:tar_scm:backport-Fix-crash-on-Lua-file-trigger-exiting-with-return-ed.patch Added

@@ -0,0 +1,81 @@
+From 05fbeb97a92608a9f66faa3f8d1c0fb67b0db62c Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 7 Aug 2024 12:42:36 +0300
+Subject: PATCH Fix crash on Lua file trigger exiting with return'ed data
+ (#3029)
+
+Conflict:modify the test code because b9b3f3515164 and 7f59c7dd2f4
+         is not merged.
+Reference:https://github.com/rpm-software-management/rpm/commit/05fbeb97a92608a9f66faa3f8d1c0fb67b0db62c
+
+Reset the Lua stack on return from rpmluaRunScript() to discard any
+unhandled returned data from the scriptlet. This may happen if there's
+eg "return 0" from a non-macro scriptlet.
+
+We could check for a numeric return value here and treat it as an exit
+code, but then what to do with other kinds of returned data?
+Our documentation states errors in Lua scriptlets should be signaled with
+Lua error() function, it seems better to stick with that and avoid
+introducing ambiguities and incompatibilities.
+
+Update the existing file trigger tests to cover this case.
+
+Fixes: #3029
+---
+ rpmio/rpmlua.c                     |  2 ++
+ tests/data/SPECS/filetriggers.spec | 11 +++++++++++
+ tests/rpmscript.at                 |  3 +++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index ecb21eb82..858be7739 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -303,6 +303,8 @@ int rpmluaRunScript(rpmlua lua, const char *script, const char *name,
+ 
+ exit:
+     free(buf);
++    /* discard any unhandled return data from the script */
++    lua_settop(L, otop);
+     return ret;
+ }
+ 
+diff --git a/tests/data/SPECS/filetriggers.spec b/tests/data/SPECS/filetriggers.spec
+index 3e2ee0034..e8d3bc7cd 100644
+--- a/tests/data/SPECS/filetriggers.spec
++++ b/tests/data/SPECS/filetriggers.spec
+@@ -52,6 +52,17 @@ end
+ print("")
+ io.flush()
+ 
++%filetriggerun -p <lua> -- /usr/bin
++print("filetriggerun(/usr/bin*)<lua>: "..arg2.." "..arg3)
++a = rpm.next_file()
++while a do
++    print(a)
++    a = rpm.next_file()
++end
++print("")
++io.flush()
++return 0
++
+ %filetriggerin -- /foo
+ echo "filetriggerin(/foo*):"
+ cat
+diff --git a/tests/rpmscript.at b/tests/rpmscript.at
+index 8fc729a56..d47705008 100644
+--- a/tests/rpmscript.at
++++ b/tests/rpmscript.at
+@@ -461,6 +461,9 @@ filetriggerpostun(/foo*):
+ filetriggerun(/usr/bin*): 0
+ /usr/bin/hello
+ 
++filetriggerun(/usr/bin*)<lua>: 0
++/usr/bin/hello
++
+ filetriggerpostun(/usr/bin*): 0
+ /usr/bin/hello
+ 
+-- 
+2.33.0
+

_service:tar_scm:backport-Fix-division-by-zero-in-elfdeps-RhBug-2299414.patch Added

@@ -0,0 +1,30 @@
+From 02ffc5158d1ad270e0b5c7ce6dfe4414a6ec029f Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Wed, 31 Jul 2024 16:19:40 +0200
+Subject: PATCH Fix division by zero in elfdeps (RhBug:2299414)
+
+Conflict:NA
+Reference:https://github.com/rpm-software-management/rpm/commit/02ffc5158d1ad270e0b5c7ce6dfe4414a6ec029f
+
+Assume that the section does not hold a table if sh_entsize is 0 (as
+specified in the elf(5) man page) and just skip it if that's the case.
+---
+ tools/elfdeps.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/elfdeps.c b/tools/elfdeps.c
+index cb388f08d..822359ab9 100644
+--- a/tools/elfdeps.c
++++ b/tools/elfdeps.c
+@@ -196,6 +196,8 @@ static void processVerNeed(Elf_Scn *scn, GElf_Shdr *shdr, elfInfo *ei)
+ static void processDynamic(Elf_Scn *scn, GElf_Shdr *shdr, elfInfo *ei)
+ {
+     Elf_Data *data = NULL;
++    if (shdr->sh_entsize == 0)
++	return;
+     while ((data = elf_getdata(scn, data)) != NULL) {
+ 	for (int i = 0; i < (shdr->sh_size / shdr->sh_entsize); i++) {
+ 	    const char *s = NULL;
+-- 
+2.33.0
+

_service:tar_scm:backport-Fix-root-relocation-regression.patch Added

@@ -0,0 +1,66 @@
+From 308ac60677732e9979b9ce11e5a3085906da1901 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 26 Jul 2024 10:44:04 +0200
+Subject: PATCH Fix root relocation regression
+
+Conflict:Do not modify the test code because the current test code is 
+         different from that of the upstream community. If we directly
+         modify the test code, the test wull fail. Guaranteed by local
+         use cases.
+Reference:https://github.com/rpm-software-management/rpm/commit/308ac60677732e9979b9ce11e5a3085906da1901
+
+When relocating the root directory, make sure we insert the new path's
+dirname to dirNames even if the root itself is owned by the package.
+
+This appears to have been the intention from the first version (largely
+untouched since) of this code as we allow the root to pass through the
+first checks (by setting len to 0 in that case) as well as the second
+for loop where we do the relocations.
+
+This allows fsm to properly create and remove the relocated directory
+since we're now using fd-based calls (#1919) and the parent directory
+needs to be opened first.
+
+No need to do string comparison here, the empty basename signals that
+we're processing the root directory, so just use that.
+
+Building a relocatable package that owns the root directory seems to be
+a handy way to create user-installable packages (see RHEL-28967) and it
+happened to work before with the path-based calls so this technically
+was a regression.  Add a test that emulates this use case.
+
+Fixes: #3173
+---
+ lib/relocation.c             |  8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/lib/relocation.c b/lib/relocation.c
+index d31cf4779..0202b5c46 100644
+--- a/lib/relocation.c
++++ b/lib/relocation.c
+@@ -181,8 +181,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+ 	rpmFileTypes ft;
+ 	int fnlen;
+ 
++	size_t baselen = strlen(baseNamesi);
+ 	size_t len = maxlen +
+-		strlen(dirNamesdirIndexesi) + strlen(baseNamesi) + 1;
++		strlen(dirNamesdirIndexesi) + baselen + 1;
+ 	if (len >= fileAlloced) {
+ 	    fileAlloced = len * 2;
+ 	    fn = xrealloc(fn, fileAlloced);
+@@ -244,8 +245,9 @@ assert(fn != NULL);		/* XXX can't happen */
+ 	    continue;
+ 	}
+ 
+-	/* Relocation on full paths only, please. */
+-	if (fnlen != len) continue;
++	/* Relocation on '/' and full paths only, please. */
++	if (baselen && fnlen != len)
++	    continue;
+ 
+ 	rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n",
+ 	       fn, relocationsj.newPath);
+-- 
+2.33.0
+

_service:tar_scm:backport-Make-sure-dirs-are-not-relocated-twice.patch Added

@@ -0,0 +1,114 @@
+From 31c14ba6610568c2d634647fed1fb57221178da9 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 26 Jul 2024 10:43:50 +0200
+Subject: PATCH Make sure dirs are not relocated twice
+
+Conflict:adapt context
+Reference:https://github.com/rpm-software-management/rpm/commit/31c14ba6610568c2d634647fed1fb57221178da9
+
+When processing relocations, new dirnames are added to dirNames first
+and then the rest is relocated.  However, we go through the entire array
+in the latter step, meaning that we may accidentally relocate an already
+relocated path.
+
+Most relocations are fine as they involve two separate directory trees,
+and we already skip over directories that don't match the old prefix.
+However, that breaks apart if we're relocating to a nested subdirectory
+(e.g. /opt -> /opt/new/dir).
+
+Fix this by simply stopping at the original dirCount as the new entries
+are always added to the end of dirNames.
+
+Such relocations are perhaps not very common (or even unsupported) but
+relocating the root directory itself may be useful (see the next commit
+for details) and that is subject to the same issue.
+
+Note that we currently don't handle root relocations properly to start
+with but that will be addressed in the next commit, this prepares the
+ground.
+---
+ lib/relocation.c |  6 +++---
+ tests/rpmi.at    | 35 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 38 insertions(+), 3 deletions(-)
+
+diff --git a/lib/relocation.c b/lib/relocation.c
+index 1eab60211..d31cf4779 100644
+--- a/lib/relocation.c
++++ b/lib/relocation.c
+@@ -124,7 +124,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     char ** baseNames;
+     char ** dirNames;
+     uint32_t * dirIndexes;
+-    rpm_count_t fileCount, dirCount;
++    rpm_count_t fileCount, dirCount, dirCountOrig;
+     int nrelocated = 0;
+     int fileAlloced = 0;
+     char * fn = NULL;
+@@ -163,7 +163,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     baseNames = bnames.data;
+     dirIndexes = dindexes.data;
+     fileCount = rpmtdCount(&bnames);
+-    dirCount = rpmtdCount(&dnames);
++    dirCount = dirCountOrig = rpmtdCount(&dnames);
+     /* XXX TODO: use rpmtdDup() instead */
+     dirNames = dnames.data = duparray(dnames.data, dirCount);
+     dnames.flags |= RPMTD_PTR_ALLOCED;
+@@ -297,7 +297,7 @@ assert(fn != NULL);		/* XXX can't happen */
+     }
+ 
+     /* Finish off by relocating directories. */
+-    for (i = dirCount - 1; i >= 0; i--) {
++    for (i = dirCountOrig - 1; i >= 0; i--) {
+ 	for (j = numRelocations - 1; j >= 0; j--) {
+ 
+ 	    if (relocationsj.oldPath == NULL) /* XXX can't happen */
+diff --git a/tests/rpmi.at b/tests/rpmi.at
+index 7d1a0a871..372be0a8b 100644
+--- a/tests/rpmi.at
++++ b/tests/rpmi.at
+@@ -1135,6 +1135,42 @@ runroot rpm -U --relocate /opt/bin=/bin \
+ ,
+ )
+ RPMTEST_CLEANUP
++
++AT_SETUP(rpm -i relocatable package 2)
++AT_KEYWORDS(install relocate)
++RPMDB_INIT
++
++runroot rpmbuild --quiet -bb /data/SPECS/reloc.spec
++runroot rpmbuild --quiet -bb /data/SPECS/fakeshell.spec
++
++runroot rpm -U /build/RPMS/noarch/fakeshell-1.0-1.noarch.rpm
++
++RPMTEST_CHECK(
++runroot rpm -U \
++  --relocate /opt/bin=/opt/bin/foo/bar \
++  --relocate /opt/etc=/opt/etc/foo/bar \
++  --relocate /opt/lib=/opt/lib/foo/bar \
++  /build/RPMS/noarch/reloc-1.0-1.noarch.rpm
++runroot rpm -ql reloc
++,
++0,
++1: /opt/bin/foo/bar
++2: /opt/etc/foo/bar
++3: /opt/lib/foo/bar
++0: /opt/bin/foo/bar
++1: /opt/etc/foo/bar
++2: /opt/lib/foo/bar
++/opt
++/opt/bin/foo/bar
++/opt/bin/foo/bar/typo
++/opt/etc/foo/bar
++/opt/etc/foo/bar/conf
++/opt/lib/foo/bar
++/opt/lib/foo/bar/notlib
++,
++)
++RPMTEST_CLEANUP
++
+ AT_SETUP(rpm -i with/without --excludedocs)
+ AT_KEYWORDS(install excludedocs)
+ RPMTEST_CHECK(
+-- 
+2.33.0
+

_service:tar_scm:backport-Reset-recursion-depth-for-error-message.patch Added

@@ -0,0 +1,81 @@
+From ef87d2503498f65577b5d7af07cd453d622fe02c Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Thu, 18 Jul 2024 13:04:28 +0200
+Subject: PATCH Reset recursion depth for error message
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Conflict:adapt context
+Reference:https://github.com/rpm-software-management/rpm/commit/ef87d2503498f65577b5d7af07cd453d622fe02c
+
+$ rpm --define 'aaa %%aaa' --eval '%aaa'
+
+let to a core dump due to a stack overflow. This was cause by the
+generation of the error message failing due to being too deep in the
+recursion of the macro expansion - creating more error messages.
+
+Resetting the depth counter allows rendering the error message. As we are
+failing and breaking off the parse run this is fine to do.
+
+Thanks to Miro Hrončok for reporting
+
+Resolves: #3197
+---
+ rpmio/macro.c     |  4 +++-
+ tests/rpmmacro.at | 22 ++++++++++++++++++++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/rpmio/macro.c b/rpmio/macro.c
+index b2fb1326d..3f34f718e 100644
+--- a/rpmio/macro.c
++++ b/rpmio/macro.c
+@@ -447,9 +447,11 @@ static int mbInit(rpmMacroBuf mb, MacroExpansionData *med, size_t slen)
+     if (mb->buf == NULL)
+ 	mbAllocBuf(mb, slen);
+     if (++mb->depth > max_macro_depth) {
++	mb->depth--;
++	/* ensure error message can be rendered */
++	mb->mc->depth = 0;
+ 	mbErr(mb, 1,
+ 		_("Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.\n"));
+-	mb->depth--;
+ 	return -1;
+     }
+     med->tpos = mb->tpos; /* save expansion pointer for printExpand */
+diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at
+index 372cfa3ed..3adf48b61 100644
+--- a/tests/rpmmacro.at
++++ b/tests/rpmmacro.at
+@@ -133,6 +133,28 @@ runroot rpm --define "this that" --define "that_that foo" --eval '%{expand:%{%{t
+ )
+ RPMTEST_CLEANUP
+ 
++AT_SETUP(recursive macro)
++AT_KEYWORDS(macros)
++RPMTEST_CHECK(
++runroot rpm --define 'aaa %aaa' --eval '%aaa'
++,
++1,
++,
++error: Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.
++)
++RPMTEST_CLEANUP
++
++AT_SETUP(recursive expression)
++AT_KEYWORDS(macros)
++RPMTEST_CHECK(
++runroot rpm --define 'aaa %\\%aaa\\' --eval '%aaa'
++,
++1,
++,
++error: Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.
++)
++RPMTEST_CLEANUP
++
+ AT_SETUP(parametrized macro 1)
+ AT_KEYWORDS(macros)
+ RPMTEST_CHECK(
+-- 
+2.33.0
+