From 0c62987083b12a0941596459d4cd021fbd74aa4a Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Tue, 13 Aug 2024 13:54:45 +0200
Subject: [PATCH] Fix OpenScanHub findings

Resolves: RHEL-54012
Resolves: RHEL-54013
Resolves: RHEL-37564
---
 0001-Fix-memory-leak-in-rpmsign.patch         | 27 ++++++++++++++++
 ...tial-use-of-uninitialized-pgp-struct.patch | 32 +++++++++++++++++++
 ...tial-use-of-uninitialized-pipe-array.patch | 32 +++++++++++++++++++
 rpm.spec                                      | 11 +++++--
 4 files changed, 100 insertions(+), 2 deletions(-)
 create mode 100644 0001-Fix-memory-leak-in-rpmsign.patch
 create mode 100644 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
 create mode 100644 0001-Fix-potential-use-of-uninitialized-pipe-array.patch

diff --git a/0001-Fix-memory-leak-in-rpmsign.patch b/0001-Fix-memory-leak-in-rpmsign.patch
new file mode 100644
index 0000000..d9c401f
--- /dev/null
+++ b/0001-Fix-memory-leak-in-rpmsign.patch
@@ -0,0 +1,27 @@
+From 65fa582b5cb267bb73c3e2b4c502f456d50c41f0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 12 Aug 2024 17:15:48 +0200
+Subject: [PATCH] Fix memory leak in rpmsign
+
+Found by Coverity.
+
+Fixes: RHEL-37564
+---
+ tools/rpmsign.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/rpmsign.c b/tools/rpmsign.c
+index a47b2c109..c5e3e11b4 100644
+--- a/tools/rpmsign.c
++++ b/tools/rpmsign.c
+@@ -152,6 +152,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
+ 	if (rstreq(key, "")) {
+ 	    fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
++	    free(key);
+ 	    goto exit;
+ 	}
+ 
+-- 
+2.46.0
+
diff --git a/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
new file mode 100644
index 0000000..8869bb5
--- /dev/null
+++ b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
@@ -0,0 +1,32 @@
+From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 7 Jun 2024 10:14:25 +0200
+Subject: [PATCH] Fix potential use of uninitialized pgp struct
+
+We only call initPgpData() after base64 encoding the pubkey so if the
+latter fails, the kd struct will be left uninitialized and subsequently
+read from after skipping to the exit label.  Fix by initializing it.
+
+Found by Coverity.
+
+Fixes: RHEL-22605
+---
+ lib/rpmts.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/rpmts.c b/lib/rpmts.c
+index 3070b97e6..76964c60a 100644
+--- a/lib/rpmts.c
++++ b/lib/rpmts.c
+@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys,
+     int rc = -1;
+     int i;
+ 
++    memset(&kd, 0, sizeof(kd));
++
+     if ((enc = rpmPubkeyBase64(key)) == NULL)
+ 	goto exit;
+ 
+-- 
+2.46.0
+
diff --git a/0001-Fix-potential-use-of-uninitialized-pipe-array.patch b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch
new file mode 100644
index 0000000..d6c71e2
--- /dev/null
+++ b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch
@@ -0,0 +1,32 @@
+From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Thu, 6 Jun 2024 09:15:02 +0200
+Subject: [PATCH] Fix potential use of uninitialized pipe array
+
+We only call pipe(2) after the script is written to disk so if the
+latter fails, the array will be left uninitialized and subsequently read
+after skipping to the exit label.  Fix by initializing it.
+
+Found by Coverity.
+
+Fixes: RHEL-22604
+---
+ lib/rpmscript.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rpmscript.c b/lib/rpmscript.c
+index 281c55c53..1de4acf8e 100644
+--- a/lib/rpmscript.c
++++ b/lib/rpmscript.c
+@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
+     char * fn = NULL;
+     pid_t pid, reaped;
+     int status;
+-    int inpipe[2];
++    int inpipe[2] = { -1, -1 };
+     FILE *in = NULL;
+     const char *line;
+     char *mline = NULL;
+-- 
+2.46.0
+
diff --git a/rpm.spec b/rpm.spec
index f8df6eb..03de2f1 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -27,7 +27,7 @@
 
 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 2
+%global baserelease 3
 %global sover 10
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -136,7 +136,9 @@ rpm-4.18.92-disable-sysusers.patch
 rpm-4.18.90-weak-user-group.patch
 
 # Patches already upstream:
-# ...
+0001-Fix-potential-use-of-uninitialized-pipe-array.patch
+0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
+0001-Fix-memory-leak-in-rpmsign.patch
 
 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
@@ -614,6 +616,11 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 
 %changelog
+* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3
+- Fix potential use of uninitialized pipe array (RHEL-54012)
+- Fix potential use of uninitialized pgp struct (RHEL-54013)
+- Fix memory leak in rpmsign(8) (RHEL-37564)
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-2
 - Bump release for June 2024 mass rebuild