Update to 4.19 alpha2

2023-06-09 15:59:13 +02:00 · 2023-06-09 15:59:13 +02:00 · 4c1728e423
commit 4c1728e423
parent 096af0fd5f
10 changed files with 8 additions and 618 deletions
--- a/.gitignore
+++ b/.gitignore
@ -57,3 +57,4 @@
 /rpm-4.18.0.tar.bz2
 /rpm-4.18.1.tar.bz2
 /rpm-4.18.90.tar.bz2
 /rpm-4.18.91.tar.bz2
--- a/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
+++ b/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
@ -1,361 +0,0 @@
 From 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 Mon Sep 17 00:00:00 2001
 From: "Neal H. Walfield" <neal@pep.foundation>
 Date: Wed, 12 Apr 2023 17:56:19 +0200
 Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
 Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
 like their earlier versions, but optionally return descriptive error
 messages (in the case of failure) or lints (in the case of success).
 Adjust tests accordingly.
 This requires rpm-sequoia 1.4 or later.
 See https://github.com/rpm-software-management/rpm-sequoia/issues/39
 and
 https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
 Fixes #2483.
 ---
 ci/Dockerfile           |  2 ++
 include/rpm/rpmpgp.h    | 23 +++++++++++++++++++
 lib/rpmvs.c             | 19 +++++++++++++---
 rpmio/CMakeLists.txt    |  2 +-
 rpmio/rpmkeyring.c      |  7 +++++-
 rpmio/rpmpgp_internal.c | 15 +++++++++++++
 rpmio/rpmpgp_sequoia.c  |  7 ++++++
 tests/rpmi.at           | 10 +++++++--
 tests/rpmsigdig.at      | 50 +++++++++++++++++++++++++++++++----------
 9 files changed, 116 insertions(+), 19 deletions(-)
 diff --git a/ci/Dockerfile b/ci/Dockerfile
 index d8f808962..552934fcd 100644
 --- a/ci/Dockerfile
 +++ b/ci/Dockerfile
@@ -7,6 +7,8 @@ RUN sed -i -e "s:^enabled=.$:enabled=0:g" /etc/yum.repos.d/*openh264.repo
 # dummy for controlling per-repo gpgcheck via Semaphore setup
 RUN sed -i -e "s:^gpgcheck=.$:gpgcheck=1:g" /etc/yum.repos.d/*.repo
 RUN dnf -y update
 +# until 1.4.0 lands in stable
 +RUN dnf -y --enablerepo=updates-testing install "rpm-sequoia-devel >= 1.4.0"
 RUN dnf -y install \
   autoconf \
   cmake \
 diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
 index 87a2a5bd2..675cbad73 100644
 --- a/include/rpm/rpmpgp.h
 +++ b/include/rpm/rpmpgp.h
@@ -1009,6 +1009,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
 int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
 		 pgpDigParams * ret);
 +/** \ingroup rpmpgp
 + * Parse a OpenPGP packet(s).
 + * @param pkts		OpenPGP packet(s)
 + * @param pktlen	OpenPGP packet(s) length (no. of bytes)
 + * @param pkttype	Expected packet type (signature/key) or 0 for any
 + * @param[out] ret	signature/pubkey packet parameters on success (alloced)
 + * @param[out] lints	error messages and lints
 + * @return		-1 on error, 0 on success
 + */
 +int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
 +		 pgpDigParams * ret, char **lints);
 +
 /** \ingroup rpmpgp
  * Parse subkey parameters from OpenPGP packet(s).
  * @param pkts		OpenPGP packet(s)
@@ -1186,6 +1198,17 @@ pgpDigParams pgpDigParamsFree(pgpDigParams digp);
  */
 rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
 +/** \ingroup rpmpgp
 + * Verify a PGP signature and return a error message or lint.
 + * @param key		public key
 + * @param sig		signature
 + * @param hashctx	digest context
 + * @param lints	error messages and lints
 + * @return 		RPMRC_OK on success
 + */
 +rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx,
 +                          char **lints);
 +
 /** \ingroup rpmpgp
  * Return the type of a PGP signature. If `sig` is NULL, or is not a signature,
  * returns -1.
 diff --git a/lib/rpmvs.c b/lib/rpmvs.c
 index a1425ea17..9b2106927 100644
 --- a/lib/rpmvs.c
 +++ b/lib/rpmvs.c
@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
     }
     if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
 -	if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) {
 -	    rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"),
 -		    origin, td->tag);
 +	char *lints = NULL;
 +        int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints);
 +	if (ec) {
 +	    if (lints) {
 +		rasprintf(&sinfo->msg,
 +			("%s tag %u: invalid OpenPGP signature: %s"),
 +			origin, td->tag, lints);
 +		free(lints);
 +	    } else {
 +		rasprintf(&sinfo->msg,
 +			_("%s tag %u: invalid OpenPGP signature"),
 +			origin, td->tag);
 +	    }
 	    goto exit;
 +	} else if (lints) {
 +	    rpmlog(RPMLOG_WARNING, "%s\n", lints);
 +	    free(lints);
 	}
 	sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
 	sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
 diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
 index 2fb5794b0..6aa9ab1f1 100644
 --- a/rpmio/CMakeLists.txt
 +++ b/rpmio/CMakeLists.txt
@@ -21,7 +21,7 @@ if (WITH_INTERNAL_OPENPGP)
 		target_link_libraries(librpmio PRIVATE PkgConfig::LIBGCRYPT)
 	endif()
 else()
 -	pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.3.0)
 +	pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
 	target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
 	target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
 endif()
 diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
 index 166ee43a2..e3eb9e6ea 100644
 --- a/rpmio/rpmkeyring.c
 +++ b/rpmio/rpmkeyring.c
@@ -276,7 +276,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
 	    pgpkey = key->pgpkey;
 	/* We call verify even if key not found for a signature sanity check */
 -	rc = pgpVerifySignature(pgpkey, sig, ctx);
 +	char *lints = NULL;
 +	rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints);
 +	if (lints) {
 +	    rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);
 +	    free(lints);
 +	}
     }
     if (keyring)
 diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
 index ce1d3c27d..82972bcc8 100644
 --- a/rpmio/rpmpgp_internal.c
 +++ b/rpmio/rpmpgp_internal.c
@@ -1043,6 +1043,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
     return rc;
 }
 +int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
 +                  pgpDigParams * ret, char **lints)
 +{
 +    if (lints)
 +        *lints = NULL;
 +    return pgpPrtParams(pkts, pktlen, pkttype, ret);
 +}
 +
 int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
 			pgpDigParams mainkey, pgpDigParams **subkeys,
 			int *subkeysCount)
@@ -1179,6 +1187,13 @@ exit:
 }
 +rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
 +{
 +    if (lints)
 +        *lints = NULL;
 +    return pgpVerifySignature(key, sig, hashctx);
 +}
 +
 static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
 {
     const char * enc = NULL;
 diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
 index c6434270a..d0b673953 100644
 --- a/rpmio/rpmpgp_sequoia.c
 +++ b/rpmio/rpmpgp_sequoia.c
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
 W(rpmRC, pgpVerifySignature,
   (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx),
   (key, sig, hashctx))
 +W(rpmRC, pgpVerifySignature2,
 +  (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints),
 +  (key, sig, hashctx, lints))
 W(int, pgpPubkeyKeyID,
   (const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid),
   (pkt, pktlen, keyid))
@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen,
 W(int, pgpPrtParams,
   (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret),
   (pkts, pktlen, pkttype, ret))
 +W(int, pgpPrtParams2,
 +  (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret,
 +   char **lints),
 +  (pkts, pktlen, pkttype, ret, lints))
 W(int, pgpPrtParamsSubkeys,
   (const uint8_t *pkts, size_t pktlen,
    pgpDigParams mainkey, pgpDigParams **subkeys,
 diff --git a/tests/rpmi.at b/tests/rpmi.at
 index 9d74cf689..423d97bca 100644
 --- a/tests/rpmi.at
 +++ b/tests/rpmi.at
@@ -342,7 +342,7 @@ AT_CLEANUP
 AT_SETUP([rpm -U <corrupted signed 1>])
 AT_KEYWORDS([install])
 -AT_CHECK([
 +AT_CHECK_UNQUOTED([
 RPMDB_INIT
 pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -355,7 +355,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
 ],
 [1],
 [],
 -[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
 +[`if test x$PGP = xinternal; then
 +    echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
 +else
 +    echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
 +    echo '  Failed to parse Signature Packet'
 +    echo '      because: Malformed packet: Subpacket extends beyond the end of the subpacket area)'
 +fi`
 error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed
 ])
 AT_CLEANUP
 diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
 index 9fb3febc9..df1f669e4 100644
 --- a/tests/rpmsigdig.at
 +++ b/tests/rpmsigdig.at
@@ -386,17 +386,17 @@ AT_CHECK([
 RPMDB_INIT
 echo Checking package before importing key:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 echo Importing key:
 -runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $?
 +runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $?
 echo Checking for key:
 runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
 echo Checking package after importing key:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 echo Checking package after importing key, no digest:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 echo Checking package after importing key, no signature:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 ],
 [0],
 [[Checking package before importing key:
@@ -416,6 +416,10 @@ Checking for key:
 Version     : eb04e625
 Checking package after importing key:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
 +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
 +  Key 1F71177215217EE0 invalid: key is not alive
 +      because: The subkey is not live
 +      because: Expired on 2022-04-12T00:00:15Z
     Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
     Header DSA signature: NOTFOUND
     Header SHA256 digest: OK
@@ -427,6 +431,10 @@ Checking package after importing key:
 1
 Checking package after importing key, no digest:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
 +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
 +  Key 1F71177215217EE0 invalid: key is not alive
 +      because: The subkey is not live
 +      because: Expired on 2022-04-12T00:00:15Z
     Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
     Header DSA signature: NOTFOUND
     RSA signature: NOTFOUND
@@ -455,15 +463,15 @@ RPMDB_INIT
 echo Checking package before importing key:
 runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 echo Importing key:
 -runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $?
 +runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $?
 echo Checking for key:
 runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
 echo Checking package after importing key:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 echo Checking package after importing key, no digest:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 echo Checking package after importing key, no signature:
 -runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
 +runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
 ],
 [0],
 [[Checking package before importing key:
@@ -483,6 +491,8 @@ Checking for key:
 Version     : eb04e625
 Checking package after importing key:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
 +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
 +  Key 1F71177215217EE0 is invalid: key is revoked
     Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
     Header DSA signature: NOTFOUND
     Header SHA256 digest: OK
@@ -494,6 +504,8 @@ Checking package after importing key:
 1
 Checking package after importing key, no digest:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
 +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
 +  Key 1F71177215217EE0 is invalid: key is revoked
     Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
     Header DSA signature: NOTFOUND
     RSA signature: NOTFOUND
@@ -740,7 +752,7 @@ AT_CLEANUP
 # Test pre-built corrupted package verification (corrupted signature)
 AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
 AT_KEYWORDS([rpmkeys digest signature])
 -AT_CHECK([
 +AT_CHECK_UNQUOTED([
 RPMDB_INIT
 pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
 ],
 [1],
 [/tmp/hello-2.0-1.x86_64-signed.rpm:
 -    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
 +`if test x$PGP = xinternal; then
 +    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
 +else
 +    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
 +    echo '  Failed to parse Signature Packet'
 +    echo '      because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
 +    echo '      because: Malformed MPI: leading bit is not set: expected bit 1 to be set in        0 (0))'
 +fi`
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
     MD5 digest: OK
 /tmp/hello-2.0-1.x86_64-signed.rpm:
 -    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
 +`if test x$PGP = xinternal; then
 +    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
 +else
 +    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
 +    echo '  Failed to parse Signature Packet'
 +    echo '      because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
 +    echo '      because: Malformed MPI: leading bit is not set: expected bit 1 to be set in        0 (0))'
 +fi`
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
 -- 
 2.40.1
--- a/0001-Enable-large-file-support-on-32-bit-systems-again.patch
+++ b/0001-Enable-large-file-support-on-32-bit-systems-again.patch
@ -1,61 +0,0 @@
 From 2df8008d22b58f87fe665de0fa8c5bbeb4b4a3d8 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Wed, 17 May 2023 12:39:47 +0200
 Subject: [PATCH] Enable large file support on 32-bit systems again
 Replace 32-bit sizes in types like off_t with 64-bits when building on
 32-bit architectures, to enable large file support there.
 This fixes a nasty regression introduced in the cmake transition.  As
 autotools would set this flag to 64 automatically for us, applications
 linking against librpm (such as libdnf, librepo, libsolv or drpm) are
 already adapted to that and are also building with the value of 64
 (explicitly, we never exported this flag through pkg-config ourselves).
 However, us suddenly expecting 32-bits in those types on 32-bit systems
 can blow up badly e.g. in functions that take an off_t parameter, like
 Fseek().
 There perhaps aren't that many low-level users of librpm but drpm is one
 such example where exactly this happens when built against our current
 master.  It calls headerRead(), leading to Fseek() which receives a
 64-bit offset parameter where it expects a 32-bit one, thus silently
 overwriting the following parameter from 1 to 0 (SEEK_CUR to SEEK_SET)
 which messes up the whole reading sequence in drpm's rpm_read(),
 producing a failure in drpm's test suite that doesn't make any sense at
 first sight.
 While at it, also export the flag through pkg-config so that anyone
 linking against librpm is now guaranteed to work correctly even if they
 don't set the flag themselves (kudos to Petr Pisar for suggesting this).
 ---
 CMakeLists.txt | 1 +
 rpm.pc.in      | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index b006ed34e..dc28fd547 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -52,6 +52,7 @@ set(CMAKE_SHARED_MODULE_PREFIX "")
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 include(GNUInstallDirs)
 add_compile_definitions(_GNU_SOURCE)
 +add_definitions(-D_FILE_OFFSET_BITS=64)
 function(makemacros)
 	set(prefix ${CMAKE_INSTALL_PREFIX})
 diff --git a/rpm.pc.in b/rpm.pc.in
 index 46d42e7a3..791303e17 100644
 --- a/rpm.pc.in
 +++ b/rpm.pc.in
@@ -11,6 +11,6 @@ URL: @CMAKE_PROJECT_HOMEPAGE_URL@
 Requires: popt
 Requires.private: @ZSTD_REQUIRES@
 # Conflicts:
 -Cflags: -I${includedir}
 +Cflags: -I${includedir} -D_FILE_OFFSET_BITS=64
 Libs: -L${libdir} -lrpm -lrpmio
 Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
 -- 
 2.40.1
--- a/0001-Fix-bzip2-detection.patch
+++ b/0001-Fix-bzip2-detection.patch
@ -1,27 +0,0 @@
 From d18d6ce41df4a5887df47a69052a401808aef19f Mon Sep 17 00:00:00 2001
 From: Florian Festi <ffesti@redhat.com>
 Date: Mon, 8 May 2023 17:50:21 +0200
 Subject: [PATCH] Fix bzip2 detection
 HAVE_BZLIB_H was not set due to a typo leading to the bz2 support not
 being compiled in although the library was detected correctly.
 ---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 9718505bf..4a5332f4b 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -272,7 +272,7 @@ id0name(UID_0_USER /etc/passwd)
 id0name(GID_0_GROUP /etc/group)
 # map module/package findings to config.h
 -if (${Bzip2_FOUND})
 +if (${BZIP2_FOUND})
 	set(HAVE_BZLIB_H 1)
 endif()
 if (${LIBLZMA_FOUND})
 -- 
 2.40.1
--- a/0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
+++ b/0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
@ -1,28 +0,0 @@
 From acfe252822db37fc9f47c221c4e3ae79a5f0be27 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Mon, 22 May 2023 18:19:24 +0300
 Subject: [PATCH] Fix undefined symbols from plugins in some circumstances
 Another bit lost in the cmake transition: plugin linkage to librpm and
 librpmio. In rpm itself this doesn't really matter because the running
 process supplies the necessary symbols but it's a different story when eg
 a Python process uses dlopen()'ed bindings.
 ---
 plugins/CMakeLists.txt | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt
 index 6768378f9..1ca025868 100644
 --- a/plugins/CMakeLists.txt
 +++ b/plugins/CMakeLists.txt
@@ -40,6 +40,7 @@ set(plugindir ${CMAKE_INSTALL_FULL_LIBDIR}/rpm-plugins)
 get_property(plugins DIRECTORY PROPERTY BUILDSYSTEM_TARGETS)
 foreach(plugin ${plugins})
 +	target_link_libraries(${plugin} PRIVATE librpmio librpm)
 	install(TARGETS ${plugin} DESTINATION ${plugindir})
 endforeach()
 -- 
 2.40.1
--- a/0001-Remove-second-share-dir-from-infodir-and-mandir.patch
+++ b/0001-Remove-second-share-dir-from-infodir-and-mandir.patch
@ -1,31 +0,0 @@
 From 33702961f45567a599bc0f0dac055604dc204fb1 Mon Sep 17 00:00:00 2001
 From: Florian Festi <ffesti@redhat.com>
 Date: Tue, 2 May 2023 09:03:50 +0200
 Subject: [PATCH] Remove second share/ dir from infodir and mandir
 cmake variables and the derived macros.
 CMAKE_INSTALL_INFODIR and  CMAKE_INSTALL_MANDIR already include the
 datarootdir. So just prepending the prefix is sufficient.
 ---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 230d18d1f..9718505bf 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -67,8 +67,8 @@ function(makemacros)
 	set(libdir "\${prefix}/=LIB=")
 	set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
 	set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}")
 -	set(infodir "\${datarootdir}/${CMAKE_INSTALL_INFODIR}")
 -	set(mandir "\${datarootdir}/${CMAKE_INSTALL_MANDIR}")
 +	set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}")
 +	set(mandir "\${prefix}/${CMAKE_INSTALL_MANDIR}")
 	set(RUNDIR /run)
 	set(acutils
 -- 
 2.40.1
--- a/0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
+++ b/0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
@ -1,58 +0,0 @@
 From 673bd62bd3035575f8fad501f1395b09a0f9f8fe Mon Sep 17 00:00:00 2001
 Message-Id: <673bd62bd3035575f8fad501f1395b09a0f9f8fe.1685346662.git.pmatilai@redhat.com>
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Mon, 29 May 2023 10:34:57 +0300
 Subject: [PATCH] Revert %_smp_build_ncpus change to a parametric macro
 (RhBug:2210347)
 Commit a213101bc3af65c860d045c65fb4e2ef7566a4c6 changed %_smp_build_ncpus
 into a parametric macro, but this breaks common usage via the Lua macros
 table as parametric macros are returned as closures rather than the
 expanded value.
 This seems like a design flaw of the macros table, but as an immediate
 remedy for the breakage, add another layer of indirection to revert
 %_smp_build_ncpus back to a non-parametric macro.
 Fixes %constrain_build macro in Fedora, which ironically is made obsolete by
 the change that (unintentionally) broke it.
 ---
 macros.in | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)
 diff --git a/macros.in b/macros.in
 index 5521daba8..4dc6e3ca3 100644
 --- a/macros.in
 +++ b/macros.in
@@ -717,21 +717,23 @@ Supplements:   (%{name} = %{version}-%{release} and langpacks-%{1})\
 # Macro to fix broken permissions in sources
 %_fixperms      %{__chmod} -Rf a+rX,u+w,g-w,o-w
 -# Maximum number of CPU's to use when building, 0 for unlimited.
 -#%_smp_ncpus_max 0
 -
 -%_smp_build_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
 +%__smp_use_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
 	&& RPM_BUILD_NCPUS="%{getncpus %{?1}}"; \\\
         ncpus_max=%{?_smp_ncpus_max}; \\\
         if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
         echo "$RPM_BUILD_NCPUS";)
 +# Maximum number of CPU's to use when building, 0 for unlimited.
 +#%_smp_ncpus_max 0
 +
 +%_smp_build_ncpus %{__smp_use_ncpus:proc}
 +
 %_smp_mflags -j${RPM_BUILD_NCPUS}
 # Maximum number of threads to use when building, 0 for unlimited
 #%_smp_nthreads_max 0
 -%_smp_build_nthreads %{_smp_build_ncpus:thread}
 +%_smp_build_nthreads %{__smp_use_ncpus:thread}
 # Assumed task size of processes and threads in megabytes.
 # Used to limit the amount of parallelism based on available memory.
 -- 
 2.40.1
--- a/0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
+++ b/0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
@ -1,41 +0,0 @@
 From 021a7d3aaa5458d8956babf0220a3e574a2b8e62 Mon Sep 17 00:00:00 2001
 From: Florian Festi <ffesti@redhat.com>
 Date: Wed, 17 May 2023 17:23:59 +0200
 Subject: [PATCH] Use mkdir -p for creating SPECPARTS dir
 to not error out when invoking %setup more than once or shipping the
 directory in the sources.
 ---
 build/parsePrep.c | 2 +-
 tests/rpmspec.at  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/build/parsePrep.c b/build/parsePrep.c
 index f8e09a8c7..ea8faa953 100644
 --- a/build/parsePrep.c
 +++ b/build/parsePrep.c
@@ -274,7 +274,7 @@ static int doSetupMacro(rpmSpec spec, const char *line)
     }
     /* mkdir for dynamic specparts */
 -    buf = rpmExpand("%{__mkdir} SPECPARTS", NULL);
 +    buf = rpmExpand("%{__mkdir_p} SPECPARTS", NULL);
     appendBuf(spec, buf, 1);
     free(buf);
 diff --git a/tests/rpmspec.at b/tests/rpmspec.at
 index 548b4b3cc..564479391 100644
 --- a/tests/rpmspec.at
 +++ b/tests/rpmspec.at
@@ -333,7 +333,7 @@ if [ $STATUS -ne 0 ]; then
   exit $STATUS
 fi
 cd 'hello-1.0'
 -/usr/bin/mkdir SPECPARTS
 +/usr/bin/mkdir -p SPECPARTS
 /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
 echo "Patch #0 (hello-1.0-modernize.patch):"
 /usr/bin/patch --no-backup-if-mismatch -f -p1 -b --suffix .modernize --fuzz=0 < /build/SOURCES/hello-1.0-modernize.patch
 -- 
 2.40.1
--- a/rpm.spec
+++ b/rpm.spec
@ -30,9 +30,9 @@
 %define rpmhome /usr/lib/rpm
-%global rpmver 4.18.90
+%global rpmver 4.18.91
 #global snapver rc1
-%global baserelease 10
+%global baserelease 1
 %global sover 10
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -148,13 +148,6 @@ rpm-4.18.90-disable-sysusers.patch
 rpm-4.18.90-weak-user-group.patch
 # Patches already upstream:
 # ...
 0001-Remove-second-share-dir-from-infodir-and-mandir.patch
 0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
 0001-Fix-bzip2-detection.patch
 0001-Enable-large-file-support-on-32-bit-systems-again.patch
 0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
 0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
 0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
@ -569,7 +562,7 @@ fi
 %files plugin-dbus-announce
 %{_libdir}/rpm-plugins/dbus_announce.so
 %{_mandir}/man8/rpm-plugin-dbus-announce.8*
-%{_sysconfdir}/dbus-1/system.d/org.rpm.conf
+%{_datadir}/dbus-1/system.d/org.rpm.conf
 %endif
 %files build-libs
@ -631,6 +624,9 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 %changelog
 * Fri Jun 09 2023 Michal Domonkos <mdomonko@redhat.com> - 4.18.91-1
 - Update to 4.19 alpha2
 * Thu Jun 08 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 4.18.90-10
 - Rebuild for ima-evm-utils 1.5 soname bump
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c
+SHA512 (rpm-4.18.91.tar.bz2) = e3b3e9f195e16afc0596d31ad7614b8369e2b9c6835cc2739f166772d21ae71714ce99b29fded63843ab7216bb34f1c33bb69c0718383ed4bb3b9058639aa246
`@ -1 +1 @@`
	`SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c`	`SHA512 (rpm-4.18.91.tar.bz2) = e3b3e9f195e16afc0596d31ad7614b8369e2b9c6835cc2739f166772d21ae71714ce99b29fded63843ab7216bb34f1c33bb69c0718383ed4bb3b9058639aa246`