import CS rpm-4.16.1.3-34.el9

SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch

@@ -0,0 +1,124 @@
+From 1dc9372821487ccace23ff1ae9cba6b30f02c91c Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Tue, 5 Jul 2022 16:34:08 +0200
+Subject: [PATCH] Add SourceLicense tag to spec syntax
+
+to set a separate license to the source RPM. This can be useful if the
+sources have code under additional licenses that do not end up in the
+binary packeges.
+
+Resolves: #2079
+
+Note on the backport:  The spec document on this branch is ancient and
+doesn't even contain the License tag's description so this backport
+leaves the documentation part out.
+
+(backported from commit 9ed9d3fce34bc3c8121989e0cf263528e7e68756)
+---
+ build/parsePreamble.c       |  6 ++++++
+ lib/rpmtag.h                |  3 +++
+ tests/data/SPECS/foo.spec   |  1 +
+ tests/data/SPECS/hello.spec |  1 +
+ tests/rpmbuild.at           | 11 +++++++++++
+ tests/rpmspec.at            |  1 +
+ 6 files changed, 23 insertions(+)
+
+diff --git a/build/parsePreamble.c b/build/parsePreamble.c
+index e7d6d8752..bd07ecdf0 100644
+--- a/build/parsePreamble.c
++++ b/build/parsePreamble.c
+@@ -831,6 +831,11 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag,
+ 	if (addLangTag(spec, pkg->header, tag, field, lang))
+ 	    goto exit;
+ 	break;
++    case RPMTAG_SOURCELICENSE:
++	if (addLangTag(spec, spec->sourcePackage->header,
++		       RPMTAG_LICENSE, field, lang))
++	    goto exit;
++	break;
+     case RPMTAG_BUILDROOT:
+ 	/* just silently ignore BuildRoot */
+ 	break;
+@@ -1012,6 +1017,7 @@ static struct PreambleRec_s const preambleList[] = {
+     {RPMTAG_EPOCH,		0, 0, 1, LEN_AND_STR("epoch")},
+     {RPMTAG_SUMMARY,		1, 0, 1, LEN_AND_STR("summary")},
+     {RPMTAG_LICENSE,		0, 0, 1, LEN_AND_STR("license")},
++    {RPMTAG_SOURCELICENSE,	0, 0, 1, LEN_AND_STR("sourcelicense")},
+     {RPMTAG_DISTRIBUTION,	0, 0, 1, LEN_AND_STR("distribution")},
+     {RPMTAG_DISTURL,		0, 0, 1, LEN_AND_STR("disturl")},
+     {RPMTAG_VENDOR,		0, 0, 1, LEN_AND_STR("vendor")},
+diff --git a/lib/rpmtag.h b/lib/rpmtag.h
+index 7d1943835..1fd829118 100644
+--- a/lib/rpmtag.h
++++ b/lib/rpmtag.h
+@@ -375,6 +375,9 @@ typedef enum rpmTag_e {
+     RPMTAG_MODULARITYLABEL	= 5096, /* s */
+     RPMTAG_PAYLOADDIGESTALT	= 5097, /* s[] */
+ 
++    /* Backports */
++    RPMTAG_SOURCELICENSE	= 5102, /* internal */
++
+     RPMTAG_FIRSTFREE_TAG	/*!< internal */
+ } rpmTag;
+ 
+diff --git a/tests/data/SPECS/foo.spec b/tests/data/SPECS/foo.spec
+index 859e98142..9b1087094 100644
+--- a/tests/data/SPECS/foo.spec
++++ b/tests/data/SPECS/foo.spec
+@@ -8,6 +8,7 @@ Source: hello-2.0.tar.gz
+ Patch1: hello-1.0-modernize.patch
+ Group: Testing
+ License: GPLv2+
++SourceLicense: GPL, ASL 1.0
+ BuildArch: noarch
+ 
+ %description
+diff --git a/tests/data/SPECS/hello.spec b/tests/data/SPECS/hello.spec
+index 5bc9cfaf7..4b9053aca 100644
+--- a/tests/data/SPECS/hello.spec
++++ b/tests/data/SPECS/hello.spec
+@@ -4,6 +4,7 @@ Version: 1.0
+ Release: 1
+ Group: Utilities
+ License: GPL
++SourceLicense: GPL, ASL 1.0
+ Distribution: RPM test suite.
+ Vendor: Red Hat Software
+ Packager: Red Hat Software <bugs@redhat.com>
+diff --git a/tests/rpmbuild.at b/tests/rpmbuild.at
+index bff65303b..7680f1502 100644
+--- a/tests/rpmbuild.at
++++ b/tests/rpmbuild.at
+@@ -31,6 +31,17 @@ run rpmbuild \
+ [0],
+ [ignore],
+ [ignore])
++
++AT_CHECK([
++
++runroot rpm -qp --qf "%{license}\n" /build/SRPMS/hello-1.0-1.src.rpm
++runroot rpm -qp --qf "%{license}\n" /build/RPMS/*/hello-1.0-1.*.rpm
++],
++[0],
++[GPL, ASL 1.0
++GPL
++],
++[])
+ AT_CLEANUP
+ 
+ AT_SETUP([rpmbuild -ba autosetup])
+diff --git a/tests/rpmspec.at b/tests/rpmspec.at
+index 2b11201db..c898ee654 100644
+--- a/tests/rpmspec.at
++++ b/tests/rpmspec.at
+@@ -243,6 +243,7 @@ Source: hello-2.0.tar.gz
+ Patch1: hello-1.0-modernize.patch
+ Group: Testing
+ License: GPLv2+
++SourceLicense: GPL, ASL 1.0
+ BuildArch: noarch
+ 
+ %description
+-- 
+2.45.2
+

SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch

@@ -0,0 +1,39 @@
+From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 20 Aug 2021 15:14:16 +0200
+Subject: [PATCH] Don't segfault on missing priority tag
+
+Resolves: #1636
+Related: #1638
+---
+ lib/rpmtriggers.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
+index fc809a65e..d541974e8 100644
+--- a/lib/rpmtriggers.c
++++ b/lib/rpmtriggers.c
+@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
+ 	if (matchFunc(ts, te, pfx, sense)) {
+ 	    for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) {
+ 		struct rpmtd_s priorities;
+-		unsigned int priority;
++		unsigned int priority = 0;
++		unsigned int *priority_ptr;
+ 		unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i);
+ 		unsigned int tix = rpmdbIndexIteratorTagNum(ii, i);
+ 
+@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
+ 		trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset);
+ 		headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM);
+ 		rpmtdSetIndex(&priorities, tix);
+-		priority = *rpmtdGetUint32(&priorities);
++		priority_ptr = rpmtdGetUint32(&priorities);
++		if (priority_ptr)
++		    priority = *priority_ptr;
+ 		headerFree(trigH);
+ 
+ 		/* Store file trigger in array */
+-- 
+2.45.1
+

SOURCES/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch

@@ -0,0 +1,12 @@
+diff -up rpm-4.16.1.3/lib/rpmts.c.orig rpm-4.16.1.3/lib/rpmts.c
+--- rpm-4.16.1.3/lib/rpmts.c.orig	2024-07-11 13:55:35.430198126 +0200
++++ rpm-4.16.1.3/lib/rpmts.c	2024-07-11 13:55:59.243061182 +0200
+@@ -482,6 +482,8 @@ static int makePubkeyHeader(rpmts ts, rp
+     int rc = -1;
+     int i;
+ 
++    memset(&kd, 0, sizeof(kd));
++
+     if ((enc = rpmPubkeyBase64(key)) == NULL)
+ 	goto exit;
+     if ((dig = rpmPubkeyDig(key)) == NULL)

SOURCES/0001-Fix-potential-use-of-uninitialized-pipe-array.patch

@@ -0,0 +1,32 @@
+From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Thu, 6 Jun 2024 09:15:02 +0200
+Subject: [PATCH] Fix potential use of uninitialized pipe array
+
+We only call pipe(2) after the script is written to disk so if the
+latter fails, the array will be left uninitialized and subsequently read
+after skipping to the exit label.  Fix by initializing it.
+
+Found by Coverity.
+
+Fixes: RHEL-22604
+---
+ lib/rpmscript.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rpmscript.c b/lib/rpmscript.c
+index 281c55c53..1de4acf8e 100644
+--- a/lib/rpmscript.c
++++ b/lib/rpmscript.c
+@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
+     char * fn = NULL;
+     pid_t pid, reaped;
+     int status;
+-    int inpipe[2];
++    int inpipe[2] = { -1, -1 };
+     FILE *in = NULL;
+     const char *line;
+     char *mline = NULL;
+-- 
+2.45.2
+

SOURCES/0001-Fix-root-relocation-regression.patch

@@ -0,0 +1,91 @@
+From bce17e42f2301a88574d757740627480a38d86aa Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 26 Jul 2024 10:44:04 +0200
+Subject: [PATCH] Fix root relocation regression
+
+When relocating the root directory, make sure we insert the new path's
+dirname to dirNames[] even if the root itself is owned by the package.
+
+This appears to have been the intention from the first version (largely
+untouched since) of this code as we allow the root to pass through the
+first checks (by setting len to 0 in that case) as well as the second
+for loop where we do the relocations.
+
+This allows fsm to properly create and remove the relocated directory
+since we're now using fd-based calls (#1919) and the parent directory
+needs to be opened first.
+
+No need to do string comparison here, the empty basename signals that
+we're processing the root directory, so just use that.
+
+Building a relocatable package that owns the root directory seems to be
+a handy way to create user-installable packages (see RHEL-28967) and it
+happened to work before with the path-based calls so this technically
+was a regression.  Add a test that emulates this use case.
+
+Backported from commits:
+31c14ba6610568c2d634647fed1fb57221178da9
+308ac60677732e9979b9ce11e5a3085906da1901
+
+Fixes: RHEL-28967
+---
+ lib/relocation.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/relocation.c b/lib/relocation.c
+index 3ba4cfeab..8c35bc1a7 100644
+--- a/lib/relocation.c
++++ b/lib/relocation.c
+@@ -123,7 +123,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     char ** baseNames;
+     char ** dirNames;
+     uint32_t * dirIndexes;
+-    rpm_count_t fileCount, dirCount;
++    rpm_count_t fileCount, dirCount, dirCountOrig;
+     int nrelocated = 0;
+     int fileAlloced = 0;
+     char * fn = NULL;
+@@ -162,7 +162,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     baseNames = bnames.data;
+     dirIndexes = dindexes.data;
+     fileCount = rpmtdCount(&bnames);
+-    dirCount = rpmtdCount(&dnames);
++    dirCount = dirCountOrig = rpmtdCount(&dnames);
+     /* XXX TODO: use rpmtdDup() instead */
+     dirNames = dnames.data = duparray(dnames.data, dirCount);
+     dnames.flags |= RPMTD_PTR_ALLOCED;
+@@ -179,8 +179,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+ 	rpmFileTypes ft;
+ 	int fnlen;
+ 
++	size_t baselen = strlen(baseNames[i]);
+ 	size_t len = maxlen +
+-		strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1;
++		strlen(dirNames[dirIndexes[i]]) + baselen + 1;
+ 	if (len >= fileAlloced) {
+ 	    fileAlloced = len * 2;
+ 	    fn = xrealloc(fn, fileAlloced);
+@@ -242,8 +243,9 @@ assert(fn != NULL);		/* XXX can't happen */
+ 	    continue;
+ 	}
+ 
+-	/* Relocation on full paths only, please. */
+-	if (fnlen != len) continue;
++	/* Relocation on '/' and full paths only, please. */
++	if (baselen && fnlen != len)
++	    continue;
+ 
+ 	rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n",
+ 	       fn, relocations[j].newPath);
+@@ -294,7 +296,7 @@ assert(fn != NULL);		/* XXX can't happen */
+     }
+ 
+     /* Finish off by relocating directories. */
+-    for (i = dirCount - 1; i >= 0; i--) {
++    for (i = dirCountOrig - 1; i >= 0; i--) {
+ 	for (j = numRelocations - 1; j >= 0; j--) {
+ 
+ 	    if (relocations[j].oldPath == NULL) /* XXX can't happen */
+-- 
+2.45.2
+

SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch

@@ -0,0 +1,51 @@
+From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 5 Aug 2024 14:40:57 +0200
+Subject: [PATCH] Skip to hashed subpacket data directly
+
+Let OpenScanHub grok the bigger picture instead of producing a spurious
+overrun warning for v->hashlen when we're dereferencing p later.
+
+Casting the v pointer back to uint8_t is unnecessary when we could just
+use h directly but it's done this way in the if branch for pgp version 3
+in this function as well as in pgpPrtKey() so copy that, just for the
+sake of consistency.
+
+Along the same lines (consistency), change the p pointer to a const
+pointer.
+
+No functional change.
+
+Resolves: RHEL-22607
+---
+ rpmio/rpmpgp.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index d0688ebe9..6f044eb1b 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 		     pgpDigParams _digp)
+ {
+     uint8_t version = 0;
+-    uint8_t * p;
++    const uint8_t * p;
+     unsigned int plen;
+     int rc = 1;
+ 
+@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ 	pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
+ 	pgpPrtNL();
+ 
+-	p = &v->hashlen[0];
+ 	if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
+ 	    return 1;
+-	p += sizeof(v->hashlen);
++	p = ((uint8_t *)v) + sizeof(*v);
+ 
+ 	if ((p + plen) > (h + hlen))
+ 	    return 1;
+-- 
+2.46.0
+

SOURCES/0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch

@@ -0,0 +1,57 @@
+From d29651be364ef72c7c0f468157602e4ed5cab4ff Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 12 Jun 2024 15:46:12 +0200
+Subject: [PATCH] Talk about rpmsign in the rpmsign man page
+
+In the past handling signatures was done by the rpm / rpmbuild binaries
+directly. When this functionality was split into rpmsign the man page
+was not adjusted accoringly. This is the long overdue update.
+
+Resolves: # 3125
+
+(backported from commit 8e1f55c7004e8c1a7d9140ab2dd9456a7ace3e77)
+---
+ doc/rpmsign.8 | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
+index f7ceae89b..6c5bcc8ef 100644
+--- a/doc/rpmsign.8
++++ b/doc/rpmsign.8
+@@ -5,9 +5,9 @@ rpmsign \- RPM Package Signing
+ .SS "SIGNING PACKAGES:"
+ .PP
+ 
+-\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
++\fBrpmsign\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+ 
+-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
++\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+ 
+ .SS "rpmsign-options"
+ .PP
+@@ -22,10 +22,10 @@ options generate and insert new signatures for each package
+ existing signatures. There are two options for historical reasons,
+ there is no difference in behavior currently.
+ 
+-To create a signature rpm needs to verify the package's checksum. As a result
++To create a signature rpmsign needs to verify the package's checksum. As a result
+ packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
+ 
+-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
++\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+ 
+ .PP
+ Delete all signatures from each package \fIPACKAGE_FILE\fR given.
+@@ -36,7 +36,7 @@ Delete all signatures from each package \fIPACKAGE_FILE\fR given.
+ \fB--rpmv3\fR
+ Force RPM V3 header+payload signature addition.
+ These are expensive and redundant baggage on packages where a separate
+-payload digest exists (packages built with rpm >= 4.14).  Rpm will
++payload digest exists (packages built with rpm >= 4.14).  Rpmsign will
+ automatically detect the need for V3 signatures, but this option can be
+ used to force their creation if the packages must be fully 
+ signature verifiable with rpm < 4.14 or other interoperability reasons.
+-- 
+2.45.2
+

SOURCES/0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch

@@ -0,0 +1,32 @@
+From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 24 Jan 2024 12:03:39 +0200
+Subject: [PATCH] Use unsigned integers for buildtime too for Y2K38 safety
+
+This little patch buys us 68 extra years to move to 64bit time tags
+in rpm. That seems achievable.
+
+Fixes: #1228
+---
+ build/build.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/build/build.c b/build/build.c
+index e4081c673..0ac8bf6c9 100644
+--- a/build/build.c
++++ b/build/build.c
+@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void)
+         if (srcdate == endptr || *endptr || errno != 0)
+             rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
+         else
+-            buildTime = (int32_t) epoch;
++            buildTime = (uint32_t) epoch;
+     } else
+-        buildTime = (int32_t) time(NULL);
++        buildTime = (uint32_t) time(NULL);
+ 
+     return buildTime;
+ }
+-- 
+2.45.1
+

SPECS/rpm.spec

@@ -32,7 +32,7 @@
 
 %global rpmver 4.16.1.3
 #global snapver rc1
-%global rel 29
+%global rel 34
 %global sover 9
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -108,6 +108,12 @@ Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch
 Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
 Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch
 Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch
+Patch143: 0001-Don-t-segfault-on-missing-priority-tag.patch
+Patch144: 0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch
+Patch145: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
+Patch146: 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
+Patch147: 0001-Add-SourceLicense-tag-to-spec-syntax.patch
+Patch148: 0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch
 
 # These are not yet upstream
 Patch906: rpm-4.7.1-geode-i686.patch
@@ -129,6 +135,8 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
 Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
 Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
 Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
+Patch1003: 0001-Fix-root-relocation-regression.patch
+Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch
 
 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@@ -657,6 +665,28 @@ fi
 %doc doc/librpm/html/*
 
 %changelog
+* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-34
+- Fix discarded const qualifier in previous patch (RHEL-22607)
+
+* Mon Aug 05 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-33
+- Fix root relocation regression (RHEL-28967)
+- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
+
+* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-32
+- Revert incorrect fix for false array overrun (RHEL-22607)
+
+* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-31
+- Fix potential use of uninitialized pipe array (RHEL-22604)
+- Fix potential use of uninitialized pgp struct (RHEL-22605)
+- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
+- Add SourceLicense tag to spec syntax (RHEL-28798)
+- Talk about rpmsign in the rpmsign(8) man page (RHEL-40895)
+
+* Mon Jun 03 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-30
+- Don't segfault on missing priority tag (RHEL-35249)
+- Use unsigned integers for buildtime too for Y2K38 safety (RHEL-22602)
+- Rebuild against libimaevm.so.4 (RHEL-32505)
+
 * Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29
 - Actually add --verifydb to the man page (RHEL-14591)
 - Don't warn about missing user/group on skipped files (RHEL-18037)