Fix: Treat x86_64_v2 as x86_64 in architecture checks

0001-Make-_passwd_path-and-_group_path-lists.patch

@@ -0,0 +1,104 @@
+From 0f3ace9f3f38e3719b83018f400d5ffa509bbd1d Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Thu, 20 Mar 2025 13:57:56 +0100
+Subject: [PATCH 1/5] Make %_passwd_path and %_group_path lists
+
+Look up multiple files if they are listes in the macros separated by
+colons. This way multiple sources of user and group information can be
+used.
+
+This is needed as RPM no longer honors nsswitch as it fails for
+chroots. This way one can at least configure where RPM should look for
+user/group information.
+
+Backported from commits:
+eb1ee05c6d835903b3f47bc95042790e915f569e
+
+Fixes: RHEL-78693
+---
+ lib/rpmug.c        | 21 ++++++++++++++++++++-
+ macros.in          |  2 +-
+ tests/rpmverify.at | 18 ++++++++++++++++++
+ 3 files changed, 39 insertions(+), 2 deletions(-)
+
+diff --git a/lib/rpmug.c b/lib/rpmug.c
+index 807677b2c..316e326f3 100644
+--- a/lib/rpmug.c
++++ b/lib/rpmug.c
+@@ -47,7 +47,7 @@ static const char *grpfile(void)
+  * Lookup an arbitrary field based on contents of another in a ':' delimited
+  * file, such as /etc/passwd or /etc/group.
+  */
+-static int lookup_field(const char *path, const char *val, int vcol, int rcol,
++static int lookup_field_in_file(const char *path, const char *val, int vcol, int rcol,
+ 			char **ret)
+ {
+     int rc = -1; /* assume not found */
+@@ -85,6 +85,25 @@ static int lookup_field(const char *path, const char *val, int vcol, int rcol,
+     return rc;
+ }
+ 
++/*
++ * Lookup an arbitrary field based on contents of another in a ':' delimited
++ * file, such as /etc/passwd or /etc/group. Look at multiple files listed in
++ * path separated by colons
++ */
++static int lookup_field(const char *path, const char *val, int vcol, int rcol,
++			char **ret)
++{
++    ARGV_t paths = argvSplitString(path, ":", ARGV_SKIPEMPTY);
++    int rc = -1;
++    for (ARGV_t p = paths; *p; p++) {
++	rc = lookup_field_in_file(*p, val, vcol, rcol, ret);
++	if (!rc)
++	    break;
++    }
++    argvFree(paths);
++    return rc;
++}
++
+ /* atol() with error handling, return 0/-1 on success/failure */
+ static int stol(const char *s, long *ret)
+ {
+diff --git a/macros.in b/macros.in
+index 7eb3d2b98..f2a28fa57 100644
+--- a/macros.in
++++ b/macros.in
+@@ -132,7 +132,7 @@
+ 
+ %_keyringpath		%{_dbpath}/pubkeys/
+ 
+-# Location of passwd(5) and group(5)
++# Location of passwd(5) and group(5), as : separated list
+ %_passwd_path		/etc/passwd
+ %_group_path		/etc/group
+ 
+diff --git a/tests/rpmverify.at b/tests/rpmverify.at
+index c625a1bb9..804235908 100644
+--- a/tests/rpmverify.at
++++ b/tests/rpmverify.at
+@@ -648,3 +648,21 @@ runroot rpm -Vv ${VERIFYOPTS} verifyfiles
+ ],
+ [])
+ RPMTEST_CLEANUP
++
++AT_SETUP([alternative passwd location])
++AT_KEYWORDS([verify])
++RPMDB_INIT
++
++runroot rpmbuild -bb --quiet /data/SPECS/klang.spec
++runroot rpm -Uvh /build/RPMS/noarch/klang-*
++echo "klangd:x:1111:1111::/:/sbin/nologin\n" >> ${RPMTEST}/usr/lib/passwd
++echo "klangd:x:8888:" >> ${RPMTEST}/usr/lib/group
++
++RPMTEST_CHECK([
++runroot_other chown 1111:8888 /var/lib/klangd
++runroot rpm -D "_passwd_path /usr/lib/passwd:/etc/passwd" -D "_group_path /usr/lib/group:/etc/group" -V klang-server
++],
++[0],
++[],
++[])
++RPMTEST_CLEANUP
+-- 
+2.49.0
+

0002-Fix-memory-leak-in-rpmspec-shell.patch

@@ -0,0 +1,32 @@
+From 891a625246a19abd5aecfa534b630f2e7d15c8d5 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Thu, 17 Apr 2025 13:04:50 +0200
+Subject: [PATCH 2/5] Fix memory leak in rpmspec --shell
+
+The history(3) library allocates its own copy of the line string passed
+to add_history() so we need to free it ourselves.
+
+Found by Coverity.
+
+(cherry picked from commit 96fe0562712227c1764f2bae27f1b138dda7e032)
+
+Fixes: RHEL-55284
+---
+ tools/rpmspec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/rpmspec.c b/tools/rpmspec.c
+index cf58de80e..2bf95684e 100644
+--- a/tools/rpmspec.c
++++ b/tools/rpmspec.c
+@@ -74,6 +74,7 @@ static int doShell(rpmSpec spec)
+ 	free(exp);
+ 	if (*line)
+ 	    add_history(line);
++	free(line);
+     }
+     return 0;
+ }
+-- 
+2.49.0
+

0003-Fix-memory-leak-in-runGPG.patch

@@ -0,0 +1,37 @@
+From 0f1731d648ff37d06bf711c84459b254047b23e0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Tue, 22 Apr 2025 14:04:31 +0200
+Subject: [PATCH 3/5] Fix memory leak in runGPG()
+
+Downstream only patch, upstream no longer uses gpg_path here after
+commit 7f2c7136af575ba4854e579f3df547051a2eecfc.
+
+Fixes: RHEL-82284
+---
+ sign/rpmgensig.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index 576e77f7d..f0b4dc891 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -237,7 +237,7 @@ static int runGPG(sigTarget sigt, const char *sigfile)
+ 	int using_gpg = (strstr(out, "GnuPG") != NULL);
+ 	if (using_gpg) {
+ 	    const char *tty = ttyname(STDIN_FILENO);
+-	    const char *gpg_path = NULL;
++	    char *gpg_path = NULL;
+ 
+ 	    if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
+ 		rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
+@@ -245,6 +245,7 @@ static int runGPG(sigTarget sigt, const char *sigfile)
+ 	    gpg_path = rpmExpand("%{?_gpg_path}", NULL);
+ 	    if (gpg_path && *gpg_path != '\0')
+ 		(void) setenv("GNUPGHOME", gpg_path, 1);
++	    free(gpg_path);
+ 	}
+ 	free(out);
+ 
+-- 
+2.49.0
+

0004-Talk-about-rpmsign-in-the-rpmsign-man-page.patch

@@ -0,0 +1,66 @@
+From 9bb13c129ebd399645d173e51a5819bb9969e7c2 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 12 Jun 2024 15:46:12 +0200
+Subject: [PATCH 4/5] Talk about rpmsign in the rpmsign man page
+
+In the past handling signatures was done by the rpm / rpmbuild binaries
+directly. When this functionality was split into rpmsign the man page
+was not adjusted accoringly. This is the long overdue update.
+
+(cherry picked from commit 8e1f55c7004e8c1a7d9140ab2dd9456a7ace3e77)
+
+Fixes: RHEL-73173
+---
+ docs/man/rpmsign.8.md | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/docs/man/rpmsign.8.md b/docs/man/rpmsign.8.md
+index 04d6855e7..339e28451 100644
+--- a/docs/man/rpmsign.8.md
++++ b/docs/man/rpmsign.8.md
+@@ -15,12 +15,12 @@ SYNOPSIS
+ SIGNING PACKAGES:
+ -----------------
+ 
+-**rpm** **\--addsign\|\--resign** \[**rpmsign-options**\] *PACKAGE\_FILE
++**rpmsign** **\--addsign\|\--resign** \[**rpmsign-options**\] *PACKAGE\_FILE
+ \...*
+ 
+-**rpm** **\--delsign** *PACKAGE\_FILE \...*
++**rpmsign** **\--delsign** *PACKAGE\_FILE \...*
+ 
+-**rpm** **\--delfilesign** *PACKAGE\_FILE \...*
++**rpmsign** **\--delfilesign** *PACKAGE\_FILE \...*
+ 
+ rpmsign-options
+ ---------------
+@@ -35,14 +35,14 @@ new signatures for each package *PACKAGE\_FILE* given, replacing any
+ existing signatures. There are two options for historical reasons, there
+ is no difference in behavior currently.
+ 
+-To create a signature rpm needs to verify the package\'s checksum. As a
++To create a signature rpmsign needs to verify the package\'s checksum. As a
+ result packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
+ 
+-**rpm** **\--delsign** *PACKAGE\_FILE \...*
++**rpmsign** **\--delsign** *PACKAGE\_FILE \...*
+ 
+ Delete all signatures from each package *PACKAGE\_FILE* given.
+ 
+-**rpm** **\--delfilesign** *PACKAGE\_FILE \...*
++**rpmsign** **\--delfilesign** *PACKAGE\_FILE \...*
+ 
+ Delete all IMA and fsverity file signatures from each package
+ *PACKAGE\_FILE* given.
+@@ -54,7 +54,7 @@ SIGN OPTIONS
+ 
+ :   Force RPM V3 header+payload signature addition. These are expensive
+     and redundant baggage on packages where a separate payload digest
+-    exists (packages built with rpm \>= 4.14). Rpm will automatically
++    exists (packages built with rpm \>= 4.14). Rpmsign will automatically
+     detect the need for V3 signatures, but this option can be used to
+     force their creation if the packages must be fully signature
+     verifiable with rpm \< 4.14 or other interoperability reasons.
+-- 
+2.49.0
+

0005-Revert-Drop-redundant-argument-from-rpmcliTransactio.patch

@@ -0,0 +1,120 @@
+From d09149df374b0faad1d58843369b461a35ec286b Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 16 Apr 2025 12:16:41 +0300
+Subject: [PATCH 5/5] Revert "Drop redundant argument from rpmcliTransaction()"
+
+This reverts commit 99f8997082637889e6ef08c7893d583cfaea2f04.
+
+The transaction does know the number of elements alright, but updates
+are tracked as two elements so the exit code on a failed update of one
+package becomes 2 which seems wrong. Just revert the change, it wasn't
+a big cleanup anyhow, the alternative of filtering out update-related
+erasures from the transaction would only be more code.
+
+--restore was added in the meanwhile so a plain revert doesn't suffice.
+In the case of --restore the number of elements is always simply the
+elements in transaction so we can just use rpmtsNElements() for that.
+
+Backported from commits:
+c1b33879a7284cf311fa68d88f8df54b00a207ac
+7931850da430c6187c3557a0dbecf753bb5be490
+
+Fixes: RHEL-87384
+---
+ lib/rpminstall.c              | 10 +++++-----
+ tests/data/SPECS/deptest.spec |  4 +++-
+ tests/rpmdeps.at              | 14 ++++++++++++++
+ 3 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/lib/rpminstall.c b/lib/rpminstall.c
+index 4c49507db..c7510dabb 100644
+--- a/lib/rpminstall.c
++++ b/lib/rpminstall.c
+@@ -252,10 +252,10 @@ struct rpmEIU {
+     rpmRC rpmrc;
+ };
+ 
+-static int rpmcliTransaction(rpmts ts, struct rpmInstallArguments_s * ia)
++static int rpmcliTransaction(rpmts ts, struct rpmInstallArguments_s * ia,
++		      int numPackages)
+ {
+     rpmps ps;
+-    int numPackages = rpmtsNElements(ts);
+ 
+     int rc = 0;
+     int stop = 0;
+@@ -650,7 +650,7 @@ restart:
+     if (eiu->numFailed) goto exit;
+ 
+     if (eiu->numRPMS) {
+-        int rc = rpmcliTransaction(ts, ia);
++        int rc = rpmcliTransaction(ts, ia, eiu->numPkgs);
+         if (rc < 0)
+             eiu->numFailed += eiu->numRPMS;
+ 	else if (rc > 0)
+@@ -756,7 +756,7 @@ int rpmErase(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_const_t argv)
+     free(qfmt);
+ 
+     if (numFailed) goto exit;
+-    numFailed = rpmcliTransaction(ts, ia);
++    numFailed = rpmcliTransaction(ts, ia, numPackages);
+ exit:
+     rpmtsEmpty(ts);
+     rpmtsSetVSFlags(ts, ovsflags);
+@@ -784,7 +784,7 @@ int rpmRestore(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_const_t argv)
+ 
+     rc = rpmcliArgIter(ts, qva, argv);
+     if (rc == 0) {
+-	rc = rpmcliTransaction(ts, ia);
++	rc = rpmcliTransaction(ts, ia, rpmtsNElements(ts));
+     }
+ 
+     rpmtsEmpty(ts);
+diff --git a/tests/data/SPECS/deptest.spec b/tests/data/SPECS/deptest.spec
+index 164571a40..5a1ecdc55 100644
+--- a/tests/data/SPECS/deptest.spec
++++ b/tests/data/SPECS/deptest.spec
+@@ -1,5 +1,7 @@
++%{?!ver:%define ver 1.0}
++
+ Name:		deptest-%{pkg}
+-Version:	1.0
++Version:	%{ver}
+ Release:	1
+ Summary:	Testing dependency behavior
+ 
+diff --git a/tests/rpmdeps.at b/tests/rpmdeps.at
+index f839a5fad..fac541325 100644
+--- a/tests/rpmdeps.at
++++ b/tests/rpmdeps.at
+@@ -17,6 +17,11 @@ runroot rpmbuild --quiet -bb \
+ 	--define "reqs deptest-one" \
+ 	  /data/SPECS/deptest.spec
+ 
++runroot rpmbuild --quiet -bb \
++	--define "pkg two" \
++	--define "ver 2.0" \
++	--define "reqs deptest-one deptest-not" \
++	  /data/SPECS/deptest.spec
+ # missing dependency
+ RPMTEST_CHECK([
+ RPMDB_INIT
+@@ -38,6 +43,15 @@ runroot rpm -U /build/RPMS/noarch/deptest-one-1.0-1.noarch.rpm /build/RPMS/noarc
+ [0],
+ [],
+ [])
++
++RPMTEST_CHECK([
++runroot rpm -U /build/RPMS/noarch/deptest-two-2.0-1.noarch.rpm
++],
++[1],
++[],
++[error: Failed dependencies:
++	deptest-not is needed by deptest-two-2.0-1.noarch
++])
+ RPMTEST_CLEANUP
+ 
+ # ------------------------------
+-- 
+2.49.0
+

rpm.spec

@@ -27,7 +27,7 @@
 
 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 12
+%global baserelease 13
 %global sover 10
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -156,6 +156,12 @@ rpm-4.18.90-weak-user-group.patch
 0002-Fix-regression-on-build-id-generation-from-compresse.patch
 0003-Fix-root-relocation-regression.patch
 
+0001-Make-_passwd_path-and-_group_path-lists.patch
+0002-Fix-memory-leak-in-rpmspec-shell.patch
+0003-Fix-memory-leak-in-runGPG.patch
+0004-Talk-about-rpmsign-in-the-rpmsign-man-page.patch
+0005-Revert-Drop-redundant-argument-from-rpmcliTransactio.patch
+
 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
 
@@ -487,7 +493,9 @@ fi
 %attr(0644, root, root) %ghost /usr/lib/sysimage/rpm/.*.lock
 
 %{_bindir}/rpm
+%if %{with libarchive}
 %{_bindir}/rpm2archive
+%endif
 %{_bindir}/rpm2cpio
 %{_bindir}/rpmdb
 %{_bindir}/rpmkeys
@@ -498,7 +506,9 @@ fi
 %{_mandir}/man8/rpm.8*
 %{_mandir}/man8/rpmdb.8*
 %{_mandir}/man8/rpmkeys.8*
+%if %{with libarchive}
 %{_mandir}/man8/rpm2archive.8*
+%endif
 %{_mandir}/man8/rpm2cpio.8*
 %{_mandir}/man8/rpm-misc.8*
 %{_mandir}/man8/rpmsort.8*
@@ -638,9 +648,16 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 
 %changelog
-* Wed Feb 12 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-12.alma.1
+* Thu Apr 24 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-13.alma.1
 - Fix: Treat x86_64_v2 as x86_64 in architecture checks
 
+* Tue Apr 22 2025 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-13
+- Make %%_passwd_path and %%_group_path into lists (RHEL-78693)
+- Fix memory leak in rpmspec --shell (RHEL-55284)
+- Fix memory leak in rpmsign (RHEL-82284)
+- Fix command references in rpmsign(8) man page (RHEL-73173)
+- Fix exit code regression on update failure (RHEL-87384)
+
 * Fri Feb 07 2025 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-12
 - Rebuild for ima-evm-utils 1.6 soname bump (RHEL-65378)