initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>

SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch

@@ -0,0 +1,40 @@
+From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Tue, 28 Jun 2022 12:50:54 +0200
+Subject: [PATCH] Give warning on not supported hash for RSA keys
+
+This can happen when old keys are used on systems that have disabled SHA1
+e.g. for FIPS requirements.
+
+This is less than ideal but there is currently no way to pass a meaningful
+error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key
+or NULL.
+
+See rhbz#2069877
+---
+ rpmio/digest_openssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
+index a28a13acc..2ec5140f1 100644
+--- a/rpmio/digest_openssl.c
++++ b/rpmio/digest_openssl.c
+@@ -4,6 +4,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
+ #include <rpm/rpmpgp.h>
++#include <rpm/rpmlog.h>
+ 
+ #include "rpmio/digest.h"
+ 
+@@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
+ 
+     ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo));
+     if (ret < 0) {
++	rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo));
+         rc = 1;
+         goto done;
+     }
+-- 
+2.36.1
+

SOURCES/0001-Macroize-find-debuginfo-script-location.patch

@@ -0,0 +1,51 @@
+From 1a2554da434548e916240796fe7ca9689c5771fe Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 27 May 2021 13:58:58 +0300
+Subject: [PATCH] Macroize find-debuginfo script location
+
+Makes it easier to handle varying paths, mainly in preparation for the
+next step.
+
+(cherry picked from commit ce48167f37af59b6366083fb78a314f7931c0c6b)
+---
+ configure.ac | 1 +
+ macros.in    | 4 +++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 39f9a0e5b..35b4dff4c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -113,6 +113,7 @@ AC_PATH_PROG(__NM, nm, /usr/bin/nm, $MYPATH)
+ AC_PATH_PROG(__OBJCOPY, objcopy, /usr/bin/objcopy, $MYPATH)
+ AC_PATH_PROG(__OBJDUMP, objdump, /usr/bin/objdump, $MYPATH)
+ AC_PATH_PROG(__STRIP, strip, /usr/bin/strip, $MYPATH)
++AC_PATH_PROG(__FIND_DEBUGINFO, find-debuginfo, /usr/bin/find-debuginfo, $MYPATH)
+ 
+ AC_PATH_PROG(__GIT, git, /usr/bin/git, $MYPATH)
+ AC_PATH_PROG(__HG, hg, /usr/bin/hg, $MYPATH)
+diff --git a/macros.in b/macros.in
+index 24b124702..2bcf07ef8 100644
+--- a/macros.in
++++ b/macros.in
+@@ -80,6 +80,8 @@
+ %__remsh		%{__rsh}
+ %__strip		@__STRIP@
+ 
++%__find_debuginfo	@__FIND_DEBUGINFO@
++
+ #==============================================================================
+ # Conditional build stuff.
+ 
+@@ -149,7 +151,7 @@
+ #       _find_debuginfo_vendor_opts to pass options to the script.
+ #
+ %__debug_install_post   \
+-    %{_rpmconfigdir}/find-debuginfo.sh \\\
++    %{__find_debuginfo} \\\
+     %{?_smp_build_ncpus:-j%{_smp_build_ncpus}} \\\
+     %{?_missing_build_ids_terminate_build:--strict-build-id} \\\
+     %{?_no_recompute_build_ids:-n} \\\
+-- 
+2.41.0
+

SOURCES/rpm-4.14.3-rpm2archive-Don-t-print-usage.patch

@@ -0,0 +1,29 @@
+From fe274b8f965582fdf97e6c46f90b9e7c124b0b8b Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 16 Dec 2022 15:50:12 +0100
+Subject: [PATCH] rpm2archive: Don't print usage on no arguments
+
+given as we want to default to reading from stdin and writing to stdout in
+that case.
+---
+ rpm2archive.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/rpm2archive.c b/rpm2archive.c
+index 09da8d16b..53f047f58 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -241,10 +241,6 @@ int main(int argc, const char *argv[])
+ 	    exit(EXIT_FAILURE);
+ 	}
+     }
+-    if (argc < 2 || poptGetNextOpt(optCon) == 0) {
+-	poptPrintUsage(optCon, stderr, 0);
+-	exit(EXIT_FAILURE);
+-    }
+ 
+     rpmts ts = rpmtsCreate();
+     rpmVSFlags vsflags = 0;
+-- 
+2.38.1
+

SOURCES/rpm-4.14.3-rpm2archive-parse-popt-options.patch

@@ -0,0 +1,36 @@
+From 8f416b275a365426b07c75adfc017e0b18a85450 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Fri, 16 Dec 2022 15:45:20 +0100
+Subject: [PATCH] rpm2archive: Properly parse popt options
+
+and issue an error message for unknown options. Before unknown options
+could mess up the argument parsing leading to reading and writing from
+stdin/stdout.
+
+Thanks to Eva Mrakova and the Red Hat QE team for spotting this!
+---
+ rpm2archive.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/rpm2archive.c b/rpm2archive.c
+index de1a17d2b..09da8d16b 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -233,6 +233,14 @@ int main(int argc, const char *argv[])
+ 
+     optCon = poptGetContext(NULL, argc, argv, optionsTable, 0);
+     poptSetOtherOptionHelp(optCon, "[OPTIONS]* <FILES>");
++    while ((rc = poptGetNextOpt(optCon)) != -1) {
++	if (rc < 0) {
++	    fprintf(stderr, "%s: %s\n",
++		    poptBadOption(optCon, POPT_BADOPTION_NOALIAS),
++		    poptStrerror(rc));
++	    exit(EXIT_FAILURE);
++	}
++    }
+     if (argc < 2 || poptGetNextOpt(optCon) == 0) {
+ 	poptPrintUsage(optCon, stderr, 0);
+ 	exit(EXIT_FAILURE);
+-- 
+2.38.1
+

SOURCES/rpm-4.16.1.3-IMA-without-xattr.patch

@@ -0,0 +1,41 @@
+Based on
+
+From 7db2efa95d859cebda2b095ffdffac42812bd6d9 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 22 Feb 2022 16:57:00 +0000
+Subject: [PATCH] ima: Install on filesystems without xattr support without
+ failing
+
+If an RPM contains IMA signed digests and rpm-plugin-ima is installed,
+then any attempt to install to a filesystem that doesn't support
+extended attributes will cause the RPM installation to fail.
+
+This can be seen, for example, if installing a file /boot, which is
+usually a vFAT filesystem.
+
+The rpm-plugin for selinux fixed this some time back, and that same
+logic can be applied to IMA too - where, if a failure to set an extended
+attribute results in an errno that is set to EOPNOTSUPP, then this
+should not cause a complete failure, but should instead just be logged
+at a debug level.
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+
+--- rpm-4.16.1.3/plugins/ima.c.orig	2023-05-02 18:19:25.095992859 +0200
++++ rpm-4.16.1.3/plugins/ima.c	2023-05-02 18:21:46.032941008 +0200
+@@ -69,10 +69,13 @@
+ 	fsig = rpmfiFSignature(fi, &len);
+ 	if (fsig && (check_zero_hdr(fsig, len) == 0)) {
+ 	    if (lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0) < 0) {
+-	        rpmlog(RPMLOG_ERR,
++		int is_err = errno != EOPNOTSUPP; 
++	        rpmlog(is_err?RPMLOG_ERR:RPMLOG_DEBUG,
+ 			"ima: could not apply signature on '%s': %s\n",
+ 			path, strerror(errno));
+-	        rc = RPMRC_FAIL;
++		if (is_err) {
++		    rc = RPMRC_FAIL;
++		}
+ 	    }
+ 	}
+ 

SOURCES/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch

@@ -0,0 +1,57 @@
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index 4531271cc..74aeed851 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -15,13 +15,23 @@ _dd() {
+ }
+ 
+ calcsize() {
++
++	case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in
++		"$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8'
++		*) fatal "File doesn't look like rpm: $pkg" ;;
++	esac
++
+ 	offset=$(($1 + 8))
+ 
+ 	local i b b0 b1 b2 b3 b4 b5 b6 b7
+ 
+ 	i=0
+ 	while [ $i -lt 8 ]; do
+-		b="$(_dd $(($offset + $i)) bs=1 count=1)"
++		# add . to not loose \n
++		# strip \0 as it gets dropped with warning otherwise
++		b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)"
++		b=${b%.}    # strip . again
++
+ 		[ -z "$b" ] &&
+ 			b="0" ||
+ 			b="$(exec printf '%u\n' "'$b")"
+@@ -33,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1)" in
++case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+@@ -44,11 +54,11 @@ sigsize=$rsize
+ calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
+ hdrsize=$rsize
+ 
+-case "$(_dd $offset bs=3 count=1)" in
+-	"$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
+-	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
+-	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
+-	"$(printf '\135\000')"*) _dd $offset | unlzma  ;; # '\x5d\x00'
+-	"$(printf '\050\265')"*) _dd $offset | unzstd  ;; # '\x28\xb5'
+-	*) fatal "Unrecognized rpm file: $pkg" ;;
++case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in
++	"$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a'
++	"$(printf '\037\213')") _dd $offset | gunzip  ;; # '\x1f\x8b'
++	"$(printf '\375\067')") _dd $offset | xzcat   ;; # '\xfd\x37'
++	"$(printf '\135')") _dd $offset | unlzma      ;; # '\x5d\x00'
++	"$(printf '\050\265')") _dd $offset | unzstd  ;; # '\x28\xb5'
++	*) fatal "Unrecognized payload compression format in rpm file: $pkg" ;;
+ esac

SOURCES/rpm-4.16.1.3-Support-long-languages-names-for-QT.patch

@@ -0,0 +1,40 @@
+From 35739c2a2298e61caacb45157706bf342ffcd20e Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Tue, 27 Apr 2021 10:09:41 +0200
+Subject: [PATCH] find-lang.sh: Support long languages names for QT
+
+Most language abbreviations are just two characters but some are longer.
+Allow an arbiraty number of character instead of exactly two in the names
+of .qm files (QT translations). This brings the handling of .qm files in
+line with all other file types.
+
+Resolves: #1642
+---
+ scripts/find-lang.sh | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/scripts/find-lang.sh b/scripts/find-lang.sh
+index f2aa7d8951..b97210b117 100755
+--- a/scripts/find-lang.sh
++++ b/scripts/find-lang.sh
+@@ -249,13 +249,13 @@ s:%lang(C) ::
+ 
+ find "$TOP_DIR" -type f -o -type l|sed '
+ s:'"$TOP_DIR"'::
+-'"$NO_ALL_NAME$QT"'s:\(.*/'"$NAME"'_\([a-zA-Z]\{2\}\([_@].*\)\?\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/\([a-zA-Z]\{2\}[_@].*\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/\([a-zA-Z]\{2\}\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/[^/_]\+_\([a-zA-Z]\{2\}[_@].*\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/[^/_]\+_\([a-zA-Z]\{2\}\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/[^/]\+_\([a-zA-Z]\{2\}[_@].*\)\.qm$\):%lang(\2) \1:
+-'"$ALL_NAME$QT"'s:^\([^%].*/[^/]\+_\([a-zA-Z]\{2\}\)\.qm$\):%lang(\2) \1:
++'"$NO_ALL_NAME$QT"'s:\(.*/'"$NAME"'_\([a-zA-Z]\+\([_@].*\)\?\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/\([a-zA-Z]\+[_@].*\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/\([a-zA-Z]\+\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/[^/_]\+_\([a-zA-Z]\+[_@].*\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/[^/_]\+_\([a-zA-Z]\+\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/[^/]\+_\([a-zA-Z]\+[_@].*\)\.qm$\):%lang(\2) \1:
++'"$ALL_NAME$QT"'s:^\([^%].*/[^/]\+_\([a-zA-Z]\+\)\.qm$\):%lang(\2) \1:
+ s:^[^%].*::
+ s:%lang(C) ::
+ /^$/d' >> $MO_NAME

SOURCES/rpm-4.16.1.3-bcond-macros.patch

@@ -0,0 +1,217 @@
+From 7b1fc619a5c828828dad7c1f61f525d957b9e2c5 Mon Sep 17 00:00:00 2001
+From: Petr Viktorin <pviktori@redhat.com>
+Date: Wed, 27 Jan 2021 17:32:51 +0100
+Subject: [PATCH] Add %bcond macro for defining build conditionals
+
+Move documentation from comments to reference manual
+Fixes: https://github.com/rpm-software-management/rpm/issues/941
+
+(cherry picked from commit a99b6373af0774f4bef62aa89defc84cfcacc078)
+---
+ macros.in                        | 54 +++++++----------------
+ tests/Makefile.am                |  1 +
+ tests/data/SPECS/bcondtest.spec  | 33 +++++++++++++++
+ tests/rpmbuild.at                | 73 ++++++++++++++++++++++++++++++++
+ 5 files changed, 157 insertions(+), 42 deletions(-)
+ create mode 100644 tests/data/SPECS/bcondtest.spec
+
+diff --git a/macros.in b/macros.in
+index 7c458f5d8a..35462c933c 100644
+--- a/macros.in
++++ b/macros.in
+@@ -78,47 +78,25 @@
+ %defined()	%{expand:%%{?%{1}:1}%%{!?%{1}:0}}
+ %undefined()	%{expand:%%{?%{1}:0}%%{!?%{1}:1}}
+ 
+-# Shorthand for %{defined with_...}
++# Handle conditional builds.
++# (see 'conditionalbuilds' in the manual)
++#
++# Internally, the `--with foo` option defines the macro `_with_foo` and the
++# `--without foo` option defines the macro `_without_foo`.
++# Based on those and a default (used when neither is given), bcond macros
++# define the macro `with_foo`, which should later be checked:
++
++%bcond()	%[ (%2)\
++    ? "%{expand:%%{!?_without_%{1}:%%global with_%{1} 1}}"\
++    : "%{expand:%%{?_with_%{1}:%%global with_%{1} 1}}"\
++]
++%bcond_with()		%bcond %{1} 0
++%bcond_without()	%bcond %{1} 1
++
++# Shorthands for %{defined with_...}:
+ %with()		%{expand:%%{?with_%{1}:1}%%{!?with_%{1}:0}}
+ %without()	%{expand:%%{?with_%{1}:0}%%{!?with_%{1}:1}}
+ 
+-# Handle conditional builds. %bcond_with is for case when feature is
+-# default off and needs to be activated with --with ... command line
+-# switch. %bcond_without is for the dual case.
+-#
+-# %bcond_with foo defines symbol with_foo if --with foo was specified on
+-# command line.
+-# %bcond_without foo defines symbol with_foo if --without foo was *not*
+-# specified on command line.
+-#
+-# For example (spec file):
+-#
+-# (at the beginning)
+-# %bcond_with extra_fonts
+-# %bcond_without static
+-# (and later)
+-# %if %{with extra_fonts}
+-# ...
+-# %else
+-# ...
+-# %endif
+-# %if ! %{with static}
+-# ...
+-# %endif
+-# %if %{with static}
+-# ...
+-# %endif
+-# %{?with_static: ... }
+-# %{!?with_static: ... }
+-# %{?with_extra_fonts: ... }
+-# %{!?with_extra_fonts: ... }
+-
+-#
+-# The bottom line: never use without_foo, _with_foo nor _without_foo, only
+-# with_foo. This way changing default set of bconds for given spec is just
+-# a matter of changing single line in it and syntax is more readable.
+-%bcond_with()		%{expand:%%{?_with_%{1}:%%global with_%{1} 1}}
+-%bcond_without()	%{expand:%%{!?_without_%{1}:%%global with_%{1} 1}}
+ #
+ #==============================================================================
+ # ---- Required rpmrc macros.
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 66cee3273b..6d41ef93c5 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -40,6 +40,7 @@ EXTRA_DIST += $(TESTSUITE_AT)
+ 
+ ## testsuite data
+ EXTRA_DIST += data/SPECS/attrtest.spec
++EXTRA_DIST += data/SPECS/bcondtest.spec
+ EXTRA_DIST += data/SPECS/buildrequires.spec
+ EXTRA_DIST += data/SPECS/docmiss.spec
+ EXTRA_DIST += data/SPECS/hello.spec
+diff --git a/tests/data/SPECS/bcondtest.spec b/tests/data/SPECS/bcondtest.spec
+new file mode 100644
+index 0000000000..7172a31d29
+--- /dev/null
++++ b/tests/data/SPECS/bcondtest.spec
+@@ -0,0 +1,33 @@
++Name:           bcondtest
++Version:        1.0
++Release:        1
++Group:          Testing
++License:        CC0
++BuildArch:      noarch
++Summary:        Test package for the bcond macro
++
++%bcond normally_on 1
++%bcond normally_off 0
++%bcond both_features %[%{with normally_on} && %{with normally_off}]
++
++%if %{with normally_on}
++Provides:       has_bcond(normally_on)
++%endif
++%if %{with normally_off}
++Provides:       has_bcond(normally_off)
++%endif
++%if %{with both_features}
++Provides:       has_bcond(both_features)
++%endif
++
++%description
++%{summary}
++
++%install
++mkdir -p %{buildroot}/opt
++touch %{buildroot}/opt/file
++
++%files
++/opt/file
++
++%changelog
+diff --git a/tests/rpmbuild.at b/tests/rpmbuild.at
+index 30d8e6895d..f378a4af2a 100644
+--- a/tests/rpmbuild.at
++++ b/tests/rpmbuild.at
+@@ -1801,3 +1801,76 @@ runroot rpmbuild -ba --quiet      \
+ [],
+ [])
+ AT_CLEANUP
++
++AT_SETUP([bcond macro])
++AT_KEYWORDS([bcond build])
++RPMDB_INIT
++
++# basic bcond behavior with --eval
++AT_CHECK([
++runroot rpm \
++	--eval "%bcond normally_on 1" \
++	--eval "%bcond normally_off 0" \
++	--eval "%bcond both_features %[[%{with normally_on} && %{with normally_off}]]" \
++	--eval "%{with normally_on}" \
++	--eval "%{with normally_off}" \
++	--eval "%{with both_features}"
++],
++[0],
++[
++
++
++1
++0
++0
++],
++[])
++
++# bcond behavior, without CLI options
++AT_CHECK([
++runroot rpmbuild -bb --quiet /data/SPECS/bcondtest.spec
++runroot rpm -q --provides -p /build/RPMS/noarch/bcondtest-1.0-1.noarch.rpm |
++    grep has_bcond | sort
++],
++[0],
++[has_bcond(normally_on)
++],
++[])
++
++# bcond behavior, --with
++AT_CHECK([
++runroot rpmbuild -bb --quiet --with normally_on --with normally_off \
++    /data/SPECS/bcondtest.spec
++runroot rpm -q --provides -p /build/RPMS/noarch/bcondtest-1.0-1.noarch.rpm |
++    grep has_bcond | sort
++],
++[0],
++[has_bcond(both_features)
++has_bcond(normally_off)
++has_bcond(normally_on)
++],
++[])
++
++# bcond behavior, --without
++AT_CHECK([
++runroot rpmbuild -bb --quiet --without normally_on --without normally_off \
++    /data/SPECS/bcondtest.spec
++runroot rpm -q --provides -p /build/RPMS/noarch/bcondtest-1.0-1.noarch.rpm |
++    grep has_bcond | sort
++],
++[0],
++[],
++[])
++
++# bcond behavior, CLI overriding a complex defailt
++AT_CHECK([
++runroot rpmbuild -bb --quiet --with both_features /data/SPECS/bcondtest.spec
++runroot rpm -q --provides -p /build/RPMS/noarch/bcondtest-1.0-1.noarch.rpm |
++    grep has_bcond | sort
++],
++[0],
++[has_bcond(both_features)
++has_bcond(normally_on)
++],
++[])
++AT_CLEANUP

SOURCES/rpm-4.16.1.3-caret-query.patch

@@ -0,0 +1,24 @@
+From 4420c78beb86cc67392274bf351478a3375626a2 Mon Sep 17 00:00:00 2001
+From: yangchenguang <89123114+yangchenguang94@users.noreply.github.com>
+Date: Wed, 13 Jul 2022 16:52:07 +0800
+Subject: [PATCH] Fix query arguments with ^ not working
+
+when querying packages in the RPM database.
+
+Rersolves: #2104
+---
+ lib/rpmdb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/rpmdb.c b/lib/rpmdb.c
+index fa8f3c9b9c..fd2b0671ae 100644
+--- a/lib/rpmdb.c
++++ b/lib/rpmdb.c
+@@ -1133,6 +1133,7 @@ static char * mireDup(rpmTagVal tag, rpmMireMode *modep,
+ 	    switch (*s) {
+ 	    case '.':
+ 	    case '+':
++	    case '^':
+ 		if (!brackets) *t++ = '\\';
+ 		break;
+ 	    case '*':

SOURCES/rpm-4.16.1.3-caret-query2.patch

@@ -0,0 +1,24 @@
+From 19d73f67883c011cc74326a5dc34f7009efa60e1 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 6 Sep 2022 13:15:44 +0300
+Subject: [PATCH] Fix buffer overrun from commit
+ 4420c78beb86cc67392274bf351478a3375626a2
+
+The newly handled ^ needs to be accounted for when allocating memory.
+Found when testing #1936, goes to show what a useful thing that is.
+---
+ lib/rpmdb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/rpmdb.c b/lib/rpmdb.c
+index fd2b0671ae..b3c5da62d5 100644
+--- a/lib/rpmdb.c
++++ b/lib/rpmdb.c
+@@ -1107,6 +1107,7 @@ static char * mireDup(rpmTagVal tag, rpmMireMode *modep,
+ 	    case '.':
+ 	    case '+':
+ 	    case '*':
++	    case '^':
+ 		if (!brackets) nb++;
+ 		break;
+ 	    case '\\':

SOURCES/rpm-4.16.1.3-external-debugedit.patch

@@ -0,0 +1,11 @@
+--- rpm-4.16.1.3/tests/Makefile.am.orig	2023-05-03 12:44:36.287582896 +0200
++++ rpm-4.16.1.3/tests/Makefile.am	2023-05-03 12:46:34.182938006 +0200
+@@ -170,7 +170,7 @@
+ 	for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done
+ 	for node in urandom stdin stderr stdout null full; do ln -s /dev/$${node} testing/dev/$${node}; done
+ 	for cf in hosts resolv.conf passwd shadow group gshadow mtab ; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done
+-	for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
++	for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs debugedit find-debuginfo find-debuginfo.sh ; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
+ 	for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done
+ 	(cd testing/magic && file -C)
+ 	chmod -R u-w testing/

SOURCES/rpm-4.16.1.3-fapolicyd-make-write-nonblocking.patch

@@ -0,0 +1,167 @@
+From 534fd1f0c84b12ba6080a46e07c57ef913c77cba Mon Sep 17 00:00:00 2001
+From: Radovan Sroka <rsroka@redhat.com>
+Date: Thu, 25 Aug 2022 15:38:01 +0200
+Subject: [PATCH] fapolicyd: Make write() nonblocking
+
+- switch to read only and non blocking mode for pipe
+- add 1 minute loop to wait for pipe to reappear
+
+Sometimes during the system update/upgrade fapolicyd
+get restarted e.g. when systemd gets updated.
+That can lead to the situation where fapolicyd pipe
+has been removed and created again.
+In such cases rpm-plugin-fapolicyd gets stuck on
+write() to the pipe which does not exist anymore.
+After switching to non blocking file descriptor
+we can try to reopen the pipe if there is an error
+from write(). Assuming that a new pipe should appear
+when fapolicyd daemon starts again.
+If not then after 1 minute of waiting we expect
+fapolicyd daemon to be not active and we let the
+transaction continue.
+
+Signed-off-by: Radovan Sroka <rsroka@redhat.com>
+---
+ plugins/fapolicyd.c | 74 +++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 65 insertions(+), 9 deletions(-)
+
+diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c
+index 1ff50c30f..6c6322941 100644
+--- a/plugins/fapolicyd.c
++++ b/plugins/fapolicyd.c
+@@ -27,7 +27,7 @@ static rpmRC open_fifo(struct fapolicyd_data* state)
+     int fd = -1;
+     struct stat s;
+ 
+-    fd = open(state->fifo_path, O_RDWR);
++    fd = open(state->fifo_path, O_WRONLY|O_NONBLOCK);
+     if (fd == -1) {
+         rpmlog(RPMLOG_DEBUG, "Open: %s -> %s\n", state->fifo_path, strerror(errno));
+         goto bad;
+@@ -55,15 +55,26 @@ static rpmRC open_fifo(struct fapolicyd_data* state)
+     }
+ 
+     state->fd = fd;
++
+     /* considering success */
+     return RPMRC_OK;
+ 
+  bad:
+     if (fd >= 0)
+         close(fd);
++
++    state->fd = -1;
+     return RPMRC_FAIL;
+ }
+ 
++static void close_fifo(struct fapolicyd_data* state)
++{
++    if (state->fd > 0)
++        (void) close(state->fd);
++
++    state->fd = -1;
++}
++
+ static rpmRC write_fifo(struct fapolicyd_data* state, const char * str)
+ {
+     ssize_t len = strlen(str);
+@@ -86,6 +97,54 @@ static rpmRC write_fifo(struct fapolicyd_data* state, const char * str)
+     return RPMRC_FAIL;
+ }
+ 
++static void try_to_write_to_fifo(struct fapolicyd_data* state, const char * str)
++{
++    int reload = 0;
++    int printed = 0;
++
++    /* 1min/60s */
++    const int timeout = 60;
++
++    /* wait up to X seconds */
++    for (int i = 0; i < timeout; i++) {
++
++        if (reload) {
++            if (!printed) {
++                rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: waiting for the service connection to resume, it can take up to %d seconds\n", timeout);
++                printed = 1;
++            }
++
++            (void) close_fifo(state);
++            (void) open_fifo(state);
++        }
++
++        if (state->fd >= 0) {
++            if (write_fifo(state, str) == RPMRC_OK) {
++
++                /* write was successful after few reopens */
++                if (reload)
++                    rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has resumed\n");
++
++                break;
++            }
++        }
++
++        /* failed write or reopen */
++        reload = 1;
++        sleep(1);
++
++        /* the last iteration */
++        /* consider failure */
++        if (i == timeout-1) {
++            rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has not resumed\n");
++            rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: continuing without the service\n");
++        }
++
++    }
++
++}
++
++
+ static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts)
+ {
+     if (rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS))
+@@ -102,10 +161,7 @@ static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts)
+ 
+ static void fapolicyd_cleanup(rpmPlugin plugin)
+ {
+-    if (fapolicyd_state.fd > 0)
+-        (void) close(fapolicyd_state.fd);
+-
+-    fapolicyd_state.fd = -1;
++    (void) close_fifo(&fapolicyd_state);
+ }
+ 
+ static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res)
+@@ -116,9 +172,9 @@ static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res)
+     /* we are ready */
+     if (fapolicyd_state.fd > 0) {
+         /* send a signal that transaction is over */
+-        (void) write_fifo(&fapolicyd_state, "1\n");
++        (void) try_to_write_to_fifo(&fapolicyd_state, "1\n");
+         /* flush cache */
+-        (void) write_fifo(&fapolicyd_state, "2\n");
++        (void) try_to_write_to_fifo(&fapolicyd_state, "2\n");
+     }
+ 
+  end:
+@@ -133,7 +189,7 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,
+ 
+     if (fapolicyd_state.changed_files > 0) {
+         /* send signal to flush cache */
+-        (void) write_fifo(&fapolicyd_state, "2\n");
++        (void) try_to_write_to_fifo(&fapolicyd_state, "2\n");
+ 
+         /* optimize flushing */
+         /* flush only when there was an actual change */
+@@ -176,7 +232,7 @@ static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
+     char * sha = rpmfiFDigestHex(fi, NULL);
+ 
+     snprintf(buffer, 4096, "%s %lu %64s\n", dest, size, sha);
+-    (void) write_fifo(&fapolicyd_state, buffer);
++    (void) try_to_write_to_fifo(&fapolicyd_state, buffer);
+ 
+     free(sha);
+ 
+-- 
+2.37.3
+

SOURCES/rpm-4.16.1.3-find_debuginfo_vendor_opts.patch

@@ -0,0 +1,20 @@
+--- rpm.orig/macros.in	2022-06-30 11:37:18.975312592 +0100
++++ rpm-4.16.1.3/macros.in	2022-06-30 11:37:43.145158323 +0100
+@@ -167,6 +167,9 @@
+ #	A spec file can %%define _find_debuginfo_opts to pass options to
+ #	the script.  See the script for details.
+ #
++#	Vendor spec files (eg redhat-rpm-config:macros) can %%define
++#       _find_debuginfo_vendor_opts to pass options to the script.
++#
+ %__debug_install_post   \
+     %{_rpmconfigdir}/find-debuginfo.sh \\\
+     %{?_smp_build_ncpus:-j%{_smp_build_ncpus}} \\\
+@@ -179,6 +182,7 @@
+     %{?_unique_debug_srcs:--unique-debug-src-base "%{name}-%{VERSION}-%{RELEASE}.%{_arch}"} \\\
+     %{?_find_debuginfo_dwz_opts} \\\
+     %{?_find_debuginfo_opts} \\\
++    %{?_find_debuginfo_vendor_opts} \\\
+     %{?_debugsource_packages:-S debugsourcefiles.list} \\\
+     "%{_builddir}/%{?buildsubdir}"\
+ %{nil}

SOURCES/rpm-4.16.1.3-rpm2archive-error-handling.patch

@@ -0,0 +1,51 @@
+From f1634250587479d664b34b6de1a6546b2c2b9de5 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Mon, 18 Jan 2021 15:02:34 +0100
+Subject: [PATCH] rpm2archive: Add more error handling
+
+Cleanly error out if file can't be written instead of segfaulting
+
+Resolves: #1091
+---
+ rpm2archive.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/rpm2archive.c b/rpm2archive.c
+index 646f1663d..15c5da016 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -119,9 +119,14 @@ static int process_package(rpmts ts, char * filename)
+ 
+     /* create archive */
+     a = archive_write_new();
+-    archive_write_add_filter_gzip(a);
+-    archive_write_set_format_pax_restricted(a);
+-
++    if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
++	fprintf(stderr, "Error: Could not create gzip output filter\n");
++	exit(EXIT_FAILURE);
++    }
++    if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) {
++	fprintf(stderr, "Error: Format pax restricted is not supported\n");
++	exit(EXIT_FAILURE);
++    }
+     if (!strcmp(filename, "-")) {
+ 	if (isatty(STDOUT_FILENO)) {
+ 	    fprintf(stderr, "Error: refusing to output archive data to a terminal.\n");
+@@ -130,9 +135,11 @@ static int process_package(rpmts ts, char * filename)
+ 	archive_write_open_fd(a, STDOUT_FILENO);
+     } else {
+ 	char * outname = rstrscat(NULL, filename, ".tgz", NULL);
+-	archive_write_open_filename(a, outname);
++	if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
++	    fprintf(stderr, "Error: Can't open output file: %s\n", outname);
++	    exit(EXIT_FAILURE);
++	}
+ 	_free(outname);
+-	// XXX error handling
+     }
+ 
+     entry = archive_entry_new();
+-- 
+2.38.1
+

SOURCES/rpm-4.16.1.3-rpm2archive-nocompression.patch

@@ -0,0 +1,173 @@
+From d8a169164cf40fc1cf6448792c1fa991f19bb375 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Thu, 22 Apr 2021 14:50:34 +0200
+Subject: [PATCH] Add --nocompression option to rpm2archive
+
+Also use popt for the command line handling. As we are using librpm
+anyway there is no reason to keep the dependencies low (as with
+rpm2cpio).
+
+Resolves: #1530
+---
+ doc/rpm2archive.8 | 16 ++++++++++---
+ rpm2archive.c     | 60 ++++++++++++++++++++++++++++++++++-------------
+ 2 files changed, 57 insertions(+), 19 deletions(-)
+
+diff --git a/doc/rpm2archive.8 b/doc/rpm2archive.8
+index 8bd6d4ed9d..3895d01981 100644
+--- a/doc/rpm2archive.8
++++ b/doc/rpm2archive.8
+@@ -3,10 +3,10 @@
+ .SH NAME
+ rpm2archive \- Create tar archive from RPM Package Manager (RPM) package.
+ .SH SYNOPSIS
+-\fBrpm2archive\fP [filename] 
++\fBrpm2archive\fP \fB{-n|--nocompression}\fR \fB\fIFILES\fB\fR
+ .SH DESCRIPTION
+-\fBrpm2archive\fP converts the .rpm files specified as arguments to gz
+-compressed tar files with suffix ".tgz".
++\fBrpm2archive\fP converts the .rpm files specified as arguments to
++tar files. By default they are gzip compressed and saved with postfix ".tgz".
+ 
+ If '-' is given as argument, an rpm stream is read from standard in and
+ written to standard out.
+@@ -16,6 +16,16 @@ containing files greater than 4GB which are not supported by cpio. Unless
+ \fBrpm2cpio\fP \fBrpm2archive\fP needs a working rpm installation which limits
+ its usefulness for some disaster recovery scenarios.
+ 
++.SH "OPTIONS"
++.TP
++\fB\-n, --nocompression\fR
++Generate uncompressed tar archive and use ".tar" as postfix of the
++file name.
++.PP
++
++.SH EXAMPLES
++.PP
++
+ .br
+ .I "\fBrpm2archive glint-1.0-1.i386.rpm ; tar -xvz glint-1.0-1.i386.rpm.tgz\fP"
+ .br
+diff --git a/rpm2archive.c b/rpm2archive.c
+index d96db006ea..cb39c7a712 100644
+--- a/rpm2archive.c
++++ b/rpm2archive.c
+@@ -10,6 +10,8 @@
+ 
+ #include <rpm/rpmts.h>
+ 
++#include <popt.h>
++
+ #include <archive.h>
+ #include <archive_entry.h>
+ #include <unistd.h>
+@@ -18,6 +20,16 @@
+ 
+ #define BUFSIZE (128*1024)
+ 
++int compress = 1;
++
++static struct poptOption optionsTable[] = {
++    { "nocompression", 'n', POPT_ARG_VAL, &compress, 0,
++        N_("create uncompressed tar file"),
++        NULL },
++    POPT_AUTOHELP
++    POPT_TABLEEND
++};
++
+ static void fill_archive_entry(struct archive * a, struct archive_entry * entry, rpmfi fi)
+ {
+     archive_entry_clear(entry);
+@@ -60,7 +72,7 @@ static void write_file_content(struct archive * a, char * buf, rpmfi fi)
+     }
+ }
+ 
+-static int process_package(rpmts ts, char * filename)
++static int process_package(rpmts ts, const char * filename)
+ {
+     FD_t fdi;
+     FD_t gzdi;
+@@ -119,9 +131,11 @@ static int process_package(rpmts ts, char * filename)
+ 
+     /* create archive */
+     a = archive_write_new();
+-    if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
+-	fprintf(stderr, "Error: Could not create gzip output filter\n");
+-	exit(EXIT_FAILURE);
++    if (compress) {
++	if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
++	    fprintf(stderr, "%s\n", archive_error_string(a));
++	    exit(EXIT_FAILURE);
++	}
+     }
+     if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) {
+ 	fprintf(stderr, "Error: Format pax restricted is not supported\n");
+@@ -142,7 +156,12 @@ static int process_package(rpmts ts, char * filename)
+ 	}
+ 	archive_write_open_fd(a, STDOUT_FILENO);
+     } else {
+-	char * outname = rstrscat(NULL, filename, ".tgz", NULL);
++	char * outname = rstrscat(NULL, filename, NULL);
++	if (compress) {
++	    outname = rstrscat(&outname, ".tgz", NULL);
++	} else {
++	    outname = rstrscat(&outname, ".tar", NULL);
++	}
+ 	if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
+ 	    fprintf(stderr, "Error: Can't open output file: %s\n", outname);
+ 	    exit(EXIT_FAILURE);
+@@ -203,21 +222,22 @@ static int process_package(rpmts ts, char * filename)
+     return rc;
+ }
+ 
+-int main(int argc, char *argv[])
++int main(int argc, const char *argv[])
+ {
+-    int rc = 0, i;
++    int rc = 0;
++    poptContext optCon;
++    const char *fn;
+ 
+     xsetprogname(argv[0]);	/* Portability call -- see system.h */
+     rpmReadConfigFiles(NULL, NULL);
+ 
+-    if (argc > 1 && (rstreq(argv[1], "-h") || rstreq(argv[1], "--help"))) {
+-	fprintf(stderr, "Usage: %s [file.rpm ...]\n", argv[0]);
++    optCon = poptGetContext(NULL, argc, argv, optionsTable, 0);
++    poptSetOtherOptionHelp(optCon, "[OPTIONS]* <FILES>");
++    if (argc < 2 || poptGetNextOpt(optCon) == 0) {
++	poptPrintUsage(optCon, stderr, 0);
+ 	exit(EXIT_FAILURE);
+     }
+ 
+-    if (argc == 1)
+-	argv[argc++] = "-";	/* abuse NULL pointer at the end of argv */
+-
+     rpmts ts = rpmtsCreate();
+     rpmVSFlags vsflags = 0;
+ 
+@@ -227,13 +247,21 @@ int main(int argc, char *argv[])
+     vsflags |= RPMVSF_NOHDRCHK;
+     (void) rpmtsSetVSFlags(ts, vsflags);
+ 
+-    for (i = 1; i < argc; i++) {
++    /* if no file name is given use stdin/stdout */
++    if (!poptPeekArg(optCon)) {
++	rc = process_package(ts, "-");
++	if (rc != 0)
++	    goto exit;
++    }
+ 
+-	rc = process_package(ts, argv[i]);
++    while ((fn = poptGetArg(optCon)) != NULL) {
++	rc = process_package(ts, fn);
+ 	if (rc != 0)
+-	    return rc;
++	    goto exit;
+     }
+ 
++ exit:
++    poptFreeContext(optCon);
+     (void) rpmtsFree(ts);
+     return rc;
+ }

SOURCES/rpm-4.18-libselinux-log.patch

@@ -0,0 +1,78 @@
+From 96888e99c5103d9dea5230c917b946732de2d302 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 22 Sep 2022 11:54:47 +0300
+Subject: [PATCH] Add a handler for libselinux log messages (RhBug:2123719,
+ RhBug:2050774)
+
+libselinux logs to stderr by default, which up to now has been just fine
+with us. However somewhere around libselinux 3.2 it begun issuing
+log messages for events discovered in selinux_status_updated().
+We only call that to see whether the status *was* updated behind our
+back and are not interested in these audit-style messages for our
+functionality, but to suppress them while preserving actually relevant
+errors and warnings, we need to have a log callback of our own. Might as
+well forward them to rpmlog then.
+
+SELINUX_ERROR and SELINUX_WARNING are pretty obvious, of SELINUX_AVC
+selinux_set_callback(3) says it should be treated as SELINUX_ERROR if
+not audited. The rest we suppress to debug messages, they may be handy
+for diagnostics some day.
+
+Note that this intentionally avoids explicit SELINUX_POLICYLOAD and
+SELINUX_SETENFORCE cases in the switch: we don't want to introduce
+libselinux >= 3.2 dependency just because of this silly thing.
+---
+ plugins/selinux.c | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/plugins/selinux.c b/plugins/selinux.c
+index 747f62d05..0f10331f0 100644
+--- a/plugins/selinux.c
++++ b/plugins/selinux.c
+@@ -18,6 +18,35 @@ static inline rpmlogLvl loglvl(int iserror)
+     return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
+ }
+ 
++static int logcb(int type, const char *fmt, ...)
++{
++    char *buf = NULL;
++    va_list ap;
++    int lvl;
++
++    switch (type) {
++    case SELINUX_ERROR:
++    case SELINUX_AVC:
++	lvl = RPMLOG_ERR;
++	break;
++    case SELINUX_WARNING:
++	lvl = RPMLOG_WARNING;
++	break;
++    default:
++	lvl = RPMLOG_DEBUG;
++	break;
++    }
++
++    va_start(ap, fmt);
++    rvasprintf(&buf, fmt, ap);
++    va_end(ap);
++
++    rpmlog(lvl, "libselinux: type %d: %s", type, buf);
++    free(buf);
++
++    return 0;
++}
++
+ static void sehandle_fini(int close_status)
+ {
+     if (sehandle) {
+@@ -44,6 +73,7 @@ static rpmRC sehandle_init(int open_status)
+ 	if (selinux_status_open(0) < 0) {
+ 	    return RPMRC_FAIL;
+ 	}
++	selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &logcb);
+     } else if (!selinux_status_updated() && sehandle) {
+ 	return RPMRC_OK;
+     }
+-- 
+2.38.1
+

SPECS/rpm.spec

@@ -32,7 +32,7 @@
 
 %global rpmver 4.16.1.3
 #global snapver rc1
-%global rel 12
+%global rel 25
 %global sover 9
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -82,11 +82,25 @@ Patch110: rpm-4.16.1.3-add-path-query-option.patch
 Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
 Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch
 Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch
+Patch114: rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch
+Patch115: rpm-4.16.1.3-fapolicyd-make-write-nonblocking.patch
+Patch116: rpm-4.16.1.3-bcond-macros.patch
+Patch117: rpm-4.16.1.3-caret-query.patch
+Patch118: rpm-4.16.1.3-caret-query2.patch
+Patch119: rpm-4.18-libselinux-log.patch
+Patch120: rpm-4.16.1.3-rpm2archive-error-handling.patch
+Patch121: rpm-4.16.1.3-rpm2archive-nocompression.patch
+Patch122: rpm-4.16.1.3-Support-long-languages-names-for-QT.patch
+Patch123: rpm-4.14.3-rpm2archive-parse-popt-options.patch
+Patch124: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch
+Patch125: rpm-4.16.1.3-IMA-without-xattr.patch
 
 # These are not yet upstream
 Patch906: rpm-4.7.1-geode-i686.patch
 # Probably to be upstreamed in slightly different form
 Patch907: rpm-4.15.x-ldflags.patch
+Patch908: 0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch
+Patch909: rpm-4.16.1.3-external-debugedit.patch
 
 # Not yet (all) upstream, debugedit DWARF5
 # https://code.wildebeest.org/git/user/mjw/rpm/log/?h=gcc-dwarf5-4.16.1.2
@@ -99,6 +113,8 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
 
 # Downstream-only patches
 Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
+Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
+Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
 
 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@@ -114,7 +130,7 @@ BuildRequires: libdb-devel
 %endif
 
 %if %{with check}
-BuildRequires: fakechroot gnupg2
+BuildRequires: fakechroot gnupg2 debugedit
 %endif
 
 # XXX generally assumed to be installed but make it explicit as rpm
@@ -231,6 +247,7 @@ Suggests: gdb-minimal
 # "just work" while allowing for alternatives, depend on a virtual
 # provide, typically coming from redhat-rpm-config.
 Requires: system-rpm-config
+Requires: debugedit
 
 %description build
 The rpm-build package contains the scripts and executable programs
@@ -402,6 +419,19 @@ pushd python
 %py3_install
 popd
 
+cat > $RPM_BUILD_ROOT/%{rpmhome}/debugedit << END
+#!/bin/sh
+/usr/bin/debugedit "\$@"
+END
+cat > $RPM_BUILD_ROOT/%{rpmhome}/sepdebugcrcfix << END
+#!/bin/sh
+/usr/bin/sepdebugcrcfix "\$@"
+END
+cat > $RPM_BUILD_ROOT/%{rpmhome}/find-debuginfo.sh << END
+#!/bin/sh
+/usr/bin/find-debuginfo.sh "\$@"
+END
+
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}
 install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}
 
@@ -435,6 +465,8 @@ find $RPM_BUILD_ROOT -name "*.la"|xargs rm -f
 rm -f $RPM_BUILD_ROOT/%{rpmhome}/{perldeps.pl,perl.*,pythond*}
 rm -f $RPM_BUILD_ROOT/%{_fileattrsdir}/{perl*,python*}
 rm -rf $RPM_BUILD_ROOT/var/tmp
+# This is installed by mistake by setup.py
+rm -f $RPM_BUILD_ROOT/usr/lib*/python*/site-packages/rpm/_rpm.so
 
 %if %{with check}
 %check
@@ -611,6 +643,47 @@ fi
 %doc doc/librpm/html/*
 
 %changelog
+
+* Fri Jun 30 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-25
+- Followup on #2166383
+- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit
+- Add %%__find_debuginfo macro
+
+* Thu May 04 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-24
+- Use external find-debug and debugedit (#2166383)
+
+* Wed May 03 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-23
+- Don't error out on IMA signatures on files not supporting them
+  (#2157835, #2157836)
+
+* Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-22
+- Fix option handling in rpm2archive for #2150804
+
+* Fri Nov 18 2022 Yaakov Selkowitz <yselkowi@redhat.com> - 4.16.1.3-21
+- Support long language names for QT (#2144005)
+
+* Mon Nov 07 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-20
+- Add bcond macros (#2129060)
+- Fix db queries with carets (#2129468)
+- Remove spurious Python rpm module (#2135731)
+- Handle SELinux log messages (#2123719)
+- Add --nocompression to rpm2archive (#2150804)
+
+* Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-19
+- Bump release for rebuild
+
+* Fri Sep 23 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-18
+- Make write() nonblocking in fapolicyd plugin (#2111251)
+
+* Wed Aug 03 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-17
+- Make rpm2cpio.sh more robust (#1983015)
+
+* Thu Jun 30 2022 Nick Clifton  <nickc@redhat.com> - 4.16.1.3-15
+- Pass _find_debuginfo_vendor_opts to the find-debuginfo script.  (#2099617)
+
+* Tue Jun 28 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-14
+- Warning for failed key import (#2069877)
+
 * Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-12
 - Fix minor ABI regression in rpmcli.h (#2037352)