- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)

- fix posix chmod test to unbreak %%fixperms macro (#543035)
- avoid looking into OpenPGP subkeys (#436812)
- dont fail build on unrecognized non-executable files (#532489)
- fix password check result when gpg is missing (#496754)
- permit python to handle 64bit integer types from headers
- all header integer types are unsigned, match this in python too
- return python long objects where ints are not sufficient (#531243)

rpm-4.7.1-abs-filelist.patch

@@ -1,30 +0,0 @@
-commit 4018bbd08e84fd0cc227dcb8d2dc20693ce2296a
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Tue Sep 15 10:56:58 2009 +0300
-
-    Allow absolute paths in file lists again (SuseBug:535594, RhBug:521760)
-    - patch from OpenSUSE / Michael Schroeder
-    - build-time generated file lists should be placed in the build directory,
-      but at least one valid use case for this is things like %files -f %{SOURCE10}
-
-diff --git a/build/files.c b/build/files.c
-index b5c5437..061494d 100644
---- a/build/files.c
-+++ b/build/files.c
-@@ -1755,9 +1755,13 @@ static rpmRC processPackageFiles(rpmSpec spec, Package pkg,
- 
- 	argvSplit(&filelists, getStringBuf(pkg->fileFile), "\n");
- 	for (fp = filelists; *fp != NULL; fp++) {
--	    ffn = rpmGetPath("%{_builddir}/",
--		(spec->buildSubdir ? spec->buildSubdir : "") ,
--		"/", *fp, NULL);
-+	    if (**fp == '/') {
-+		ffn = rpmGetPath(*fp, NULL);
-+	    } else {
-+		ffn = rpmGetPath("%{_builddir}/",
-+		    (spec->buildSubdir ? spec->buildSubdir : "") ,
-+		    "/", *fp, NULL);
-+	    }
- 	    fd = fopen(ffn, "r");
- 
- 	    if (fd == NULL || ferror(fd)) {

rpm-4.7.1-chmod-test.patch

@@ -0,0 +1,22 @@
+commit 545304577f0ac82b2e4c1caa97f02d87f41324f7
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Wed Dec 2 15:30:27 2009 +0200
+
+    Fix the posix chown test for selinux enabled systems (RhBug:543035)
+    - on selinux enabled systems, 'ls -l' mode string is longer than
+      expected here, just trim the ls output to our expected length
+    (cherry picked from commit 46d1ba04483af09590ed070186a1be10b57c5977)
+
+diff --git a/configure.ac b/configure.ac
+index 967566c..2274080 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -61,7 +61,7 @@ AC_MSG_CHECKING(POSIX chmod)
+ touch foo.chmodtest
+ chmod 744 foo.chmodtest
+ chmod +X foo.chmodtest 2>/dev/null
+-a=`ls -l foo.chmodtest | awk '{print $1}'`
++a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
+ rm -f foo.chmodtest
+ if test "$a" = "-rwxr-xr-x"; then
+     AC_MSG_RESULT(yes)

rpm-4.7.1-chroot-env-paths.patch

@@ -1,28 +0,0 @@
-diff --git a/lib/backend/db3.c b/lib/backend/db3.c
-index 9f0f941..b0b2a86 100644
---- a/lib/backend/db3.c
-+++ b/lib/backend/db3.c
-@@ -1015,17 +1015,12 @@ static int db3open(rpmdb rpmdb, rpmTag rpmtag, dbiIndex * dbip)
- 	    }
- 
- 	    if (rc == 0) {
--		char * fullpath;
--		const char * dbpath;
--		fullpath = rpmGetPath(dbhome, "/", dbfile ? dbfile : "", NULL);
--
--#ifdef	HACK	/* XXX necessary to support dbsubfile */
--		dbpath = (!dbi->dbi_use_dbenv && !dbi->dbi_temporary)
--			? fullpath : dbfile;
--#else
--		dbpath = (!dbi->dbi_temporary)
--			? fullpath : dbfile;
--#endif
-+		char * fullpath = NULL;
-+		const char * dbpath = dbfile;
-+		if (!dbi->dbi_use_dbenv && !dbi->dbi_temporary) {
-+		    fullpath = rpmGetPath(dbhome, "/", dbfile, NULL);
-+		    dbpath = fullpath;
-+		}
- 
- 		rc = (db->open)(db, txnid, dbpath, dbsubfile,
- 		    dbi->dbi_type, oflags, dbi->dbi_perms);

rpm-4.7.1-chroot-remove-env.patch

@@ -1,28 +0,0 @@
-diff --git a/lib/backend/db3.c b/lib/backend/db3.c
-index 9f0f941..9683100 100644
---- a/lib/backend/db3.c
-+++ b/lib/backend/db3.c
-@@ -181,7 +181,8 @@ static int db_fini(dbiIndex dbi, const char * dbhome,
- 	xx = db_env_create(&dbenv, 0);
- 	xx = cvtdberr(dbi, "db_env_create", xx, _debug);
- 	xx = dbenv->remove(dbenv, dbhome, 0);
--	xx = cvtdberr(dbi, "dbenv->remove", xx, _debug);
-+	/* filter out EBUSY as it just means somebody else gets to clean it */
-+	xx = cvtdberr(dbi, "dbenv->remove", xx, (xx == EBUSY ? 0 : _debug));
- 
- 	if (dbfile)
- 	    rpmlog(RPMLOG_DEBUG, "removed  db environment %s/%s\n",
-diff --git a/lib/rpmdb.c b/lib/rpmdb.c
-index 0754b99..b781cfc 100644
---- a/lib/rpmdb.c
-+++ b/lib/rpmdb.c
-@@ -921,7 +921,8 @@ rpmdb newRpmdb(const char * root,
- 	return NULL;
-     }
-     db->db_errpfx = rpmExpand( (epfx && *epfx ? epfx : _DB_ERRPFX), NULL);
--    db->db_remove_env = 0;
-+    /* XXX remove environment after chrooted operations, for now... */
-+    db->db_remove_env = ((strcmp(db->db_root, "/") != 0)? 1 : 0);
-     db->db_filter_dups = _db_filter_dups;
-     db->db_ndbi = dbiTags.max;
-     db->_dbi = xcalloc(db->db_ndbi, sizeof(*db->_dbi));

rpm-4.7.1-debug-perms.patch

@@ -1,25 +0,0 @@
-From 6cc599de01a9835b5128b7b2a869f9f7cf3976fb Mon Sep 17 00:00:00 2001
-From: Roland McGrath <roland@redhat.com>
-Date: Wed, 9 Sep 2009 11:07:10 -0700
-Subject: [PATCH] find-debuginfo.sh: use permissions 444 for all .debug files
-
-Signed-off-by: Roland McGrath <roland@redhat.com>
----
- scripts/find-debuginfo.sh |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
-index 21366bf..8d86de6 100644
---- a/scripts/find-debuginfo.sh
-+++ b/scripts/find-debuginfo.sh
-@@ -93,6 +93,7 @@ strip_to_debug()
-   application/x-sharedlib*) g=-g ;;
-   esac
-   eu-strip --remove-comment $g -f "$1" "$2" || exit
-+  chmod 444 "$1" || exit
- }
- 
- # Make a relative symlink to $1 called $3$2
--- 
-1.6.2.5
-

rpm-4.7.1-duplicate-deps.patch

@@ -1,95 +0,0 @@
-commit 10772ac7dfad60cb5a20681d22cf851468d0a8f9
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Thu Aug 20 13:02:05 2009 +0300
-
-    Fix duplicate dependency checking on build
-    - Broken by commit af8b41c64af39ce07d85fcd92fa78d566747d815 which
-      simplified too much.
-    - There's no guarantee that rpmdsNew() returns a sorted dependency set
-      so rpmdsFind() doesn't work correctly here. Walk the ds manually instead.
-    - With multiple triggers of same type, identical trigger conditions on
-      different trigger script were seen as duplicates (RhBug:490378)
-    - Split the duplicate checking to separate helper function for clarity
-
-diff --git a/build/reqprov.c b/build/reqprov.c
-index 1e69bd2..ba6a1e8 100644
---- a/build/reqprov.c
-+++ b/build/reqprov.c
-@@ -9,6 +9,38 @@
- #include <rpm/rpmbuild.h>
- #include "debug.h"
- 
-+static int isNewDep(Header h, rpmTag nametag,
-+		  const char *N, const char *EVR, rpmsenseFlags Flags,
-+		  rpmTag indextag, uint32_t index)
-+{
-+    int new = 1;
-+    struct rpmtd_s idx;
-+    rpmds ads = rpmdsNew(h, nametag, 0);
-+    rpmds bds = rpmdsSingle(nametag, N, EVR, Flags);
-+
-+    if (indextag) {
-+	headerGet(h, indextag, &idx, HEADERGET_MINMEM);
-+    }
-+
-+    /* XXX there's no guarantee the ds is sorted here so rpmdsFind() wont do */
-+    rpmdsInit(ads);
-+    while (new && rpmdsNext(ads) >= 0) {
-+	if (strcmp(rpmdsN(ads), rpmdsN(bds))) continue;
-+	if (strcmp(rpmdsEVR(ads), rpmdsEVR(bds))) continue;
-+	if (rpmdsFlags(ads) != rpmdsFlags(bds)) continue;
-+	if (indextag && rpmtdSetIndex(&idx, rpmdsIx(ads)) >= 0 &&
-+			rpmtdGetNumber(&idx) != index) continue;
-+	new = 0;
-+    }
-+    
-+    if (indextag) {
-+	rpmtdFreeData(&idx);
-+    }
-+    rpmdsFree(ads);
-+    rpmdsFree(bds);
-+    return new;
-+}
-+
- int addReqProv(rpmSpec spec, Header h, rpmTag tagN,
- 		const char * N, const char * EVR, rpmsenseFlags Flags,
- 		uint32_t index)
-@@ -55,28 +87,18 @@ int addReqProv(rpmSpec spec, Header h, rpmTag tagN,
-     if (EVR == NULL)
- 	EVR = "";
-     
--    /* Check for duplicate dependencies. */
--    rpmds hds = rpmdsNew(h, nametag, 0);
--    rpmds newds = rpmdsSingle(nametag, N, EVR, Flags);
--    /* already got it, don't bother */
--    if (rpmdsFind(hds, newds) >= 0) {
--	goto exit;
--    }
--
--    /* Add this dependency. */
--    headerPutString(h, nametag, N);
--    if (flagtag) {
--	headerPutString(h, versiontag, EVR);
--	headerPutUint32(h, flagtag, &Flags, 1);
--    }
--    if (indextag) {
--	headerPutUint32(h, indextag, &index, 1);
-+    /* Avoid adding duplicate dependencies. */
-+    if (isNewDep(h, nametag, N, EVR, Flags, indextag, index)) {
-+	headerPutString(h, nametag, N);
-+	if (flagtag) {
-+	    headerPutString(h, versiontag, EVR);
-+	    headerPutUint32(h, flagtag, &Flags, 1);
-+	}
-+	if (indextag) {
-+	    headerPutUint32(h, indextag, &index, 1);
-+	}
-     }
- 
--exit:
--    rpmdsFree(hds);
--    rpmdsFree(newds);
--	
-     return 0;
- }
- 

rpm-4.7.1-filedep-dnevr.patch

@@ -1,20 +0,0 @@
-commit d846e6b0f829791e6ffce4fd496c9378bff19c43
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Tue Sep 15 08:45:14 2009 +0300
-
-    Don't add dependency type into file requires and provides (RhBug:523282)
-    - unintended change in commit 3d8656f040d2c780c88d0cd63594898f0605a6fa
-
-diff --git a/lib/tagexts.c b/lib/tagexts.c
-index ec0b001..4588365 100644
---- a/lib/tagexts.c
-+++ b/lib/tagexts.c
-@@ -137,7 +137,7 @@ static int filedepTag(Header h, rpmTag tagN, rpmtd td, headerGetFlags hgflags)
- 		    continue;
- 		DNEVR = rpmdsDNEVR(ds);
- 		if (DNEVR != NULL) {
--		    argvAdd(&deps, DNEVR);
-+		    argvAdd(&deps, DNEVR + 2);
- 		}
- 	    }
- 	}

rpm-4.7.1-pgp-subkeys.patch

@@ -0,0 +1,37 @@
+commit 6eeb0bb06466d9eb75eb55efd514d3ecfe089042
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Wed Nov 25 15:07:17 2009 +0200
+
+    We can't handle OpenPGP subkeys or secret keys, so dont even try
+    - parsing subkeys ends up overwriting data in the main key, causing
+      bogus signature checking failures
+    - this is the final missing piece of RhBug:436812, short of adding
+      proper support for subkeys (maybe someday...)
+    (cherry picked from commit 98213fc4192c7af07037a0f3e9cce9e3b8509c02)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index d7bbb5e..f76fc2b 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1190,11 +1190,6 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
+ 	    else
+ 		memset(_digp->signid, 0, sizeof(_digp->signid));
+ 	}
+-    case PGPTAG_PUBLIC_SUBKEY:
+-	rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
+-	break;
+-    case PGPTAG_SECRET_KEY:
+-    case PGPTAG_SECRET_SUBKEY:
+ 	rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
+ 	break;
+     case PGPTAG_USER_ID:
+@@ -1205,6 +1200,9 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
+ 	rc = pgpPrtComment(tag, h, hlen);
+ 	break;
+ 
++    case PGPTAG_PUBLIC_SUBKEY:
++    case PGPTAG_SECRET_KEY:
++    case PGPTAG_SECRET_SUBKEY:
+     case PGPTAG_RESERVED:
+     case PGPTAG_PUBLIC_SESSION_KEY:
+     case PGPTAG_SYMMETRIC_SESSION_KEY:

rpm-4.7.1-python-types.patch

@@ -0,0 +1,77 @@
+diff --git a/python/header-py.c b/python/header-py.c
+index 8ec2cb4..9c9b1e2 100644
+--- a/python/header-py.c
++++ b/python/header-py.c
+@@ -152,6 +152,7 @@ static PyObject * hdrKeyList(hdrObject * s)
+ 
+ 	switch (rpmtdType(td)) {
+ 	case RPM_BIN_TYPE:
++	case RPM_INT64_TYPE:
+ 	case RPM_INT32_TYPE:
+ 	case RPM_CHAR_TYPE:
+ 	case RPM_INT8_TYPE:
+@@ -386,17 +387,30 @@ static PyObject * hdr_subscript(hdrObject * s, PyObject * item)
+ 	o = PyString_FromStringAndSize(data, count);
+ 	break;
+ 
++    case RPM_INT64_TYPE:
++	if (count != 1 || forceArray) {
++	    metao = PyList_New(0);
++	    for (i = 0; i < count; i++) {
++		o = PyLong_FromUnsignedLongLong(((uint64_t *) data)[i]);
++		PyList_Append(metao, o);
++		Py_DECREF(o);
++	    }
++	    o = metao;
++	} else {
++	    o = PyLong_FromUnsignedLongLong(*((uint64_t *) data));
++	}
++	break;
+     case RPM_INT32_TYPE:
+ 	if (count != 1 || forceArray) {
+ 	    metao = PyList_New(0);
+ 	    for (i = 0; i < count; i++) {
+-		o = PyInt_FromLong(((int *) data)[i]);
++		o = PyLong_FromLong(((uint32_t *) data)[i]);
+ 		PyList_Append(metao, o);
+ 		Py_DECREF(o);
+ 	    }
+ 	    o = metao;
+ 	} else {
+-	    o = PyInt_FromLong(*((int *) data));
++	    o = PyLong_FromLong(*((uint32_t *) data));
+ 	}
+ 	break;
+ 
+@@ -405,13 +419,13 @@ static PyObject * hdr_subscript(hdrObject * s, PyObject * item)
+ 	if (count != 1 || forceArray) {
+ 	    metao = PyList_New(0);
+ 	    for (i = 0; i < count; i++) {
+-		o = PyInt_FromLong(((char *) data)[i]);
++		o = PyInt_FromLong(((uint8_t *) data)[i]);
+ 		PyList_Append(metao, o);
+ 		Py_DECREF(o);
+ 	    }
+ 	    o = metao;
+ 	} else {
+-	    o = PyInt_FromLong(*((char *) data));
++	    o = PyInt_FromLong(*((uint8_t *) data));
+ 	}
+ 	break;
+ 
+@@ -419,13 +433,13 @@ static PyObject * hdr_subscript(hdrObject * s, PyObject * item)
+ 	if (count != 1 || forceArray) {
+ 	    metao = PyList_New(0);
+ 	    for (i = 0; i < count; i++) {
+-		o = PyInt_FromLong(((short *) data)[i]);
++		o = PyInt_FromLong(((uint16_t *) data)[i]);
+ 		PyList_Append(metao, o);
+ 		Py_DECREF(o);
+ 	    }
+ 	    o = metao;
+ 	} else {
+-	    o = PyInt_FromLong(*((short *) data));
++	    o = PyInt_FromLong(*((uint16_t *) data));
+ 	}
+ 	break;
+ 

rpm-4.7.1-rpm2cpio-init.patch

@@ -1,27 +0,0 @@
-commit 63d37be6b4a854b9cbbd47306c5c383a2ad356c2
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Tue Sep 15 12:57:51 2009 +0300
-
-    Initialize rpm earlier in rpm2cpio (RhBug:523260)
-    - url retrieval requires macros to be loaded
-
-diff --git a/rpm2cpio.c b/rpm2cpio.c
-index 6c29cab..bf7f17c 100644
---- a/rpm2cpio.c
-+++ b/rpm2cpio.c
-@@ -21,6 +21,7 @@ int main(int argc, char *argv[])
-     FD_t gzdi;
-     
-     setprogname(argv[0]);	/* Retrofit glibc __progname */
-+    rpmReadConfigFiles(NULL, NULL);
-     if (argc == 1)
- 	fdi = fdDup(STDIN_FILENO);
-     else {
-@@ -37,7 +38,6 @@ int main(int argc, char *argv[])
- 	exit(EXIT_FAILURE);
-     }
-     fdo = fdDup(STDOUT_FILENO);
--    rpmReadConfigFiles(NULL, NULL);
- 
-     {	rpmts ts = rpmtsCreate();
- 	rpmVSFlags vsflags = 0;

rpm-4.7.1-rpmfc-data.patch

@@ -0,0 +1,43 @@
+commit fa9fcc89146f08bce3b51d96d0ec9d4175db6978
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Thu Nov 26 10:22:41 2009 +0200
+
+    Dont fail build on unrecognized non-executable files (ticket #105)
+    - Generally only executable files are critical for dependency extraction,
+      whereas oddball application data files can cause unnecessary build
+      failure due to libmagic misdetections etc, so just let non-executables
+      pass with a warning and mark them as unknown data
+    (cherry picked from commit cfcd1f9bd98d5d0fc46a84931984efec3b9d47e2)
+
+diff --git a/build/rpmfc.c b/build/rpmfc.c
+index bcb5383..e4ba6b2 100644
+--- a/build/rpmfc.c
++++ b/build/rpmfc.c
+@@ -1245,6 +1245,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
+     for (fc->ix = 0; fc->ix < fc->nfiles; fc->ix++) {
+ 	const char * ftype;
+ 	rpm_mode_t mode = (fmode ? fmode[fc->ix] : 0);
++	int is_executable = (mode & (S_IXUSR|S_IXGRP|S_IXOTH));
+ 
+ 	s = argv[fc->ix];
+ 	slen = strlen(s);
+@@ -1277,11 +1278,16 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
+ 		ftype = magic_file(ms, s);
+ 
+ 	    if (ftype == NULL) {
+-		rpmlog(RPMLOG_ERR, 
++		rpmlog(is_executable ? RPMLOG_ERR : RPMLOG_WARNING, 
+ 		       _("Recognition of file \"%s\" failed: mode %06o %s\n"),
+ 		       s, mode, magic_error(ms));
+-		magic_close(ms);
+-		return RPMRC_FAIL;
++		/* only executable files are critical to dep extraction */
++		if (is_executable) {
++		    magic_close(ms);
++		    return RPMRC_FAIL;
++		}
++		/* unrecognized non-executables get treated as "data" */
++		ftype = "data";
+ 	    }
+ 	}
+ 

rpm-4.7.1-sign-passcheck.patch

@@ -0,0 +1,34 @@
+commit 31c5e0f9b7b09661611b50d84d26ba47ce97fffe
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Wed Nov 25 16:42:43 2009 +0200
+
+    Fix signature password checking result on abnormal conditions (RhBug:496754)
+    - Execve() failure wasn't returning an error code, causing rpm to
+      think the password was ok when we couldn't even try verifying
+    - Stricter return code checking from the password checking child:
+      the password can only be ok if the child exits with WIFEXITED() *and*
+      WIFEXITCODE() of 0. Also WIFEXITCODE() should only be called if
+      WIFEXITED() returns true.
+    (cherry picked from commit 2b41860984f0c4ebba5ebce93a18c9c0ca5e1065)
+
+diff --git a/lib/signature.c b/lib/signature.c
+index a501f3e..a2eaf9b 100644
+--- a/lib/signature.c
++++ b/lib/signature.c
+@@ -883,6 +883,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
+ 
+ 	    rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
+ 			strerror(errno));
++	    _exit(EXIT_FAILURE);
+ 	}   break;
+ 	case RPMSIGTAG_RSA:
+ 	case RPMSIGTAG_PGP5:	/* XXX legacy */
+@@ -932,7 +933,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
+ 
+     (void) waitpid(pid, &status, 0);
+ 
+-    return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
++    return ((WIFEXITED(status) && WEXITSTATUS(status) == 0)) ? 0 : 1;
+ }
+ 
+ char * rpmGetPassPhrase(const char * prompt, const rpmSigTag sigTag)

rpm.spec

@@ -11,7 +11,7 @@
 
 %define rpmhome /usr/lib/rpm
 
-%define rpmver 4.7.1
+%define rpmver 4.7.2
 %define snapver {nil}
 %define srcver %{rpmver}
 
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: 6%{?dist}
+Release: 1%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@@ -40,16 +40,14 @@ Patch3: rpm-4.6.0-fedora-specspo.patch
 
 # Patches already in upstream
 Patch200: rpm-4.7.1-bugurl.patch
-Patch201: rpm-4.7.1-abs-filelist.patch
-Patch202: rpm-4.7.1-debug-perms.patch
-Patch203: rpm-4.7.1-duplicate-deps.patch
-Patch204: rpm-4.7.1-chroot-env-paths.patch
-Patch205: rpm-4.7.1-rpm2cpio-init.patch
-Patch206: rpm-4.7.1-filedep-dnevr.patch
-Patch207: rpm-4.7.1-chroot-remove-env.patch
+Patch201: rpm-4.7.0-extra-provides.patch
+Patch202: rpm-4.7.1-pgp-subkeys.patch
+Patch203: rpm-4.7.1-sign-passcheck.patch
+Patch204: rpm-4.7.1-rpmfc-data.patch
+Patch205: rpm-4.7.1-chmod-test.patch
+Patch206: rpm-4.7.1-python-types.patch
 
 # These are not yet upstream
-Patch300: rpm-4.7.0-extra-provides.patch
 Patch301: rpm-4.6.0-niagara.patch
 Patch302: rpm-4.7.1-geode-i686.patch
 
@@ -98,6 +96,8 @@ BuildRequires: xz-devel >= 4.999.8
 %if %{with sqlite}
 BuildRequires: sqlite-devel
 %endif
+# XXX temporarily for chmod-test patch
+BuildRequires: autoconf automake
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -201,15 +201,13 @@ packages on a system.
 %patch3 -p1 -b .fedora-specspo
 
 %patch200 -p1 -b .bugurl
-%patch201 -p1 -b .abs-filelist
-%patch202 -p1 -b .debug-perms
-%patch203 -p1 -b .duplicate-deps
-%patch204 -p1 -b .chroot-env-paths
-%patch205 -p1 -b .rpm2cpio.init
-%patch206 -p1 -b .filedep-dnevr
-%patch207 -p1 -b .chroot-remove-env
+%patch201 -p1 -b .extra-prov
+%patch202 -p1 -b .pgp-subkey
+%patch203 -p1 -b .sign-passcheck
+%patch204 -p1 -b .rpmfc-data
+%patch205 -p1 -b .chmod-test
+%patch206 -p1 -b .python-types
 
-%patch300 -p1 -b .extra-prov
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
 
@@ -423,6 +421,16 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Tue Dec 08 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
+- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
+- fix posix chmod test to unbreak %%fixperms macro (#543035)
+- avoid looking into OpenPGP subkeys (#436812)
+- dont fail build on unrecognized non-executable files (#532489)
+- fix password check result when gpg is missing (#496754)
+- permit python to handle 64bit integer types from headers
+- all header integer types are unsigned, match this in python too
+- return python long objects where ints are not sufficient (#531243)
+
 * Mon Sep 21 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.1-6
 - use relative paths within db environment (related to #507309, #507309...)
 - remove db environment on close in chrooted operation (related to above)