From b00ec5cf69d5400511bc94aa142753760a319e6f Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 16 Aug 2017 16:14:55 +0300
Subject: [PATCH] Bunch of fixes from upstream/F26

- Really ignore unknown tags in the signature header (#1480492)
- Fix rpmsign python module import failing (#1462671)
- Fix rpmbuild world writable empty (tmp) dirs in debuginfo (#641022)
- Fix testsuite with recent NSS-versions
---
 rpm-4.13.0-python-rpmsign.patch   |  22 +++++++
 rpm-4.13.0-testsuite-nss.patch    |  21 ++++++
 rpm-4.13.0-unknown-sigtags.patch  |  25 +++++++
 rpm-4.13.x-writable-tmp-dir.patch | 106 ++++++++++++++++++++++++++++++
 rpm.spec                          |  12 +++-
 5 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 rpm-4.13.0-python-rpmsign.patch
 create mode 100644 rpm-4.13.0-testsuite-nss.patch
 create mode 100644 rpm-4.13.0-unknown-sigtags.patch
 create mode 100644 rpm-4.13.x-writable-tmp-dir.patch

diff --git a/rpm-4.13.0-python-rpmsign.patch b/rpm-4.13.0-python-rpmsign.patch
new file mode 100644
index 0000000..3e535b6
--- /dev/null
+++ b/rpm-4.13.0-python-rpmsign.patch
@@ -0,0 +1,22 @@
+From eb632e5158fa4ef993b0e5df2a354f0be7a7a71d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Wed, 20 Apr 2016 15:39:36 +0200
+Subject: [PATCH] Use correct source file for rpmsign module
+
+---
+ python/setup.py.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/setup.py.in b/python/setup.py.in
+index b2c394136..f94873fe5 100644
+--- a/python/setup.py.in
++++ b/python/setup.py.in
+@@ -48,7 +48,7 @@ rpmbuild_mod = Extension('rpm._rpmb',
+                   )
+ 
+ rpmsign_mod = Extension('rpm._rpms',
+-                   sources = ['rpmbmodule.c'],
++                   sources = ['rpmsmodule.c'],
+                    include_dirs = pkgconfig('--cflags'),
+                    libraries = pkgconfig('--libs') + ['rpmsign'],
+                    extra_compile_args = cflags,
diff --git a/rpm-4.13.0-testsuite-nss.patch b/rpm-4.13.0-testsuite-nss.patch
new file mode 100644
index 0000000..d5725d0
--- /dev/null
+++ b/rpm-4.13.0-testsuite-nss.patch
@@ -0,0 +1,21 @@
+commit 36db47bf59213befbb0afb37032b82e634c7ba78
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Wed May 10 09:17:20 2017 +0300
+
+    Fix testsuite with newer NSS versions which require /dev/urandom
+    
+    (cherry picked from commit 9e3256d2e8fa1bed042f7c4ded7e40e232342539)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 7a5cc6544..1e71d685f 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -109,7 +109,7 @@ testing$(bindir)/rpmbuild: ../rpmbuild
+ 	          $(MAKE) DESTDIR=`pwd`/${subdir}/testing install)
+ 	cp -r ${srcdir}/data/ testing/
+ 	for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done
+-	for node in stdin stderr stdout null; do ln -s /dev/$${node} testing/dev/$${node}; done
++	for node in urandom stdin stderr stdout null; do ln -s /dev/$${node} testing/dev/$${node}; done
+ 	for cf in hosts resolv.conf passwd shadow group gshadow mtab fstab; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done
+ 	ln -s ../$(bindir) testing/usr/bin
+ 	for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch; do p=`which $${prog}`; ln -s $${p} testing/$${p}; done
diff --git a/rpm-4.13.0-unknown-sigtags.patch b/rpm-4.13.0-unknown-sigtags.patch
new file mode 100644
index 0000000..f2355eb
--- /dev/null
+++ b/rpm-4.13.0-unknown-sigtags.patch
@@ -0,0 +1,25 @@
+commit 5e311d32e4079bf7f2db001d4f08db3ac0d93af9
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Fri Aug 11 12:48:23 2017 +0300
+
+    Really ignore unknown signature tags (RhBug:1480407)
+    
+    Rather embarrassingly, rpm 4.13 fails rpmkeys -K signature verification
+    of rpm 4.14 packages because it doesn't really ignore unknown
+    signature tags like it claims to, and should. And so it reports a
+    bogus failure on the new SHA256 header-only digest. This bug as it is
+    only exists in 4.13.x, older versions are fine and >= 4.14 only
+    ever looks for tags it knows about.
+
+diff --git a/lib/signature.c b/lib/signature.c
+index 1b9fe345f..41bf85893 100644
+--- a/lib/signature.c
++++ b/lib/signature.c
+@@ -71,6 +71,7 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin,
+ 	break;
+     default:
+ 	/* anything unknown just falls through for now */
++	sinfo->type = RPMSIG_OTHER_TYPE;
+ 	break;
+     }
+ 
diff --git a/rpm-4.13.x-writable-tmp-dir.patch b/rpm-4.13.x-writable-tmp-dir.patch
new file mode 100644
index 0000000..63a8c4a
--- /dev/null
+++ b/rpm-4.13.x-writable-tmp-dir.patch
@@ -0,0 +1,106 @@
+commit c707ab26362e795d3f9dba4eb87dc7ed99a28bcb
+Author: Robin Lee <cheeselee@fedoraproject.org>
+Date:   Sat Apr 8 21:21:39 2017 +0800
+
+    Fix non-standard inherented modes of directories in debuginfo
+    
+    In case that binary compiled from source generated in /tmp, a
+    /usr/src/debug/tmp directory will be created with the same mode as
+    /tmp, a.k.a 777, which should be avoided.
+    
+    Fixes: rhbz#641022
+
+diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
+old mode 100644
+new mode 100755
+index 547dbd9..6f38e19
+--- a/scripts/find-debuginfo.sh
++++ b/scripts/find-debuginfo.sh
+@@ -396,9 +396,10 @@
+   mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug"
+   LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(<internal>|<built-in>)$' |
+   (cd "$RPM_BUILD_DIR"; cpio -pd0mL "${RPM_BUILD_ROOT}/usr/src/debug")
+-  # stupid cpio creates new directories in mode 0700, fixup
++  # stupid cpio creates new directories in mode 0700,
++  # and non-standard modes may be inherented from original directories, fixup
+   find "${RPM_BUILD_ROOT}/usr/src/debug" -type d -print0 |
+-  xargs --no-run-if-empty -0 chmod a+rx
++  xargs --no-run-if-empty -0 chmod 0755
+ fi
+ 
+ if [ -d "${RPM_BUILD_ROOT}/usr/lib" -o -d "${RPM_BUILD_ROOT}/usr/src" ]; then
+
+commit e795899780337dea751d85db8f381eff3fe75275
+Author: Mark Wielaard <mark@klomp.org>
+Date:   Fri Apr 21 17:33:26 2017 +0200
+
+    debugedit: Only output comp_dir under build dir (once).
+    
+    The fix for rhbz#444310 (commit c1a5eb - Include empty CU current dirs)
+    was a little greedy. It would also include comp_dirs outside the build
+    root. Those are unnecessary and we don't have a good way to store them.
+    Such dirs (e.g. /tmp) would then show up at the root of /usr/src/debug.
+    
+    Fix this by including only comp_dirs under base_dir. Also only output
+    all dirs once (during phase zero) and don't output empty dirs (which
+    was harmless but would produce a warning from cpio).
+    
+    This still includes all empty dirs from the original rhbz#444310
+    nodir testcase and it is an alternative fix for rhbz#641022
+    (commit c707ab).
+    
+    Both fixes are necessary in case of an unexpected mode for a directory
+    actually in the build root that we want to include in the source list.
+    
+    Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+diff --git a/tools/debugedit.c b/tools/debugedit.c
+index 8444e03..bf11513 100644
+--- a/tools/debugedit.c
++++ b/tools/debugedit.c
+@@ -926,27 +926,29 @@
+   /* Ensure the CU current directory will exist even if only empty.  Source
+      filenames possibly located in its parent directories refer relatively to
+      it and the debugger (GDB) cannot safely optimize out the missing
+-     CU current dir subdirectories.  */
+-  if (comp_dir && list_file_fd != -1)
++     CU current dir subdirectories.  Only do this once in phase one. And
++     only do this for dirs under our build/base_dir.  Don't output the
++     empty string (in case the comp_dir == base_dir).  */
++  if (phase == 0 && base_dir && comp_dir && list_file_fd != -1)
+     {
+       char *p;
+       size_t size;
+ 
+-      if (base_dir && has_prefix (comp_dir, base_dir))
+-	p = comp_dir + strlen (base_dir);
+-      else if (dest_dir && has_prefix (comp_dir, dest_dir))
+-	p = comp_dir + strlen (dest_dir);
+-      else
+-	p = comp_dir;
+-
+-      size = strlen (p) + 1;
+-      while (size > 0)
++      if (has_prefix (comp_dir, base_dir))
+ 	{
+-	  ssize_t ret = write (list_file_fd, p, size);
+-	  if (ret == -1)
+-	    break;
+-	  size -= ret;
+-	  p += ret;
++	  char *p = comp_dir + strlen (base_dir);
++	  if (p[0] != '\0')
++	    {
++	      size_t size = strlen (p) + 1;
++	      while (size > 0)
++		{
++		  ssize_t ret = write (list_file_fd, p, size);
++		  if (ret == -1)
++		    break;
++		  size -= ret;
++		  p += ret;
++		}
++	    }
+ 	}
+     }
+ 
diff --git a/rpm.spec b/rpm.spec
index 597e414..26e63fc 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -29,7 +29,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}1%{?dist}
+Release: %{?snapver:0.%{snapver}.}2%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@@ -52,6 +52,10 @@ Patch4: rpm-4.8.1-use-gpg2.patch
 Patch5: rpm-4.12.0-rpm2cpio-hack.patch
 
 # Patches already upstream:
+Patch100: rpm-4.13.0-python-rpmsign.patch
+Patch101: rpm-4.13.0-unknown-sigtags.patch
+Patch102: rpm-4.13.0-testsuite-nss.patch
+Patch103: rpm-4.13.x-writable-tmp-dir.patch
 
 Patch133: rpm-4.13.x-pythondistdeps.patch
 Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch
@@ -560,6 +564,12 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Wed Aug 16 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.0.1-2
+- Really ignore unknown tags in the signature header (#1480492)
+- Fix rpmsign python module import failing (#1462671)
+- Fix rpmbuild world writable empty (tmp) dirs in debuginfo (#641022)
+- Fix testsuite with recent NSS-versions
+
 * Fri Feb 24 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.0.1-1
 - Rebase to rpm 4.13.0.1 (http://rpm.org/wiki/Releases/4.13.0.1)
 - Fixes #1410907, #1405570, #1399798, #1410907 etc