- If %_wrong_version_format_terminate_build is 1 then terminate build

in case that version format is wrong i. e. epoch is not unsigned
  integer or version contains more separators (":", "-").
  %_wrong_version_format_terminate_build is 1 by deafault
- Resolves: 1251453

rpm-4.13.0-non-numeric-epoch.patch

@@ -0,0 +1,48 @@
+From f5bab7c054de3607d43dcc5ee8a04c2e3cd46926 Mon Sep 17 00:00:00 2001
+From: Lubos Kardos <lkardos@redhat.com>
+Date: Fri, 23 Oct 2015 12:20:45 +0200
+Subject: [PATCH] Warn if epoch is not unsigned integer (rhbz:1251453)
+
+---
+ build/parseReqs.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/build/parseReqs.c b/build/parseReqs.c
+index bef0a2b..acdfeb9 100644
+--- a/build/parseReqs.c
++++ b/build/parseReqs.c
+@@ -25,6 +25,22 @@ static rpmRC checkSep(const char *s, char c, char **emsg)
+     return RPMRC_OK;
+ }
+ 
++static rpmRC checkEpoch(const char *s, char **emsg)
++{
++    const char *si, *sep = strchr(s, ':');
++
++    if (!sep)
++	return RPMRC_OK;
++
++    for (si = s; si != sep; si++) {
++	if (!risdigit(*si)) {
++	    rasprintf(emsg, "Invalid version (epoch must be unsigned integer): %s", s);
++	    break;
++	}
++    }
++    return RPMRC_OK;
++}
++
+ static rpmRC checkDep(rpmSpec spec, char *N, char *EVR, char **emsg)
+ {
+     /* 
+@@ -44,6 +60,8 @@ static rpmRC checkDep(rpmSpec spec, char *N, char *EVR, char **emsg)
+             return RPMRC_FAIL;
+         if (checkSep(EVR, '-', emsg) != RPMRC_OK || checkSep(EVR, ':', emsg) != RPMRC_OK)
+             return RPMRC_FAIL;
++	if (checkEpoch(EVR, emsg) != RPMRC_OK)
++	    return RPMRC_FAIL;
+     }
+     return RPMRC_OK;
+ }
+-- 
+1.9.3
+

rpm-4.13.0-wrong-version-macro.patch

@@ -0,0 +1,67 @@
+From 5e94633660d0e2b970bf42f1dc24346ed46cae2e Mon Sep 17 00:00:00 2001
+From: Lubos Kardos <lkardos@redhat.com>
+Date: Fri, 23 Oct 2015 14:21:58 +0200
+Subject: [PATCH] Make terminating build if version format is wrong
+ configurable
+
+---
+ build/parseReqs.c | 14 +++++++++-----
+ macros.in         |  3 +++
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/build/parseReqs.c b/build/parseReqs.c
+index acdfeb9..a443505 100644
+--- a/build/parseReqs.c
++++ b/build/parseReqs.c
+@@ -21,6 +21,7 @@ static rpmRC checkSep(const char *s, char c, char **emsg)
+     const char *sep = strchr(s, c);
+     if (sep && strchr(sep + 1, c)) {
+ 	rasprintf(emsg, "Invalid version (double separator '%c'): %s", c, s);
++	return RPMRC_FAIL;
+     }
+     return RPMRC_OK;
+ }
+@@ -35,7 +36,7 @@ static rpmRC checkEpoch(const char *s, char **emsg)
+     for (si = s; si != sep; si++) {
+ 	if (!risdigit(*si)) {
+ 	    rasprintf(emsg, "Invalid version (epoch must be unsigned integer): %s", s);
+-	    break;
++	    return RPMRC_FAIL;
+ 	}
+     }
+     return RPMRC_OK;
+@@ -58,10 +59,13 @@ static rpmRC checkDep(rpmSpec spec, char *N, char *EVR, char **emsg)
+         }
+         if (rpmCharCheck(spec, EVR, ".-_+:%{}~"))
+             return RPMRC_FAIL;
+-        if (checkSep(EVR, '-', emsg) != RPMRC_OK || checkSep(EVR, ':', emsg) != RPMRC_OK)
+-            return RPMRC_FAIL;
+-	if (checkEpoch(EVR, emsg) != RPMRC_OK)
+-	    return RPMRC_FAIL;
++	if (checkSep(EVR, '-', emsg) != RPMRC_OK ||
++	    checkSep(EVR, ':', emsg) != RPMRC_OK ||
++	    checkEpoch(EVR, emsg) != RPMRC_OK) {
++
++	    if (rpmExpandNumeric("%{?_wrong_version_format_terminate_build}"))
++		return RPMRC_FAIL;
++	}
+     }
+     return RPMRC_OK;
+ }
+diff --git a/macros.in b/macros.in
+index 9ffe4a8..6ea04c9 100644
+--- a/macros.in
++++ b/macros.in
+@@ -401,6 +401,9 @@ package or when debugging this package.\
+ # Should invalid utf8 encoding in package metadata terminate a build?
+ %_invalid_encoding_terminates_build 0
+ 
++# Should invalid version format in requires, provides, ... terminate a build?
++%_wrong_version_format_terminate_build 1
++
+ #
+ # Should rpm try to download missing sources at build-time?
+ # Enabling this is dangerous as long as rpm has no means to validate
+-- 
+1.9.3
+

rpm.spec

@@ -29,7 +29,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}5%{?dist}
+Release: %{?snapver:0.%{snapver}.}6%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
@@ -54,6 +54,8 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch
 # Patches already upstream:
 Patch100: rpm-4.13.0-rc1-Fix-new-richdep-syntax.patch
 Patch101: rpm-4.13.0-selinux--permissive-scriptlets.patch
+Patch102: rpm-4.13.0-non-numeric-epoch.patch
+Patch103: rpm-4.13.0-wrong-version-macro.patch
 
 # These are not yet upstream
 Patch302: rpm-4.7.1-geode-i686.patch
@@ -556,6 +558,12 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Fri Oct 23 2015 Lubos Kardos <lkardos@redhat.com> - 4.13-0.rc1.6
+- If %%_wrong_version_format_terminate_build is 1 then terminate build in case
+  that version format is wrong i. e. epoch is not unsigned integer or version
+  contains more separators (":", "-"). %%_wrong_version_format_terminate_build
+  is 1 by deafault (#1265700)
+
 * Wed Oct 14 2015 Robert Kuska <rkuska@redhat.com> - 4.13.0-0.rc1.5
 - Rebuilt for Python3.5 rebuild