!299 [sync] PR-298: backport some patches from upstream

From: @openeuler-sync-bot 
Reviewed-by: @xujing99 
Signed-off-by: @xujing99

backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch

@@ -0,0 +1,31 @@
+From 656fe42af1d497c35769c740fcc98950e1455bad Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 24 Jan 2024 12:44:34 +0200
+Subject: [PATCH] Fix a theoretical use of uninitialized struct members
+
+If rpmScriptFromTriggerTag() was called with tm other than the three
+handled cases in the switch, the rpmtd_s structs would be uninitialized
+and weird things could happen. The value of tm is hardwired in all the
+existing callers AFAICS but the extra safety doesn't hurt either.
+
+Discovered by static analysis in RHEL.
+---
+ lib/rpmscript.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/rpmscript.c b/lib/rpmscript.c
+index b18f851a3..3f6313278 100644
+--- a/lib/rpmscript.c
++++ b/lib/rpmscript.c
+@@ -641,6 +641,8 @@ rpmScript rpmScriptFromTriggerTag(Header h, rpmTagVal triggerTag,
+ 	    headerGet(h, RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS, &tflags, hgflags);
+ 	    prefix = "transfile";
+ 	    break;
++	default:
++	    return NULL;
+     }
+ 
+     if (rpmtdSetIndex(&tscripts, ix) >= 0 && rpmtdSetIndex(&tprogs, ix) >= 0) {
+-- 
+2.33.0
+

backport-Fix-spec-parser-leaks-from-trans-f-file.patch

@@ -0,0 +1,31 @@
+From 26a1323022e3153d99b2f1095fe040f52fb2e3f3 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 30 Jan 2024 14:55:54 +0200
+Subject: [PATCH] Fix spec parser leaks from %*trans -f <file>
+
+Conflict:don't free preunTransFile and postunTransFile because
+         db46bd8bd1 is not merged
+
+The untrans-versions leak because grepping around didn't turn up
+the trans-counterparts ... because they didn't exist either.
+Those leaks are adults by now.
+---
+ build/spec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/build/spec.c b/build/spec.c
+index 824afba27..6f8a6a155 100644
+--- a/build/spec.c
++++ b/build/spec.c
+@@ -143,6 +143,8 @@ Package freePackage(Package pkg)
+     pkg->preUnFile = _free(pkg->preUnFile);
+     pkg->postUnFile = _free(pkg->postUnFile);
+     pkg->verifyFile = _free(pkg->verifyFile);
++    pkg->preTransFile = _free(pkg->preTransFile);
++    pkg->postTransFile = _free(pkg->postTransFile);
+ 
+     pkg->header = headerFree(pkg->header);
+     pkg->ds = rpmdsFree(pkg->ds);
+-- 
+2.33.0
+

backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch

@@ -0,0 +1,40 @@
+From 7bf818c8344ecbf0e14a26e6393582ae79df864e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 30 Jan 2024 15:04:03 +0200
+Subject: [PATCH] Tip-toe around rpmfiFN() thin ice in fsm
+
+Conflict:adapt context
+
+Any pointer gotten from rpmfiFN() is only valid until the next
+rpmfiFN() call, and here the path can end up inside plugins which
+may have their own reasons for calling rpmfiFN(). At which point
+the dest we passed would be invalid. strdup() it to appease ASAN,
+but this needs a saner solution really.
+---
+ lib/fsm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index a54e43bae..36708acc3 100644
+--- a/lib/fsm.c
++++ b/lib/fsm.c
+@@ -736,7 +736,7 @@ static int fsmSetmeta(const char *path, rpmfi fi, rpmPlugins plugins,
+ 		      int nofcaps)
+ {
+     int rc = 0;
+-    const char *dest = rpmfiFN(fi);
++    char *dest = xstrdup(rpmfiFN(fi));
+ 
+     if (!rc && !getuid()) {
+ 	rc = fsmChown(path, st->st_mode, st->st_uid, st->st_gid);
+@@ -756,6 +756,7 @@ static int fsmSetmeta(int fd, int dirfd, const char *path,
+ 	rc = rpmpluginsCallFsmFilePrepare(plugins, fi,
+ 					  path, dest, st->st_mode, action);
+     }
++    free(dest);
+ 
+     return rc;
+ }
+-- 
+2.33.0
+

backport-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch

@@ -0,0 +1,32 @@
+From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 24 Jan 2024 12:03:39 +0200
+Subject: [PATCH] Use unsigned integers for buildtime too for Y2K38 safety
+
+This little patch buys us 68 extra years to move to 64bit time tags
+in rpm. That seems achievable.
+
+Fixes: #1228
+---
+ build/build.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/build/build.c b/build/build.c
+index e4081c673..0ac8bf6c9 100644
+--- a/build/build.c
++++ b/build/build.c
+@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void)
+         if (srcdate == endptr || *endptr || errno != 0)
+             rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
+         else
+-            buildTime = (int32_t) epoch;
++            buildTime = (uint32_t) epoch;
+     } else
+-        buildTime = (int32_t) time(NULL);
++        buildTime = (uint32_t) time(NULL);
+ 
+     return buildTime;
+ }
+-- 
+2.33.0
+

rpm.spec

@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.17.0
-Release:       33
+Release:       34
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -114,6 +114,10 @@ Patch6075: backport-Fix-rpmDigestBundleFinal-and-Update-return-code-on-i.patch
 Patch6076: backport-Actually-return-an-error-in-parseScript-if-parsing-f.patch
 Patch6077: backport-Check-inside-root-when-querying-for-files.patch
 Patch6078: backport-Fix-regression-on-ctrl-c-during-transaction-killing-.patch
+Patch6079: backport-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch
+Patch6080: backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch
+Patch6081: backport-Fix-spec-parser-leaks-from-trans-f-file.patch
+Patch6082: backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
 BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -404,6 +408,9 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Wed Mar 13 2024 gengqihu<gengqihu2@h-partners.com> - 4.17.0-34
+- Backport some patches from upstream
+
 * Wed Feb 21 2024 gengqihu<gengqihu2@h-partners.com> - 4.17.0-33
 - Modify the version of zstd in Requires