2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
new file mode 100644
index 0000000000..9a5ebb9115
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
@@ -0,0 +1,34 @@
+From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001
+From: Vitaly Chikunov <vt@altlinux.org>
+Date: Wed, 6 Jan 2021 23:43:41 +0300
+Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used
+When there is number after "T" (suggested number of threads or "0" for
+getncpus), lzopen_internal() mode parser would skip one byte, and when
+it's at the end of the string it would then parse undesired garbage from
+the memory, making intermittent compression failures.
+Fixes: 7740d1098 ("Add support for multithreaded xz compression")
+Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/405fc8998181353bd510864ca251dc233afec276]
+---
+ rpmio/rpmio.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
+index ed1e25140..9d32ec6d9 100644
+--- a/rpmio/rpmio.c
+++ b/rpmio/rpmio.c
+@@ -798,6 +798,7 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
+                 * should've processed
+                 * */
+                while (isdigit(*++mode));
+               --mode;
+            }
+ #ifdef HAVE_LZMA_MT
+            else
+-- 
+2.25.1
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
index c39a5208e5..376021d913 100644
--- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
@@ -44,6 +44,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x;protoc
           file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \
           file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \
           file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
+           file://0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch \
           file://CVE-2021-3421.patch \
           file://CVE-2021-20266.patch \
           "

diff --git a/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch new file mode 100644 index 0000000000..9a5ebb9115 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
@@ -0,0 +1,34 @@
		1	From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001
		2	From: Vitaly Chikunov <vt@altlinux.org>
		3	Date: Wed, 6 Jan 2021 23:43:41 +0300
		4	Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used
		5
		6	When there is number after "T" (suggested number of threads or "0" for
		7	getncpus), lzopen_internal() mode parser would skip one byte, and when
		8	it's at the end of the string it would then parse undesired garbage from
		9	the memory, making intermittent compression failures.
		10
		11	Fixes: 7740d1098 ("Add support for multithreaded xz compression")
		12	Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
		13
		14	Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/405fc8998181353bd510864ca251dc233afec276]
		15
		16	---
		17	rpmio/rpmio.c \| 1 +
		18	1 file changed, 1 insertion(+)
		19
		20	diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
		21	index ed1e25140..9d32ec6d9 100644
		22	--- a/rpmio/rpmio.c
		23	+++ b/rpmio/rpmio.c
		24	@@ -798,6 +798,7 @@ static LZFILE lzopen_internal(const char mode, int fd, int xz)
		25	* should've processed
		26	* */
		27	while (isdigit(*++mode));
		28	+ --mode;
		29	}
		30	#ifdef HAVE_LZMA_MT
		31	else
		32	--
		33	2.25.1
		34


diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb index c39a5208e5..376021d913 100644 --- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
@@ -44,6 +44,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x;protoc
44	file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \	44	file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \
45	file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \	45	file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \
46	file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \	46	file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
		47	file://0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch \
47	file://CVE-2021-3421.patch \	48	file://CVE-2021-3421.patch \
48	file://CVE-2021-20266.patch \	49	file://CVE-2021-20266.patch \
49	"	50	"