[meta][dunfell][PATCH] rpm: Handle proper return value to avoid major issues and removing unnecessary code

["Ranjitsinh Rathod" <ranjitsinhrathod1991@gmail.com>]

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

Change in 2 patch as below to avoid critical issues
1) 0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
Handled return values of getrlimit() and lzma_cputhreads() functions
to avoid unexpected behaviours like devide by zero and potential read
of uninitialized variable 'virtual_memory'
Upstream-Status: Pending [merge of multithreading patches to upstream]

2) CVE-2021-3421.patch
Removed RPMSIGTAG_FILESIGNATURES and RPMSIGTAG_FILESIGNATURELENGTH as
it is not needed during backporting of original patch.
Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21]

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
 ...rict-virtual-memory-usage-if-limit-s.patch | 25 ++++++++-------
 .../rpm/files/CVE-2021-3421.patch             | 32 +++----------------
 2 files changed, 19 insertions(+), 38 deletions(-)

diff --git a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
index 6454785254..dc3f74fecd 100644
--- a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
+++ b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
@@ -11,36 +11,39 @@ CPU thread.
 Upstream-Status: Pending [merge of multithreading patches to upstream]
 
 Signed-off-by: Peter Bergin <peter@berginkonsult.se>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
 ---
- rpmio/rpmio.c | 34 ++++++++++++++++++++++++++++++++++
- 1 file changed, 34 insertions(+)
+ rpmio/rpmio.c | 36 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
 
 diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
 index e051c98..b3c56b6 100644
 --- a/rpmio/rpmio.c
 +++ b/rpmio/rpmio.c
-@@ -845,6 +845,40 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
+@@ -845,6 +845,42 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
  		}
  #endif
  
-+		struct rlimit virtual_memory;
-+		getrlimit(RLIMIT_AS, &virtual_memory);
-+		if (virtual_memory.rlim_cur != RLIM_INFINITY) {
++		struct rlimit virtual_memory = {RLIM_INFINITY , RLIM_INFINITY};
++		int status = getrlimit(RLIMIT_AS, &virtual_memory);
++		if ((status != -1) && (virtual_memory.rlim_cur != RLIM_INFINITY)) {
 +			const uint64_t virtual_memlimit = virtual_memory.rlim_cur;
++			uint32_t threads_max = lzma_cputhreads();
 +			const uint64_t virtual_memlimit_per_cpu_thread =
-+				virtual_memlimit / lzma_cputhreads();
-+			uint64_t memory_usage_virt;
++				virtual_memlimit / ((threads_max == 0) ? 1 : threads_max);
 +			rpmlog(RPMLOG_NOTICE, "XZ: virtual memory restricted to %lu and "
 +			       "per CPU thread %lu\n", virtual_memlimit, virtual_memlimit_per_cpu_thread);
++			uint64_t memory_usage_virt;
 +			/* keep reducing the number of compression threads until memory
 +			   usage falls below the limit per CPU thread*/
 +			while ((memory_usage_virt = lzma_stream_encoder_mt_memusage(&mt_options)) >
 +			       virtual_memlimit_per_cpu_thread) {
-+				/* If number of threads goes down to zero lzma_stream_encoder will
-+				 * will return UINT64_MAX. We must check here to avoid an infinite loop.
++				/* If number of threads goes down to zero or in case of any other error
++				 * lzma_stream_encoder_mt_memusage will return UINT64_MAX. We must check
++				 * for both the cases here to avoid an infinite loop.
 +				 * If we get into situation that one thread requires more virtual memory
 +				 * than available we set one thread, print error message and try anyway. */
-+				if (--mt_options.threads == 0) {
++				if ((--mt_options.threads == 0) || (memory_usage_virt == UINT64_MAX)) {
 +					mt_options.threads = 1;
 +					rpmlog(RPMLOG_WARNING,
 +					       "XZ: Could not adjust number of threads to get below "
diff --git a/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch b/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
index b1a05b6863..d2ad5eabac 100644
--- a/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
+++ b/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
@@ -22,16 +22,16 @@ Fixes: CVE-2021-3421, CVE-2021-20271
 Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21]
 CVE: CVE-2021-3421
 Signed-off-by: Minjae Kim <flowergom@gmail.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
 ---
- lib/package.c | 115 ++++++++++++++++++++++++--------------------------
- lib/rpmtag.h  |   4 ++
- 2 files changed, 58 insertions(+), 61 deletions(-)
+ lib/package.c | 113 ++++++++++++++++++++++++--------------------------
+ 1 file changed, 52 insertions(+), 61 deletions(-)
 
 diff --git a/lib/package.c b/lib/package.c
 index 081123d84e..7c26ea323f 100644
 --- a/lib/package.c
 +++ b/lib/package.c
-@@ -20,76 +20,68 @@
+@@ -20,76 +20,67 @@
  
  #include "debug.h"
  
@@ -46,8 +46,6 @@ index 081123d84e..7c26ea323f 100644
 +    { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 },
 +    /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */
 +    { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 },
-+    { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 },
-+    { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 },
 +    { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 },
 +    { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 },
 +    { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 },
@@ -61,6 +59,7 @@ index 081123d84e..7c26ea323f 100644
   * Translate and merge legacy signature tags into header.
   * @param h		header (dest)
   * @param sigh		signature header (src)
++ * @return		failing tag number, 0 on success
   */
  static
 -void headerMergeLegacySigs(Header h, Header sigh)
@@ -170,27 +169,6 @@ index 081123d84e..7c26ea323f 100644
  	    applyRetrofits(h);
  
  	    /* Bump reference count for return. */
-diff --git a/lib/rpmtag.h b/lib/rpmtag.h
-index 8c718b31b5..d562572c6f 100644
---- a/lib/rpmtag.h
-+++ b/lib/rpmtag.h
-@@ -65,6 +65,8 @@ typedef enum rpmTag_e {
-     RPMTAG_LONGARCHIVESIZE	= RPMTAG_SIG_BASE+15,	/* l */
-     /* RPMTAG_SIG_BASE+16 reserved */
-     RPMTAG_SHA256HEADER		= RPMTAG_SIG_BASE+17,	/* s */
-+    /* RPMTAG_SIG_BASE+18 reserved for RPMSIGTAG_FILESIGNATURES */
-+    /* RPMTAG_SIG_BASE+19 reserved for RPMSIGTAG_FILESIGNATURELENGTH */
- 
-     RPMTAG_NAME  		= 1000,	/* s */
- #define	RPMTAG_N	RPMTAG_NAME	/* s */
-@@ -422,6 +424,8 @@ typedef enum rpmSigTag_e {
-     RPMSIGTAG_LONGSIZE	= RPMTAG_LONGSIGSIZE,	/*!< internal Header+Payload size (64bit) in bytes. */
-     RPMSIGTAG_LONGARCHIVESIZE = RPMTAG_LONGARCHIVESIZE, /*!< internal uncompressed payload size (64bit) in bytes. */
-     RPMSIGTAG_SHA256	= RPMTAG_SHA256HEADER,
-+    RPMSIGTAG_FILESIGNATURES            = RPMTAG_SIG_BASE + 18,
-+    RPMSIGTAG_FILESIGNATURELENGTH       = RPMTAG_SIG_BASE + 19,
- } rpmSigTag;
- 
  
 -- 
 2.17.1
-- 
2.17.1