Backport upstream commit to fix sizeof argument in rpm/lib/depends.c

rpm-5.4.10-coverity-1035956.patch

@@ -0,0 +1,14 @@
+diff -urN rpm-5.4.10/lib/depends.c rpm-5.4.10-patched/lib/depends.c
+--- rpm-5.4.10/lib/depends.c	2012-04-16 08:20:56.000000000 +1100
++++ rpm-5.4.10-patched/lib/depends.c	2017-01-24 21:18:13.290480568 +1000
+@@ -105,8 +105,9 @@
+ 
+     if (ts->numRemovedPackages == ts->allocedRemovedPackages) {
+ 	ts->allocedRemovedPackages += ts->delta;
++	/* XXX coverity #1035956 */
+ 	ts->removedPackages = (uint32_t *) xrealloc(ts->removedPackages,
+-		sizeof(ts->removedPackages) * ts->allocedRemovedPackages);
++		sizeof(*ts->removedPackages) * ts->allocedRemovedPackages);
+     }
+ 
+ assert(ts->removedPackages != NULL);	/* XXX can't happen. */

rpm.spec

@@ -61,7 +61,7 @@ Summary:	The RPM package management system
 Name:		rpm
 Epoch:		1
 Version:	%{libver}.%{minorver}
-Release:	%{?prereldate:0.%{prereldate}.}73
+Release:	%{?prereldate:0.%{prereldate}.}74
 License:	LGPLv2.1+
 Group:		System/Configuration/Packaging
 Url:		http://rpm5.org/
@@ -350,6 +350,9 @@ Patch160:	rpm-5.4.10-bump-up-to-default-xz-compression-level.patch
 Patch161:	rpm-5.4.10-search-through-buildroot-library-dirs-for-uclibc-deps.patch
 # status: same as for other dep gen patches
 Patch162:	rpm-5.4.10-fix-uninitialized-variable.patch
+# coverity #1035956
+# https://www.mail-archive.com/rpm-cvs@rpm5.org/msg08976.html
+Patch163:	rpm-5.4.10-coverity-1035956.patch
 
 # our own helper scripts needs to be run first so that library permissions gets
 # fixed for find-debuginfo.sh to properly strip them
@@ -1120,6 +1123,7 @@ This package contains the RPM API documentation generated in HTML format.
 %patch160 -p1 -b .xz_level~
 %patch161 -p1 -b .uclibc_buildroot~
 %patch162 -p1 -b .uninitialized~
+%patch163 -p1 -b .coverity1035956.patch~
 
 %patch165 -p1 -b .helper_order~
 %patch166 -p1 -b .ldflags~