diff --git a/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch b/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch
new file mode 100644
index 0000000..f2a0989
--- /dev/null
+++ b/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch
@@ -0,0 +1,57 @@
+diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
+index 4531271cc..74aeed851 100755
+--- a/scripts/rpm2cpio.sh
++++ b/scripts/rpm2cpio.sh
+@@ -15,13 +15,23 @@ _dd() {
+ }
+ 
+ calcsize() {
++
++	case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in
++		"$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8'
++		*) fatal "File doesn't look like rpm: $pkg" ;;
++	esac
++
+ 	offset=$(($1 + 8))
+ 
+ 	local i b b0 b1 b2 b3 b4 b5 b6 b7
+ 
+ 	i=0
+ 	while [ $i -lt 8 ]; do
+-		b="$(_dd $(($offset + $i)) bs=1 count=1)"
++		# add . to not loose \n
++		# strip \0 as it gets dropped with warning otherwise
++		b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)"
++		b=${b%.}    # strip . again
++
+ 		[ -z "$b" ] &&
+ 			b="0" ||
+ 			b="$(exec printf '%u\n' "'$b")"
+@@ -33,7 +43,7 @@ calcsize() {
+ 	offset=$(($offset + $rsize))
+ }
+ 
+-case "$(_dd 0 bs=8 count=1)" in
++case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in
+ 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
+ 	*) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+@@ -44,11 +54,11 @@ sigsize=$rsize
+ calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
+ hdrsize=$rsize
+ 
+-case "$(_dd $offset bs=3 count=1)" in
+-	"$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
+-	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
+-	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
+-	"$(printf '\135\000')"*) _dd $offset | unlzma  ;; # '\x5d\x00'
+-	"$(printf '\050\265')"*) _dd $offset | unzstd  ;; # '\x28\xb5'
+-	*) fatal "Unrecognized rpm file: $pkg" ;;
++case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in
++	"$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a'
++	"$(printf '\037\213')") _dd $offset | gunzip  ;; # '\x1f\x8b'
++	"$(printf '\375\067')") _dd $offset | xzcat   ;; # '\xfd\x37'
++	"$(printf '\135')") _dd $offset | unlzma      ;; # '\x5d\x00'
++	"$(printf '\050\265')") _dd $offset | unzstd  ;; # '\x28\xb5'
++	*) fatal "Unrecognized payload compression format in rpm file: $pkg" ;;
+ esac
diff --git a/rpm.spec b/rpm.spec
index 879ed7a..491f2f1 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -32,7 +32,7 @@
 
 %global rpmver 4.16.1.3
 #global snapver rc1
-%global rel 15
+%global rel 16
 %global sover 9
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -82,6 +82,7 @@ Patch110: rpm-4.16.1.3-add-path-query-option.patch
 Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
 Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch
 Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch
+Patch114: rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch
 
 # These are not yet upstream
 Patch906: rpm-4.7.1-geode-i686.patch
@@ -613,6 +614,9 @@ fi
 %doc doc/librpm/html/*
 
 %changelog
+* Fri Jul 22 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-16
+- Make rpm2cpio.sh more robust (#1983015)
+
 * Thu Jun 30 2022 Nick Clifton  <nickc@redhat.com> - 4.16.1.3-15
 - Pass _find_debuginfo_vendor_opts to the find-debuginfo script.  (#2099617)