X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=rpm-disable-hmac-verify.patch;fp=rpm-disable-hmac-verify.patch;h=05662612dc48182b792c5273585e3bfa0bea44b7;hb=9158f140bb9f0e1f143bba54ec8e7715358d2bd1;hp=0000000000000000000000000000000000000000;hpb=330093faff6d869f3b3c708de684851bb26fa8ca;p=packages%2Frpm.git

diff --git a/rpm-disable-hmac-verify.patch b/rpm-disable-hmac-verify.patch
new file mode 100644
index 0000000..0566261
--- /dev/null
+++ b/rpm-disable-hmac-verify.patch
@@ -0,0 +1,21 @@
+--- rpm-5.4.10.orig/lib/verify.c	2012-07-06 17:39:16.000000000 +0200
++++ rpm-5.4.10/lib/verify.c	2012-10-21 19:35:08.610708732 +0200
+@@ -261,11 +261,18 @@
+ 	    unsigned char * fdigest = (unsigned char *)
+ 			memset(alloca(vf->dlen), 0, vf->dlen);
+ 	    size_t fsize = 0;
++// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
++// hmac support is useless, see:
++// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
++#if defined(RPM_VENDOR_PLD)
++	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
++#else
+ #define	_mask	(RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
+ 	    unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
+ 		? 0x2 : 0x0;
+ #undef	_mask
+ 	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
++#endif
+ 	    sb.st_size = fsize;
+ 	    if (rc) {
+ 		VF_SET(res, READFAIL);