[packages/rpm.git] / rpm-disable-hmac-verify.patch

--- rpm-5.4.10.orig/lib/verify.c	2012-07-06 17:39:16.000000000 +0200
+++ rpm-5.4.10/lib/verify.c	2012-10-21 19:35:08.610708732 +0200
@@ -261,11 +261,18 @@
 	    unsigned char * fdigest = (unsigned char *)
 			memset(alloca(vf->dlen), 0, vf->dlen);
 	    size_t fsize = 0;
+// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
+// hmac support is useless, see:
+// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
+#if defined(RPM_VENDOR_PLD)
+	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
+#else
 #define	_mask	(RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
 	    unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
 		? 0x2 : 0x0;
 #undef	_mask
 	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
+#endif
 	    sb.st_size = fsize;
 	    if (rc) {
 		VF_SET(res, READFAIL);
Commit	Line	Data
9158f140 JR	1	--- rpm-5.4.10.orig/lib/verify.c 2012-07-06 17:39:16.000000000 +0200
	2	+++ rpm-5.4.10/lib/verify.c 2012-10-21 19:35:08.610708732 +0200
	3	@@ -261,11 +261,18 @@
	4	unsigned char * fdigest = (unsigned char *)
	5	memset(alloca(vf->dlen), 0, vf->dlen);
	6	size_t fsize = 0;
	7	+// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
	8	+// hmac support is useless, see:
	9	+// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
	10	+#if defined(RPM_VENDOR_PLD)
	11	+ int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
	12	+#else
	13	#define _mask (RPMVERIFY_FDIGEST\|RPMVERIFY_HMAC)
	14	unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
	15	? 0x2 : 0x0;
	16	#undef _mask
	17	int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
	18	+#endif
	19	sb.st_size = fsize;
	20	if (rc) {
	21	VF_SET(res, READFAIL);