--- /dev/null
+--- rpm-5.4.10.orig/lib/verify.c 2012-07-06 17:39:16.000000000 +0200
++++ rpm-5.4.10/lib/verify.c 2012-10-21 19:35:08.610708732 +0200
+@@ -261,11 +261,18 @@
+ unsigned char * fdigest = (unsigned char *)
+ memset(alloca(vf->dlen), 0, vf->dlen);
+ size_t fsize = 0;
++// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
++// hmac support is useless, see:
++// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
++#if defined(RPM_VENDOR_PLD)
++ int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
++#else
+ #define _mask (RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
+ unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
+ ? 0x2 : 0x0;
+ #undef _mask
+ int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
++#endif
+ sb.st_size = fsize;
+ if (rc) {
+ VF_SET(res, READFAIL);
Summary(uk.UTF-8): Менеджер пакетів від RPM
Name: rpm
Version: 5.4.10
-Release: 23
+Release: 24
License: LGPL
Group: Base
# http://rpm5.org/files/rpm/rpm-5.4/rpm-5.4.10-0.20120706.src.rpm
Patch52: %{name}-null-term-ascii-digest.patch
Patch53: %{name}-lua-enable-extra-libs.patch
Patch54: %{name}-fix-filedigests-verify.patch
+Patch55: %{name}-disable-hmac-verify.patch
# Patches imported from Mandriva
%patch52 -p0
%patch53 -p1
%patch54 -p1
+%patch55 -p1
%patch1000 -p1
%patch1001 -p1
projects / packages / rpm.git / commitdiff