rpm-disable-hmac-verify.patch

   1 --- rpm-5.4.10.orig/lib/verify.c        2012-07-06 17:39:16.000000000 +0200
   2 +++ rpm-5.4.10/lib/verify.c     2012-10-21 19:35:08.610708732 +0200
   3 @@ -261,11 +261,18 @@
   4             unsigned char * fdigest = (unsigned char *)
   5                         memset(alloca(vf->dlen), 0, vf->dlen);
   6             size_t fsize = 0;
   7 +// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
   8 +// hmac support is useless, see:
   9 +// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
  10 +#if defined(RPM_VENDOR_PLD)
  11 +           int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
  12 +#else
  13  #define        _mask   (RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
  14             unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
  15                 ? 0x2 : 0x0;
  16  #undef _mask
  17             int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
  18 +#endif
  19             sb.st_size = fsize;
  20             if (rc) {
  21                 VF_SET(res, READFAIL);