[packages/rpm] - disable hmac when veryfying file digests - rel 24

Mon Oct 22 15:14:34 CEST 2012

commit 9158f140bb9f0e1f143bba54ec8e7715358d2bd1
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Mon Oct 22 15:13:23 2012 +0200

    - disable hmac when veryfying file digests
    - rel 24
    
    Disable hmac during digest calculation, since rpm package files
    contain plain md5sums, hmac support is useless, see:
    http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html

 rpm-disable-hmac-verify.patch | 21 +++++++++++++++++++++
 rpm.spec                      |  4 +++-
 2 files changed, 24 insertions(+), 1 deletion(-)
---

diff --git a/rpm.spec b/rpm.spec
index 5d8b6c7..df189f9 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -52,7 +52,7 @@ Summary(ru.UTF-8):	Менеджер пакетов от RPM
 Summary(uk.UTF-8):	Менеджер пакетів від RPM
 Name:		rpm
 Version:	5.4.10
-Release:	23
+Release:	24
 License:	LGPL
 Group:		Base
 # http://rpm5.org/files/rpm/rpm-5.4/rpm-5.4.10-0.20120706.src.rpm
@@ -144,6 +144,7 @@ Patch51:	%{name}-gst-inspect-typo.patch
 Patch52:	%{name}-null-term-ascii-digest.patch
 Patch53:	%{name}-lua-enable-extra-libs.patch
 Patch54:	%{name}-fix-filedigests-verify.patch
+Patch55:	%{name}-disable-hmac-verify.patch
 
 # Patches imported from Mandriva
 
@@ -832,6 +833,7 @@ Dokumentacja API RPM-a oraz przewodniki w formacie HTML generowane ze
 %patch52 -p0
 %patch53 -p1
 %patch54 -p1
+%patch55 -p1
 
 %patch1000 -p1
 %patch1001 -p1
diff --git a/rpm-disable-hmac-verify.patch b/rpm-disable-hmac-verify.patch
new file mode 100644
index 0000000..0566261
--- /dev/null
+++ b/rpm-disable-hmac-verify.patch
@@ -0,0 +1,21 @@
+--- rpm-5.4.10.orig/lib/verify.c	2012-07-06 17:39:16.000000000 +0200
++++ rpm-5.4.10/lib/verify.c	2012-10-21 19:35:08.610708732 +0200
+@@ -261,11 +261,18 @@
+ 	    unsigned char * fdigest = (unsigned char *)
+ 			memset(alloca(vf->dlen), 0, vf->dlen);
+ 	    size_t fsize = 0;
++// Disable hmac during digest calculation, since rpm package files contain plain md5sums,
++// hmac support is useless, see:
++// http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
++#if defined(RPM_VENDOR_PLD)
++	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
++#else
+ #define	_mask	(RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
+ 	    unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
+ 		? 0x2 : 0x0;
+ #undef	_mask
+ 	    int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
++#endif
+ 	    sb.st_size = fsize;
+ 	    if (rc) {
+ 		VF_SET(res, READFAIL);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/9158f140bb9f0e1f143bba54ec8e7715358d2bd1

