From 3bb32d657bafe46ba7c3f52fa1fb75309fe3f528 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Aug 01 2008 14:43:54 +0000 Subject: New snapshot from upstream, fixes a number of bugs, important for f10 alpha --- diff --git a/.cvsignore b/.cvsignore index 7e77207..992585f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -rpm-4.5.90.git8426.tar.bz2 +rpm-4.5.90.git8444.tar.bz2 diff --git a/find-debuginfo.sh b/find-debuginfo.sh deleted file mode 100755 index 73e5417..0000000 --- a/find-debuginfo.sh +++ /dev/null @@ -1,337 +0,0 @@ -#!/bin/bash -#find-debuginfo.sh - automagically generate debug info and file list -#for inclusion in an rpm spec file. -# -# Usage: find-debuginfo.sh [-g] [--strict-build-id] -# [-o debugfiles.list] -# [[-l filelist]... [-p 'pattern'] -o debuginfo.list] -# [builddir] -# -# The -g flag says to use strip -g instead of full strip on DSOs. -# The --strict-build-id flag says to exit with failure status if -# any ELF binary processed fails to contain a build-id note. -# -# A single -o switch before any -l or -p switches simply renames -# the primary output file from debugfiles.list to something else. -# A -o switch that follows a -p switch or some -l switches produces -# an additional output file with the debuginfo for the files in -# the -l filelist file, or whose names match the -p pattern. -# The -p argument is an egrep-style regexp matching the a file name, -# and must not use anchors (^ or $). -# -# All file names in switches are relative to builddir (. if not given). -# - -# With -g arg, pass it to strip on libraries. -strip_g=false - -# Barf on missing build IDs. -# XXX temporarily on by default -strict=true - -BUILDDIR=. -out=debugfiles.list -nout=0 -while [ $# -gt 0 ]; do - case "$1" in - --strict-build-id) - strict=true - ;; - -g) - strip_g=true - ;; - -o) - if [ -z "${lists[$nout]}" -a -z "${ptns[$nout]}" ]; then - out=$2 - else - outs[$nout]=$2 - ((nout++)) - fi - shift - ;; - -l) - lists[$nout]="${lists[$nout]} $2" - shift - ;; - -p) - ptns[$nout]=$2 - shift - ;; - *) - BUILDDIR=$1 - shift - break - ;; - esac - shift -done - -i=0 -while ((i < nout)); do - outs[$i]="$BUILDDIR/${outs[$i]}" - l='' - for f in ${lists[$i]}; do - l="$l $BUILDDIR/$f" - done - lists[$i]=$l - ((++i)) -done - -LISTFILE=$BUILDDIR/$out -SOURCEFILE=$BUILDDIR/debugsources.list -LINKSFILE=$BUILDDIR/debuglinks.list - -> $SOURCEFILE -> $LISTFILE -> $LINKSFILE - -debugdir="${RPM_BUILD_ROOT}/usr/lib/debug" - -strip_to_debug() -{ - local g= - $strip_g && case "$(file -bi "$2")" in - application/x-sharedlib,*) g=-g ;; - esac - eu-strip --remove-comment $g -f "$1" "$2" || exit -} - -# Make a relative symlink to $1 called $3$2 -shopt -s extglob -link_relative() -{ - local t="$1" f="$2" pfx="$3" - local fn="${f#/}" tn="${t#/}" - local fd td d - - while fd="${fn%%/*}"; td="${tn%%/*}"; [ "$fd" = "$td" ]; do - fn="${fn#*/}" - tn="${tn#*/}" - done - - d="${fn%/*}" - if [ "$d" != "$fn" ]; then - d="${d//+([!\/])/..}" - tn="${d}/${tn}" - fi - - mkdir -p "$(dirname "$pfx$f")" && ln -snf "$tn" "$pfx$f" -} - -# Make a symlink in /usr/lib/debug/$2 to $1 -debug_link() -{ - local l="/usr/lib/debug$2" - local t="$1" - echo >> $LINKSFILE "$l $t" - link_relative "$t" "$l" "$RPM_BUILD_ROOT" -} - -# Make a build-id symlink for id $1 with suffix $3 to file $2. -make_id_link() -{ - local id="$1" file="$2" - local idfile=".build-id/${id:0:2}/${id:2}" - [ $# -eq 3 ] && idfile="${idfile}$3" - local root_idfile="$RPM_BUILD_ROOT/usr/lib/debug/$idfile" - - if [ ! -L "$root_idfile" ]; then - debug_link "$file" "/$idfile" - return - fi - - [ $# -eq 3 ] && return 0 - - local other=$(readlink -m "$root_idfile") - other=${other#$RPM_BUILD_ROOT} - if cmp -s "$root_idfile" "$RPM_BUILD_ROOT$file" || - eu-elfcmp -q "$root_idfile" "$RPM_BUILD_ROOT$file" 2> /dev/null; then - # Two copies. Maybe one has to be setuid or something. - echo >&2 "*** WARNING: identical binaries are copied, not linked:" - echo >&2 " $file" - echo >&2 " and $other" - else - # This is pathological, break the build. - echo >&2 "*** ERROR: same build ID in nonidentical files!" - echo >&2 " $file" - echo >&2 " and $other" - exit 2 - fi -} - -get_debugfn() -{ - dn=$(dirname "${1#$RPM_BUILD_ROOT}") - bn=$(basename "$1" .debug).debug - - debugdn=${debugdir}${dn} - debugfn=${debugdn}/${bn} -} - -set -o pipefail - -strict_error=ERROR -$strict || strict_error=WARNING - -# Strip ELF binaries -find $RPM_BUILD_ROOT ! -path "${debugdir}/*.debug" -type f \ - \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \ - -print | -file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped/\1/p' | -xargs --no-run-if-empty stat -c '%h %D_%i %n' | -while read nlinks inum f; do - get_debugfn "$f" - [ -f "${debugfn}" ] && continue - - # If this file has multiple links, keep track and make - # the corresponding .debug files all links to one file too. - if [ $nlinks -gt 1 ]; then - eval linked=\$linked_$inum - if [ -n "$linked" ]; then - link=$debugfn - get_debugfn "$linked" - echo "hard linked $link to $debugfn" - ln -nf "$debugfn" "$link" - continue - else - eval linked_$inum=\$f - echo "file $f has $[$nlinks - 1] other hard links" - fi - fi - - echo "extracting debug info from $f" - id=$(/usr/lib/rpm/debugedit -b "$RPM_BUILD_DIR" -d /usr/src/debug \ - -i -l "$SOURCEFILE" "$f") || exit - if [ -z "$id" ]; then - echo >&2 "*** ${strict_error}: No build ID note found in $f" - $strict && exit 2 - fi - - # A binary already copied into /usr/lib/debug doesn't get stripped, - # just has its file names collected and adjusted. - case "$dn" in - /usr/lib/debug/*) - [ -z "$id" ] || make_id_link "$id" "$dn/$(basename $f)" - continue ;; - esac - - mkdir -p "${debugdn}" - if test -w "$f"; then - strip_to_debug "${debugfn}" "$f" - else - chmod u+w "$f" - strip_to_debug "${debugfn}" "$f" - chmod u-w "$f" - fi - - if [ -n "$id" ]; then - make_id_link "$id" "$dn/$(basename $f)" - make_id_link "$id" "/usr/lib/debug$dn/$bn" .debug - fi -done || exit - -# For each symlink whose target has a .debug file, -# make a .debug symlink to that file. -find $RPM_BUILD_ROOT ! -path "${debugdir}/*" -type l -print | -while read f -do - t=$(readlink -m "$f").debug - f=${f#$RPM_BUILD_ROOT} - t=${t#$RPM_BUILD_ROOT} - if [ -f "$debugdir$t" ]; then - echo "symlinked /usr/lib/debug$t to /usr/lib/debug${f}.debug" - debug_link "/usr/lib/debug$t" "${f}.debug" - fi -done - -if [ -s "$SOURCEFILE" ]; then - mkdir -p ${RPM_BUILD_ROOT}/usr/src/debug - LC_ALL=C sort -z -u $SOURCEFILE | egrep -v -z '(|)$' | - (cd $RPM_BUILD_DIR; cpio -pd0mL ${RPM_BUILD_ROOT}/usr/src/debug) - # stupid cpio creates new directories in mode 0700, fixup - find ${RPM_BUILD_ROOT}/usr/src/debug -type d -print0 | - xargs --no-run-if-empty -0 chmod a+rx -fi - -if [ -d ${RPM_BUILD_ROOT}/usr/lib -o -d ${RPM_BUILD_ROOT}/usr/src ]; then - ((nout > 0)) || - test ! -d ${RPM_BUILD_ROOT}/usr/lib || - (cd ${RPM_BUILD_ROOT}/usr/lib; find debug -type d) | - sed 's,^,%dir /usr/lib/,' >> $LISTFILE - - (cd ${RPM_BUILD_ROOT}/usr - test ! -d lib/debug || find lib/debug ! -type d - test ! -d src/debug || find src/debug -mindepth 1 -maxdepth 1 - ) | sed 's,^,/usr/,' >> $LISTFILE -fi - -# Append to $1 only the lines from stdin not already in the file. -append_uniq() -{ - fgrep -f "$1" -x -v >> "$1" -} - -# Helper to generate list of corresponding .debug files from a file list. -filelist_debugfiles() -{ - local extra="$1" - shift - sed 's/^%[a-z0-9_][a-z0-9_]*([^)]*) *// -s/^%[a-z0-9_][a-z0-9_]* *// -/^$/d -'"$extra" "$@" -} - -# Write an output debuginfo file list based on given input file lists. -filtered_list() -{ - local out="$1" - shift - test $# -gt 0 || return - fgrep -f <(filelist_debugfiles 's,^.*$,/usr/lib/debug&.debug,' "$@") \ - -x $LISTFILE >> $out - sed -n -f <(filelist_debugfiles 's/[\\.*+#]/\\&/g -h -s,^.*$,s# &$##p,p -g -s,^.*$,s# /usr/lib/debug&.debug$##p,p -' "$@") $LINKSFILE | append_uniq "$out" -} - -# Write an output debuginfo file list based on an egrep-style regexp. -pattern_list() -{ - local out="$1" ptn="$2" - test -n "$ptn" || return - egrep -x -e "$ptn" $LISTFILE >> $out - sed -n -r "\#^$ptn #s/ .*\$//p" $LINKSFILE | append_uniq "$out" -} - -# -# When given multiple -o switches, split up the output as directed. -# -i=0 -while ((i < nout)); do - > ${outs[$i]} - filtered_list ${outs[$i]} ${lists[$i]} - pattern_list ${outs[$i]} "${ptns[$i]}" - fgrep -vx -f ${outs[$i]} $LISTFILE > ${LISTFILE}.new - mv ${LISTFILE}.new $LISTFILE - ((++i)) -done -if ((nout > 0)); then - # Now add the right %dir lines to each output list. - (cd ${RPM_BUILD_ROOT}; find usr/lib/debug -type d) | - sed 's#^.*$#\\@^/&/@{h;s@^.*$@%dir /&@p;g;}#' | - LC_ALL=C sort -ur > ${LISTFILE}.dirs.sed - i=0 - while ((i < nout)); do - sed -n -f ${LISTFILE}.dirs.sed ${outs[$i]} | sort -u > ${outs[$i]}.new - cat ${outs[$i]} >> ${outs[$i]}.new - mv -f ${outs[$i]}.new ${outs[$i]} - ((++i)) - done - sed -n -f ${LISTFILE}.dirs.sed ${LISTFILE} | sort -u > ${LISTFILE}.new - cat $LISTFILE >> ${LISTFILE}.new - mv ${LISTFILE}.new $LISTFILE -fi diff --git a/import.log b/import.log new file mode 100644 index 0000000..7360c17 --- /dev/null +++ b/import.log @@ -0,0 +1 @@ +rpm-4_5_90-0_git8444_1:HEAD:rpm-4.5.90-0.git8444.1.src.rpm:1217601763 diff --git a/rpm-4.4.2-devel-autodep.patch b/rpm-4.4.2-devel-autodep.patch deleted file mode 100644 index 3936ad1..0000000 --- a/rpm-4.4.2-devel-autodep.patch +++ /dev/null @@ -1,123 +0,0 @@ ---- rpm-4.4.2/build/rpmfc.c 2006-04-27 21:35:41.000000000 -0400 -+++ rpm/build/rpmfc.c 2006-04-27 21:33:48.000000000 -0400 -@@ -492,7 +492,7 @@ - { "ASCII text", RPMFC_WHITE|RPMFC_INCLUDE }, - { "ISO-8859 text", RPMFC_WHITE|RPMFC_INCLUDE }, - -- { "symbolic link to", RPMFC_SYMLINK }, -+ { "symbolic link to", RPMFC_SYMLINK|RPMFC_INCLUDE }, - { "socket", RPMFC_DEVICE }, - { "special", RPMFC_DEVICE }, - -@@ -642,6 +642,103 @@ - } - - /** -+ * Ensure that symlinks for shared libs generate a dep on the shared lib -+ * @param fc file classifier -+ * @return 0 on success -+ */ -+static int rpmfcSYMLINK(rpmfc fc) -+{ -+ const char * fn = fc->fn[fc->ix]; -+ struct stat sb; -+ int fdno; -+ -+ if (stat(fn, &sb) < 0) -+ return -1; -+ if (S_ISLNK(sb.st_mode)) -+ return -1; -+ -+ fdno = open(fn, O_RDONLY); -+ if (fdno < 0) { -+ return fdno; -+ } -+ -+#if HAVE_GELF_H && HAVE_LIBELF -+ Elf * elf = NULL; -+ GElf_Ehdr ehdr_mem, * ehdr; -+ int isElf64; -+ int i, cnt; -+ char * soname = NULL; -+ char buf[BUFSIZ]; -+ char * t; -+ rpmds ds; -+ -+ (void) elf_version(EV_CURRENT); -+ elf = NULL; -+ if ((elf = elf_begin (fdno, ELF_C_READ_MMAP, NULL)) == NULL -+ || elf_kind(elf) != ELF_K_ELF -+ || (ehdr = gelf_getehdr(elf, &ehdr_mem)) == NULL -+ || ehdr->e_type != ET_DYN) -+ goto exit; -+ -+ isElf64 = ehdr->e_ident[EI_CLASS] == ELFCLASS64; -+ -+ for (i = 0; i < ehdr->e_phnum; ++i) { -+ GElf_Phdr phdr_mem; -+ GElf_Phdr *phdr = gelf_getphdr (elf, i, &phdr_mem); -+ GElf_Shdr shdr_mem; -+ Elf_Data * data = NULL; -+ Elf_Scn * scn; -+ GElf_Shdr *shdr; -+ -+ if (phdr == NULL || phdr->p_type != PT_DYNAMIC) -+ continue; -+ -+ scn = gelf_offscn(elf, phdr->p_offset); -+ shdr = gelf_getshdr(scn, &shdr_mem); -+ -+ if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC) -+ data = elf_getdata (scn, NULL); -+ if (data == NULL) -+ continue; -+ -+ for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) { -+ GElf_Dyn dynmem; -+ GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dynmem); -+ if (dyn == NULL) -+ break; -+ if (dyn->d_tag != DT_SONAME) -+ continue; -+ -+ /* add the soname to package deps */ -+ soname = elf_strptr(elf, shdr->sh_link, dyn->d_un.d_val); -+ if (soname == NULL) -+ break; -+ buf[0] = '\0'; -+ t = buf; -+ t = stpcpy(t, soname); -+#if !defined(__alpha__) -+ if (isElf64) -+ t = stpcpy(t, "()(64bit)"); -+#endif -+ t++; -+ /* Add to package dependencies. */ -+ ds = rpmdsSingle(RPMTAG_REQUIRENAME, -+ buf, "", RPMSENSE_FIND_REQUIRES); -+ rpmdsMerge(&fc->requires, ds); -+ rpmfcSaveArg(&fc->ddict, rpmfcFileDep(t, fc->ix, ds)); -+ ds = rpmdsFree(ds); -+ break; -+ } -+ } -+exit: -+ if (elf) (void) elf_end(elf); -+ close(fdno); -+ return 0; -+#endif -+ return -1; -+} -+ -+/** - * Extract script dependencies. - * @param fc file classifier - * @return 0 on success -@@ -1069,6 +1166,7 @@ - { rpmfcSCRIPT, (RPMFC_SCRIPT|RPMFC_PERL) }, - { rpmfcSCRIPT, (RPMFC_SCRIPT|RPMFC_PYTHON) }, - { rpmfcSCRIPT, RPMFC_MONO }, -+ { rpmfcSYMLINK, RPMFC_SYMLINK }, - { NULL, 0 } - }; - diff --git a/rpm-4.4.2-ghost-conflicts.patch b/rpm-4.4.2-ghost-conflicts.patch deleted file mode 100644 index 601663d..0000000 --- a/rpm-4.4.2-ghost-conflicts.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- rpm-4.4.2/lib/transaction.c.ghostconflicts 2005-06-11 15:37:34.000000000 -0400 -+++ rpm-4.4.2/lib/transaction.c 2005-11-28 13:25:25.000000000 -0500 -@@ -165,6 +165,7 @@ - for (i = 0; i < sharedCount; i++, shared++) { - int otherFileNum, fileNum; - int isCfgFile; -+ int isGhostFile; - - otherFileNum = shared->otherFileNum; - (void) rpmfiSetFX(otherFi, otherFileNum); -@@ -177,6 +178,7 @@ - FColor &= tscolor; - - isCfgFile = ((rpmfiFFlags(otherFi) | rpmfiFFlags(fi)) & RPMFILE_CONFIG); -+ isGhostFile = ((rpmfiFFlags(otherFi) & RPMFILE_GHOST) && (rpmfiFFlags(fi) & RPMFILE_GHOST)); - - #ifdef DYING - /* XXX another tedious segfault, assume file state normal. */ -@@ -187,6 +189,9 @@ - if (XFA_SKIPPING(fi->actions[fileNum])) - continue; - -+ if (isGhostFile) -+ continue; -+ - if (rpmfiCompare(otherFi, fi)) { - int rConflicts; - diff --git a/rpm-4.4.2-matchpathcon.patch b/rpm-4.4.2-matchpathcon.patch deleted file mode 100644 index e044984..0000000 --- a/rpm-4.4.2-matchpathcon.patch +++ /dev/null @@ -1,204 +0,0 @@ ---- rpm-4.4.2/python/Makefile.am.matchpathcon 2005-02-16 19:18:37.000000000 -0500 -+++ rpm-4.4.2/python/Makefile.am 2005-07-21 16:59:25.000000000 -0400 -@@ -34,7 +34,8 @@ - $(top_builddir)/rpmdb/librpmdb.la \ - $(top_builddir)/rpmio/librpmio.la \ - @WITH_POPT_LIB@ \ -- @WITH_LIBELF_LIB@ -+ @WITH_LIBELF_LIB@ \ -+ @WITH_SELINUX_LIB@ - - LDADD = - ---- rpm-4.4.2/python/rpmts-py.c.matchpathcon 2005-02-12 22:12:07.000000000 -0500 -+++ rpm-4.4.2/python/rpmts-py.c 2005-07-21 16:47:11.000000000 -0400 -@@ -1182,16 +1182,11 @@ - - /* Initialize security context patterns (if not already done). */ - if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -- rpmsx sx = rpmtsREContext(s->ts); -- if (sx == NULL) { -- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -- if (fn != NULL && *fn != '\0') { -- sx = rpmsxNew(fn); -- (void) rpmtsSetREContext(s->ts, sx); -- } -- fn = _free(fn); -+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -+ if (fn != NULL && *fn != '\0') { -+ matchpathcon_init(fn); - } -- sx = rpmsxFree(sx); -+ fn = _free(fn); - } - - if (_rpmts_debug) ---- rpm-4.4.2/lib/rpminstall.c.matchpathcon 2005-07-21 16:47:11.000000000 -0400 -+++ rpm-4.4.2/lib/rpminstall.c 2005-07-21 16:47:11.000000000 -0400 -@@ -310,16 +310,10 @@ - - /* Initialize security context patterns (if not already done). */ - if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -- rpmsx sx = rpmtsREContext(ts); -- if (sx == NULL) { -- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -- if (fn != NULL && *fn != '\0') { -- sx = rpmsxNew(fn); -- (void) rpmtsSetREContext(ts, sx); -- } -- fn = _free(fn); -- } -- sx = rpmsxFree(sx); -+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -+ if (fn != NULL && *fn != '\0') { -+ matchpathcon_init(fn); -+ } - } - (void) rpmtsSetFlags(ts, ia->transFlags); - ---- rpm-4.4.2/lib/rpmfi.c.matchpathcon 2005-02-10 03:30:28.000000000 -0500 -+++ rpm-4.4.2/lib/rpmfi.c 2005-07-21 16:47:11.000000000 -0400 -@@ -16,7 +16,7 @@ - #define _RPMFI_INTERNAL - #include "rpmfi.h" - --#include "rpmsx.h" -+#include - - #define _RPMTE_INTERNAL /* relocations */ - #include "rpmte.h" -@@ -1645,8 +1645,8 @@ - { - int scareMem = 0; - rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); -- rpmsx sx = NULL; - const char ** av = NULL; -+ const char * myfn = rpmGetPath("%{?__file_context_path}", NULL); - int ac; - size_t nb; - char * t; -@@ -1660,7 +1660,7 @@ - } - - /* Read security context patterns. */ -- sx = rpmsxNew(NULL); -+ matchpathcon_init(myfn); - - /* Compute size of argv array blob, concatenating file contexts. */ - nb = ac * sizeof(*fcnb); -@@ -1671,10 +1671,9 @@ - while (rpmfiNext(fi) >= 0) { - const char * fn = rpmfiFN(fi); - mode_t fmode = rpmfiFMode(fi); -- const char * scon; -+ security_context_t scon; - -- scon = rpmsxFContext(sx, fn, fmode); -- if (scon != NULL) { -+ if (matchpathcon(fn, fmode, &scon) == 0) { - fcnb[ac] = strlen(scon) + 1; - /*@-branchstate@*/ - if (fcnb[ac] > 0) { -@@ -1682,6 +1681,7 @@ - memcpy(fctxt+fctxtlen, scon, fcnb[ac]); - fctxtlen += fcnb[ac]; - } -+ freecon(scon); - /*@=branchstate@*/ - } - ac++; -@@ -1707,7 +1707,6 @@ - - exit: - fi = rpmfiFree(fi); -- sx = rpmsxFree(sx); - /*@-branchstate@*/ - if (fcontextp) - *fcontextp = av; ---- rpm-4.4.2/lib/fsm.c.matchpathcon 2004-10-09 15:40:09.000000000 -0400 -+++ rpm-4.4.2/lib/fsm.c 2005-07-21 16:47:11.000000000 -0400 -@@ -634,12 +634,11 @@ - if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 && - !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) - { -- rpmsx sx = rpmtsREContext(ts); -+ security_context_t scon = NULL; - -- if (sx != NULL) { -+ if ( matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) { - /* Get file security context from patterns. */ -- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); -- sx = rpmsxFree(sx); -+ fsm->fcontext = scon; - } else { - int i = fsm->ix; - ---- rpm-4.4.2/build/Makefile.am.matchpathcon 2005-03-14 05:03:48.000000000 -0500 -+++ rpm-4.4.2/build/Makefile.am 2005-07-21 16:47:11.000000000 -0400 -@@ -35,6 +35,7 @@ - $(top_builddir)/lib/librpm.la \ - $(top_builddir)/rpmdb/librpmdb.la \ - $(top_builddir)/rpmio/librpmio.la \ -+ @WITH_SELINUX_LIB@ \ - @WITH_LIBELF_LIB@ - - rpmfile.h: ---- rpm-4.4.2/build/files.c.matchpathcon 2005-07-13 05:58:55.000000000 -0400 -+++ rpm-4.4.2/build/files.c 2005-07-21 16:47:11.000000000 -0400 -@@ -23,7 +23,7 @@ - #define _RPMFI_INTERNAL - #include "rpmfi.h" - --#include "rpmsx.h" -+#include - - #define _RPMTE_INTERNAL - #include "rpmte.h" -@@ -1122,7 +1122,7 @@ - int apathlen = 0; - int dpathlen = 0; - int skipLen = 0; -- rpmsx sx = NULL; -+ security_context_t scon = NULL; - const char * sxfn; - size_t fnlen; - FileListRec flp; -@@ -1142,7 +1142,7 @@ - - sxfn = rpmGetPath("%{?_build_file_context_path}", NULL); - if (sxfn != NULL && *sxfn != '\0') -- sx = rpmsxNew(sxfn); -+ matchpathcon_init(sxfn); - - for (i = 0, flp = fl->fileList; i < fl->fileListRecsUsed; i++, flp++) { - const char *s; -@@ -1324,18 +1324,19 @@ - &(flp->flags), 1); - - /* Add file security context to package. */ --/*@-branchstate@*/ -- if (sx != NULL) { -- mode_t fmode = (uint_16)flp->fl_mode; -- s = rpmsxFContext(sx, flp->fileURL, fmode); -- if (s == NULL) s = ""; -- (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, -- &s, 1); -- } --/*@=branchstate@*/ -+ mode_t fmode = (uint_16)flp->fl_mode; -+ int rc = matchpathcon(flp->fileURL, fmode, &scon); -+ if ( rc == 0 && scon != NULL) { -+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &scon, 1); -+ freecon(scon); -+ } -+ else { -+ const char *nocon = ""; -+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &nocon, 1); -+ } -+ - - } -- sx = rpmsxFree(sx); - sxfn = _free(sxfn); - - (void) headerAddEntry(h, RPMTAG_SIZE, RPM_INT32_TYPE, diff --git a/rpm-4.4.2-rpmfc-skip.patch b/rpm-4.4.2-rpmfc-skip.patch deleted file mode 100644 index db13251..0000000 --- a/rpm-4.4.2-rpmfc-skip.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- rpm-4.4.2/build/rpmfc.c.skip 2006-05-04 14:38:26.000000000 -0400 -+++ rpm-4.4.2/build/rpmfc.c 2006-05-04 14:45:10.000000000 -0400 -@@ -722,11 +722,13 @@ - #endif - t++; - /* Add to package dependencies. */ -- ds = rpmdsSingle(RPMTAG_REQUIRENAME, -+ if (!fc->skipReq) { -+ ds = rpmdsSingle(RPMTAG_REQUIRENAME, - buf, "", RPMSENSE_FIND_REQUIRES); -- rpmdsMerge(&fc->requires, ds); -- rpmfcSaveArg(&fc->ddict, rpmfcFileDep(t, fc->ix, ds)); -- ds = rpmdsFree(ds); -+ rpmdsMerge(&fc->requires, ds); -+ rpmfcSaveArg(&fc->ddict, rpmfcFileDep(t, fc->ix, ds)); -+ ds = rpmdsFree(ds); -+ } - break; - } - } -@@ -1187,6 +1189,7 @@ - int ix; - int i; - int xx; -+ int skipping; - - /* Generate package and per-file dependencies. */ - for (fc->ix = 0; fc->fn[fc->ix] != NULL; fc->ix++) { -@@ -1234,15 +1237,18 @@ - Flags = strtol(se, NULL, 16); - - dix = -1; -+ skipping = 0; - switch (deptype) { - default: - /*@switchbreak@*/ break; - case 'P': -+ skipping = fc->skipProv; - ds = rpmdsSingle(RPMTAG_PROVIDENAME, N, EVR, Flags); - dix = rpmdsFind(fc->provides, ds); - ds = rpmdsFree(ds); - /*@switchbreak@*/ break; - case 'R': -+ skipping = fc->skipReq; - ds = rpmdsSingle(RPMTAG_REQUIRENAME, N, EVR, Flags); - dix = rpmdsFind(fc->requires, ds); - ds = rpmdsFree(ds); -@@ -1264,7 +1270,7 @@ - previx = ix; - xx = argiAdd(&fc->fddictx, ix, argiCount(fc->ddictx)-1); - } -- if (fc->fddictn && fc->fddictn->vals) -+ if (fc->fddictn && fc->fddictn->vals && !skipping) - fc->fddictn->vals[ix]++; - } - /*@=boundswrite@*/ diff --git a/rpm-4.4.2-trust.patch b/rpm-4.4.2-trust.patch deleted file mode 100644 index bb255ed..0000000 --- a/rpm-4.4.2-trust.patch +++ /dev/null @@ -1,69 +0,0 @@ ---- rpm-4.4.2/lib/poptQV.c.trust 2004-11-09 19:50:42.000000000 -0500 -+++ rpm-4.4.2/lib/poptQV.c 2006-04-27 13:42:31.000000000 -0400 -@@ -31,6 +31,10 @@ - #define POPT_HDLIST -1011 - #define POPT_FTSWALK -1012 - -+/* -1025 thrugh -1032 are common in rpmcli.h. */ -+#define POPT_TARGETPLATFORM -1036 -+#define POPT_TRUST -1037 -+ - /* ========== Query/Verify/Signature source args */ - static void rpmQVSourceArgCallback( /*@unused@*/ poptContext con, - /*@unused@*/ enum poptCallbackReason reason, -@@ -240,6 +244,14 @@ - qva->qva_flags |= VERIFY_SCRIPT; - break; - -+ /* XXX perhaps POPT_ARG_INT instead of callback. */ -+ case POPT_TRUST: -+ { char * end = NULL; -+ long trust = (int) strtol(arg, &end, 0); -+ /* XXX range checks on trust. */ -+ /* XXX if (end && *end) argerror(_("non-numeric trust metric.")); */ -+ qva->trust = trust; -+ } break; - } - } - -@@ -376,14 +388,6 @@ - N_("don't verify package signature(s)"), NULL }, - #endif - --/** @todo Add --nogpg/--nopgp aliases to rpmpopt, eliminate. */ -- { "nogpg", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, -- &rpmQVKArgs.qva_flags, VERIFY_SIGNATURE, -- N_("don't verify GPG V3 DSA signature(s)"), NULL }, -- { "nopgp", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, -- &rpmQVKArgs.qva_flags, VERIFY_SIGNATURE, -- N_("don't verify PGP V3 RSA/MD5 signature(s)"), NULL }, -- - POPT_TABLEEND - }; - -@@ -408,6 +412,15 @@ - N_("sign package(s) (identical to --addsign)"), NULL }, - { "sign", '\0', POPT_ARGFLAG_DOC_HIDDEN, &rpmQVKArgs.sign, 0, - N_("generate signature"), NULL }, -+ /* XXX perhaps POPT_ARG_INT instead of callback. */ -+ { "trust", '\0', POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, 0, POPT_TRUST, -+ N_("specify trust metric"), "TRUST" }, -+ { "trusted", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, -+ &rpmQVKArgs.trust, 1, -+ N_("set ultimate trust when importing pubkey(s)"), NULL }, -+ { "untrusted", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, -+ &rpmQVKArgs.trust, -1, -+ N_("unset ultimate trust when importing pubkey(s)"), NULL }, - - { "nodigest", '\0', POPT_BIT_SET, &rpmQVKArgs.qva_flags, VERIFY_DIGEST, - N_("don't verify package digest(s)"), NULL }, ---- rpm-4.4.2/lib/rpmcli.h.trust 2005-01-04 11:35:05.000000000 -0500 -+++ rpm-4.4.2/lib/rpmcli.h 2006-04-27 13:37:40.000000000 -0400 -@@ -280,6 +280,7 @@ - /*@only@*/ /*@null@*/ - const char * qva_queryFormat;/*!< Format for headerSprintf(). */ - int sign; /*!< Is a passphrase needed? */ -+ int trust; /*!< Trust metric when importing pubkeys. */ - /*@observer@*/ - const char * passPhrase; /*!< Pass phrase. */ - /*@observer@*/ /*@null@*/ diff --git a/rpm-4.4.2.1-no-popt.patch b/rpm-4.4.2.1-no-popt.patch deleted file mode 100644 index e79a115..0000000 --- a/rpm-4.4.2.1-no-popt.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- rpm-4.4.2.1/configure.ac.no-popt 2007-08-23 10:24:17.000000000 +0300 -+++ rpm-4.4.2.1/configure.ac 2007-08-23 10:26:41.000000000 +0300 -@@ -1302,7 +1302,7 @@ - dnl # XXX Propagate -lucb to popt ... - dnl export LIBS INCPATH CONFIG_SITE - --AC_CONFIG_SUBDIRS(popt file db3) -+AC_CONFIG_SUBDIRS(file db3) - - AC_CONFIG_FILES([ Doxyfile Makefile rpmrc macros platform rpmpopt - rpmio/Makefile rpmdb/Makefile lib/Makefile build/Makefile -@@ -1322,8 +1322,6 @@ - python/rpm/Makefile - lua/Makefile - ]) --AC_CONFIG_COMMANDS([default],[[ echo timestamp > popt/stamp-h.in -- echo timestamp > stamp-h.in -- -+AC_CONFIG_COMMANDS([default],[[ echo timestamp > stamp-h.in - ]],[[]]) - AC_OUTPUT diff --git a/rpm-4.4.2.2-autofoo.patch b/rpm-4.4.2.2-autofoo.patch deleted file mode 100644 index 71f3b80..0000000 --- a/rpm-4.4.2.2-autofoo.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rpm-4.4.2.2/Makefile.am.xxxx rpm-4.4.2.2/Makefile.am ---- rpm-4.4.2.2/Makefile.am.xxxx 2008-01-15 08:07:50.000000000 -0500 -+++ rpm-4.4.2.2/Makefile.am 2008-01-15 08:08:03.000000000 -0500 -@@ -94,7 +94,7 @@ rpm2cpio_SOURCES = $(top_srcdir)/rpm2cpi - rpm2cpio_LDFLAGS = $(myLDFLAGS) - rpm2cpio_LDADD = $(myLDADD) @LIBMISC@ - --$(PROGRAMS): $(myLDADD) @WITH_APIDOCS_TARGET@ -+$(PROGRAMS): @WITH_APIDOCS_TARGET@ - - .PHONY: splint - splint: diff --git a/rpm-4.4.2.2-devel-autodep.patch b/rpm-4.4.2.2-devel-autodep.patch deleted file mode 100644 index 4b01f6c..0000000 --- a/rpm-4.4.2.2-devel-autodep.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up rpm-4.4.2.2/build/rpmfc.c.develdeps rpm-4.4.2.2/build/rpmfc.c ---- rpm-4.4.2.2/build/rpmfc.c.develdeps 2007-09-11 09:28:12.000000000 +0300 -+++ rpm-4.4.2.2/build/rpmfc.c 2007-12-21 14:22:55.000000000 +0200 -@@ -497,7 +497,7 @@ static struct rpmfcTokens_s rpmfcTokens[ - { "ASCII text", RPMFC_WHITE|RPMFC_INCLUDE }, - { "ISO-8859 text", RPMFC_WHITE|RPMFC_INCLUDE }, - -- { "symbolic link to", RPMFC_SYMLINK }, -+ { "symbolic link to", RPMFC_SYMLINK|RPMFC_INCLUDE }, - { "socket", RPMFC_DEVICE }, - { "special", RPMFC_DEVICE }, - -@@ -647,6 +647,109 @@ rpmfc rpmfcNew(void) - } - - /** -+ * Ensure that symlinks for shared libs generate a dep on the shared lib -+ * @param fc file classifier -+ * @return 0 on success -+ */ -+static int rpmfcSYMLINK(rpmfc fc) -+{ -+ const char * fn = fc->fn[fc->ix]; -+ struct stat sb; -+ int fdno; -+ -+ if (stat(fn, &sb) < 0) -+ return -1; -+ if (S_ISLNK(sb.st_mode)) -+ return -1; -+ -+ fdno = open(fn, O_RDONLY); -+ if (fdno < 0) { -+ return fdno; -+ } -+ -+#if HAVE_GELF_H && HAVE_LIBELF -+ Elf * elf = NULL; -+ GElf_Ehdr ehdr_mem, * ehdr; -+ int isElf64; -+ int i, cnt; -+ char * soname = NULL; -+ char buf[BUFSIZ]; -+ char * t; -+ rpmds ds; -+ -+ (void) elf_version(EV_CURRENT); -+ elf = NULL; -+ if ((elf = elf_begin (fdno, ELF_C_READ_MMAP, NULL)) == NULL -+ || elf_kind(elf) != ELF_K_ELF -+ || (ehdr = gelf_getehdr(elf, &ehdr_mem)) == NULL -+ || ehdr->e_type != ET_DYN) -+ goto exit; -+ -+ isElf64 = ehdr->e_ident[EI_CLASS] == ELFCLASS64; -+ -+ for (i = 0; i < ehdr->e_phnum; ++i) { -+ GElf_Phdr phdr_mem; -+ GElf_Phdr *phdr = gelf_getphdr (elf, i, &phdr_mem); -+ GElf_Shdr shdr_mem; -+ Elf_Data * data = NULL; -+ Elf_Scn * scn = NULL; -+ GElf_Shdr *shdr = NULL; -+ -+ if (phdr == NULL || phdr->p_type != PT_DYNAMIC) -+ continue; -+ -+ while ((scn = elf_nextscn(elf, scn)) != NULL) { -+ shdr = gelf_getshdr(scn, &shdr_mem); -+ if (shdr->sh_offset == phdr->p_offset) -+ break; -+ } -+ -+ scn = gelf_offscn(elf, phdr->p_offset); -+ shdr = gelf_getshdr(scn, &shdr_mem); -+ -+ if (scn != NULL && shdr != NULL && shdr->sh_type == SHT_DYNAMIC) -+ data = elf_getdata (scn, NULL); -+ if (data == NULL) -+ continue; -+ -+ for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) { -+ GElf_Dyn dynmem; -+ GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dynmem); -+ if (dyn == NULL) -+ break; -+ if (dyn->d_tag != DT_SONAME) -+ continue; -+ -+ /* add the soname to package deps */ -+ soname = elf_strptr(elf, shdr->sh_link, dyn->d_un.d_val); -+ if (soname == NULL) -+ break; -+ buf[0] = '\0'; -+ t = buf; -+ t = stpcpy(t, soname); -+#if !defined(__alpha__) -+ if (isElf64) -+ t = stpcpy(t, "()(64bit)"); -+#endif -+ t++; -+ /* Add to package dependencies. */ -+ ds = rpmdsSingle(RPMTAG_REQUIRENAME, -+ buf, "", RPMSENSE_FIND_REQUIRES); -+ rpmdsMerge(&fc->requires, ds); -+ rpmfcSaveArg(&fc->ddict, rpmfcFileDep(t, fc->ix, ds)); -+ ds = rpmdsFree(ds); -+ break; -+ } -+ } -+exit: -+ if (elf) (void) elf_end(elf); -+ close(fdno); -+ return 0; -+#endif -+ return -1; -+} -+ -+/** - * Extract script dependencies. - * @param fc file classifier - * @return 0 on success -@@ -1094,6 +1197,7 @@ static struct rpmfcApplyTbl_s rpmfcApply - { rpmfcSCRIPT, (RPMFC_SCRIPT|RPMFC_PERL) }, - { rpmfcSCRIPT, (RPMFC_SCRIPT|RPMFC_PYTHON) }, - { rpmfcSCRIPT, RPMFC_MONO }, -+ { rpmfcSYMLINK, RPMFC_SYMLINK }, - { NULL, 0 } - }; - diff --git a/rpm-4.4.2.2-matchpathcon.patch b/rpm-4.4.2.2-matchpathcon.patch deleted file mode 100644 index 2b7328d..0000000 --- a/rpm-4.4.2.2-matchpathcon.patch +++ /dev/null @@ -1,253 +0,0 @@ -diff -up rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/python/Makefile.am ---- rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon 2007-09-11 09:28:15.000000000 +0300 -+++ rpm-4.4.2.2-rc2/python/Makefile.am 2007-09-27 11:05:29.000000000 +0300 -@@ -34,7 +34,8 @@ mylibs= \ - $(top_builddir)/rpmdb/librpmdb.la \ - $(top_builddir)/rpmio/librpmio.la \ - @WITH_POPT_LIB@ \ -- @WITH_LIBELF_LIB@ -+ @WITH_LIBELF_LIB@ \ -+ @WITH_SELINUX_LIB@ - - LDADD = - -diff -up rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon rpm-4.4.2.2-rc2/python/rpmts-py.c ---- rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 -+++ rpm-4.4.2.2-rc2/python/rpmts-py.c 2007-09-27 11:25:29.000000000 +0300 -@@ -1187,17 +1187,13 @@ rpmts_Run(rpmtsObject * s, PyObject * ar - } - - /* Initialize security context patterns (if not already done). */ -- if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -- rpmsx sx = rpmtsREContext(s->ts); -- if (sx == NULL) { -- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -- if (fn != NULL && *fn != '\0') { -- sx = rpmsxNew(fn); -- (void) rpmtsSetREContext(s->ts, sx); -- } -- fn = _free(fn); -+ if (rpmtsSELinuxEnabled(s->ts) && -+ !(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -+ if (fn != NULL && *fn != '\0') { -+ matchpathcon_init(fn); - } -- sx = rpmsxFree(sx); -+ fn = _free(fn); - } - - if (_rpmts_debug) -diff -up rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/build/Makefile.am ---- rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon 2007-09-11 09:28:12.000000000 +0300 -+++ rpm-4.4.2.2-rc2/build/Makefile.am 2007-09-27 11:05:29.000000000 +0300 -@@ -35,6 +35,7 @@ librpmbuild_la_LDFLAGS = -release 4.4 $( - $(top_builddir)/lib/librpm.la \ - $(top_builddir)/rpmdb/librpmdb.la \ - $(top_builddir)/rpmio/librpmio.la \ -+ @WITH_SELINUX_LIB@ \ - @WITH_LIBELF_LIB@ - - rpmfile.h: -diff -up rpm-4.4.2.2-rc2/build/files.c.matchpathcon rpm-4.4.2.2-rc2/build/files.c ---- rpm-4.4.2.2-rc2/build/files.c.matchpathcon 2007-09-11 09:28:12.000000000 +0300 -+++ rpm-4.4.2.2-rc2/build/files.c 2007-09-27 11:05:29.000000000 +0300 -@@ -23,7 +23,7 @@ - #define _RPMFI_INTERNAL - #include "rpmfi.h" - --#include "rpmsx.h" -+#include - - #define _RPMTE_INTERNAL - #include "rpmte.h" -@@ -1136,7 +1136,7 @@ static void genCpioListAndHeader(/*@part - int apathlen = 0; - int dpathlen = 0; - int skipLen = 0; -- rpmsx sx = NULL; -+ security_context_t scon = NULL; - const char * sxfn; - size_t fnlen; - FileListRec flp; -@@ -1156,7 +1156,7 @@ static void genCpioListAndHeader(/*@part - - sxfn = rpmGetPath("%{?_build_file_context_path}", NULL); - if (sxfn != NULL && *sxfn != '\0') -- sx = rpmsxNew(sxfn); -+ matchpathcon_init(sxfn); - - for (i = 0, flp = fl->fileList; i < fl->fileListRecsUsed; i++, flp++) { - const char *s; -@@ -1338,18 +1338,19 @@ static void genCpioListAndHeader(/*@part - &(flp->flags), 1); - - /* Add file security context to package. */ --/*@-branchstate@*/ -- if (sx != NULL) { -- mode_t fmode = (uint_16)flp->fl_mode; -- s = rpmsxFContext(sx, flp->fileURL, fmode); -- if (s == NULL) s = ""; -- (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, -- &s, 1); -- } --/*@=branchstate@*/ -+ mode_t fmode = (uint_16)flp->fl_mode; -+ int rc = matchpathcon(flp->fileURL, fmode, &scon); -+ if ( rc == 0 && scon != NULL) { -+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &scon, 1); -+ freecon(scon); -+ } -+ else { -+ const char *nocon = ""; -+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &nocon, 1); -+ } -+ - - } -- sx = rpmsxFree(sx); - sxfn = _free(sxfn); - - (void) headerAddEntry(h, RPMTAG_SIZE, RPM_INT32_TYPE, -diff -up rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon rpm-4.4.2.2-rc2/lib/fsm.c ---- rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 -+++ rpm-4.4.2.2-rc2/lib/fsm.c 2007-09-27 11:28:30.000000000 +0300 -@@ -634,12 +634,11 @@ static int fsmMapFContext(FSM_t fsm) - if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 && - !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) - { -- rpmsx sx = rpmtsREContext(ts); -+ security_context_t scon = NULL; - -- if (sx != NULL) { -+ if ( matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) { - /* Get file security context from patterns. */ -- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); -- sx = rpmsxFree(sx); -+ fsm->fcontext = scon; - } else { - int i = fsm->ix; - -@@ -1277,7 +1276,7 @@ static int fsmMkdirs(/*@special@*/ /*@pa - /*@-compdef@*/ - rpmts ts = fsmGetTs(fsm); - /*@=compdef@*/ -- rpmsx sx = rpmtsREContext(ts); -+ security_context_t scon = NULL; - - fsm->path = NULL; - -@@ -1341,10 +1340,15 @@ static int fsmMkdirs(/*@special@*/ /*@pa - if (!rc) { - /* XXX FIXME? only new dir will have context set. */ - /* Get file security context from patterns. */ -- if (sx != NULL) { -- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); -- rc = fsmNext(fsm, FSM_LSETFCON); -+ if (rpmtsSELinuxEnabled(ts) && -+ ! rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) { -+ if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 && -+ scon != NULL) { -+ fsm->fcontext = scon; -+ rc = fsmNext(fsm, FSM_LSETFCON); -+ } - } -+ - if (fsm->fcontext == NULL) - rpmMessage(RPMMESS_DEBUG, - _("%s directory created with perms %04o, no context.\n"), -@@ -1377,7 +1381,6 @@ static int fsmMkdirs(/*@special@*/ /*@pa - } - /*@=boundswrite@*/ - dnli = dnlFreeIterator(dnli); -- sx = rpmsxFree(sx); - /*@=observertrans =dependenttrans@*/ - - fsm->path = path; -diff -up rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpmfi.c ---- rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 -+++ rpm-4.4.2.2-rc2/lib/rpmfi.c 2007-09-27 11:05:29.000000000 +0300 -@@ -16,7 +16,7 @@ - #define _RPMFI_INTERNAL - #include "rpmfi.h" - --#include "rpmsx.h" -+#include - - #define _RPMTE_INTERNAL /* relocations */ - #include "rpmte.h" -@@ -1697,8 +1697,8 @@ void rpmfiBuildREContexts(Header h, - { - int scareMem = 0; - rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); -- rpmsx sx = NULL; - const char ** av = NULL; -+ const char * myfn = rpmGetPath("%{?__file_context_path}", NULL); - int ac; - size_t nb; - char * t; -@@ -1712,7 +1712,7 @@ void rpmfiBuildREContexts(Header h, - } - - /* Read security context patterns. */ -- sx = rpmsxNew(NULL); -+ matchpathcon_init(myfn); - - /* Compute size of argv array blob, concatenating file contexts. */ - nb = ac * sizeof(*fcnb); -@@ -1723,10 +1723,9 @@ void rpmfiBuildREContexts(Header h, - while (rpmfiNext(fi) >= 0) { - const char * fn = rpmfiFN(fi); - mode_t fmode = rpmfiFMode(fi); -- const char * scon; -+ security_context_t scon; - -- scon = rpmsxFContext(sx, fn, fmode); -- if (scon != NULL) { -+ if (matchpathcon(fn, fmode, &scon) == 0) { - fcnb[ac] = strlen(scon) + 1; - /*@-branchstate@*/ - if (fcnb[ac] > 0) { -@@ -1734,6 +1733,7 @@ void rpmfiBuildREContexts(Header h, - memcpy(fctxt+fctxtlen, scon, fcnb[ac]); - fctxtlen += fcnb[ac]; - } -+ freecon(scon); - /*@=branchstate@*/ - } - ac++; -@@ -1759,7 +1759,6 @@ void rpmfiBuildREContexts(Header h, - - exit: - fi = rpmfiFree(fi); -- sx = rpmsxFree(sx); - /*@-branchstate@*/ - if (fcontextp) - *fcontextp = av; -diff -up rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpminstall.c ---- rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 -+++ rpm-4.4.2.2-rc2/lib/rpminstall.c 2007-09-27 11:27:46.000000000 +0300 -@@ -309,17 +309,12 @@ int rpmInstall(rpmts ts, - ia->transFlags |= RPMTRANS_FLAG_REPACKAGE; - - /* Initialize security context patterns (if not already done). */ -- if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -- rpmsx sx = rpmtsREContext(ts); -- if (sx == NULL) { -- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -- if (fn != NULL && *fn != '\0') { -- sx = rpmsxNew(fn); -- (void) rpmtsSetREContext(ts, sx); -- } -- fn = _free(fn); -- } -- sx = rpmsxFree(sx); -+ if (rpmtsSELinuxEnabled(ts) && -+ !(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { -+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); -+ if (fn != NULL && *fn != '\0') { -+ matchpathcon_init(fn); -+ } - } - (void) rpmtsSetFlags(ts, ia->transFlags); - diff --git a/rpm-4.4.2.2-pkgconfig-path.patch b/rpm-4.4.2.2-pkgconfig-path.patch deleted file mode 100644 index 545f24a..0000000 --- a/rpm-4.4.2.2-pkgconfig-path.patch +++ /dev/null @@ -1,14 +0,0 @@ -Set PKG_CONFIG_PATH correctly wrt target arch. -Optimally belongs in redhat-rpm-config but easier to just add here... - ---- rpm-4.4.2/macros.in.pkgconfigpath 2007-01-30 15:57:37.000000000 -0500 -+++ rpm-4.4.2/macros.in 2007-01-30 16:04:25.000000000 -0500 -@@ -926,6 +926,8 @@ - export RPM_BUILD_ROOT}\ - %{?_javaclasspath:CLASSPATH=\"%{_javaclasspath}\"\ - export CLASSPATH}\ -+ PKG_CONFIG_PATH=\"%{_libdir}/pkgconfig:%{_datadir}/pkgconfig\"\ -+ export PKG_CONFIG_PATH\ - \ - %{verbose:set -x}%{!verbose:exec > /dev/null}\ - umask 022\ diff --git a/rpm-4.4.2.3-fix-find-requires.patch b/rpm-4.4.2.3-fix-find-requires.patch deleted file mode 100644 index 58e8b7b..0000000 --- a/rpm-4.4.2.3-fix-find-requires.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/autodeps/linux.req b/autodeps/linux.req -index c0a0cc9..70f627d 100644 ---- a/autodeps/linux.req -+++ b/autodeps/linux.req -@@ -105,6 +104,7 @@ for f in $liblist $exelist ; do - print $2 ; - } - } -+ (START==2) && /^[A-Za-z]/ { START=3; } - /^Version References:$/ { START=2; } - (START==2) && /required from/ { - sub(/:/, "", $3); -@@ -113,7 +113,6 @@ for f in $liblist $exelist ; do - (START==2) && (LIBNAME!="") && ($4!="") && (($4~/^GLIBC_*/) || ($4~/^GCC_*/)) { - print LIBNAME "(" $4 ")'$lib64'"; - } -- /^[A-Za-z]/ { START=3; } - ' - done | sort -u - diff --git a/rpm-4.4.2.3-geode-instplat.patch b/rpm-4.4.2.3-geode-instplat.patch deleted file mode 100644 index 690cda2..0000000 --- a/rpm-4.4.2.3-geode-instplat.patch +++ /dev/null @@ -1,23 +0,0 @@ -changeset: 6240:77473bfeaa7a -tag: tip -user: Panu Matilainen -date: Fri Jan 25 17:33:35 2008 +0200 -files: installplatform -description: -Urgh, add geode to x86_64 secondary arch subst-crack... -(transplanted from 1196f54f1c475819b16c419f3f060c9fe3ff1e91) - - -diff -r 8e1c3b69d2af -r 77473bfeaa7a installplatform ---- a/installplatform Fri Jan 25 14:08:27 2008 +0200 -+++ b/installplatform Fri Jan 25 17:33:35 2008 +0200 -@@ -36,7 +36,7 @@ case "$arch" in - sparc*) SUBSTS='s_sparc\(64\|64v\|v9v\|v9\)_sparc_ s_sparc64_sparcv9_;s_sparc\([^v]\|$\)_sparcv9\1_ s_sparcv9_sparc64_;s_sparc\([^6]\|$\)_sparc64\1_' ;; - powerpc*|ppc*) SUBSTS='s_ppc64_ppc_ s_ppc\([^6ip]\|$\)_ppc64\1_ s_ppc\([^6ip]\|$\)_ppciseries_ s_ppc\([^6ip]\|$\)_ppcpseries_ s_ppc\([^6ip]\|$\)_ppc64iseries_ s_ppc\([^6ip]\|$\)_ppc64pseries_' ;; - s390*) SUBSTS='s_s390x_s390_ s_s390\([^x]\|$\)_s390x\1_' ;; -- x86_64|amd64|ia32e) SUBSTS='s,x86_64,x86_64, s,x86_64,ia32e, s,x86_64,amd64, s,x86_64,i386, s,x86_64,i486, s,x86_64,i586, s,x86_64,i686, s,x86_64,pentium3, s,x86_64,pentium4, s,x86_64,athlon,' ;; -+ x86_64|amd64|ia32e) SUBSTS='s,x86_64,x86_64, s,x86_64,ia32e, s,x86_64,amd64, s,x86_64,i386, s,x86_64,i486, s,x86_64,i586, s,x86_64,i686, s,x86_64,pentium3, s,x86_64,pentium4, s,x86_64,athlon, s,x86_64,geode,' ;; - *) SUBSTS=y___ ;; - esac - - diff --git a/rpm-4.4.2.3-no-order-rescan-limit.patch b/rpm-4.4.2.3-no-order-rescan-limit.patch deleted file mode 100644 index a88ef7e..0000000 --- a/rpm-4.4.2.3-no-order-rescan-limit.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up rpm-4.4.2.3-rc1/lib/depends.c.no-limit rpm-4.4.2.3-rc1/lib/depends.c ---- rpm-4.4.2.3-rc1/lib/depends.c.no-limit 2008-03-12 08:40:08.000000000 +0200 -+++ rpm-4.4.2.3-rc1/lib/depends.c 2008-03-12 08:58:15.000000000 +0200 -@@ -1229,7 +1229,7 @@ int rpmtsOrder(rpmts ts) - int numOrderList; - int npeer = 128; /* XXX more than deep enough for now. */ - int * peer = memset(alloca(npeer*sizeof(*peer)), 0, (npeer*sizeof(*peer))); -- int nrescans = 10; -+ int nrescans = 0; - int _printed = 0; - char deptypechar; - size_t tsbytes; -@@ -1563,8 +1563,10 @@ rescan: - - /* If a relation was eliminated, then continue sorting. */ - /* XXX TODO: add control bit. */ -- if (nzaps && nrescans-- > 0) { -- rpmMessage(RPMMESS_DEBUG, _("========== continuing tsort ...\n")); -+ if (nzaps > 0) { -+ rpmMessage(RPMMESS_DEBUG, -+ _("========== continuing tsort ... (rescan %d)\n"), -+ ++nrescans); - goto rescan; - } - diff --git a/rpm-4.4.2.3-nss.patch b/rpm-4.4.2.3-nss.patch deleted file mode 100644 index b574863..0000000 --- a/rpm-4.4.2.3-nss.patch +++ /dev/null @@ -1,1953 +0,0 @@ -commit c8173f26908886f7b02f7f88a7a2aed9498839da -Author: Panu Matilainen -Date: Tue Apr 1 10:42:49 2008 +0300 - - NSS support - -diff --git a/Makefile.am b/Makefile.am -index 0495836..4c68c4c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,14 +10,14 @@ EXTRA_DIST = CHANGES ChangeLog CREDITS Doxyheader GROUPS README.amiga INSTALL \ - po/*.in po/*.po po/rpm.pot \ - rpm.magic rpmpopt-$(VERSION) rpmqv.c - --SUBDIRS = po misc @WITH_ZLIB_SUBDIR@ @WITH_ELFUTILS_SUBDIR@ @WITH_MAGIC_SUBDIR@ @WITH_DB_SUBDIR@ @WITH_SQLITE3_SUBDIR@ @WITH_POPT_SUBDIR@ @WITH_BEECRYPT_SUBDIR@ @WITH_NEON_SUBDIR@ lua rpmio rpmdb lib build @WITH_PYTHON_SUBDIR@ tools scripts doc . -+SUBDIRS = po misc @WITH_ZLIB_SUBDIR@ @WITH_ELFUTILS_SUBDIR@ @WITH_MAGIC_SUBDIR@ @WITH_DB_SUBDIR@ @WITH_SQLITE3_SUBDIR@ @WITH_POPT_SUBDIR@ @WITH_NEON_SUBDIR@ lua rpmio rpmdb lib build @WITH_PYTHON_SUBDIR@ tools scripts doc . - - INCLUDES = \ - -I$(top_srcdir)/build \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/rpmdb \ - -I$(top_srcdir)/rpmio \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - -I$(top_srcdir)/misc \ - @WITH_LIBELF_INCLUDE@ \ -@@ -25,7 +25,7 @@ INCLUDES = \ - - staticLDFLAGS = @LDFLAGS_STATIC@ @LDFLAGS_NPTL@ - --myLDFLAGS = @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ -+myLDFLAGS = @WITH_LIBELF_LIB@ - - myLDADD = \ - $(top_builddir)/lib/librpm.la \ -@@ -33,6 +33,7 @@ myLDADD = \ - $(top_builddir)/rpmio/librpmio.la \ - @WITH_POPT_LIB@ \ - @WITH_ZLIB_LIB@ \ -+ @WITH_NSS_LIB@ \ - @LIBMISC@ - - rpmbindir = `echo $(bindir) | sed -e s,usr/bin,bin,` -@@ -71,7 +72,7 @@ rpmd.o: $(top_srcdir)/rpmqv.c - - rpmi_SOURCES = - #rpmi_LDFLAGS = $(myLDFLAGS) $(staticLDFLAGS) --#rpmi_LDADD = rpmi.o $(myLDADD) @WITH_LIBELF_LIB@ @WITH_BEECRYPT_LIB@ -+#rpmi_LDADD = rpmi.o $(myLDADD) @WITH_LIBELF_LIB@ - rpmi_LDFLAGS = $(myLDFLAGS) - rpmi_LDADD = rpmi.o $(myLDADD) - rpmi.o: $(top_srcdir)/rpmqv.c -@@ -112,7 +113,6 @@ lint: - `make -s sources -C lib` \ - `make -s sources -C rpmdb` \ - `make -s sources -C rpmio` \ -- `make -s sources -C beecrypt` \ - `make -s sources -C file/src` \ - `make -s sources -C popt` - -diff --git a/autogen.sh b/autogen.sh -index 27d4118..63bfbe1 100755 ---- a/autogen.sh -+++ b/autogen.sh -@@ -48,9 +48,6 @@ fi - if [ -d zlib ]; then - (echo "--- zlib"; cd zlib; ./autogen.sh --noconfigure "$@") - fi --if [ -d beecrypt ]; then -- (echo "--- beecrypt"; cd beecrypt; ./autogen.sh --noconfigure "$@") --fi - if [ -d elfutils ]; then - (echo "--- elfutils"; cd elfutils; ./autogen.sh --noconfigure "$@") - fi -diff --git a/build/Makefile.am b/build/Makefile.am -index 83d2dee..75b41c2 100644 ---- a/build/Makefile.am -+++ b/build/Makefile.am -@@ -9,7 +9,7 @@ INCLUDES = -I. \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/rpmdb \ - -I$(top_srcdir)/rpmio \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_MAGIC_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - @WITH_LIBELF_INCLUDE@ \ -diff --git a/configure.ac b/configure.ac -index b004391..c98c86d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -463,34 +463,32 @@ AC_SUBST(WITH_LIBDWARF_INCLUDE) - AC_SUBST(WITH_LIBDWARF_DEBUGEDIT) - - #================= --# Check for beecrypt library. Prefer external, otherwise internal. --WITH_BEECRYPT_SUBDIR= --WITH_BEECRYPT_INCLUDE= --WITH_BEECRYPT_LIB= --AC_CHECK_HEADER([beecrypt/beecrypt.h], [ -- AC_CHECK_LIB(beecrypt, mpfprintln, [ -- AC_DEFINE(HAVE_LIBBEECRYPT, 1, [Define to 1 if you have the 'beecrypt' library (-lbeecrypt).]) -- AC_CHECK_HEADER([beecrypt/api.h], [ -- AC_DEFINE(HAVE_BEECRYPT_API_H, 1, [Define to 1 if you have the header file.]) -- ]) -- WITH_BEECRYPT_INCLUDE="-I${includedir}/beecrypt" -- WITH_BEECRYPT_LIB="-lbeecrypt" -+# Check for NSS library. -+WITH_NSS_INCLUDE= -+WITH_NSS_LIB= -+check=`pkg-config --version 2>/dev/null` -+if test -n "$check"; then -+ addlib=$(pkg-config --libs nss | sed 's/-lsmime3//;s/-lssl3//') -+ addcppflags=$(pkg-config --cflags nss) -+else -+# Without pkg-config, we'll kludge in some defaults -+ addlib="-lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" -+ addcppflags="-I/usr/include/nss3 -I/usr/include/nspr4" -+fi -+save_CPPFLAGS="$CPPFLAGS" -+CPPFLAGS="$save_CPPFLAGS $addcppflags" -+AC_CHECK_HEADER([nss3/nss.h], [ -+ AC_CHECK_LIB(nss3, NSS_NoDB_Init, [ -+ AC_DEFINE(HAVE_LIBNSS, 1, [Define to 1 if you have the 'NSS' library (-lnss3).]) -+ WITH_NSS_INCLUDE="$addcppflags" -+ WITH_NSS_LIB="$addlib" - ]) - ],[ -- if test -d beecrypt ; then -- AC_DEFINE(HAVE_LIBBEECRYPT, 1, [Define to 1 if you have the 'beecrypt' library (-lbeecrypt).]) -- WITH_BEECRYPT_SUBDIR=beecrypt -- WITH_BEECRYPT_INCLUDE="-I\${top_srcdir}/${WITH_BEECRYPT_SUBDIR}" -- WITH_BEECRYPT_LIB="\${top_builddir}/${WITH_BEECRYPT_SUBDIR}/libbeecrypt.la" -- fi -- -- if test -z "${WITH_BEECRYPT_LIB}" ; then -- AC_MSG_ERROR([rpm requires beecrypt]) -- fi -+ AC_MSG_ERROR([rpm requires NSS]) - ]) --AC_SUBST(WITH_BEECRYPT_SUBDIR) --AC_SUBST(WITH_BEECRYPT_INCLUDE) --AC_SUBST(WITH_BEECRYPT_LIB) -+CPPFLAGS="$save_CPPFLAGS" -+AC_SUBST(WITH_NSS_INCLUDE) -+AC_SUBST(WITH_NSS_LIB) - - #================= - # Check for neon library. Prefer external, otherwise internal. -diff --git a/lib/Makefile.am b/lib/Makefile.am -index d433b75..fe761da 100644 ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -9,7 +9,7 @@ INCLUDES = -I. \ - -I$(top_srcdir)/build \ - -I$(top_srcdir)/rpmdb \ - -I$(top_srcdir)/rpmio \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - -I$(top_srcdir)/misc \ - @INCPATH@ -diff --git a/lib/formats.c b/lib/formats.c -index 59f953a..e4354ff 100644 ---- a/lib/formats.c -+++ b/lib/formats.c -@@ -210,23 +210,17 @@ static /*@only@*/ char * base64Format(int_32 type, const void * data, - int lc; - /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ - size_t ns = element; -- size_t nt = ((ns + 2) / 3) * 4; -+ size_t nt = 0; - - /*@-boundswrite@*/ -- /*@-globs@*/ -- /* Add additional bytes necessary for eol string(s). */ -- if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { -- lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; -- if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) -- ++lc; -- nt += lc * strlen(b64encode_eolstr); -+ if ((enc = b64encode(data, ns, -1)) != NULL) { -+ nt = strlen(enc); - } -- /*@=globs@*/ - - val = t = xmalloc(nt + padding + 1); - - *t = '\0'; -- if ((enc = b64encode(data, ns)) != NULL) { -+ if (enc != NULL) { - t = stpcpy(t, enc); - enc = _free(enc); - } -@@ -310,16 +304,13 @@ static /*@only@*/ char * xmlFormat(int_32 type, const void * data, - xtag = "string"; - break; - case RPM_BIN_TYPE: -- { int cpl = b64encode_chars_per_line; --/*@-mods@*/ -- b64encode_chars_per_line = 0; --/*@=mods@*/ --/*@-formatconst@*/ -- s = base64Format(type, data, formatPrefix, padding, element); --/*@=formatconst@*/ --/*@-mods@*/ -- b64encode_chars_per_line = cpl; --/*@=mods@*/ -+ { -+ /* XXX HACK ALERT: element field abused as no. bytes of binary data. */ -+ size_t ns = element; -+ if ((s = b64encode(data, ns, 0)) == NULL) { -+ /* XXX proper error handling would be better. */ -+ s = xcalloc(1, padding + (ns / 3) * 4 + 1); -+ } - xtag = "base64"; - } break; - case RPM_CHAR_TYPE: -diff --git a/lib/package.c b/lib/package.c -index 09571b0..8458b02 100644 ---- a/lib/package.c -+++ b/lib/package.c -@@ -1008,11 +1008,9 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) - fddig->hashctx = NULL; - /*@switchbreak@*/ break; - case PGPHASHALGO_SHA1: --#if HAVE_BEECRYPT_API_H - case PGPHASHALGO_SHA256: - case PGPHASHALGO_SHA384: - case PGPHASHALGO_SHA512: --#endif - dig->sha1ctx = fddig->hashctx; - fddig->hashctx = NULL; - /*@switchbreak@*/ break; -diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c -index b4d377e..83b2d2e 100644 ---- a/lib/rpmchecksig.c -+++ b/lib/rpmchecksig.c -@@ -447,7 +447,7 @@ rpmRC rpmcliImportPubkey(const rpmts ts, const unsigned char * pkt, ssize_t pktl - if (rpmtsOpenDB(ts, (O_RDWR|O_CREAT))) - return RPMRC_FAIL; - -- if ((enc = b64encode(pkt, pktlen)) == NULL) -+ if ((enc = b64encode(pkt, pktlen, -1)) == NULL) - goto exit; - - dig = pgpNewDig(); -@@ -698,11 +698,9 @@ assert(dig->md5ctx == NULL); - fddig->hashctx = NULL; - /*@switchbreak@*/ break; - case PGPHASHALGO_SHA1: --#if HAVE_BEECRYPT_API_H - case PGPHASHALGO_SHA256: - case PGPHASHALGO_SHA384: - case PGPHASHALGO_SHA512: --#endif - assert(dig->sha1ctx == NULL); - dig->sha1ctx = fddig->hashctx; - fddig->hashctx = NULL; -diff --git a/lib/rpmrc.c b/lib/rpmrc.c -index d402a1e..07e604a 100644 ---- a/lib/rpmrc.c -+++ b/lib/rpmrc.c -@@ -1884,6 +1884,10 @@ int rpmReadConfigFiles(const char * file, const char * target) - /* Reset umask to its default umask(2) value. */ - mode = umask(mode); - -+ /* Initialize crypto engine as early as possible */ -+ if (rpmInitCrypto() < 0) { -+ return -1; -+ } - /* Preset target macros */ - /*@-nullstate@*/ /* FIX: target can be NULL */ - rpmRebuildTargetVars(&target, NULL); -diff --git a/lib/rpmts.c b/lib/rpmts.c -index ef791c6..8423957 100644 ---- a/lib/rpmts.c -+++ b/lib/rpmts.c -@@ -4,7 +4,7 @@ - */ - #include "system.h" - --#include "rpmio_internal.h" /* XXX for pgp and beecrypt */ -+#include "rpmio_internal.h" /* XXX for pgp */ - #include - #include /* XXX rpmtsOpenDB() needs rpmGetPath */ - -diff --git a/lib/signature.c b/lib/signature.c -index 5617e32..0db1349 100644 ---- a/lib/signature.c -+++ b/lib/signature.c -@@ -1215,9 +1215,10 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t, - int_32 sigtag = rpmtsSigtag(ts); - pgpDig dig = rpmtsDig(ts); - pgpDigParams sigp = rpmtsSignature(ts); -- const char * prefix = NULL; -+ SECOidTag sigalg; - rpmRC res = RPMRC_OK; - int xx; -+ SECItem digest; - - *t = '\0'; - if (dig != NULL && dig->hdrmd5ctx == md5ctx) -@@ -1248,43 +1249,40 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t, - switch (sigp->hash_algo) { - case PGPHASHALGO_MD5: - t = stpcpy(t, " RSA/MD5"); -- prefix = "3020300c06082a864886f70d020505000410"; -+ sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case PGPHASHALGO_SHA1: - t = stpcpy(t, " RSA/SHA1"); -- prefix = "3021300906052b0e03021a05000414"; -+ sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; - break; - case PGPHASHALGO_RIPEMD160: - res = RPMRC_NOKEY; -- prefix = NULL; - break; - case PGPHASHALGO_MD2: - t = stpcpy(t, " RSA/MD2"); -- prefix = "3020300c06082a864886f70d020205000410"; -+ sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; - break; - case PGPHASHALGO_TIGER192: - res = RPMRC_NOKEY; -- prefix = NULL; - break; - case PGPHASHALGO_HAVAL_5_160: - res = RPMRC_NOKEY; -- prefix = NULL; - break; - case PGPHASHALGO_SHA256: - t = stpcpy(t, " RSA/SHA256"); -- prefix = "3031300d060960864801650304020105000420"; -+ sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; - break; - case PGPHASHALGO_SHA384: - t = stpcpy(t, " RSA/SHA384"); -- prefix = "3041300d060960864801650304020205000430"; -+ sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; - break; - case PGPHASHALGO_SHA512: - t = stpcpy(t, " RSA/SHA512"); -- prefix = "3051300d060960864801650304020305000440"; -+ sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; - break; - default: - res = RPMRC_NOKEY; -- prefix = NULL; -+ sigalg = SEC_OID_UNKNOWN; - break; - } - -@@ -1295,8 +1293,6 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t, - - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); - { DIGEST_CTX ctx = rpmDigestDup(md5ctx); -- byte signhash16[2]; -- const char * s; - - if (sigp->hash != NULL) - xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); -@@ -1313,40 +1309,18 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t, - } - #endif - -- xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1); -+ xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 0); - (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); - rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ - - /* Compare leading 16 bits of digest for quick check. */ -- s = dig->md5; -- signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]); -- signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]); -- if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { -+ if (memcmp(dig->md5, sigp->signhash16, 2)) { - res = RPMRC_FAIL; - goto exit; - } -- } -- -- /* Generate RSA modulus parameter. */ -- { unsigned int nbits = MP_WORDS_TO_BITS(dig->c.size); -- unsigned int nb = (nbits + 7) >> 3; -- const char * hexstr; -- char * tt; -- --assert(prefix != NULL); -- hexstr = tt = xmalloc(2 * nb + 1); -- memset(tt, 'f', (2 * nb)); -- tt[0] = '0'; tt[1] = '0'; -- tt[2] = '0'; tt[3] = '1'; -- tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2; -- *tt++ = '0'; *tt++ = '0'; -- tt = stpcpy(tt, prefix); -- tt = stpcpy(tt, dig->md5); -- -- mpnzero(&dig->rsahm); (void) mpnsethex(&dig->rsahm, hexstr); -- -- hexstr = _free(hexstr); -- -+ digest.type = siBuffer; -+ digest.data = dig->md5; -+ digest.len = dig->md5len; - } - - /* Retrieve the matching public key. */ -@@ -1355,12 +1329,7 @@ assert(prefix != NULL); - goto exit; - - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); --#if HAVE_BEECRYPT_API_H -- xx = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->c, &dig->rsahm); --#else -- xx = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c); --#endif -- if (xx) -+ if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess) - res = RPMRC_OK; - else - res = RPMRC_FAIL; -@@ -1401,6 +1370,7 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t, - pgpDigParams sigp = rpmtsSignature(ts); - rpmRC res; - int xx; -+ SECItem digest; - - *t = '\0'; - if (dig != NULL && dig->hdrsha1ctx == sha1ctx) -@@ -1428,7 +1398,6 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t, - - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); - { DIGEST_CTX ctx = rpmDigestDup(sha1ctx); -- byte signhash16[2]; - - if (sigp->hash != NULL) - xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); -@@ -1442,19 +1411,18 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t, - memcpy(trailer+2, &nb, sizeof(nb)); - xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); - } -- xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1); -+ xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0); - (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen); - rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */ - -- mpnzero(&dig->hm); (void) mpnsethex(&dig->hm, dig->sha1); -- - /* Compare leading 16 bits of digest for quick check. */ -- signhash16[0] = (*dig->hm.data >> 24) & 0xff; -- signhash16[1] = (*dig->hm.data >> 16) & 0xff; -- if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { -+ if (memcmp(dig->sha1, sigp->signhash16, 2)) { - res = RPMRC_FAIL; - goto exit; - } -+ digest.type = siBuffer; -+ digest.data = dig->sha1; -+ digest.len = dig->sha1len; - } - - /* Retrieve the matching public key. */ -@@ -1463,8 +1431,8 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t, - goto exit; - - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0); -- if (dsavrfy(&dig->p, &dig->q, &dig->g, -- &dig->hm, &dig->y, &dig->r, &dig->s)) -+ if (VFY_VerifyDigest(&digest, dig->dsa, dig->dsasig, -+ SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL) == SECSuccess) - res = RPMRC_OK; - else - res = RPMRC_FAIL; -diff --git a/python/Makefile.am b/python/Makefile.am -index 1b8c83a..c1da992 100644 ---- a/python/Makefile.am -+++ b/python/Makefile.am -@@ -17,7 +17,7 @@ INCLUDES = -I. \ - -I$(top_srcdir)/rpmdb \ - -I$(top_srcdir)/rpmio \ - @WITH_LIBELF_INCLUDE@ \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - -I$(top_srcdir)/misc \ - -I$(pyincdir) \ -@@ -42,7 +42,7 @@ rpmdir = $(pylibdir)/site-packages/rpm - rpm_LTLIBRARIES = _rpmmodule.la - - _rpmmodule_la_LDFLAGS = $(mylibs) $(LIBS) -module -avoid-version --_rpmmodule_la_LIBADD = @WITH_BEECRYPT_LIB@ -+_rpmmodule_la_LIBADD = @WITH_NSS_LIB@ - - _rpmmodule_la_SOURCES = rpmmodule.c header-py.c \ - rpmal-py.c rpmds-py.c rpmdb-py.c rpmfd-py.c rpmfts-py.c \ -diff --git a/rpmdb/Makefile.am b/rpmdb/Makefile.am -index 0f017f9..2393dd7 100644 ---- a/rpmdb/Makefile.am -+++ b/rpmdb/Makefile.am -@@ -9,7 +9,7 @@ INCLUDES = -I. \ - -I$(top_srcdir)/build \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/rpmio \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - -I$(top_srcdir)/misc \ - @WITH_SQLITE3_INCLUDE@ \ -diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am -index 2d26dcc..44e4096 100644 ---- a/rpmio/Makefile.am -+++ b/rpmio/Makefile.am -@@ -10,7 +10,7 @@ EXTRA_PROGRAMS = tax tdigest tdir tfts tget thkp tput tglob tinv tkey tring trpm - - INCLUDES = -I. \ - -I$(top_srcdir) \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_NEON_INCLUDE@ \ - @WITH_LUA_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ -@@ -19,23 +19,21 @@ INCLUDES = -I. \ - - pkgincdir = $(pkgincludedir) - pkginc_HEADERS = \ -- argv.h fts.h rpmdav.h \ -+ argv.h base64.h fts.h rpmdav.h \ - rpmio.h rpmurl.h rpmmacro.h rpmlog.h rpmmessages.h rpmerr.h rpmpgp.h \ - rpmsq.h rpmsw.h ugid.h - noinst_HEADERS = rpmio_internal.h rpmlua.h rpmhook.h - --BEECRYPTLOBJS = $(shell test X"@WITH_BEECRYPT_SUBDIR@" != X && cat $(top_builddir)/@WITH_BEECTYPT_SUBDIR@/listobjs) -- - LDFLAGS = -L$(RPM_BUILD_ROOT)$(usrlibdir) -L$(DESTDIR)$(usrlibdir) - - usrlibdir = $(libdir)@MARK64@ - usrlib_LTLIBRARIES = librpmio.la - librpmio_la_SOURCES = \ -- argv.c digest.c fts.c macro.c rpmdav.c \ -+ argv.c base64.c digest.c fts.c macro.c rpmdav.c \ - rpmhook.c rpmio.c rpmlog.c rpmlua.c rpmmalloc.c \ - rpmpgp.c rpmrpc.c rpmsq.c rpmsw.c strcasecmp.c stubs.c url.c ugid.c - librpmio_la_LDFLAGS = -release 4.4 $(LDFLAGS) \ -- @WITH_BEECRYPT_LIB@ \ -+ @WITH_NSS_LIB@ \ - @WITH_NEON_LIB@ \ - @WITH_LUA_LIB@ \ - @WITH_MAGIC_LIB@ \ -@@ -44,22 +42,10 @@ librpmio_la_LDFLAGS = -release 4.4 $(LDFLAGS) \ - librpmio_la_LIBADD = # $(BEECRYPTLOBJS) - librpmio_la_DEPENDENCIES = # .created - --.created: -- if test X"@WITH_BEECRYPT_SUBDIR@" != X; then \ -- ${MAKE} -C $(top_builddir)/@WITH_BEECRYPT_SUBDIR@ listobjs ; \ -- for lo in $(BEECRYPTLOBJS); do \ -- [ -f $$lo ] || $(LN_S) $(top_builddir)/@WITH_BEECRYPT_SUBDIR@/$$lo $$lo ; \ -- done \ -- fi -- touch $@ -- --clean-local: -- rm -f $(BEECRYPTLOBJS) *.o .created -- - #BUILT_SOURCES = rpmio.lcd - - rpmio.lcd: Makefile.am ${librpmio_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} -- -lclint -load ../beecrypt/beecrypt.lcd $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) -dump $@ 2>/dev/null -+ -lclint -load $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) -dump $@ 2>/dev/null - - .PHONY: sources - sources: -@@ -105,7 +91,6 @@ tinv_LDFLAGS = @LDFLAGS_STATIC@ - tinv_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la - - tkey_SOURCES = tkey.c --tkey_LDFLAGS = @LDFLAGS_STATIC@ - tkey_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la - - tring_SOURCES = tring.c -diff --git a/rpmio/base64.c b/rpmio/base64.c -new file mode 100644 -index 0000000..b11b381 ---- /dev/null -+++ b/rpmio/base64.c -@@ -0,0 +1,253 @@ -+/* base64 encoder/decoder based on public domain implementation -+ * by Chris Venter */ -+ -+#include -+#include -+#include "base64.h" -+ -+static char base64_encode_value(char value_in) -+{ -+ static const char encoding[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -+ if (value_in > 63) return '='; -+ return encoding[(int)value_in]; -+} -+ -+static char *base64_encode_block(const char *plaintext_in, int length_in, char *codechar) -+{ -+ const char *plainchar = plaintext_in; -+ const char *const plaintextend = plaintext_in + length_in; -+ char result; -+ char fragment; -+ -+ while (1) { -+ if (plainchar == plaintextend) { -+ return codechar; -+ } -+ fragment = *plainchar++; -+ result = (fragment & 0x0fc) >> 2; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x003) << 4; -+ if (plainchar == plaintextend) -+ { -+ *codechar++ = base64_encode_value(result); -+ *codechar++ = '='; -+ *codechar++ = '='; -+ return codechar; -+ } -+ fragment = *plainchar++; -+ result |= (fragment & 0x0f0) >> 4; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x00f) << 2; -+ if (plainchar == plaintextend) -+ { -+ *codechar++ = base64_encode_value(result); -+ *codechar++ = '='; -+ return codechar; -+ } -+ fragment = *plainchar++; -+ result |= (fragment & 0x0c0) >> 6; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x03f) >> 0; -+ *codechar++ = base64_encode_value(result); -+ } -+ /* control should not reach here */ -+ return codechar; -+} -+ -+#define BASE64_DEFAULT_LINE_LENGTH 64 -+ -+char *b64encode(const void *data, size_t len, int linelen) -+{ -+ size_t encodedlen; -+ const char *dataptr = data; -+ char *output; -+ char *outptr; -+ -+ if (data == NULL) -+ return NULL; -+ -+ if (linelen < 0) -+ linelen = BASE64_DEFAULT_LINE_LENGTH; -+ -+ linelen /= 4; -+ encodedlen = ((len + 2) / 3) * 4; -+ if (linelen > 0) { -+ encodedlen += encodedlen/(linelen * 4) + 1; -+ } -+ ++encodedlen; /* for zero termination */ -+ -+ output = malloc(encodedlen); -+ if (output == NULL) -+ return NULL; -+ -+ outptr = output; -+ while (len > 0) { -+ if (linelen > 0 && len > linelen * 3) { -+ outptr = base64_encode_block(dataptr, linelen * 3, outptr); -+ len -= linelen * 3; -+ dataptr += linelen * 3; -+ } else { -+ outptr = base64_encode_block(dataptr, len, outptr); -+ len = 0; -+ } -+ if (linelen > 0) { -+ *outptr++ = '\n'; -+ } -+ } -+ *outptr = '\0'; -+ return output; -+} -+ -+static int base64_decode_value(unsigned char value_in) -+{ -+ static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; -+ value_in -= 43; -+ if (value_in > sizeof(decoding)/sizeof(int)) -+ return -1; -+ return decoding[value_in]; -+} -+ -+static size_t base64_decode_block(const char *code_in, const size_t length_in, char *plaintext_out) -+{ -+ const char *codechar = code_in; -+ char *plainchar = plaintext_out; -+ int fragment; -+ -+ *plainchar = 0; -+ -+ while (1) -+ { -+ do { -+ if (codechar == code_in+length_in) -+ { -+ return plainchar - plaintext_out; -+ } -+ fragment = base64_decode_value(*codechar++); -+ } while (fragment < 0); -+ *plainchar = (char)((fragment & 0x03f) << 2); -+ -+ do { -+ if (codechar == code_in+length_in) -+ { -+ return plainchar - plaintext_out; -+ } -+ fragment = base64_decode_value(*codechar++); -+ } while (fragment < 0); -+ *plainchar++ |= (char)((fragment & 0x030) >> 4); -+ *plainchar = (char)((fragment & 0x00f) << 4); -+ -+ do { -+ if (codechar == code_in+length_in) -+ { -+ return plainchar - plaintext_out; -+ } -+ fragment = base64_decode_value(*codechar++); -+ } while (fragment < 0); -+ *plainchar++ |= (char)((fragment & 0x03c) >> 2); -+ *plainchar = (char)((fragment & 0x003) << 6); -+ -+ do { -+ if (codechar == code_in+length_in) -+ { -+ return plainchar - plaintext_out; -+ } -+ fragment = base64_decode_value(*codechar++); -+ } while (fragment < 0); -+ *plainchar++ |= (char)(fragment & 0x03f); -+ } -+ /* control should not reach here */ -+ return plainchar - plaintext_out; -+} -+ -+int b64decode(const char *in, void **out, size_t *outlen) -+{ -+ size_t outcnt = 0; -+ const char *inptr = in; -+ -+ *out = NULL; -+ -+ if (in == NULL) { -+ return 1; -+ } -+ -+ while (*inptr != '\0') { -+ /* assume all ASCII control chars as whitespace */ -+ if (*inptr > 32) { -+ if (base64_decode_value(*inptr) != -1) { -+ ++outcnt; -+ } else { -+ return 3; -+ } -+ } -+ ++inptr; -+ } -+ -+ if (outcnt % 4 != 0) -+ return 2; -+ -+ outcnt = (outcnt / 4) * 3; -+ -+ *out = malloc(outcnt + 1); /* base64_decode_block can write one extra character */ -+ -+ if (*out == NULL) -+ return 4; -+ -+ *outlen = base64_decode_block(in, inptr - in, *out); -+ -+ return 0; -+} -+ -+#define CRC24_INIT 0xb704ce -+#define CRC24_POLY 0x1864cfb -+ -+char *b64crc(const unsigned char *data, size_t len) -+{ -+ uint32_t crc = CRC24_INIT; -+ int i; -+ -+ while (len--) { -+ crc ^= (*data++) << 16; -+ for (i = 0; i < 8; i++) { -+ crc <<= 1; -+ if (crc & 0x1000000) -+ crc ^= CRC24_POLY; -+ } -+ } -+ crc = htonl(crc & 0xffffff); -+ data = (unsigned char *)&crc; -+ ++data; -+ return b64encode(data, 3, 0); -+} -+ -+#ifdef BASE64_TEST -+#include -+#include -+ -+int main(int argc, char *argv[]) -+{ -+ static char tst[]="wtrt8122čLýáj\x20s ~ýhž\t4\x02šjjmBvž^%$RTš#á.íěj\x1hčýčŤc+"; -+ char *encoded; -+ void *decoded; -+ size_t size; -+ int err; -+ printf("Original: %lu\n%s\n", sizeof(tst)-1, tst); -+ encoded = b64encode(tst, sizeof(tst)-1, 64); -+ printf("Encoded: %lu\n%s\n", strlen(encoded), encoded); -+ if ((err = b64decode(encoded, &decoded, &size)) != 0) { -+ fprintf(stderr, "Error in decode: %d\n", err); -+ return 1; -+ } -+ printf("Decoded:\n%.*s\n", (int)size, (char *)decoded); -+ if (size != sizeof(tst)-1) { -+ fprintf(stderr, "Size differs orig: %lu new: %lu\n", sizeof(tst)-1, size); -+ return 1; -+ } -+ if (memcmp(tst, decoded, size) != 0) { -+ fprintf(stderr, "Decoded data differs.\n"); -+ return 1; -+ } -+ fprintf(stderr, "OK\n"); -+ return 0; -+} -+#endif -+ -diff --git a/rpmio/base64.h b/rpmio/base64.h -new file mode 100644 -index 0000000..79ae0b6 ---- /dev/null -+++ b/rpmio/base64.h -@@ -0,0 +1,29 @@ -+/* base64 encoder/decoder based on public domain implementation -+ * by Chris Venter */ -+ -+#include -+ -+/* returns malloced base64 encoded string -+ * lines are split with \n characters to be nearest lower multiple of linelen -+ * if linelen/4 == 0 lines are not split -+ * if linelen < 0 default line length (64) is used -+ * the returned string is empty when len == 0 -+ * returns NULL on failures -+ */ -+char *b64encode(const void *data, size_t len, int linelen); -+ -+/* decodes from zero terminated base64 encoded string to a newly malloced buffer -+ * ignores whitespace characters in the input string -+ * return values: -+ * 0 - OK -+ * 1 - input is NULL -+ * 2 - invalid length -+ * 3 - invalid characters on input -+ * 4 - malloc failed -+ */ -+int b64decode(const char *in, void **out, size_t *outlen); -+ -+/* counts CRC24 and base64 encodes it in a malloced string -+ * returns NULL on failures -+ */ -+char *b64crc(const unsigned char *data, size_t len); -diff --git a/rpmio/digest.c b/rpmio/digest.c -index 5b4cde8..894cf82 100644 ---- a/rpmio/digest.c -+++ b/rpmio/digest.c -@@ -19,16 +19,7 @@ - */ - struct DIGEST_CTX_s { - rpmDigestFlags flags; /*!< Bit(s) to control digest operation. */ -- uint32_t datalen; /*!< No. bytes in block of plaintext data. */ -- uint32_t paramlen; /*!< No. bytes of digest parameters. */ -- uint32_t digestlen; /*!< No. bytes of digest. */ -- void * param; /*!< Digest parameters. */ -- int (*Reset) (void * param) -- /*@modifies param @*/; /*!< Digest initialize. */ -- int (*Update) (void * param, const byte * data, size_t size) -- /*@modifies param @*/; /*!< Digest transform. */ -- int (*Digest) (void * param, /*@out@*/ byte * digest) -- /*@modifies param, digest @*/; /*!< Digest finish. */ -+ HASHContext *hashctx; /*!< Internal NSS hash context. */ - }; - - /*@-boundsread@*/ -@@ -37,115 +28,98 @@ rpmDigestDup(DIGEST_CTX octx) - { - DIGEST_CTX nctx; - nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx)); -- nctx->param = memcpy(xcalloc(1, nctx->paramlen), octx->param, nctx->paramlen); -+ nctx->hashctx = HASH_Clone(octx->hashctx); -+ if (nctx->hashctx == NULL) { -+ fprintf(stderr, "HASH_Clone failed\n"); -+ exit(EXIT_FAILURE); /* FIX: callers do not bother checking error return */ -+ } - return nctx; - } - /*@=boundsread@*/ - --DIGEST_CTX --rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) -+static HASH_HashType -+getHashType(pgpHashAlgo hashalgo) - { -- DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); -- int xx; -- -- ctx->flags = flags; -- - switch (hashalgo) { - case PGPHASHALGO_MD5: -- ctx->digestlen = 16; -- ctx->datalen = 64; --/*@-sizeoftype@*/ /* FIX: union, not void pointer */ -- ctx->paramlen = sizeof(md5Param); --/*@=sizeoftype@*/ -- ctx->param = xcalloc(1, ctx->paramlen); --/*@-type@*/ /* FIX: cast? */ -- ctx->Reset = (void *) md5Reset; -- ctx->Update = (void *) md5Update; -- ctx->Digest = (void *) md5Digest; --/*@=type@*/ -+ return HASH_AlgMD5; - break; - case PGPHASHALGO_SHA1: -- ctx->digestlen = 20; -- ctx->datalen = 64; --/*@-sizeoftype@*/ /* FIX: union, not void pointer */ -- ctx->paramlen = sizeof(sha1Param); --/*@=sizeoftype@*/ -- ctx->param = xcalloc(1, ctx->paramlen); --/*@-type@*/ /* FIX: cast? */ -- ctx->Reset = (void *) sha1Reset; -- ctx->Update = (void *) sha1Update; -- ctx->Digest = (void *) sha1Digest; --/*@=type@*/ -+ return HASH_AlgSHA1; - break; --#if HAVE_BEECRYPT_API_H - case PGPHASHALGO_SHA256: -- ctx->digestlen = 32; -- ctx->datalen = 64; --/*@-sizeoftype@*/ /* FIX: union, not void pointer */ -- ctx->paramlen = sizeof(sha256Param); --/*@=sizeoftype@*/ -- ctx->param = xcalloc(1, ctx->paramlen); --/*@-type@*/ /* FIX: cast? */ -- ctx->Reset = (void *) sha256Reset; -- ctx->Update = (void *) sha256Update; -- ctx->Digest = (void *) sha256Digest; --/*@=type@*/ -+ return HASH_AlgSHA256; - break; - case PGPHASHALGO_SHA384: -- ctx->digestlen = 48; -- ctx->datalen = 128; --/*@-sizeoftype@*/ /* FIX: union, not void pointer */ -- ctx->paramlen = sizeof(sha384Param); --/*@=sizeoftype@*/ -- ctx->param = xcalloc(1, ctx->paramlen); --/*@-type@*/ /* FIX: cast? */ -- ctx->Reset = (void *) sha384Reset; -- ctx->Update = (void *) sha384Update; -- ctx->Digest = (void *) sha384Digest; --/*@=type@*/ -+ return HASH_AlgSHA384; - break; - case PGPHASHALGO_SHA512: -- ctx->digestlen = 64; -- ctx->datalen = 128; --/*@-sizeoftype@*/ /* FIX: union, not void pointer */ -- ctx->paramlen = sizeof(sha512Param); --/*@=sizeoftype@*/ -- ctx->param = xcalloc(1, ctx->paramlen); --/*@-type@*/ /* FIX: cast? */ -- ctx->Reset = (void *) sha512Reset; -- ctx->Update = (void *) sha512Update; -- ctx->Digest = (void *) sha512Digest; --/*@=type@*/ -+ return HASH_AlgSHA512; - break; --#endif - case PGPHASHALGO_RIPEMD160: - case PGPHASHALGO_MD2: - case PGPHASHALGO_TIGER192: - case PGPHASHALGO_HAVAL_5_160: - default: -+ return HASH_AlgNULL; -+ /*@notreached@*/ break; -+ } -+} -+ -+size_t -+rpmDigestLength(pgpHashAlgo hashalgo) -+{ -+ return HASH_ResultLen(getHashType(hashalgo)); -+} -+ -+DIGEST_CTX -+rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags) -+{ -+ HASH_HashType type; -+ DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); -+ -+ ctx->flags = flags; -+ -+ type = getHashType(hashalgo); -+ if (type == HASH_AlgNULL) { - free(ctx); - return NULL; -- /*@notreached@*/ break; - } - --/*@-boundsread@*/ -- xx = (*ctx->Reset) (ctx->param); --/*@=boundsread@*/ -+ ctx->hashctx = HASH_Create(type); -+ if (ctx->hashctx == NULL) { -+ free(ctx); -+ return NULL; -+ } - --DPRINTF((stderr, "*** Init(%x) ctx %p param %p\n", flags, ctx, ctx->param)); -+ HASH_Begin(ctx->hashctx); -+ -+DPRINTF((stderr, "*** Init(%x) ctx %p hashctx %p\n", flags, ctx, ctx->hashctx)); - return ctx; - } - --/*@-mustmod@*/ /* LCL: ctx->param may be modified, but ctx is abstract @*/ -+/*@-mustmod@*/ /* LCL: ctx->hashctx may be modified, but ctx is abstract @*/ - int - rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len) - { -+ unsigned int partlen; -+ const unsigned char *ptr = data; -+ - if (ctx == NULL) - return -1; - --DPRINTF((stderr, "*** Update(%p,%p,%d) param %p \"%s\"\n", ctx, data, len, ctx->param, ((char *)data))); -+DPRINTF((stderr, "*** Update(%p,%p,%d) hashctx %p \"%s\"\n", ctx, data, len, ctx->hashctx, ((char *)data))); - /*@-boundsread@*/ -- return (*ctx->Update) (ctx->param, data, len); -+ partlen = ~(unsigned int)0xFF; -+ while (len > 0) { -+ if (len < partlen) { -+ partlen = (unsigned int)len; -+ } -+ HASH_Update(ctx->hashctx, ptr, partlen); -+ ptr += partlen; -+ len -= partlen; -+ } -+ return 0; - /*@=boundsread@*/ - } - /*@=mustmod@*/ -@@ -154,35 +128,37 @@ DPRINTF((stderr, "*** Update(%p,%p,%d) param %p \"%s\"\n", ctx, data, len, ctx-> - int - rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii) - { -- byte * digest; -+ unsigned char * digest; - char * t; - int i; -+ unsigned int digestlen; - - if (ctx == NULL) - return -1; -- digest = xmalloc(ctx->digestlen); -+ digestlen = HASH_ResultLenContext(ctx->hashctx); -+ digest = xmalloc(digestlen); - --DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp, asAscii, ctx->param, digest)); --/*@-noeffectuncon@*/ /* FIX: check rc */ -- (void) (*ctx->Digest) (ctx->param, digest); -+DPRINTF((stderr, "*** Final(%p,%p,%p,%d) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest)); -+/*@-noeffectuncon@*/ -+ HASH_End(ctx->hashctx, digest, &digestlen, digestlen); - /*@=noeffectuncon@*/ - - /* Return final digest. */ - /*@-branchstate@*/ - if (!asAscii) { -- if (lenp) *lenp = ctx->digestlen; -+ if (lenp) *lenp = digestlen; - if (datap) { - *datap = digest; - digest = NULL; - } - } else { -- if (lenp) *lenp = (2*ctx->digestlen) + 1; -+ if (lenp) *lenp = (2*digestlen) + 1; - if (datap) { - const byte * s = (const byte *) digest; - static const char hex[] = "0123456789abcdef"; - -- *datap = t = xmalloc((2*ctx->digestlen) + 1); -- for (i = 0 ; i < ctx->digestlen; i++) { -+ *datap = t = xmalloc((2*digestlen) + 1); -+ for (i = 0 ; i < digestlen; i++) { - *t++ = hex[ (unsigned)((*s >> 4) & 0x0f) ]; - *t++ = hex[ (unsigned)((*s++ ) & 0x0f) ]; - } -@@ -191,11 +167,10 @@ DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp - } - /*@=branchstate@*/ - if (digest) { -- memset(digest, 0, ctx->digestlen); /* In case it's sensitive */ -+ memset(digest, 0, digestlen); /* In case it's sensitive */ - free(digest); - } -- memset(ctx->param, 0, ctx->paramlen); /* In case it's sensitive */ -- free(ctx->param); -+ HASH_Destroy(ctx->hashctx); - memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ - free(ctx); - return 0; -diff --git a/rpmio/rpmio_internal.h b/rpmio/rpmio_internal.h -index c2906e8..f92ee8a 100644 ---- a/rpmio/rpmio_internal.h -+++ b/rpmio/rpmio_internal.h -@@ -9,30 +9,14 @@ - #include - #include - --#if HAVE_BEECRYPT_API_H --#include --#else --#include --#endif -- - #include - #include -- --/* Drag in the beecrypt includes. */ --#include - #include --#include --#include --#include --#include --#include --#include --#include --#if HAVE_BEECRYPT_API_H --#include --#include --#include --#endif -+ -+#include "nss.h" -+#include "sechash.h" -+#include "keyhi.h" -+#include "cryptohi.h" - - /** \ingroup rpmio - * Values parsed from OpenPGP signature/pubkey packet(s). -@@ -85,20 +69,13 @@ struct pgpDig_s { - void * md5; /*!< (rsa) V3 signature hash. */ - size_t md5len; /*!< (rsa) V3 signature hash length. */ - -- /* DSA parameters. */ -- mpbarrett p; -- mpbarrett q; -- mpnumber g; -- mpnumber y; -- mpnumber hm; -- mpnumber r; -- mpnumber s; -- -- /* RSA parameters. */ -- rsapk rsa_pk; -- mpnumber m; -- mpnumber c; -- mpnumber rsahm; -+ /* DSA parameters */ -+ SECKEYPublicKey *dsa; -+ SECItem *dsasig; -+ -+ /* RSA parameters */ -+ SECKEYPublicKey *rsa; -+ SECItem *rsasig; - }; - - /** \ingroup rpmio -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 5d2c6f4..2cc03f8 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -17,6 +17,8 @@ static int _debug = 0; - /*@unchecked@*/ - static int _print = 0; - -+static int _crypto_initialized = 0; -+ - /*@unchecked@*/ /*@null@*/ - static pgpDig _dig = NULL; - -@@ -260,39 +262,101 @@ const char * pgpMpiHex(const byte *p) - /** - * @return 0 on success - */ --static int pgpHexSet(const char * pre, int lbits, -- /*@out@*/ mpnumber * mpn, const byte * p, const byte * pend) -+static int pgpMpiSet(const char * pre, int lbits, -+ /*@out@*/ void *dest, const byte * p, const byte * pend) - /*@globals fileSystem @*/ -- /*@modifies mpn, fileSystem @*/ -+ /*@modifies dest, fileSystem @*/ - { - unsigned int mbits = pgpMpiBits(p); - unsigned int nbits; - unsigned int nbytes; -- char * t; -+ char *t = dest; - unsigned int ix; - - if ((p + ((mbits+7) >> 3)) > pend) - return 1; - -+ if (mbits > lbits) -+ return 1; -+ - nbits = (lbits > mbits ? lbits : mbits); - nbytes = ((nbits + 7) >> 3); -- t = xmalloc(2*nbytes+1); -- ix = 2 * ((nbits - mbits) >> 3); -+ ix = (nbits - mbits) >> 3; - - if (_debug) --fprintf(stderr, "*** mbits %u nbits %u nbytes %u t %p[%d] ix %u\n", mbits, nbits, nbytes, t, (2*nbytes+1), ix); -- if (ix > 0) memset(t, (int)'0', ix); -- strcpy(t+ix, pgpMpiHex(p)); -+fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nbytes, ix); -+ if (ix > 0) memset(t, '\0', ix); -+ memcpy(t+ix, p+2, nbytes-ix); - if (_debug) --fprintf(stderr, "*** %s %s\n", pre, t); -- (void) mpnsethex(mpn, t); -- t = _free(t); --if (_debug && _print) --fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, mpn->size, mpn->data); -+fprintf(stderr, "*** %s %s\n", pre, pgpHexStr(dest, nbytes)); -+ - return 0; - } -+ -+/** -+ * @return NULL on error -+ */ -+static SECItem *pgpMpiItem(PRArenaPool *arena, /*@out@*/ SECItem *item, const byte *p) -+ /*@globals fileSystem @*/ -+ /*@modifies dest, fileSystem @*/ -+{ -+ unsigned int nbytes = pgpMpiLen(p)-2; -+ -+ if (item == NULL) { -+ if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL) -+ return item; -+ } else { -+ if (arena != NULL) -+ item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes); -+ else -+ item->data = PORT_Realloc(item->data, nbytes); -+ -+ if (item->data == NULL) { -+ if (arena == NULL) -+ SECITEM_FreeItem(item, PR_TRUE); -+ return NULL; -+ } -+ } -+ -+ memcpy(item->data, p+2, nbytes); -+ item->len = nbytes; -+ return item; -+} - /*@=boundswrite@*/ - -+static SECKEYPublicKey *pgpNewPublicKey(KeyType type) -+{ -+ PRArenaPool *arena; -+ SECKEYPublicKey *key; -+ -+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -+ if (arena == NULL) -+ return NULL; -+ -+ key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); -+ -+ if (key == NULL) { -+ PORT_FreeArena(arena, PR_FALSE); -+ return NULL; -+ } -+ -+ key->keyType = type; -+ key->pkcs11ID = CK_INVALID_HANDLE; -+ key->pkcs11Slot = NULL; -+ key->arena = arena; -+ return key; -+} -+ -+static SECKEYPublicKey *pgpNewRSAKey(void) -+{ -+ return pgpNewPublicKey(rsaKey); -+} -+ -+static SECKEYPublicKey *pgpNewDSAKey(void) -+{ -+ return pgpNewPublicKey(dsaKey); -+} -+ - int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype) - { - const byte *p = h; -@@ -407,6 +471,10 @@ static const char * pgpSigDSA[] = { - }; - /*@=varuse =readonlytrans @*/ - -+#ifndef DSA_SUBPRIME_LEN -+#define DSA_SUBPRIME_LEN 20 -+#endif -+ - static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigtype, - const byte *p, const byte *h, unsigned int hlen) - /*@globals fileSystem @*/ -@@ -414,7 +482,13 @@ static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigty - { - const byte * pend = h + hlen; - int i; -+ SECItem dsaraw; -+ unsigned char dsabuf[2*DSA_SUBPRIME_LEN]; - -+ dsaraw.type = 0; -+ dsaraw.data = dsabuf; -+ dsaraw.len = sizeof(dsabuf); -+ - for (i = 0; p < pend; i++, p += pgpMpiLen(p)) { - if (pubkey_algo == PGPPUBKEYALGO_RSA) { - if (i >= 1) break; -@@ -423,9 +497,9 @@ static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigty - { - switch (i) { - case 0: /* m**d */ -- (void) mpnsethex(&_dig->c, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t m**d = "), mpfprintln(stderr, _dig->c.size, _dig->c.data); -+ _dig->rsasig = pgpMpiItem(NULL, _dig->rsasig, p); -+ if (_dig->rsasig == NULL) -+ return 1; - /*@switchbreak@*/ break; - default: - /*@switchbreak@*/ break; -@@ -440,11 +514,21 @@ fprintf(stderr, "\t m**d = "), mpfprintln(stderr, _dig->c.size, _dig->c.data); - int xx; - xx = 0; - switch (i) { -- case 0: /* r */ -- xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->r, p, pend); -+ case 0: -+ memset(dsaraw.data, '\0', 2*DSA_SUBPRIME_LEN); -+ /* r */ -+ xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data, p, pend); - /*@switchbreak@*/ break; - case 1: /* s */ -- xx = pgpHexSet(pgpSigDSA[i], 160, &_dig->s, p, pend); -+ xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data + DSA_SUBPRIME_LEN, p, pend); -+ if (_dig->dsasig != NULL) -+ SECITEM_FreeItem(_dig->dsasig, PR_FALSE); -+ else if ((_dig->dsasig=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) { -+ xx = 1; -+ /*@switchbreak@*/ break; -+ } -+ if (DSAU_EncodeDerSig(_dig->dsasig, &dsaraw) != SECSuccess) -+ xx = 1; - /*@switchbreak@*/ break; - default: - xx = 1; -@@ -629,16 +713,17 @@ static const byte * pgpPrtPubkeyParams(byte pubkey_algo, - if (pubkey_algo == PGPPUBKEYALGO_RSA) { - if (i >= 2) break; - if (_dig) { -+ if (_dig->rsa == NULL) { -+ _dig->rsa = pgpNewRSAKey(); -+ if (_dig->rsa == NULL) -+ break; /* error abort? */ -+ } - switch (i) { - case 0: /* n */ -- (void) mpbsethex(&_dig->rsa_pk.n, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t n = "), mpfprintln(stderr, _dig->rsa_pk.n.size, _dig->rsa_pk.n.modl); -+ pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.modulus, p); - /*@switchbreak@*/ break; - case 1: /* e */ -- (void) mpnsethex(&_dig->rsa_pk.e, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t e = "), mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->rsa_pk.e.data); -+ pgpMpiItem(_dig->rsa->arena, &_dig->rsa->u.rsa.publicExponent, p); - /*@switchbreak@*/ break; - default: - /*@switchbreak@*/ break; -@@ -648,26 +733,23 @@ fprintf(stderr, "\t e = "), mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->r - } else if (pubkey_algo == PGPPUBKEYALGO_DSA) { - if (i >= 4) break; - if (_dig) { -+ if (_dig->dsa == NULL) { -+ _dig->dsa = pgpNewDSAKey(); -+ if (_dig->dsa == NULL) -+ break; /* error abort? */ -+ } - switch (i) { - case 0: /* p */ -- (void) mpbsethex(&_dig->p, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t p = "), mpfprintln(stderr, _dig->p.size, _dig->p.modl); -+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.prime, p); - /*@switchbreak@*/ break; - case 1: /* q */ -- (void) mpbsethex(&_dig->q, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t q = "), mpfprintln(stderr, _dig->q.size, _dig->q.modl); -+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.subPrime, p); - /*@switchbreak@*/ break; - case 2: /* g */ -- (void) mpnsethex(&_dig->g, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t g = "), mpfprintln(stderr, _dig->g.size, _dig->g.data); -+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.params.base, p); - /*@switchbreak@*/ break; - case 3: /* y */ -- (void) mpnsethex(&_dig->y, pgpMpiHex(p)); --if (_debug && _print) --fprintf(stderr, "\t y = "), mpfprintln(stderr, _dig->y.size, _dig->y.data); -+ pgpMpiItem(_dig->dsa->arena, &_dig->dsa->u.dsa.publicValue, p); - /*@switchbreak@*/ break; - default: - /*@switchbreak@*/ break; -@@ -1023,6 +1105,7 @@ int pgpPrtPkt(const byte *pkt, unsigned int pleft) - pgpDig pgpNewDig(void) - { - pgpDig dig = xcalloc(1, sizeof(*dig)); -+ - return dig; - } - -@@ -1047,14 +1130,27 @@ void pgpCleanDig(pgpDig dig) - - dig->md5 = _free(dig->md5); - dig->sha1 = _free(dig->sha1); -- mpnfree(&dig->hm); -- mpnfree(&dig->r); -- mpnfree(&dig->s); -- -- (void) rsapkFree(&dig->rsa_pk); -- mpnfree(&dig->m); -- mpnfree(&dig->c); -- mpnfree(&dig->rsahm); -+ -+ if (dig->dsa != NULL) { -+ SECKEY_DestroyPublicKey(dig->dsa); -+ dig->dsa = NULL; -+ } -+ -+ if (dig->dsasig != NULL) { -+ SECITEM_ZfreeItem(dig->dsasig, PR_TRUE); -+ dig->dsasig = NULL; -+ } -+ -+ if (dig->rsa != NULL) { -+ SECKEY_DestroyPublicKey(dig->rsa); -+ dig->rsa = NULL; -+ } -+ -+ if (dig->rsasig != NULL) { -+ SECITEM_ZfreeItem(dig->rsasig, PR_TRUE); -+ dig->rsasig = NULL; -+ } -+ - } - /*@-nullstate@*/ - return; -@@ -1082,14 +1178,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig) - /*@=branchstate@*/ - dig->sha1ctx = NULL; - -- mpbfree(&dig->p); -- mpbfree(&dig->q); -- mpnfree(&dig->g); -- mpnfree(&dig->y); -- mpnfree(&dig->hm); -- mpnfree(&dig->r); -- mpnfree(&dig->s); -- - #ifdef NOTYET - /*@-branchstate@*/ - if (dig->hdrmd5ctx != NULL) -@@ -1104,12 +1192,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig) - /*@=branchstate@*/ - dig->md5ctx = NULL; - -- mpbfree(&dig->rsa_pk.n); -- mpnfree(&dig->rsa_pk.e); -- mpnfree(&dig->m); -- mpnfree(&dig->c); -- mpnfree(&dig->hm); -- - dig = _free(dig); - } - return dig; -@@ -1295,20 +1377,13 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) - { - const char * enc; - char * t; -- size_t nt; -+ size_t nt = 0; - char * val; -- int lc; - -- nt = ((ns + 2) / 3) * 4; -- /*@-globs@*/ -- /* Add additional bytes necessary for eol string(s). */ -- if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { -- lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line; -- if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0) -- ++lc; -- nt += lc * strlen(b64encode_eolstr); -+ enc = b64encode(s, ns, -1); -+ if (enc != NULL) { -+ nt = strlen(enc); - } -- /*@=globs@*/ - - nt += 512; /* XXX slop for armor and crc */ - -@@ -1320,9 +1395,9 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) - /*@-globs@*/ - t = stpcpy( stpcpy(t, "-----\nVersion: rpm-"), VERSION); - /*@=globs@*/ -- t = stpcpy(t, " (beecrypt-4.1.2)\n\n"); -+ t = stpcpy(t, " (NSS-3)\n\n"); - -- if ((enc = b64encode(s, ns)) != NULL) { -+ if (enc != NULL) { - t = stpcpy(t, enc); - enc = _free(enc); - if ((enc = b64crc(s, ns)) != NULL) { -@@ -1339,5 +1414,18 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) - - return val; - } -- - /*@=boundsread@*/ -+ -+int rpmInitCrypto(void) { -+ int rc = 0; -+ -+ if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) { -+ rc = -1; -+ } else { -+ _crypto_initialized = 1; -+ } -+ -+ return rc; -+} -+ -+ -diff --git a/rpmio/rpmpgp.h b/rpmio/rpmpgp.h -index d90d4e7..c1e2db5 100644 ---- a/rpmio/rpmpgp.h -+++ b/rpmio/rpmpgp.h -@@ -12,11 +12,7 @@ - - #include - --#if !defined(_BEECRYPT_API_H) --/*@-redef@*/ - typedef unsigned char byte; --/*@=redef@*/ --#endif /* _BEECRYPT_API_H */ - - /** - */ -@@ -1384,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets, size_t len) - } - - /** \ingroup rpmio -+ * Perform cryptography initialization. -+ * It must be called before any cryptography can be used within rpm. -+ * It's not normally necessary to call it directly as it's called in -+ * general rpm initialization routines. -+ * @return 0 on success, -1 on failure -+ */ -+int rpmInitCrypto(void); -+ -+/** \ingroup rpmio - * Duplicate a digest context. - * @param octx existing digest context - * @return duplicated digest context -@@ -1393,6 +1398,15 @@ DIGEST_CTX rpmDigestDup(DIGEST_CTX octx) - /*@*/; - - /** \ingroup rpmio -+ * Obtain digest length in bytes. -+ * @param hashalgo type of digest -+ * @return digest length -+ */ -+/*@only@*/ /*@null@*/ -+size_t rpmDigestLength(pgpHashAlgo hashalgo) -+ /*@*/; -+ -+/** \ingroup rpmio - * Initialize digest. - * Set bit count to 0 and buffer to mysterious initialization constants. - * @param hashalgo type of digest -diff --git a/rpmio/tkey.c b/rpmio/tkey.c -index e03dba0..9fb7805 100644 ---- a/rpmio/tkey.c -+++ b/rpmio/tkey.c -@@ -31,7 +31,7 @@ fprintf(stderr, "*** sig is\n%s\n", sig); - return rc; - } - -- if ((enc = b64encode(dec, declen)) == NULL) { -+ if ((enc = b64encode(dec, declen, -1)) == NULL) { - fprintf(stderr, "*** b64encode failed\n"); - return rc; - } -@@ -51,52 +51,40 @@ fprintf(stderr, "??? %5d %02x != %02x '%c' != '%c'\n", i, (*s & 0xff), (*t & 0xf - return rc; - } - --/* FIPS-186 test vectors. */ --static const char * fips_p = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec0736ee31c80291"; --static const char * fips_q = "c773218c737ec8ee993b4f2ded30f48edace915f"; --static const char * fips_g = "626d027839ea0a13413163a55b4cb500299d5522956cefcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc572af53e6d78802"; -- --static const char * fips_hm = "a9993e364706816aba3e25717850c26c9cd0d89d"; -- --static const char * fips_y = "19131871d75b1612a819f29d78d1b0d7346f7aa77bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06699630a76b030ee333"; -- --static const char * fips_r = "8bac1ab66410435cb7181f95b16ab97c92b341c0"; --static const char * fips_s = "41e2345f1f56df2458f426d155b4ba2db6dcd8c8"; -- - /* Secret key */ --static const char * jbjSecretDSA = " --lQFvBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR --zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy --AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm --qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv --Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT --2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh --1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL/8DAwJUAllw1pdZ --WmBIoAvRiv7kE6hWfeCvZzdBVgrHYrp8ceUa3OdulGfYw/0sIzpEU0FfZmFjdG9y --OgAA30gJ4JMFKVfthnDCHHL+O8lNxykKBmrgVPLClue0KUplZmYgSm9obnNvbiAo --QVJTIE4zTlBRKSA8amJqQHJlZGhhdC5jb20+iFcEExECABcFAju6XHwFCwcKAwQD --FQMCAxYCAQIXgAAKCRCB0qVW2I6DmQU6AJ490bVWZuM4yCOh8MWj6qApCr1/gwCf --f3+QgXFXAeTyPtMmReyWxThABtE= -+static const char * jbjSecretDSA = "\n\ -+lQFvBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR\n\ -+zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy\n\ -+AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm\n\ -+qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv\n\ -+Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT\n\ -+2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh\n\ -+1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL/8DAwJUAllw1pdZ\n\ -+WmBIoAvRiv7kE6hWfeCvZzdBVgrHYrp8ceUa3OdulGfYw/0sIzpEU0FfZmFjdG9y\n\ -+OgAA30gJ4JMFKVfthnDCHHL+O8lNxykKBmrgVPLClue0KUplZmYgSm9obnNvbiAo\n\ -+QVJTIE4zTlBRKSA8amJqQHJlZGhhdC5jb20+iFcEExECABcFAju6XHwFCwcKAwQD\n\ -+FQMCAxYCAQIXgAAKCRCB0qVW2I6DmQU6AJ490bVWZuM4yCOh8MWj6qApCr1/gwCf\n\ -+f3+QgXFXAeTyPtMmReyWxThABtE=\n\ - "; - - /* Public key */ --static const char * jbjPublicDSA = " --mQFCBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR --zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy --AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm --qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv --Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT --2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh --1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL7QpSmVmZiBKb2hu --c29uIChBUlMgTjNOUFEpIDxqYmpAcmVkaGF0LmNvbT6IVwQTEQIAFwUCO7pcfAUL --BwoDBAMVAwIDFgIBAheAAAoJEIHSpVbYjoOZBToAn3TXaAI+bhg51EeyaiFip/6W --OVwBAJ44rTtNsgZBQxXISjB64CWxl4VaWQ== -+static const char * jbjPublicDSA = "\n\ -+mQFCBDu6XHwRAwCTIHRgKeIlOFUIEZeJVYSrXn0eUrM5S8OF471tTc+IV7AwiXBR\n\ -+zCFCan4lO1ipmoAipyN2A6ZX0HWOcWdYlWz2adxA7l8JNiZTzkemA562xwex2wLy\n\ -+AQWVTtRN6jv0LccAoN4UWZkIvkT6tV918sEvDEggGARxAv9190RhrDq/GMqd+AHm\n\ -+qWrRkrBRHDUBBL2fYEuU3gFekYrW5CDIN6s3Mcq/yUsvwHl7bwmoqbf2qabbyfnv\n\ -+Y66ETOPKLcw67ggcptHXHcwlvpfJmHKpjK+ByzgauPXXbRAC+gKDjzXL0kAQxjmT\n\ -+2D+16O4vI8Emlx2JVcGLlq/aWhspvQWIzN6PytA3iKZ6uzesrM7yXmqzgodZUsJh\n\ -+1wwl/0K5OIJn/oD41UayU8RXNER8SzDYvDYsJymFRwE1s58lL7QpSmVmZiBKb2hu\n\ -+c29uIChBUlMgTjNOUFEpIDxqYmpAcmVkaGF0LmNvbT6IVwQTEQIAFwUCO7pcfAUL\n\ -+BwoDBAMVAwIDFgIBAheAAAoJEIHSpVbYjoOZBToAn3TXaAI+bhg51EeyaiFip/6W\n\ -+OVwBAJ44rTtNsgZBQxXISjB64CWxl4VaWQ==\n\ - "; - - /* Signature */ --static const char * abcSignatureDSA = " --iD8DBQA7vII+gdKlVtiOg5kRAvg4AJ0fV3gDBADobAnK2HOkV88bfmFMEgCeNysO --nP3dWWJnp0Pnbor7pIob4Dk= -+static const char * abcSignatureDSA = "\n\ -+iD8DBQA7vII+gdKlVtiOg5kRAvg4AJ0fV3gDBADobAnK2HOkV88bfmFMEgCeNysO\n\ -+nP3dWWJnp0Pnbor7pIob4Dk=\n\ - "; - - int -@@ -108,28 +96,6 @@ main (int argc, char *argv[]) - - dig = pgpNewDig(); - -- mpbzero(&dig->p); mpbsethex(&dig->p, fips_p); -- mpbzero(&dig->q); mpbsethex(&dig->q, fips_q); -- mpnzero(&dig->g); mpnsethex(&dig->g, fips_g); -- mpnzero(&dig->y); mpnsethex(&dig->y, fips_y); -- mpnzero(&dig->r); mpnsethex(&dig->r, fips_r); -- mpnzero(&dig->s); mpnsethex(&dig->s, fips_s); -- mpnzero(&dig->hm); mpnsethex(&dig->hm, fips_hm); -- -- rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, -- &dig->y, &dig->r, &dig->s); -- --fprintf(stderr, "=============================== DSA FIPS-186-1: rc %d\n", rc); -- -- mpbfree(&dig->p); -- mpbfree(&dig->q); -- mpnfree(&dig->g); -- mpnfree(&dig->y); -- -- mpnfree(&dig->hm); -- mpnfree(&dig->r); -- mpnfree(&dig->s); -- - fprintf(stderr, "=============================== GPG Secret Key\n"); - if ((rc = doit(jbjSecretDSA, dig, printing)) != 0) - fprintf(stderr, "==> FAILED: rc %d\n", rc); -@@ -144,39 +110,33 @@ fprintf(stderr, "=============================== GPG Signature of \"abc\"\n"); - - { DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); - struct pgpDigParams_s * dsig = &dig->signature; -- const char * digest = NULL; -+ void *digest = NULL; - size_t digestlen = 0; - const char * txt = "abc"; -+ SECItem digitem; - - rpmDigestUpdate(ctx, txt, strlen(txt)); - rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen); -- rpmDigestFinal(ctx, (void **)&digest, &digestlen, 1); -+ rpmDigestFinal(ctx, &digest, &digestlen, 0); - -- mpnzero(&dig->hm); mpnsethex(&dig->hm, digest); -+fprintf(stderr, "\n hm = [ 160]: %s\n\n", pgpHexStr(digest, digestlen)); -+ digitem.type = siBuffer; -+ digitem.data = digest; -+ digitem.len = digestlen; - --fprintf(stderr, "\n hm = [ 160]: %s\n\n", digest); -+ rc = VFY_VerifyDigest(&digitem, dig->dsa, dig->dsasig, SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL); - - if (digest) { -- free((void *)digest); -+ free(digest); - digest = NULL; - } - } - -- rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, -- &dig->y, &dig->r, &dig->s); - - fprintf(stderr, "=============================== DSA verify: rc %d\n", rc); - -- mpbfree(&dig->p); -- mpbfree(&dig->q); -- mpnfree(&dig->g); -- mpnfree(&dig->y); -- -- mpnfree(&dig->hm); -- mpnfree(&dig->r); -- mpnfree(&dig->s); -- - dig = pgpFreeDig(dig); - - return rc; - } -+ -diff --git a/tools/Makefile.am b/tools/Makefile.am -index 72bfd0b..053a02a 100644 ---- a/tools/Makefile.am -+++ b/tools/Makefile.am -@@ -8,7 +8,7 @@ INCLUDES = -I. \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/rpmdb \ - -I$(top_srcdir)/rpmio \ -- @WITH_BEECRYPT_INCLUDE@ \ -+ @WITH_NSS_INCLUDE@ \ - @WITH_POPT_INCLUDE@ \ - @WITH_LIBELF_INCLUDE@ \ - @WITH_LIBDWARF_INCLUDE@ \ -@@ -36,10 +36,10 @@ bin_PROGRAMS = rpmgraph - convertdb1_SOURCES = convertdb1.c - - debugedit_SOURCES = debugedit.c hashtab.c --#debugedit_LDADD = @LDFLAGS_STATIC@ \ --debugedit_LDADD = \ -+debugedit_CFLAGS = $(INCLUDES) -+#debugedit_LDFLAGS = $(staticLDFLAGS) -+debugedit_LDADD = $(top_builddir)/rpmio/librpmio.la \ - @WITH_LIBELF_LIB@ \ -- @WITH_BEECRYPT_LIB@ \ - @WITH_POPT_LIB@ - - javadeps_SOURCES = javadeps.c -diff --git a/tools/debugedit.c b/tools/debugedit.c -index f6e27b6..e69ff3d 100644 ---- a/tools/debugedit.c -+++ b/tools/debugedit.c -@@ -36,8 +36,8 @@ - #include - #include - --#include -- -+#include -+#include - #include "hashtab.h" - - #define DW_TAG_partial_unit 0x3c -@@ -1304,22 +1304,29 @@ error_out: - return NULL; - } - -+static const pgpHashAlgo algorithms[] = { PGPHASHALGO_MD5, -+ PGPHASHALGO_SHA1, PGPHASHALGO_SHA256, PGPHASHALGO_SHA384, PGPHASHALGO_SHA512 }; -+ - /* Compute a fresh build ID bit-string from the editted file contents. */ - static void - handle_build_id (DSO *dso, Elf_Data *build_id, - size_t build_id_offset, size_t build_id_size) - { -- hashFunctionContext ctx; -- const hashFunction *hf = NULL; -- int i = hashFunctionCount (); -+ DIGEST_CTX ctx; -+ pgpHashAlgo algorithm; -+ int i = sizeof(algorithms)/sizeof(algorithms[0]); -+ void *digest = NULL; -+ size_t len; -+ -+ rpmInitCrypto(); - - while (i-- > 0) - { -- hf = hashFunctionGet (i); -- if (hf != NULL && hf->digestsize == build_id_size) -+ algorithm = algorithms[i]; -+ if (rpmDigestLength(algorithm) == build_id_size) - break; - } -- if (hf == NULL) -+ if (i < 0) - { - fprintf (stderr, "Cannot handle %Zu-byte build ID\n", build_id_size); - exit (1); -@@ -1335,7 +1342,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id, - /* Clear the old bits so they do not affect the new hash. */ - memset ((char *) build_id->d_buf + build_id_offset, 0, build_id_size); - -- hashFunctionContextInit (&ctx, hf); -+ ctx = rpmDigestInit(algorithm, 0); - - /* Slurp the relevant header bits and section contents and feed them - into the hash function. The only bits we ignore are the offset -@@ -1346,13 +1353,6 @@ handle_build_id (DSO *dso, Elf_Data *build_id, - or Elf64 object, only that we are consistent in what bits feed the - hash so it comes out the same for the same file contents. */ - { -- inline void process (const void *data, size_t size); -- inline void process (const void *data, size_t size) -- { -- memchunk chunk = { .data = (void *) data, .size = size }; -- hashFunctionContextUpdateMC (&ctx, &chunk); -- } -- - union - { - GElf_Ehdr ehdr; -@@ -1381,7 +1381,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id, - goto bad; - if (elf64_xlatetom (&x, &x, dso->ehdr.e_ident[EI_DATA]) == NULL) - goto bad; -- process (x.d_buf, x.d_size); -+ rpmDigestUpdate(ctx, x.d_buf, x.d_size); - } - - x.d_type = ELF_T_SHDR; -@@ -1393,34 +1393,29 @@ handle_build_id (DSO *dso, Elf_Data *build_id, - u.shdr.sh_offset = 0; - if (elf64_xlatetom (&x, &x, dso->ehdr.e_ident[EI_DATA]) == NULL) - goto bad; -- process (x.d_buf, x.d_size); -+ rpmDigestUpdate(ctx, x.d_buf, x.d_size); - - if (u.shdr.sh_type != SHT_NOBITS) - { - Elf_Data *d = elf_rawdata (dso->scn[i], NULL); - if (d == NULL) - goto bad; -- process (d->d_buf, d->d_size); -+ rpmDigestUpdate(ctx, d->d_buf, d->d_size); - } - } - } - -- hashFunctionContextDigest (&ctx, (byte *) build_id->d_buf + build_id_offset); -- hashFunctionContextFree (&ctx); -+ rpmDigestFinal(ctx, &digest, &len, 0); -+ memcpy((unsigned char *)build_id->d_buf + build_id_offset, digest, build_id_size); -+ free(digest); - - elf_flagdata (build_id, ELF_C_SET, ELF_F_DIRTY); - - /* Now format the build ID bits in hex to print out. */ - { -- const unsigned char * id = build_id->d_buf + build_id_offset; -+ const byte * id = (byte *)build_id->d_buf + build_id_offset; - char hex[build_id_size * 2 + 1]; -- int n = snprintf (hex, 3, "%02" PRIx8, id[0]); -- assert (n == 2); -- for (i = 1; i < build_id_size; ++i) -- { -- n = snprintf (&hex[i * 2], 3, "%02" PRIx8, id[i]); -- assert (n == 2); -- } -+ pgpHexCvt(hex, id, build_id_size); - puts (hex); - } - } diff --git a/rpm-4.4.2.3-prereq.patch b/rpm-4.4.2.3-prereq.patch deleted file mode 100644 index 6937794..0000000 --- a/rpm-4.4.2.3-prereq.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up rpm-4.4.2.3/build/rpmfc.c.prereq rpm-4.4.2.3/build/rpmfc.c ---- rpm-4.4.2.3/build/rpmfc.c.prereq 2008-04-01 09:47:42.000000000 +0300 -+++ rpm-4.4.2.3/build/rpmfc.c 2008-04-01 09:54:54.000000000 +0300 -@@ -1488,7 +1488,7 @@ static struct DepMsg_s depMsgs[] = { - _notpre(RPMSENSE_SCRIPT_POSTUN), 0 }, - { "Requires", { "%{?__find_requires}", NULL, NULL, NULL }, - -1, -1, RPMTAG_REQUIREFLAGS, /* XXX inherit name/version arrays */ -- RPMSENSE_FIND_REQUIRES|RPMSENSE_TRIGGERIN|RPMSENSE_TRIGGERUN|RPMSENSE_TRIGGERPOSTUN|RPMSENSE_TRIGGERPREIN, 0 }, -+ RPMSENSE_PREREQ, RPMSENSE_PREREQ }, - { "Conflicts", { "%{?__find_conflicts}", NULL, NULL, NULL }, - RPMTAG_CONFLICTNAME, RPMTAG_CONFLICTVERSION, RPMTAG_CONFLICTFLAGS, - 0, -1 }, -diff -up rpm-4.4.2.3/lib/rpmlib.h.prereq rpm-4.4.2.3/lib/rpmlib.h ---- rpm-4.4.2.3/lib/rpmlib.h.prereq 2008-04-01 09:13:04.000000000 +0300 -+++ rpm-4.4.2.3/lib/rpmlib.h 2008-04-01 09:47:42.000000000 +0300 -@@ -505,8 +505,7 @@ typedef enum rpmsenseFlags_e { - RPMSENSE_EQUAL = (1 << 3), - RPMSENSE_PROVIDES = (1 << 4), /* only used internally by builds */ - RPMSENSE_CONFLICTS = (1 << 5), /* only used internally by builds */ -- /* bit 6 used to be RPMSENSE_PREREQ */ --#define RPMSENSE_PREREQ RPMSENSE_ANY -+ RPMSENSE_PREREQ = (1 << 6), /*!< @todo Legacy. */ - RPMSENSE_OBSOLETES = (1 << 7), /* only used internally by builds */ - RPMSENSE_INTERP = (1 << 8), /*!< Interpreter used by scriptlet. */ - RPMSENSE_SCRIPT_PRE = ((1 << 9)|RPMSENSE_PREREQ), /*!< %pre dependency. */ diff --git a/rpm-4.4.2.3-queryformat-arch.patch b/rpm-4.4.2.3-queryformat-arch.patch deleted file mode 100644 index 4bbbaee..0000000 --- a/rpm-4.4.2.3-queryformat-arch.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rpm-4.4.2.3-rc1/macros.in.qfmt rpm-4.4.2.3-rc1/macros.in ---- rpm-4.4.2.3-rc1/macros.in.qfmt 2008-01-25 16:52:39.000000000 +0200 -+++ rpm-4.4.2.3-rc1/macros.in 2008-01-25 16:57:31.000000000 +0200 -@@ -791,7 +791,7 @@ print (t)\ - # Default headerSprintf() output format string for rpm -qa - # - # XXX Note: escaped %% for use in headerSprintf() --%_query_all_fmt %%{name}-%%{version}-%%{release} -+%_query_all_fmt %%{name}-%%{version}-%%{release}%%|arch?{.%%{arch}}:{}| - - # - # Default path to the file used for transaction fcmtl lock. diff --git a/rpm-4.4.2.3-rc1-sparc-mcpu.patch b/rpm-4.4.2.3-rc1-sparc-mcpu.patch deleted file mode 100644 index 03fc2f6..0000000 --- a/rpm-4.4.2.3-rc1-sparc-mcpu.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up rpm-4.4.2.3-rc1/rpmrc.in.BAD rpm-4.4.2.3-rc1/rpmrc.in ---- rpm-4.4.2.3-rc1/rpmrc.in.BAD 2008-03-27 10:49:49.000000000 -0500 -+++ rpm-4.4.2.3-rc1/rpmrc.in 2008-03-27 10:50:27.000000000 -0500 -@@ -37,10 +37,10 @@ optflags: alphaev67 -O2 -g -mieee -march - - optflags: sparc -O2 -g -m32 -mtune=ultrasparc - optflags: sparcv8 -O2 -g -m32 -mtune=ultrasparc -mv8 --optflags: sparcv9 -O2 -g -m32 -march=ultrasparc --optflags: sparcv9v -O2 -g -m32 -march=niagara --optflags: sparc64 -O2 -g -m64 -march=ultrasparc --optflags: sparc64v -O2 -g -m64 -march=niagara -+optflags: sparcv9 -O2 -g -m32 -mcpu=ultrasparc -+optflags: sparcv9v -O2 -g -m32 -mcpu=niagara -+optflags: sparc64 -O2 -g -m64 -mcpu=ultrasparc -+optflags: sparc64v -O2 -g -m64 -mcpu=niagara - - optflags: m68k -O2 -g -fomit-frame-pointer - diff --git a/rpm-4.5.90-digestlen.patch b/rpm-4.5.90-digestlen.patch deleted file mode 100644 index 5aa0fd8..0000000 --- a/rpm-4.5.90-digestlen.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/rpmio/digest.c b/rpmio/digest.c -index c360919..64b678b 100644 ---- a/rpmio/digest.c -+++ b/rpmio/digest.c -@@ -123,7 +123,7 @@ int - rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii) - { - unsigned char * digest; -- size_t digestlen; -+ unsigned int digestlen; - - if (ctx == NULL) - return -1; diff --git a/rpm-4.5.90-macroarg.patch b/rpm-4.5.90-macroarg.patch deleted file mode 100644 index 468905d..0000000 --- a/rpm-4.5.90-macroarg.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/rpmio/macro.c b/rpmio/macro.c -index 14d4565..cc0638a 100644 ---- a/rpmio/macro.c -+++ b/rpmio/macro.c -@@ -797,8 +797,10 @@ grabArgs(MacroBuf mb, const rpmMacroEntry me, const char * se, - { ARGV_t av = NULL; - char *s = xcalloc((lastc-se)+1, sizeof(*s)); - -- memmove(s, se, (lastc-se)); -- ret = se + strlen(s) + 1; -+ /* XXX expandMacro() expects next \0 which can be beyond lastc */ -+ ret = strchr(se, '\0'); -+ memcpy(s, se, (lastc-se)); -+ - argvSplit(&av, s, " "); - argvAppend(&argv, av); - diff --git a/rpm-4.5.90-mono-magic.patch b/rpm-4.5.90-mono-magic.patch deleted file mode 100644 index dfde3c1..0000000 --- a/rpm-4.5.90-mono-magic.patch +++ /dev/null @@ -1,22 +0,0 @@ -commit b3bd21e9f07272a37c2259070f95b167e6301c79 -Author: Panu Matilainen -Date: Mon Jul 14 11:53:10 2008 +0300 - - Fix mono dependency extraction - - use "Mono/.Net assembly" instead of "PE executable" for detection, - later file reports bitness (eg "PE32 executable"), we just care if its - mono or not. This is compatible with older libmagic too. - -diff --git a/build/rpmfc.c b/build/rpmfc.c -index 3cc2d6d..6f15b2c 100644 ---- a/build/rpmfc.c -+++ b/build/rpmfc.c -@@ -490,7 +490,7 @@ static const struct rpmfcTokens_s const rpmfcTokens[] = { - - /* XXX .NET executables and libraries. file(1) cannot differ from win32 - * executables unfortunately :( */ -- { "PE executable", RPMFC_MONO|RPMFC_INCLUDE }, -+ { "Mono/.Net assembly", RPMFC_MONO|RPMFC_INCLUDE }, - - { "current ar archive", RPMFC_STATIC|RPMFC_LIBRARY|RPMFC_ARCHIVE|RPMFC_INCLUDE }, - diff --git a/rpm-4.5.90-patchnum.patch b/rpm-4.5.90-patchnum.patch deleted file mode 100644 index ad80e3a..0000000 --- a/rpm-4.5.90-patchnum.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit 6df78d16a68ff508a965ba2166f3b376e850b138 -Author: Panu Matilainen -Date: Sat Jul 19 15:27:42 2008 +0300 - - Fix regression in %patch handling (rhbz#455872) - - popt doesn't think of "008" as an integer, let popt think it's a string - as we do our own conversion to number anyway - -diff --git a/build/parsePrep.c b/build/parsePrep.c -index 4b0ccdf..fcc28c8 100644 ---- a/build/parsePrep.c -+++ b/build/parsePrep.c -@@ -403,16 +403,16 @@ static int doSetupMacro(rpmSpec spec, const char *line) - */ - static rpmRC doPatchMacro(rpmSpec spec, const char *line) - { -- char *opt_b; -+ char *opt_b, *opt_P; - char *buf = NULL; -- int opt_P, opt_p, opt_R, opt_E, opt_F; -+ int opt_p, opt_R, opt_E, opt_F; - int argc, c; - const char **argv = NULL; - ARGV_t patch, patchnums = NULL; - rpmRC rc = RPMRC_FAIL; /* assume failure */ - - struct poptOption const patchOpts[] = { -- { NULL, 'P', POPT_ARG_INT, &opt_P, 'P', NULL, NULL }, -+ { NULL, 'P', POPT_ARG_STRING, &opt_P, 'P', NULL, NULL }, - { NULL, 'p', POPT_ARG_INT, &opt_p, 'p', NULL, NULL }, - { NULL, 'R', POPT_ARG_NONE, &opt_R, 'R', NULL, NULL }, - { NULL, 'E', POPT_ARG_NONE, &opt_E, 'E', NULL, NULL }, diff --git a/rpm-4.5.90-posttrans.patch b/rpm-4.5.90-posttrans.patch new file mode 100644 index 0000000..14b5276 --- /dev/null +++ b/rpm-4.5.90-posttrans.patch @@ -0,0 +1,101 @@ +diff --git a/lib/transaction.c b/lib/transaction.c +index 7e432a3..42f1b12 100644 +--- a/lib/transaction.c ++++ b/lib/transaction.c +@@ -910,33 +910,51 @@ static int runTransScripts(rpmts ts, rpmTag stag) + if (script == NULL && scriptprog == NULL) + continue; + +- p->fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0); +- p->h = NULL; +- if (rpmteFd(p) != NULL) { +- rpmVSFlags ovsflags = rpmtsVSFlags(ts); +- rpmVSFlags vsflags = ovsflags | RPMVSF_NEEDPAYLOAD; +- rpmRC rpmrc; +- ovsflags = rpmtsSetVSFlags(ts, vsflags); +- rpmrc = rpmReadPackageFile(ts, rpmteFd(p), +- rpmteNEVR(p), &p->h); +- vsflags = rpmtsSetVSFlags(ts, ovsflags); +- switch (rpmrc) { +- default: +- /* FIX: notify annotations */ +- p->fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0); +- p->fd = NULL; +- break; +- case RPMRC_NOTTRUSTED: +- case RPMRC_NOKEY: +- case RPMRC_OK: +- break; ++ if (stag==RPMTAG_POSTTRANS) { ++ /* get (already installed) header from rpmdb */ ++ rpmdbMatchIterator mi; ++ mi = rpmtsInitIterator(ts, RPMTAG_NAME, rpmteN(p), 0); ++ xx = rpmdbSetIteratorRE(mi, RPMTAG_EPOCH, RPMMIRE_STRCMP, ++ rpmteE(p)); ++ xx = rpmdbSetIteratorRE(mi, RPMTAG_VERSION, RPMMIRE_STRCMP, ++ rpmteV(p)); ++ xx = rpmdbSetIteratorRE(mi, RPMTAG_RELEASE, RPMMIRE_STRCMP, ++ rpmteR(p)); ++ xx = rpmdbSetIteratorRE(mi, RPMTAG_ARCH, RPMMIRE_STRCMP, ++ rpmteA(p)); ++ ++ p->h = headerCopy(rpmdbNextIterator(mi)); ++ mi = rpmdbFreeIterator(mi); ++ } else { ++ /* reread rpm file */ ++ p->fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0); ++ p->h = NULL; ++ if (rpmteFd(p) != NULL) { ++ rpmVSFlags ovsflags = rpmtsVSFlags(ts); ++ rpmVSFlags vsflags = ovsflags | RPMVSF_NEEDPAYLOAD; ++ rpmRC rpmrc; ++ ovsflags = rpmtsSetVSFlags(ts, vsflags); ++ rpmrc = rpmReadPackageFile(ts, rpmteFd(p), ++ rpmteNEVR(p), &p->h); ++ vsflags = rpmtsSetVSFlags(ts, ovsflags); ++ switch (rpmrc) { ++ default: ++ /* FIX: notify annotations */ ++ p->fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0); ++ p->fd = NULL; ++ break; ++ case RPMRC_NOTTRUSTED: ++ case RPMRC_NOKEY: ++ case RPMRC_OK: ++ break; ++ } + } +- } ++ } + +- if (rpmteFd(p) != NULL) { +- fi = rpmfiNew(ts, p->h, RPMTAG_BASENAMES, 1); ++ if (p->h) { ++ fi = rpmfiNew(ts, p->h, RPMTAG_BASENAMES, 1); + if (fi != NULL) { /* XXX can't happen */ +- if (stag == RPMTAG_PRETRANS) { ++ if (stag == RPMTAG_PRETRANS) { /* isn't this the same? */ + fi->te = p; + p->fi = fi; + } else { +@@ -944,14 +962,16 @@ static int runTransScripts(rpmts ts, rpmTag stag) + p->fi->te = p; + } + } ++ fi->h = p->h; // is this right? + psm = rpmpsmNew(ts, p, p->fi); + assert(psm != NULL); + xx = rpmpsmScriptStage(psm, stag, progtag); + psm = rpmpsmFree(psm); +- +- (void) rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0); +- p->fd = NULL; +- p->h = headerFree(p->h); ++ if (p->fd != NULL) { ++ (void) rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0); ++ p->fd = NULL; ++ } ++ p->h = fi->h = headerFree(p->h); + } + } + pi = rpmtsiFree(pi); diff --git a/rpm.spec b/rpm.spec index c99b0dc..f6784b6 100644 --- a/rpm.spec +++ b/rpm.spec @@ -10,7 +10,7 @@ %define rpmhome /usr/lib/rpm %define rpmver 4.5.90 -%define snapver git8426 +%define snapver git8444 %define srcver %{rpmver}.%{snapver} %define bdbver 4.5.20 @@ -18,7 +18,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: 0.%{snapver}.9 +Release: 0.%{snapver}.1 Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/testing/%{name}-%{srcver}.tar.bz2 @@ -31,11 +31,8 @@ Patch1: rpm-4.5.90-pkgconfig-path.patch # XXX only create provides for pkgconfig and libtool initially Patch100: rpm-4.6.x-no-pkgconfig-reqs.patch -# These are already upstream, drop on next snapshot update: -Patch200: rpm-4.5.90-digestlen.patch -Patch201: rpm-4.5.90-mono-magic.patch -Patch202: rpm-4.5.90-macroarg.patch -Patch203: rpm-4.5.90-patchnum.patch +# These are not yet upstream +Patch200: rpm-4.5.90-posttrans.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -163,10 +160,7 @@ that will manipulate RPM packages and databases. %patch1 -p1 -b .pkgconfig-path %patch100 -p1 -b .pkgconfig-deps -%patch200 -p1 -b .diglen -%patch201 -p1 -b .mono-magic -%patch202 -p1 -b .macroarg -%patch203 -p1 -b .patchnum +%patch200 -p1 -b .posttrans %if %{with int_bdb} ln -s db-%{bdbver} db @@ -342,6 +336,15 @@ exit 0 %doc doc/librpm/html/* %changelog +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8427.1 +- new snapshot from upstream + +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8426.10 +- rpm-4.5.90-posttrans.patch +- use header from rpmdb in posttrans to make anaconda happy + * Sat Jul 19 2008 Panu Matilainen - 4.5.90-0.git8426.9 - fix regression in patch number handling (#455872) diff --git a/sources b/sources index 6aa5cdc..b825ee3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -019294e156d2a3acefee118e38f65836 rpm-4.5.90.git8426.tar.bz2 +c753868c909cb711d1f06a9fedf092cc rpm-4.5.90.git8444.tar.bz2