File fixv4rsasigs.diff of Package rpm
--- ./lib/signature.c.orig 2010-07-05 15:21:27.368024000 +0000
+++ ./lib/signature.c 2010-07-05 15:24:54.264343000 +0000
@@ -1301,18 +1301,15 @@ verifyRSASignature(rpmts ts, /*@out@*/ c
if (sigp->hash != NULL)
xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
-#ifdef NOTYET /* XXX not for binary/text signatures as in packages. */
- if (!(sigp->sigtype == PGPSIGTYPE_BINARY || sigp->sigtype == PGP_SIGTYPE_TEXT)) {
- int nb = dig->nbytes + sigp->hashlen;
+ if (sigp->version == 4) {
+ int nb = sigp->hashlen;
byte trailer[6];
nb = htonl(nb);
- trailer[0] = 0x4;
+ trailer[0] = sigp->version;
trailer[1] = 0xff;
memcpy(trailer+2, &nb, sizeof(nb));
xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
}
-#endif
-
xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1);
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */