rpms/rpm/devel rpm-4.4.2.3-nss.patch,1.1,1.2

Panu Matilainen (pmatilai) fedora-extras-commits at redhat.com
Tue Apr 1 07:49:58 UTC 2008


Author: pmatilai

Update of /cvs/pkgs/rpms/rpm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21276

Modified Files:
	rpm-4.4.2.3-nss.patch 
Log Message:
Rediff NSS patch to fight off fuzz


rpm-4.4.2.3-nss.patch:

Index: rpm-4.4.2.3-nss.patch
===================================================================
RCS file: /cvs/pkgs/rpms/rpm/devel/rpm-4.4.2.3-nss.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rpm-4.4.2.3-nss.patch	25 Jan 2008 15:17:21 -0000	1.1
+++ rpm-4.4.2.3-nss.patch	1 Apr 2008 07:49:50 -0000	1.2
@@ -1,7 +1,14 @@
-diff -r ec9e6c427068 Makefile.am
---- a/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
-@@ -10,14 +10,14 @@ EXTRA_DIST = CHANGES ChangeLog CREDITS D
+commit c8173f26908886f7b02f7f88a7a2aed9498839da
+Author: Panu Matilainen <pmatilai at redhat.com>
+Date:   Tue Apr 1 10:42:49 2008 +0300
+
+    NSS support
+
+diff --git a/Makefile.am b/Makefile.am
+index 0495836..4c68c4c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,14 +10,14 @@ EXTRA_DIST = CHANGES ChangeLog CREDITS Doxyheader GROUPS README.amiga INSTALL \
  	po/*.in po/*.po po/rpm.pot \
  	rpm.magic rpmpopt-$(VERSION) rpmqv.c 
  
@@ -52,10 +59,11 @@
  		`make -s sources -C file/src` \
  		`make -s sources -C popt`
  
-diff -r ec9e6c427068 autogen.sh
---- a/autogen.sh	Wed Oct 24 16:02:51 2007 +0300
-+++ b/autogen.sh	Thu Nov 01 10:56:58 2007 +0100
-@@ -48,9 +48,6 @@ if [ -d zlib ]; then
+diff --git a/autogen.sh b/autogen.sh
+index 27d4118..63bfbe1 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -48,9 +48,6 @@ fi
  if [ -d zlib ]; then
      (echo "--- zlib"; cd zlib; ./autogen.sh --noconfigure "$@")
  fi
@@ -65,9 +73,10 @@
  if [ -d elfutils ]; then
      (echo "--- elfutils"; cd elfutils; ./autogen.sh --noconfigure "$@")
  fi
-diff -r ec9e6c427068 build/Makefile.am
---- a/build/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/build/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/build/Makefile.am b/build/Makefile.am
+index 83d2dee..75b41c2 100644
+--- a/build/Makefile.am
++++ b/build/Makefile.am
 @@ -9,7 +9,7 @@ INCLUDES = -I. \
  	-I$(top_srcdir)/lib \
  	-I$(top_srcdir)/rpmdb \
@@ -77,10 +86,11 @@
  	@WITH_MAGIC_INCLUDE@ \
  	@WITH_POPT_INCLUDE@ \
  	@WITH_LIBELF_INCLUDE@ \
-diff -r ec9e6c427068 configure.ac
---- a/configure.ac	Wed Oct 24 16:02:51 2007 +0300
-+++ b/configure.ac	Thu Nov 01 10:56:58 2007 +0100
-@@ -463,34 +463,32 @@ AC_SUBST(WITH_LIBDWARF_DEBUGEDIT)
+diff --git a/configure.ac b/configure.ac
+index b004391..c98c86d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -463,34 +463,32 @@ AC_SUBST(WITH_LIBDWARF_INCLUDE)
  AC_SUBST(WITH_LIBDWARF_DEBUGEDIT)
  
  #=================
@@ -127,21 +137,21 @@
 -   if test -z "${WITH_BEECRYPT_LIB}" ; then
 -       AC_MSG_ERROR([rpm requires beecrypt]) 
 -   fi
--])
++  AC_MSG_ERROR([rpm requires NSS]) 
+ ])
 -AC_SUBST(WITH_BEECRYPT_SUBDIR)
 -AC_SUBST(WITH_BEECRYPT_INCLUDE)
 -AC_SUBST(WITH_BEECRYPT_LIB)
-+  AC_MSG_ERROR([rpm requires NSS]) 
-+])
 +CPPFLAGS="$save_CPPFLAGS"
 +AC_SUBST(WITH_NSS_INCLUDE)
 +AC_SUBST(WITH_NSS_LIB)
  
  #=================
  # Check for neon library. Prefer external, otherwise internal.
-diff -r ec9e6c427068 lib/Makefile.am
---- a/lib/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index d433b75..fe761da 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
 @@ -9,7 +9,7 @@ INCLUDES = -I. \
  	-I$(top_srcdir)/build \
  	-I$(top_srcdir)/rpmdb \
@@ -151,10 +161,11 @@
  	@WITH_POPT_INCLUDE@ \
  	-I$(top_srcdir)/misc \
  	@INCPATH@
-diff -r ec9e6c427068 lib/formats.c
---- a/lib/formats.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/formats.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -210,23 +210,17 @@ static /*@only@*/ char * base64Format(in
+diff --git a/lib/formats.c b/lib/formats.c
+index 59f953a..e4354ff 100644
+--- a/lib/formats.c
++++ b/lib/formats.c
+@@ -210,23 +210,17 @@ static /*@only@*/ char * base64Format(int_32 type, const void * data,
  	int lc;
  	/* XXX HACK ALERT: element field abused as no. bytes of binary data. */
  	size_t ns = element;
@@ -182,7 +193,7 @@
  	    t = stpcpy(t, enc);
  	    enc = _free(enc);
  	}
-@@ -310,16 +304,13 @@ static /*@only@*/ char * xmlFormat(int_3
+@@ -310,16 +304,13 @@ static /*@only@*/ char * xmlFormat(int_32 type, const void * data,
  	xtag = "string";
  	break;
      case RPM_BIN_TYPE:
@@ -206,10 +217,11 @@
  	xtag = "base64";
      }	break;
      case RPM_CHAR_TYPE:
-diff -r ec9e6c427068 lib/package.c
---- a/lib/package.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/package.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -1008,11 +1008,9 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t 
+diff --git a/lib/package.c b/lib/package.c
+index 09571b0..8458b02 100644
+--- a/lib/package.c
++++ b/lib/package.c
+@@ -1008,11 +1008,9 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
  		fddig->hashctx = NULL;
  		/*@switchbreak@*/ break;
  	    case PGPHASHALGO_SHA1:
@@ -221,10 +233,11 @@
  		dig->sha1ctx = fddig->hashctx;
  		fddig->hashctx = NULL;
  		/*@switchbreak@*/ break;
-diff -r ec9e6c427068 lib/rpmchecksig.c
---- a/lib/rpmchecksig.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/rpmchecksig.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -447,7 +447,7 @@ rpmRC rpmcliImportPubkey(const rpmts ts,
+diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
+index b4d377e..83b2d2e 100644
+--- a/lib/rpmchecksig.c
++++ b/lib/rpmchecksig.c
+@@ -447,7 +447,7 @@ rpmRC rpmcliImportPubkey(const rpmts ts, const unsigned char * pkt, ssize_t pktl
      if (rpmtsOpenDB(ts, (O_RDWR|O_CREAT)))
  	return RPMRC_FAIL;
  
@@ -245,9 +258,25 @@
  assert(dig->sha1ctx == NULL);
  	    dig->sha1ctx = fddig->hashctx;
  	    fddig->hashctx = NULL;
-diff -r ec9e6c427068 lib/rpmts.c
---- a/lib/rpmts.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/rpmts.c	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/lib/rpmrc.c b/lib/rpmrc.c
+index d402a1e..07e604a 100644
+--- a/lib/rpmrc.c
++++ b/lib/rpmrc.c
+@@ -1884,6 +1884,10 @@ int rpmReadConfigFiles(const char * file, const char * target)
+     /* Reset umask to its default umask(2) value. */
+     mode = umask(mode);
+ 
++    /* Initialize crypto engine as early as possible */
++    if (rpmInitCrypto() < 0) {
++	return -1;
++    }	
+     /* Preset target macros */
+     /*@-nullstate@*/	/* FIX: target can be NULL */
+     rpmRebuildTargetVars(&target, NULL);
+diff --git a/lib/rpmts.c b/lib/rpmts.c
+index ef791c6..8423957 100644
+--- a/lib/rpmts.c
++++ b/lib/rpmts.c
 @@ -4,7 +4,7 @@
   */
  #include "system.h"
@@ -257,10 +286,11 @@
  #include <rpmlib.h>
  #include <rpmmacro.h>		/* XXX rpmtsOpenDB() needs rpmGetPath */
  
-diff -r ec9e6c427068 lib/signature.c
---- a/lib/signature.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/lib/signature.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -1215,9 +1215,10 @@ verifyRSASignature(rpmts ts, /*@out@*/ c
+diff --git a/lib/signature.c b/lib/signature.c
+index 5617e32..0db1349 100644
+--- a/lib/signature.c
++++ b/lib/signature.c
+@@ -1215,9 +1215,10 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
      int_32 sigtag = rpmtsSigtag(ts);
      pgpDig dig = rpmtsDig(ts);
      pgpDigParams sigp = rpmtsSignature(ts);
@@ -272,7 +302,7 @@
  
      *t = '\0';
      if (dig != NULL && dig->hdrmd5ctx == md5ctx)
-@@ -1248,43 +1249,40 @@ verifyRSASignature(rpmts ts, /*@out@*/ c
+@@ -1248,43 +1249,40 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
      switch (sigp->hash_algo) {
      case PGPHASHALGO_MD5:
  	t = stpcpy(t, " RSA/MD5");
@@ -323,7 +353,7 @@
  	break;
      }
  
-@@ -1295,8 +1293,6 @@ verifyRSASignature(rpmts ts, /*@out@*/ c
+@@ -1295,8 +1293,6 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
  
      (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
      {	DIGEST_CTX ctx = rpmDigestDup(md5ctx);
@@ -332,7 +362,7 @@
  
  	if (sigp->hash != NULL)
  	    xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
-@@ -1313,40 +1309,18 @@ verifyRSASignature(rpmts ts, /*@out@*/ c
+@@ -1313,40 +1309,18 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
  	}
  #endif
  
@@ -392,7 +422,7 @@
  	res = RPMRC_OK;
      else
  	res = RPMRC_FAIL;
-@@ -1401,6 +1370,7 @@ verifyDSASignature(rpmts ts, /*@out@*/ c
+@@ -1401,6 +1370,7 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t,
      pgpDigParams sigp = rpmtsSignature(ts);
      rpmRC res;
      int xx;
@@ -400,7 +430,7 @@
  
      *t = '\0';
      if (dig != NULL && dig->hdrsha1ctx == sha1ctx)
-@@ -1428,7 +1398,6 @@ verifyDSASignature(rpmts ts, /*@out@*/ c
+@@ -1428,7 +1398,6 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t,
  
      (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
      {	DIGEST_CTX ctx = rpmDigestDup(sha1ctx);
@@ -408,7 +438,7 @@
  
  	if (sigp->hash != NULL)
  	    xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
-@@ -1442,19 +1411,18 @@ verifyDSASignature(rpmts ts, /*@out@*/ c
+@@ -1442,19 +1411,18 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t,
  	    memcpy(trailer+2, &nb, sizeof(nb));
  	    xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
  	}
@@ -433,7 +463,7 @@
      }
  
      /* Retrieve the matching public key. */
-@@ -1463,8 +1431,8 @@ verifyDSASignature(rpmts ts, /*@out@*/ c
+@@ -1463,8 +1431,8 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t,
  	goto exit;
  
      (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
@@ -444,9 +474,10 @@
  	res = RPMRC_OK;
      else
  	res = RPMRC_FAIL;
-diff -r ec9e6c427068 python/Makefile.am
---- a/python/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/python/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/python/Makefile.am b/python/Makefile.am
+index 1b8c83a..c1da992 100644
+--- a/python/Makefile.am
++++ b/python/Makefile.am
 @@ -17,7 +17,7 @@ INCLUDES = -I. \
  	-I$(top_srcdir)/rpmdb \
  	-I$(top_srcdir)/rpmio \
@@ -456,7 +487,7 @@
  	@WITH_POPT_INCLUDE@ \
  	-I$(top_srcdir)/misc \
  	-I$(pyincdir) \
-@@ -42,7 +42,7 @@ rpm_LTLIBRARIES = _rpmmodule.la
+@@ -42,7 +42,7 @@ rpmdir = $(pylibdir)/site-packages/rpm
  rpm_LTLIBRARIES = _rpmmodule.la
  
  _rpmmodule_la_LDFLAGS = $(mylibs) $(LIBS) -module -avoid-version
@@ -465,9 +496,10 @@
  
  _rpmmodule_la_SOURCES = rpmmodule.c header-py.c \
  		       rpmal-py.c rpmds-py.c rpmdb-py.c rpmfd-py.c rpmfts-py.c \
-diff -r ec9e6c427068 rpmdb/Makefile.am
---- a/rpmdb/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmdb/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/rpmdb/Makefile.am b/rpmdb/Makefile.am
+index 0f017f9..2393dd7 100644
+--- a/rpmdb/Makefile.am
++++ b/rpmdb/Makefile.am
 @@ -9,7 +9,7 @@ INCLUDES = -I. \
  	-I$(top_srcdir)/build \
  	-I$(top_srcdir)/lib \
@@ -477,10 +509,11 @@
  	@WITH_POPT_INCLUDE@ \
  	-I$(top_srcdir)/misc \
  	@WITH_SQLITE3_INCLUDE@ \
-diff -r ec9e6c427068 rpmio/Makefile.am
---- a/rpmio/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
-@@ -10,7 +10,7 @@ EXTRA_PROGRAMS = tax tdigest tdir tfts t
+diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am
+index 2d26dcc..44e4096 100644
+--- a/rpmio/Makefile.am
++++ b/rpmio/Makefile.am
+@@ -10,7 +10,7 @@ EXTRA_PROGRAMS = tax tdigest tdir tfts tget thkp tput tglob tinv tkey tring trpm
  
  INCLUDES = -I. \
  	-I$(top_srcdir) \
@@ -498,9 +531,9 @@
  	rpmio.h rpmurl.h rpmmacro.h rpmlog.h rpmmessages.h rpmerr.h rpmpgp.h \
  	rpmsq.h rpmsw.h ugid.h
  noinst_HEADERS = rpmio_internal.h rpmlua.h rpmhook.h
--
--BEECRYPTLOBJS = $(shell test X"@WITH_BEECRYPT_SUBDIR@" != X && cat $(top_builddir)/@WITH_BEECTYPT_SUBDIR@/listobjs)
  
+-BEECRYPTLOBJS = $(shell test X"@WITH_BEECRYPT_SUBDIR@" != X && cat $(top_builddir)/@WITH_BEECTYPT_SUBDIR@/listobjs)
+-
  LDFLAGS = -L$(RPM_BUILD_ROOT)$(usrlibdir) -L$(DESTDIR)$(usrlibdir)
  
  usrlibdir = $(libdir)@MARK64@
@@ -516,7 +549,7 @@
  	@WITH_NEON_LIB@ \
  	@WITH_LUA_LIB@ \
  	@WITH_MAGIC_LIB@ \
-@@ -44,22 +42,10 @@ librpmio_la_LIBADD = # $(BEECRYPTLOBJS)
+@@ -44,22 +42,10 @@ librpmio_la_LDFLAGS = -release 4.4 $(LDFLAGS) \
  librpmio_la_LIBADD = # $(BEECRYPTLOBJS)
  librpmio_la_DEPENDENCIES = # .created
  
@@ -540,7 +573,7 @@
  
  .PHONY:	sources
  sources:
-@@ -105,7 +91,6 @@ tinv_LDADD = librpmio.la $(top_builddir)
+@@ -105,7 +91,6 @@ tinv_LDFLAGS = @LDFLAGS_STATIC@
  tinv_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la
  
  tkey_SOURCES = tkey.c
@@ -548,10 +581,12 @@
  tkey_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la
  
  tring_SOURCES = tring.c
-diff -r ec9e6c427068 rpmio/base64.c
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/rpmio/base64.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -0,0 +1,254 @@
+diff --git a/rpmio/base64.c b/rpmio/base64.c
+new file mode 100644
+index 0000000..b11b381
+--- /dev/null
++++ b/rpmio/base64.c
+@@ -0,0 +1,253 @@
 +/* base64 encoder/decoder based on public domain implementation
 + * by Chris Venter */
 +
@@ -652,21 +687,20 @@
 +	return output;
 +}
 +
-+static int base64_decode_value(char value_in)
++static int base64_decode_value(unsigned char value_in)
 +{
-+	static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
-+	static const char decoding_size = sizeof(decoding);
++	static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
 +	value_in -= 43;
-+	if (value_in < 0 || value_in > decoding_size)
++	if (value_in > sizeof(decoding)/sizeof(int))
 +		return -1;
-+	return decoding[(int)value_in];
++	return decoding[value_in];
 +}
 +
 +static size_t base64_decode_block(const char *code_in, const size_t length_in, char *plaintext_out)
 +{
 +	const char *codechar = code_in;
 +	char *plainchar = plaintext_out;
-+	char fragment;
++	int fragment;
 +	
 +	*plainchar = 0;
 +	
@@ -677,38 +711,38 @@
 +			{
 +				return plainchar - plaintext_out;
 +			}
-+			fragment = (char)base64_decode_value(*codechar++);
++			fragment = base64_decode_value(*codechar++);
 +		} while (fragment < 0);
-+		*plainchar    = (fragment & 0x03f) << 2;
++		*plainchar    = (char)((fragment & 0x03f) << 2);
 +
 +		do {
 +			if (codechar == code_in+length_in)
 +			{
 +				return plainchar - plaintext_out;
 +			}
-+			fragment = (char)base64_decode_value(*codechar++);
++			fragment = base64_decode_value(*codechar++);
 +		} while (fragment < 0);
-+		*plainchar++ |= (fragment & 0x030) >> 4;
-+		*plainchar    = (fragment & 0x00f) << 4;
++		*plainchar++ |= (char)((fragment & 0x030) >> 4);
++		*plainchar    = (char)((fragment & 0x00f) << 4);
 +
 +		do {
 +			if (codechar == code_in+length_in)
 +			{
 +				return plainchar - plaintext_out;
 +			}
-+			fragment = (char)base64_decode_value(*codechar++);
++			fragment = base64_decode_value(*codechar++);
 +		} while (fragment < 0);
-+		*plainchar++ |= (fragment & 0x03c) >> 2;
-+		*plainchar    = (fragment & 0x003) << 6;
++		*plainchar++ |= (char)((fragment & 0x03c) >> 2);
++		*plainchar    = (char)((fragment & 0x003) << 6);
 +
 +		do {
 +			if (codechar == code_in+length_in)
 +			{
 +				return plainchar - plaintext_out;
 +			}
-+			fragment = (char)base64_decode_value(*codechar++);
++			fragment = base64_decode_value(*codechar++);
 +		} while (fragment < 0);
-+		*plainchar++   |= (fragment & 0x03f);
++		*plainchar++   |= (char)(fragment & 0x03f);
 +	}
 +	/* control should not reach here */
 +	return plainchar - plaintext_out;
@@ -806,9 +840,11 @@
 +}
 +#endif
 +
-diff -r ec9e6c427068 rpmio/base64.h
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/rpmio/base64.h	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/rpmio/base64.h b/rpmio/base64.h
+new file mode 100644
+index 0000000..79ae0b6
+--- /dev/null
++++ b/rpmio/base64.h
 @@ -0,0 +1,29 @@
 +/* base64 encoder/decoder based on public domain implementation
 + * by Chris Venter */
@@ -839,9 +875,10 @@
 + * returns NULL on failures
 + */
 +char *b64crc(const unsigned char *data, size_t len);
-diff -r ec9e6c427068 rpmio/digest.c
---- a/rpmio/digest.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/digest.c	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/rpmio/digest.c b/rpmio/digest.c
+index 5b4cde8..894cf82 100644
+--- a/rpmio/digest.c
++++ b/rpmio/digest.c
 @@ -19,16 +19,7 @@
   */
  struct DIGEST_CTX_s {
@@ -860,7 +897,7 @@
  };
  
  /*@-boundsread@*/
-@@ -37,115 +28,101 @@ rpmDigestDup(DIGEST_CTX octx)
+@@ -37,115 +28,98 @@ rpmDigestDup(DIGEST_CTX octx)
  {
      DIGEST_CTX nctx;
      nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx));
@@ -979,9 +1016,6 @@
 +    HASH_HashType type;
 +    DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
 +
-+    if (NSS_NoDB_Init(NULL) != SECSuccess)
-+	return NULL;
-+
 +    ctx->flags = flags;
 +
 +    type = getHashType(hashalgo);
@@ -1035,7 +1069,7 @@
  /*@=boundsread@*/
  }
  /*@=mustmod@*/
-@@ -154,35 +131,37 @@ int
+@@ -154,35 +128,37 @@ DPRINTF((stderr, "*** Update(%p,%p,%d) param %p \"%s\"\n", ctx, data, len, ctx->
  int
  rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii)
  {
@@ -1082,7 +1116,7 @@
  		*t++ = hex[ (unsigned)((*s >> 4) & 0x0f) ];
  		*t++ = hex[ (unsigned)((*s++   ) & 0x0f) ];
  	    }
-@@ -191,11 +170,10 @@ DPRINTF((stderr, "*** Final(%p,%p,%p,%d)
+@@ -191,11 +167,10 @@ DPRINTF((stderr, "*** Final(%p,%p,%p,%d) param %p digest %p\n", ctx, datap, lenp
      }
  /*@=branchstate@*/
      if (digest) {
@@ -1096,9 +1130,10 @@
      memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
      free(ctx);
      return 0;
-diff -r ec9e6c427068 rpmio/rpmio_internal.h
---- a/rpmio/rpmio_internal.h	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/rpmio_internal.h	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/rpmio/rpmio_internal.h b/rpmio/rpmio_internal.h
+index c2906e8..f92ee8a 100644
+--- a/rpmio/rpmio_internal.h
++++ b/rpmio/rpmio_internal.h
 @@ -9,30 +9,14 @@
  #include <rpmio.h>
  #include <rpmurl.h>
@@ -1163,10 +1198,20 @@
  };
  
  /** \ingroup rpmio
-diff -r ec9e6c427068 rpmio/rpmpgp.c
---- a/rpmio/rpmpgp.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/rpmpgp.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -260,38 +260,100 @@ const char * pgpMpiHex(const byte *p)
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 5d2c6f4..2cc03f8 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -17,6 +17,8 @@ static int _debug = 0;
+ /*@unchecked@*/
+ static int _print = 0;
+ 
++static int _crypto_initialized = 0;
++
+ /*@unchecked@*/ /*@null@*/
+ static pgpDig _dig = NULL;
+ 
+@@ -260,39 +262,101 @@ const char * pgpMpiHex(const byte *p)
  /**
   * @return		0 on success
   */
@@ -1245,7 +1290,7 @@
 +    return item;
 +}
  /*@=boundswrite@*/
-+
+ 
 +static SECKEYPublicKey *pgpNewPublicKey(KeyType type)
 +{
 +    PRArenaPool *arena;
@@ -1278,10 +1323,11 @@
 +{
 +    return pgpNewPublicKey(dsaKey);
 +}
- 
++
  int pgpPrtSubType(const byte *h, unsigned int hlen, pgpSigType sigtype)
  {
-@@ -407,6 +469,10 @@ static const char * pgpSigDSA[] = {
+     const byte *p = h;
+@@ -407,6 +471,10 @@ static const char * pgpSigDSA[] = {
  };
  /*@=varuse =readonlytrans @*/
  
@@ -1292,14 +1338,13 @@
  static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigtype,
  		const byte *p, const byte *h, unsigned int hlen)
  	/*@globals fileSystem @*/
-@@ -414,7 +480,13 @@ static int pgpPrtSigParams(/*@unused@*/ 
+@@ -414,7 +482,13 @@ static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigty
  {
      const byte * pend = h + hlen;
      int i;
--
 +    SECItem dsaraw;
 +    unsigned char dsabuf[2*DSA_SUBPRIME_LEN];
-+
+ 
 +    dsaraw.type = 0;
 +    dsaraw.data = dsabuf;
 +    dsaraw.len = sizeof(dsabuf);
@@ -1307,7 +1352,7 @@
      for (i = 0; p < pend; i++, p += pgpMpiLen(p)) {
  	if (pubkey_algo == PGPPUBKEYALGO_RSA) {
  	    if (i >= 1) break;
-@@ -423,9 +495,9 @@ static int pgpPrtSigParams(/*@unused@*/ 
+@@ -423,9 +497,9 @@ static int pgpPrtSigParams(/*@unused@*/ pgpTag tag, byte pubkey_algo, byte sigty
  	    {
  		switch (i) {
  		case 0:		/* m**d */
@@ -1320,7 +1365,7 @@
  		    /*@switchbreak@*/ break;
  		default:
  		    /*@switchbreak@*/ break;
-@@ -440,11 +512,21 @@ fprintf(stderr, "\t  m**d = "),  mpfprin
+@@ -440,11 +514,21 @@ fprintf(stderr, "\t  m**d = "),  mpfprintln(stderr, _dig->c.size, _dig->c.data);
  		int xx;
  		xx = 0;
  		switch (i) {
@@ -1345,7 +1390,7 @@
  		    /*@switchbreak@*/ break;
  		default:
  		    xx = 1;
-@@ -629,16 +711,17 @@ static const byte * pgpPrtPubkeyParams(b
+@@ -629,16 +713,17 @@ static const byte * pgpPrtPubkeyParams(byte pubkey_algo,
  	if (pubkey_algo == PGPPUBKEYALGO_RSA) {
  	    if (i >= 2) break;
  	    if (_dig) {
@@ -1369,7 +1414,7 @@
  		    /*@switchbreak@*/ break;
  		default:
  		    /*@switchbreak@*/ break;
-@@ -648,26 +731,23 @@ fprintf(stderr, "\t     e = "),  mpfprin
+@@ -648,26 +733,23 @@ fprintf(stderr, "\t     e = "),  mpfprintln(stderr, _dig->rsa_pk.e.size, _dig->r
  	} else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
  	    if (i >= 4) break;
  	    if (_dig) {
@@ -1405,16 +1450,15 @@
  		    /*@switchbreak@*/ break;
  		default:
  		    /*@switchbreak@*/ break;
-@@ -1014,6 +1094,8 @@ pgpDig pgpNewDig(void)
+@@ -1023,6 +1105,7 @@ int pgpPrtPkt(const byte *pkt, unsigned int pleft)
  pgpDig pgpNewDig(void)
  {
      pgpDig dig = xcalloc(1, sizeof(*dig));
-+    NSS_NoDB_Init(NULL);
 +
      return dig;
  }
  
-@@ -1038,14 +1120,27 @@ void pgpCleanDig(pgpDig dig)
+@@ -1047,14 +1130,27 @@ void pgpCleanDig(pgpDig dig)
  
  	dig->md5 = _free(dig->md5);
  	dig->sha1 = _free(dig->sha1);
@@ -1450,11 +1494,10 @@
      }
  /*@-nullstate@*/
      return;
-@@ -1072,14 +1167,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ 
- 	    (void) rpmDigestFinal(dig->sha1ctx, NULL, NULL, 0);
+@@ -1082,14 +1178,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig)
  	/*@=branchstate@*/
  	dig->sha1ctx = NULL;
--
+ 
 -	mpbfree(&dig->p);
 -	mpbfree(&dig->q);
 -	mpnfree(&dig->g);
@@ -1462,23 +1505,24 @@
 -	mpnfree(&dig->hm);
 -	mpnfree(&dig->r);
 -	mpnfree(&dig->s);
- 
+-
  #ifdef	NOTYET
  	/*@-branchstate@*/
-@@ -1094,12 +1181,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ 
- 	    (void) rpmDigestFinal(dig->md5ctx, NULL, NULL, 0);
+ 	if (dig->hdrmd5ctx != NULL)
+@@ -1104,12 +1192,6 @@ pgpDig pgpFreeDig(/*@only@*/ /*@null@*/ pgpDig dig)
  	/*@=branchstate@*/
  	dig->md5ctx = NULL;
--
+ 
 -	mpbfree(&dig->rsa_pk.n);
 -	mpnfree(&dig->rsa_pk.e);
 -	mpnfree(&dig->m);
 -	mpnfree(&dig->c);
 -	mpnfree(&dig->hm);
- 
+-
  	dig = _free(dig);
      }
-@@ -1286,20 +1367,13 @@ char * pgpArmorWrap(int atype, const uns
+     return dig;
+@@ -1295,20 +1377,13 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
  {
      const char * enc;
      char * t;
@@ -1486,7 +1530,7 @@
 +    size_t nt = 0;
      char * val;
 -    int lc;
--
+ 
 -    nt = ((ns + 2) / 3) * 4;
 -    /*@-globs@*/
 -    /* Add additional bytes necessary for eol string(s). */
@@ -1495,32 +1539,50 @@
 -       if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0)
 -        ++lc;
 -	nt += lc * strlen(b64encode_eolstr);
--    }
--    /*@=globs@*/
-+
 +    enc = b64encode(s, ns, -1);
 +    if (enc != NULL) {
 +    	nt = strlen(enc);
-+    }
+     }
+-    /*@=globs@*/
  
      nt += 512;	/* XXX slop for armor and crc */
  
-@@ -1311,9 +1385,9 @@ char * pgpArmorWrap(int atype, const uns
+@@ -1320,9 +1395,9 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
      /*@-globs@*/
      t = stpcpy( stpcpy(t, "-----\nVersion: rpm-"), VERSION);
      /*@=globs@*/
 -    t = stpcpy(t, " (beecrypt-4.1.2)\n\n");
--
--    if ((enc = b64encode(s, ns)) != NULL) {
 +    t = stpcpy(t, " (NSS-3)\n\n");
-+
+ 
+-    if ((enc = b64encode(s, ns)) != NULL) {
 +    if (enc != NULL) {
  	t = stpcpy(t, enc);
  	enc = _free(enc);
  	if ((enc = b64crc(s, ns)) != NULL) {
-diff -r ec9e6c427068 rpmio/rpmpgp.h
---- a/rpmio/rpmpgp.h	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/rpmpgp.h	Thu Nov 01 10:56:58 2007 +0100
+@@ -1339,5 +1414,18 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
+ 
+     return val;
+ }
+-
+ /*@=boundsread@*/
++
++int rpmInitCrypto(void) {
++    int rc = 0;
++
++    if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) {
++        rc = -1;
++    } else {
++        _crypto_initialized = 1;
++    }
++
++    return rc;
++}
++
++
+diff --git a/rpmio/rpmpgp.h b/rpmio/rpmpgp.h
+index d90d4e7..c1e2db5 100644
+--- a/rpmio/rpmpgp.h
++++ b/rpmio/rpmpgp.h
 @@ -12,11 +12,7 @@
  
  #include <string.h>
@@ -1533,7 +1595,23 @@
  
  /**
   */
-@@ -1393,6 +1389,15 @@ DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
+@@ -1384,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets, size_t len)
+ }
+ 
+ /** \ingroup rpmio
++ * Perform cryptography initialization.
++ * It must be called before any cryptography can be used within rpm.
++ * It's not normally necessary to call it directly as it's called in
++ * general rpm initialization routines.
++ * @return		0 on success, -1 on failure
++ */
++int rpmInitCrypto(void);
++
++/** \ingroup rpmio
+  * Duplicate a digest context.
+  * @param octx		existing digest context
+  * @return		duplicated digest context
+@@ -1393,6 +1398,15 @@ DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
  	/*@*/;
  
  /** \ingroup rpmio
@@ -1549,10 +1627,11 @@
   * Initialize digest.
   * Set bit count to 0 and buffer to mysterious initialization constants.
   * @param hashalgo	type of digest
-diff -r ec9e6c427068 rpmio/tkey.c
---- a/rpmio/tkey.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/rpmio/tkey.c	Thu Nov 01 10:56:58 2007 +0100
-@@ -31,7 +31,7 @@ fprintf(stderr, "*** sig is\n%s\n", sig)
+diff --git a/rpmio/tkey.c b/rpmio/tkey.c
+index e03dba0..9fb7805 100644
+--- a/rpmio/tkey.c
++++ b/rpmio/tkey.c
+@@ -31,7 +31,7 @@ fprintf(stderr, "*** sig is\n%s\n", sig);
  	return rc;
      }
  
@@ -1561,7 +1640,7 @@
  	fprintf(stderr, "*** b64encode failed\n");
  	return rc;
      }
-@@ -51,52 +51,40 @@ fprintf(stderr, "??? %5d %02x != %02x '%
+@@ -51,52 +51,40 @@ fprintf(stderr, "??? %5d %02x != %02x '%c' != '%c'\n", i, (*s & 0xff), (*t & 0xf
      return rc;
  }
  
@@ -1641,11 +1720,10 @@
  ";
  
  int
-@@ -107,28 +95,6 @@ main (int argc, char *argv[])
-     int rc;
+@@ -108,28 +96,6 @@ main (int argc, char *argv[])
  
      dig = pgpNewDig();
--
+ 
 -    mpbzero(&dig->p);	mpbsethex(&dig->p, fips_p);
 -    mpbzero(&dig->q);	mpbsethex(&dig->q, fips_q);
 -    mpnzero(&dig->g);	mpnsethex(&dig->g, fips_g);
@@ -1667,10 +1745,11 @@
 -    mpnfree(&dig->hm);
 -    mpnfree(&dig->r);
 -    mpnfree(&dig->s);
- 
+-
  fprintf(stderr, "=============================== GPG Secret Key\n");
      if ((rc = doit(jbjSecretDSA, dig, printing)) != 0)
-@@ -144,39 +110,33 @@ fprintf(stderr, "=======================
+ 	fprintf(stderr, "==> FAILED: rc %d\n", rc);
+@@ -144,39 +110,33 @@ fprintf(stderr, "=============================== GPG Signature of \"abc\"\n");
  
      {	DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
  	struct pgpDigParams_s * dsig = &dig->signature;
@@ -1705,7 +1784,7 @@
 -		&dig->y, &dig->r, &dig->s);
  
  fprintf(stderr, "=============================== DSA verify: rc %d\n", rc);
--
+ 
 -    mpbfree(&dig->p);
 -    mpbfree(&dig->q);
 -    mpnfree(&dig->g);
@@ -1714,15 +1793,16 @@
 -    mpnfree(&dig->hm);
 -    mpnfree(&dig->r);
 -    mpnfree(&dig->s);
- 
+-
      dig = pgpFreeDig(dig);
  
      return rc;
  }
 +
-diff -r ec9e6c427068 tools/Makefile.am
---- a/tools/Makefile.am	Wed Oct 24 16:02:51 2007 +0300
-+++ b/tools/Makefile.am	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/tools/Makefile.am b/tools/Makefile.am
+index 72bfd0b..053a02a 100644
+--- a/tools/Makefile.am
++++ b/tools/Makefile.am
 @@ -8,7 +8,7 @@ INCLUDES = -I. \
  	-I$(top_srcdir)/lib \
  	-I$(top_srcdir)/rpmdb \
@@ -1732,7 +1812,7 @@
  	@WITH_POPT_INCLUDE@ \
  	@WITH_LIBELF_INCLUDE@ \
  	@WITH_LIBDWARF_INCLUDE@ \
-@@ -36,10 +36,10 @@ convertdb1_SOURCES =	convertdb1.c
+@@ -36,10 +36,10 @@ bin_PROGRAMS =	rpmgraph
  convertdb1_SOURCES =	convertdb1.c
  
  debugedit_SOURCES =	debugedit.c hashtab.c
@@ -1746,9 +1826,10 @@
  	@WITH_POPT_LIB@
  
  javadeps_SOURCES =	javadeps.c
-diff -r ec9e6c427068 tools/debugedit.c
---- a/tools/debugedit.c	Wed Oct 24 16:02:51 2007 +0300
-+++ b/tools/debugedit.c	Thu Nov 01 10:56:58 2007 +0100
+diff --git a/tools/debugedit.c b/tools/debugedit.c
+index f6e27b6..e69ff3d 100644
+--- a/tools/debugedit.c
++++ b/tools/debugedit.c
 @@ -36,8 +36,8 @@
  #include <gelf.h>
  #include <dwarf.h>
@@ -1760,7 +1841,7 @@
  #include "hashtab.h"
  
  #define DW_TAG_partial_unit 0x3c
-@@ -1304,22 +1304,27 @@ error_out:
+@@ -1304,22 +1304,29 @@ error_out:
    return NULL;
  }
  
@@ -1780,6 +1861,8 @@
 +  int i = sizeof(algorithms)/sizeof(algorithms[0]);
 +  void *digest = NULL;
 +  size_t len;
++
++  rpmInitCrypto();
  
    while (i-- > 0)
      {
@@ -1794,7 +1877,7 @@
      {
        fprintf (stderr, "Cannot handle %Zu-byte build ID\n", build_id_size);
        exit (1);
-@@ -1335,7 +1340,7 @@ handle_build_id (DSO *dso, Elf_Data *bui
+@@ -1335,7 +1342,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
    /* Clear the old bits so they do not affect the new hash.  */
    memset ((char *) build_id->d_buf + build_id_offset, 0, build_id_size);
  
@@ -1803,261 +1886,21 @@
  
    /* Slurp the relevant header bits and section contents and feed them
       into the hash function.  The only bits we ignore are the offset
-@@ -1349,8 +1354,7 @@ handle_build_id (DSO *dso, Elf_Data *bui
-     inline void process (const void *data, size_t size);
-     inline void process (const void *data, size_t size)
-     {
--      memchunk chunk = { .data = (void *) data, .size = size };
--      hashFunctionContextUpdateMC (&ctx, &chunk);
-+      rpmDigestUpdate(ctx, data, size);
-     }
- 
-     union
-@@ -1405,22 +1409,17 @@ handle_build_id (DSO *dso, Elf_Data *bui
- 	}
-   }
- 
--  hashFunctionContextDigest (&ctx, (byte *) build_id->d_buf + build_id_offset);
--  hashFunctionContextFree (&ctx);
-+  rpmDigestFinal(ctx, &digest, &len, 0);
-+  memcpy((unsigned char *)build_id->d_buf + build_id_offset, digest, build_id_size);
-+  free(digest);
- 
-   elf_flagdata (build_id, ELF_C_SET, ELF_F_DIRTY);
- 
-   /* Now format the build ID bits in hex to print out.  */
-   {
--    const unsigned char * id = build_id->d_buf + build_id_offset;
-+    const byte * id = (byte *)build_id->d_buf + build_id_offset;
-     char hex[build_id_size * 2 + 1];
--    int n = snprintf (hex, 3, "%02" PRIx8, id[0]);
--    assert (n == 2);
--    for (i = 1; i < build_id_size; ++i)
--      {
--	n = snprintf (&hex[i * 2], 3, "%02" PRIx8, id[i]);
--	assert (n == 2);
--      }
-+    pgpHexCvt(hex, id, build_id_size);
-     puts (hex);
-   }
- }
-diff -r 39cb695c7c8b rpmio/base64.c
---- a/rpmio/base64.c	Thu Nov 01 10:42:01 2007 +0100
-+++ b/rpmio/base64.c	Wed Nov 14 18:16:51 2007 +0100
-@@ -98,21 +98,20 @@ char *b64encode(const void *data, size_t
- 	return output;
- }
- 
--static int base64_decode_value(char value_in)
--{
--	static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
--	static const char decoding_size = sizeof(decoding);
-+static int base64_decode_value(unsigned char value_in)
-+{
-+	static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
- 	value_in -= 43;
--	if (value_in < 0 || value_in > decoding_size)
-+	if (value_in > sizeof(decoding)/sizeof(int))
- 		return -1;
--	return decoding[(int)value_in];
-+	return decoding[value_in];
- }
- 
- static size_t base64_decode_block(const char *code_in, const size_t length_in, char *plaintext_out)
- {
- 	const char *codechar = code_in;
- 	char *plainchar = plaintext_out;
--	char fragment;
-+	int fragment;
- 	
- 	*plainchar = 0;
- 	
-@@ -123,38 +122,38 @@ static size_t base64_decode_block(const 
- 			{
- 				return plainchar - plaintext_out;
- 			}
--			fragment = (char)base64_decode_value(*codechar++);
--		} while (fragment < 0);
--		*plainchar    = (fragment & 0x03f) << 2;
--
--		do {
--			if (codechar == code_in+length_in)
--			{
--				return plainchar - plaintext_out;
--			}
--			fragment = (char)base64_decode_value(*codechar++);
--		} while (fragment < 0);
--		*plainchar++ |= (fragment & 0x030) >> 4;
--		*plainchar    = (fragment & 0x00f) << 4;
--
--		do {
--			if (codechar == code_in+length_in)
--			{
--				return plainchar - plaintext_out;
--			}
--			fragment = (char)base64_decode_value(*codechar++);
--		} while (fragment < 0);
--		*plainchar++ |= (fragment & 0x03c) >> 2;
--		*plainchar    = (fragment & 0x003) << 6;
--
--		do {
--			if (codechar == code_in+length_in)
--			{
--				return plainchar - plaintext_out;
--			}
--			fragment = (char)base64_decode_value(*codechar++);
--		} while (fragment < 0);
--		*plainchar++   |= (fragment & 0x03f);
-+			fragment = base64_decode_value(*codechar++);
-+		} while (fragment < 0);
-+		*plainchar    = (char)((fragment & 0x03f) << 2);
-+
-+		do {
-+			if (codechar == code_in+length_in)
-+			{
-+				return plainchar - plaintext_out;
-+			}
-+			fragment = base64_decode_value(*codechar++);
-+		} while (fragment < 0);
-+		*plainchar++ |= (char)((fragment & 0x030) >> 4);
-+		*plainchar    = (char)((fragment & 0x00f) << 4);
-+
-+		do {
-+			if (codechar == code_in+length_in)
-+			{
-+				return plainchar - plaintext_out;
-+			}
-+			fragment = base64_decode_value(*codechar++);
-+		} while (fragment < 0);
-+		*plainchar++ |= (char)((fragment & 0x03c) >> 2);
-+		*plainchar    = (char)((fragment & 0x003) << 6);
-+
-+		do {
-+			if (codechar == code_in+length_in)
-+			{
-+				return plainchar - plaintext_out;
-+			}
-+			fragment = base64_decode_value(*codechar++);
-+		} while (fragment < 0);
-+		*plainchar++   |= (char)(fragment & 0x03f);
- 	}
- 	/* control should not reach here */
- 	return plainchar - plaintext_out;
-diff -up rpm-4.4.2.2/rpmio/digest.c.nss-init rpm-4.4.2.2/rpmio/digest.c
---- rpm-4.4.2.2/rpmio/digest.c.nss-init	2007-11-15 15:00:41.000000000 +0200
-+++ rpm-4.4.2.2/rpmio/digest.c	2007-11-15 15:00:41.000000000 +0200
-@@ -78,9 +78,6 @@ rpmDigestInit(pgpHashAlgo hashalgo, rpmD
-     HASH_HashType type;
-     DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
- 
--    if (NSS_NoDB_Init(NULL) != SECSuccess)
--	return NULL;
--
-     ctx->flags = flags;
- 
-     type = getHashType(hashalgo);
-diff -up rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init rpm-4.4.2.2/rpmio/rpmpgp.h
---- rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init	2007-11-15 15:00:41.000000000 +0200
-+++ rpm-4.4.2.2/rpmio/rpmpgp.h	2007-11-15 15:00:41.000000000 +0200
-@@ -1380,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets, 
- }
- 
- /** \ingroup rpmio
-+ * Perform cryptography initialization.
-+ * It must be called before any cryptography can be used within rpm.
-+ * It's not normally necessary to call it directly as it's called in
-+ * general rpm initialization routines.
-+ * @return		0 on success, -1 on failure
-+ */
-+int rpmInitCrypto(void);
-+
-+/** \ingroup rpmio
-  * Duplicate a digest context.
-  * @param octx		existing digest context
-  * @return		duplicated digest context
-diff -up rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init rpm-4.4.2.2/rpmio/rpmpgp.c
---- rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init	2007-11-15 15:00:41.000000000 +0200
-+++ rpm-4.4.2.2/rpmio/rpmpgp.c	2007-11-15 15:00:41.000000000 +0200
-@@ -17,6 +17,8 @@ static int _debug = 0;
- /*@unchecked@*/
- static int _print = 0;
- 
-+static int _crypto_initialized = 0;
-+
- /*@unchecked@*/ /*@null@*/
- static pgpDig _dig = NULL;
- 
-@@ -1094,7 +1096,6 @@ int pgpPrtPkt(const byte *pkt, unsigned 
- pgpDig pgpNewDig(void)
- {
-     pgpDig dig = xcalloc(1, sizeof(*dig));
--    NSS_NoDB_Init(NULL);
- 
-     return dig;
- }
-@@ -1404,5 +1405,18 @@ char * pgpArmorWrap(int atype, const uns
- 
-     return val;
- }
--
- /*@=boundsread@*/
-+
-+int rpmInitCrypto(void) {
-+    int rc = 0;
-+
-+    if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) {
-+        rc = -1;
-+    } else {
-+        _crypto_initialized = 1;
-+    }
-+
-+    return rc;
-+}
-+
-+
-diff -up rpm-4.4.2.2/tools/debugedit.c.nss-init rpm-4.4.2.2/tools/debugedit.c
---- rpm-4.4.2.2/tools/debugedit.c.nss-init	2007-11-15 15:01:42.000000000 +0200
-+++ rpm-4.4.2.2/tools/debugedit.c	2007-11-15 15:02:23.000000000 +0200
-@@ -1318,6 +1318,8 @@ handle_build_id (DSO *dso, Elf_Data *bui
-   void *digest = NULL;
-   size_t len;
- 
-+  rpmInitCrypto();
-+
-   while (i-- > 0)
-     {
-       algorithm = algorithms[i];
-diff -up rpm-4.4.2.2/lib/rpmrc.c.nss-init rpm-4.4.2.2/lib/rpmrc.c
---- rpm-4.4.2.2/lib/rpmrc.c.nss-init	2007-09-11 09:28:15.000000000 +0300
-+++ rpm-4.4.2.2/lib/rpmrc.c	2007-11-15 15:00:41.000000000 +0200
-@@ -1850,6 +1850,10 @@ static int rpmReadRC(/*@null@*/ const ch
- 
- int rpmReadConfigFiles(const char * file, const char * target)
- {
-+    /* Initialize crypto engine as early as possible */
-+    if (rpmInitCrypto() < 0) {
-+	return -1;
-+    }	
- 
-     /* Preset target macros */
-     /*@-nullstate@*/	/* FIX: target can be NULL */
-diff -up rpm-4.4.2.2/tools/debugedit.c.gcc43 rpm-4.4.2.2/tools/debugedit.c
---- rpm-4.4.2.2/tools/debugedit.c.gcc43	2008-01-04 08:57:09.000000000 +0200
-+++ rpm-4.4.2.2/tools/debugedit.c	2008-01-04 08:58:40.000000000 +0200
-@@ -1353,12 +1353,6 @@ handle_build_id (DSO *dso, Elf_Data *bui
+@@ -1346,13 +1353,6 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
       or Elf64 object, only that we are consistent in what bits feed the
       hash so it comes out the same for the same file contents.  */
    {
 -    inline void process (const void *data, size_t size);
 -    inline void process (const void *data, size_t size)
 -    {
--      rpmDigestUpdate(ctx, data, size);
+-      memchunk chunk = { .data = (void *) data, .size = size };
+-      hashFunctionContextUpdateMC (&ctx, &chunk);
 -    }
 -
      union
      {
        GElf_Ehdr ehdr;
-@@ -1387,7 +1381,7 @@ handle_build_id (DSO *dso, Elf_Data *bui
+@@ -1381,7 +1381,7 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
  	  goto bad;
  	if (elf64_xlatetom (&x, &x, dso->ehdr.e_ident[EI_DATA]) == NULL)
  	  goto bad;
@@ -2066,7 +1909,7 @@
        }
  
      x.d_type = ELF_T_SHDR;
-@@ -1399,14 +1393,14 @@ handle_build_id (DSO *dso, Elf_Data *bui
+@@ -1393,34 +1393,29 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
  	  u.shdr.sh_offset = 0;
  	  if (elf64_xlatetom (&x, &x, dso->ehdr.e_ident[EI_DATA]) == NULL)
  	    goto bad;
@@ -2083,3 +1926,28 @@
  	    }
  	}
    }
+ 
+-  hashFunctionContextDigest (&ctx, (byte *) build_id->d_buf + build_id_offset);
+-  hashFunctionContextFree (&ctx);
++  rpmDigestFinal(ctx, &digest, &len, 0);
++  memcpy((unsigned char *)build_id->d_buf + build_id_offset, digest, build_id_size);
++  free(digest);
+ 
+   elf_flagdata (build_id, ELF_C_SET, ELF_F_DIRTY);
+ 
+   /* Now format the build ID bits in hex to print out.  */
+   {
+-    const unsigned char * id = build_id->d_buf + build_id_offset;
++    const byte * id = (byte *)build_id->d_buf + build_id_offset;
+     char hex[build_id_size * 2 + 1];
+-    int n = snprintf (hex, 3, "%02" PRIx8, id[0]);
+-    assert (n == 2);
+-    for (i = 1; i < build_id_size; ++i)
+-      {
+-	n = snprintf (&hex[i * 2], 3, "%02" PRIx8, id[i]);
+-	assert (n == 2);
+-      }
++    pgpHexCvt(hex, id, build_id_size);
+     puts (hex);
+   }
+ }




More information about the fedora-extras-commits mailing list