package/rpm/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160-digests.patch - buildroot - Git at Google

 From ff4b9111aeba01dd025dd133ce617fb80f7398a0 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Tue, 26 Jun 2018 10:46:14 +0300
 Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests

 Inspired by #453, adding configure-checks for unused digests algorithms
 seems nonsensical, at no point in rpm history have these algorithms been
 used for anything in rpm so there's not even backward compatibility to
 care about. So the question becomes why do we appear to have (some)
 support for those unused algorithms? So lets don't, problem solved...

 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 [Retrieved from:
 https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0]
 ---
  rpmio/digest_beecrypt.c | 7 -------
  rpmio/digest_nss.c      | 2 --
  rpmio/digest_openssl.c  | 6 ------
  3 files changed, 15 deletions(-)

 diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c
 index 597027e25..653a39491 100644
 --- a/rpmio/digest_beecrypt.c
 +++ b/rpmio/digest_beecrypt.c
 @@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
  	ctx->Digest = (void *) sha512Digest;
  	break;
  #endif
 -    case PGPHASHALGO_RIPEMD160:
 -    case PGPHASHALGO_MD2:
 -    case PGPHASHALGO_TIGER192:
 -    case PGPHASHALGO_HAVAL_5_160:
      default:
  	free(ctx);
  	return NULL;
 @@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si
      case PGPHASHALGO_SHA1:
          prefix = "3021300906052b0e03021a05000414";
          break;
 -    case PGPHASHALGO_MD2:
 -        prefix = "3020300c06082a864886f70d020205000410";
 -        break;
      case PGPHASHALGO_SHA256:
          prefix = "3031300d060960864801650304020105000420";
          break;
 diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
 index 992d9acf6..50f8c8e90 100644
 --- a/rpmio/digest_nss.c
 +++ b/rpmio/digest_nss.c
 @@ -116,7 +116,6 @@ static HASH_HashType getHashType(int hashalgo)
  {
      switch (hashalgo) {
      case PGPHASHALGO_MD5:	return HASH_AlgMD5;
 -    case PGPHASHALGO_MD2:	return HASH_AlgMD2;
      case PGPHASHALGO_SHA1:	return HASH_AlgSHA1;
  #ifdef SHA224_LENGTH
      case PGPHASHALGO_SHA224:	return HASH_AlgSHA224;
 @@ -216,7 +215,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo)
  {
      switch (hashalgo) {
      case PGPHASHALGO_MD5:	return SEC_OID_MD5;
 -    case PGPHASHALGO_MD2:	return SEC_OID_MD2;
      case PGPHASHALGO_SHA1:	return SEC_OID_SHA1;
  #ifdef SHA224_LENGTH
      case PGPHASHALGO_SHA224:	return SEC_OID_SHA224;
 diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
 index 18e52a724..0ae48dd1d 100644
 --- a/rpmio/digest_openssl.c
 +++ b/rpmio/digest_openssl.c
 @@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo)
      case PGPHASHALGO_SHA1:
          return EVP_sha1();

 -    case PGPHASHALGO_RIPEMD160:
 -        return EVP_ripemd160();
 -
 -    case PGPHASHALGO_MD2:
 -        return EVP_md2();
 -
      case PGPHASHALGO_SHA256:
          return EVP_sha256();
	From ff4b9111aeba01dd025dd133ce617fb80f7398a0 Mon Sep 17 00:00:00 2001
	From: Panu Matilainen <pmatilai@redhat.com>
	Date: Tue, 26 Jun 2018 10:46:14 +0300
	Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests

	Inspired by #453, adding configure-checks for unused digests algorithms
	seems nonsensical, at no point in rpm history have these algorithms been
	used for anything in rpm so there's not even backward compatibility to
	care about. So the question becomes why do we appear to have (some)
	support for those unused algorithms? So lets don't, problem solved...

	Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
	[Retrieved from:
	https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0]
	---
	rpmio/digest_beecrypt.c \| 7 -------
	rpmio/digest_nss.c \| 2 --
	rpmio/digest_openssl.c \| 6 ------
	3 files changed, 15 deletions(-)

	diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c
	index 597027e25..653a39491 100644
	--- a/rpmio/digest_beecrypt.c
	+++ b/rpmio/digest_beecrypt.c
	@@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
	ctx->Digest = (void *) sha512Digest;
	break;
	#endif
	- case PGPHASHALGO_RIPEMD160:
	- case PGPHASHALGO_MD2:
	- case PGPHASHALGO_TIGER192:
	- case PGPHASHALGO_HAVAL_5_160:
	default:
	free(ctx);
	return NULL;
	@@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si
	case PGPHASHALGO_SHA1:
	prefix = "3021300906052b0e03021a05000414";
	break;
	- case PGPHASHALGO_MD2:
	- prefix = "3020300c06082a864886f70d020205000410";
	- break;
	case PGPHASHALGO_SHA256:
	prefix = "3031300d060960864801650304020105000420";
	break;
	diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
	index 992d9acf6..50f8c8e90 100644
	--- a/rpmio/digest_nss.c
	+++ b/rpmio/digest_nss.c
	@@ -116,7 +116,6 @@ static HASH_HashType getHashType(int hashalgo)
	{
	switch (hashalgo) {
	case PGPHASHALGO_MD5: return HASH_AlgMD5;
	- case PGPHASHALGO_MD2: return HASH_AlgMD2;
	case PGPHASHALGO_SHA1: return HASH_AlgSHA1;
	#ifdef SHA224_LENGTH
	case PGPHASHALGO_SHA224: return HASH_AlgSHA224;
	@@ -216,7 +215,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo)
	{
	switch (hashalgo) {
	case PGPHASHALGO_MD5: return SEC_OID_MD5;
	- case PGPHASHALGO_MD2: return SEC_OID_MD2;
	case PGPHASHALGO_SHA1: return SEC_OID_SHA1;
	#ifdef SHA224_LENGTH
	case PGPHASHALGO_SHA224: return SEC_OID_SHA224;
	diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
	index 18e52a724..0ae48dd1d 100644
	--- a/rpmio/digest_openssl.c
	+++ b/rpmio/digest_openssl.c
	@@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo)
	case PGPHASHALGO_SHA1:
	return EVP_sha1();

	- case PGPHASHALGO_RIPEMD160:
	- return EVP_ripemd160();
	-
	- case PGPHASHALGO_MD2:
	- return EVP_md2();
	-
	case PGPHASHALGO_SHA256:
	return EVP_sha256();