280,319d279
< 	struct cl_cvd *cvd;
< 	char *md5, head[513];
< 	int i;
< 
<     fseek(fd, 0, SEEK_SET);
<     if(fread(head, 1, 512, fd) != 512) {
< 	cli_dbgmsg("Can't read CVD head from stream\n");
< 	return CL_ECVD;
<     }
< 
<     head[512] = 0;
<     for(i = 511; i > 0 && (head[i] == ' ' || head[i] == 10); head[i] = 0, i--);
< 
<     if((cvd = cl_cvdparse(head)) == NULL)
< 	return CL_ECVD;
< 
<     if(cvdpt)
< 	memcpy(cvdpt, cvd, sizeof(struct cl_cvd));
< 
<     md5 = cli_md5stream(fd, NULL);
<     cli_dbgmsg("MD5(.tar.gz) = %s\n", md5);
< 
<     if(strncmp(md5, cvd->md5, 32)) {
< 	cli_dbgmsg("MD5 verification error.\n");
< 	free(md5);
< 	cl_cvdfree(cvd);
< 	return CL_EMD5;
<     }
< 
< #ifdef HAVE_GMP
<     if(cli_versig(md5, cvd->dsig)) {
< 	cli_dbgmsg("Digital signature verification error.\n");
< 	free(md5);
< 	cl_cvdfree(cvd);
< 	return CL_EDSIG;
<     }
< #endif
< 
<     free(md5);
<     cl_cvdfree(cvd);
380c340
<     /* 
---
>  
385,431d344
<     */
< 
<     /* FIXME: it seems there is some problem with current position indicator
<      * after gzdopen() call in cli_untgz(). Temporarily we need this wrapper:
<      */
< 
< 	    /* start */
< 
< 	    tmp = cli_gentemp(NULL);
< 	    if((tmpd = fopen(tmp, "wb+")) == NULL) {
< 		cli_errmsg("Can't create temporary file %s\n", tmp);
< 		free(dir);
< 		free(tmp);
< 		return CL_ETMPFILE;
< 	    }
< 
< 	    if(!(buffer = (char *) cli_malloc(FILEBUFF))) {
< 		free(dir);
< 		free(tmp);
< 		fclose(tmpd);
< 		return CL_EMEM;
< 	    }
< 
< 	    while((bytes = fread(buffer, 1, FILEBUFF, fd)) > 0)
< 		fwrite(buffer, 1, bytes, tmpd);
< 
< 	    free(buffer);
< 
< 	    fflush(tmpd);
< 	    fseek(tmpd, 0L, SEEK_SET);
< 
< 	    if(cli_untgz(fileno(tmpd), dir)) {
< 		perror("cli_untgz");
< 		cli_errmsg("cli_cvdload(): Can't unpack CVD file.\n");
< 		cli_rmdirs(dir);
< 		free(dir);
< 		fclose(tmpd);
< 		unlink(tmp);
< 		free(tmp);
< 		return CL_ECVDEXTR;
< 	    }
< 
< 	    fclose(tmpd);
< 	    unlink(tmp);
< 	    free(tmp);
< 
< 	    /* end */