Bug 186922 - signature verification via http broken after upgrade from U1 to U2
Summary: signature verification via http broken after upgrade from U1 to U2
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Paul Nasrat
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks: 176344 198694
TreeView+ depends on / blocked
 
Reported: 2006-03-27 14:49 UTC by Bastien Nocera
Modified: 2007-11-30 22:07 UTC (History)
7 users (show)

Fixed In Version: RHBA-2007-0315
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-05-01 22:51:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
rpm-4.3-rpmio-bytesremain.patch (954 bytes, patch)
2006-03-27 14:49 UTC, Bastien Nocera 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0315 0 normal SHIPPED_LIVE RPM bug fix update 2007-04-30 14:22:37 UTC

Description Bastien Nocera 2006-03-27 14:49:31 UTC 
Same as bug #138716 but for RHEL4.
Patch adapted from
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138716#c25 attached

+++ This bug was initially created as a clone of Bug #138716 +++

Description of problem:
Signature checking returns false negatives for some packages when queried via
HTTP. Backing out rpm and popt (to U1 revs) eliminates false positives.

Version-Release number of selected component (if applicable):
rpm-4.2.2-0.14

How reproducible:
Always

Steps to Reproduce:
1. Setup and start httpd on localhost (an RHEL3-U3 machine)
2. Place arptables_jf-0.0.7-0.3E.i386.rpm somewhere httpd will serve it
3. run 'rpm -Kv http://localhost/<path>/arptables_jf-0.0.7-0.3E.i386.rpm'
  
Actual results:
[root@hogwash root]# rpm -Kv http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm
http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm:
    Header V3 DSA signature: OK, key ID db42a60e
    Header SHA1 digest: OK (ed2335c4ca90a50d23bb59281fa74a9551962b82)
    MD5 digest: BAD Expected(820cd9dc0cb93108029c3b1b2afa97d5) !=
(26b0af6b001e752a2596610b80e19b4f)
    V3 DSA signature: BAD, key ID db42a60e
[root@hogwash root]#


Expected results:
http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm:
    Header V3 DSA signature: OK, key ID db42a60e
    Header SHA1 digest: OK (ed2335c4ca90a50d23bb59281fa74a9551962b82)
    MD5 digest: OK (820cd9dc0cb93108029c3b1b2afa97d5)
    V3 DSA signature: OK, key ID db42a60e
Comment 1 Bastien Nocera 2006-03-27 14:49:34 UTC 
Created attachment 126818 [details]
rpm-4.3-rpmio-bytesremain.patch
Comment 6 RHEL Program Management 2006-08-18 16:22:31 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 RHEL Program Management 2006-12-12 17:18:55 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being marked as a blocker for this release.  

Please resolve ASAP.
Comment 10 RHEL Program Management 2006-12-12 17:19:45 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being marked as a blocker for this release.  

Please resolve ASAP.
Comment 13 Red Hat Bugzilla 2007-05-01 22:51:07 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0315.html
Note You need to log in before you can comment on or make changes to this bug.