Same as bug #138716 but for RHEL4. Patch adapted from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138716#c25 attached +++ This bug was initially created as a clone of Bug #138716 +++ Description of problem: Signature checking returns false negatives for some packages when queried via HTTP. Backing out rpm and popt (to U1 revs) eliminates false positives. Version-Release number of selected component (if applicable): rpm-4.2.2-0.14 How reproducible: Always Steps to Reproduce: 1. Setup and start httpd on localhost (an RHEL3-U3 machine) 2. Place arptables_jf-0.0.7-0.3E.i386.rpm somewhere httpd will serve it 3. run 'rpm -Kv http://localhost/<path>/arptables_jf-0.0.7-0.3E.i386.rpm' Actual results: [root@hogwash root]# rpm -Kv http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm: Header V3 DSA signature: OK, key ID db42a60e Header SHA1 digest: OK (ed2335c4ca90a50d23bb59281fa74a9551962b82) MD5 digest: BAD Expected(820cd9dc0cb93108029c3b1b2afa97d5) != (26b0af6b001e752a2596610b80e19b4f) V3 DSA signature: BAD, key ID db42a60e [root@hogwash root]# Expected results: http://localhost/foo/arptables_jf-0.0.7-0.3E.i386.rpm: Header V3 DSA signature: OK, key ID db42a60e Header SHA1 digest: OK (ed2335c4ca90a50d23bb59281fa74a9551962b82) MD5 digest: OK (820cd9dc0cb93108029c3b1b2afa97d5) V3 DSA signature: OK, key ID db42a60e
Created attachment 126818 [details] rpm-4.3-rpmio-bytesremain.patch
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
This bugzilla has Keywords: Regression. Since no regressions are allowed between releases, it is also being marked as a blocker for this release. Please resolve ASAP.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0315.html