Could be rather critical, depending on how widespread this is. Does rpm-4.02 understand signatures by rpm-4.0-4? Or only 4.0.2 ? Very much related to 24278 I think. 1) built src.rpm with rpm-4.0.2-0.34 on install5 2) copied it with scp over to the other box 3) signed it with rpm --addsign using rpm-3.0.5-9.6x 3.1) checked md5sum 4) downloaded with wget back over to install5 4.1) check md5sum. md5sums are equal, but rpm-4.0.2-0.34 doesn't understand it! The same signed package works fine with RHL7 rpm-4.0-4. --- root@install5 SRPMS]# rpm -q rpm rpm-4.0.2-0.34 [root@install5 /tmp]# md5sum zebra-0.91a-2.src.rpm 4973e42ed199e01b32e09ffde50eb9d8 zebra-0.91a-2.src.rpm [root@install5 /tmp]# ls -la zebra-0.91a-2.src.rpm -rw-r--r-- 1 root root 1135651 Feb 4 15:17 zebra-0.91a-2.src.rpm [root@install5 /tmp]# rpm -vv -qp zebra-0.91a-2.src.rpm D: Expected size: 1135619 = lead(96)+sigs(149)+pad(3)+data(1135371) D: Actual size: 1135651 error: query of zebra-0.91a-2.src.rpm failed ---- pekkas: /home/pekkas/www/linux$ rpm -q rpm rpm-3.0.5-9.6x pekkas: /home/pekkas/www/linux$ md5sum zebra-0.91a-2.src.rpm 4973e42ed199e01b32e09ffde50eb9d8 zebra-0.91a-2.src.rpm pekkas: /home/pekkas/www/linux$ ls -la zebra-0.91a-2.src.rpm -rw-rw-r-- 1 pekkas pekkas 1135651 Feb 4 15:17 zebra-0.91a-2.src.rpm pekkas: /home/pekkas/www/linux$ rpm -vv -qp zebra-0.91a-2.src.rpm D: New Header signature D: Signature size: 181 D: Signature pad : 3 D: sigsize : 184 D: Header + Archive: 1135371 D: expected size : 1135371
This defect is considered MUST-FIX for Florence Gold release
Fixed in rpm-4.0.2-0.38. Thanks for noticing.