905953 – djvulibre upstream tarball checksum mismatch

Bug 905953 - djvulibre upstream tarball checksum mismatch

Summary: djvulibre upstream tarball checksum mismatch

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	djvulibre
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	François Cami
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-01-30 15:07 UTC by Stanislav Ochotnicky
Modified:	2013-01-31 13:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-01-31 13:52:28 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Patch to fix Source0 URL (450 bytes, patch) 2013-01-31 08:46 UTC, Stanislav Ochotnicky	no flags	Details \| Diff
View All

Description Stanislav Ochotnicky 2013-01-30 15:07:18 UTC

Your package contains sources which have different checksums from upstream versions. Please verify they are correct and differences do not pose a problem for Fedora.
MD5-sum check
-------------
http://dl.sf.net/djvu/djvulibre-3.5.25.3.tar.gz :
  CHECKSUM(SHA256) this package     : 898d7ed6dd2fa311a521baa95407a91b20a872d80c45e8245442d64f142cb1e0
  CHECKSUM(SHA256) upstream package : 3f08c6035aa90a375107cf27f0599817dfa4515f3377fe82c3d4f438c4afb502
diff -r also reports differences

Comment 1 François Cami 2013-01-30 15:32:44 UTC

Could you please check that re-downloading again from upstream brings you the tarball with the 3f08 sha256sum again?
I've just downloaded the tarball from the sourceforge switch mirror and both the md5sum in "sources", and the sha256sum of the downloaded archive match what we have (respectively 5f45d6cd5700b4dd31b1eb963482089b and 898d7ed6dd2fa311a521baa95407a91b20a872d80c45e8245442d64f142cb1e0) - unless I do something wrong.

Could you also attach the diff to this bug report.

Maybe Jonathan could chime in as well.

Comment 2 Michael S. 2013-01-30 16:38:39 UTC

Here :

$ wget -q http://dl.sf.net/djvu/djvulibre-3.5.25.3.tar.gz
$ file djvulibre-3.5.25.3.tar.gz 
djvulibre-3.5.25.3.tar.gz: HTML document, UTF-8 Unicode text, with very long lines

Comment 3 Jonathan Underwood 2013-01-30 17:11:03 UTC

I'm confused. The current rawhide packge is for upstream version 3.5.24 as far as I can see. What am I missing?

Comment 4 Jonathan Underwood 2013-01-30 17:12:28 UTC

FWIW the md5sum of the file currently sitting in my working copy is this:

af83d27af5083198432a178d22b259c5  djvulibre-3.5.24.tar.gz

Comment 5 Jonathan Underwood 2013-01-30 17:15:32 UTC

Doh, sorry, I'd forgotten to do a fedpkg pull on the master branch.

Comment 6 Jonathan Underwood 2013-01-30 17:21:13 UTC

OK, I just downloaded the 3.5.25.3 tarball from the project webpage and did an md5sum and I get:

5f45d6cd5700b4dd31b1eb963482089b  djvulibre-3.5.25.3.tar.gz

which agrees with what's in the sources file. So, I'm not seeing the problem here either...

Comment 7 Jonathan Underwood 2013-01-30 17:25:16 UTC

Also:

$ sha256sum djvulibre-3.5.25.3.tar.gz 
898d7ed6dd2fa311a521baa95407a91b20a872d80c45e8245442d64f142cb1e0  djvulibre-3.5.25.3.tar.gz

Comment 8 François Cami 2013-01-30 18:05:09 UTC

Thank you Jonathan.
Closing.
Stanislav, please reopen if that's needed.

Comment 9 Stanislav Ochotnicky 2013-01-31 08:46:54 UTC

Created attachment 690794 [details]
Patch to fix Source0 URL

This patch will fix incorrect Source0 URL in djvulibre. You should always verify your Source URLs. Ideally by running:

$ spectool -g <your>.spec

Comment 10 François Cami 2013-01-31 13:52:28 UTC

Fixed in rawhide, thanks for the report and the patch.

For the record, I picked that package up two days ago ;)

Note You need to log in before you can comment on or make changes to this bug.