Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Red Hat Security Advisory: rpm-4.0.2 for all Red Hat platforms and releases

Mar 21, 2001, 21:23 (2 Talkback[s])

Date: Mon, 19 Mar 2001 14:25 -0500
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2001:016-03] rpm-4.0.2 for all Red Hat platforms and releases.


                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          rpm-4.0.2 for all Red Hat platforms and releases.
Advisory ID:       RHSA-2001:016-03
Issue date:        2001-02-19
Updated on:        2001-03-19
Product:           Red Hat Linux
Keywords:          rpm
Cross references:
Obsoletes:

1. Topic:

A common version of rpm for all Red Hat distributions is being released. This version of rpm understands legacy version 3 packaging used in Red Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat 7.x.

In addition, rpm-4.0.2 has support for both the legacy db1 format used in Red Hat 6.x/5.x databases as well as support for the db3 format database used in Red Hat 7.x

2. Relevant releases/architectures:

Red Hat Linux 5.2 - alpha, i386, sparc
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386

3. Problem description:

Several potential problems

1) Red Hat 6.x/5.x users will need to install the db3 packages from RHEA-2001:015-09.

2) Red Hat 5.x users should note that the default compiler flags in rpm have changed, and are not compatible with the gcc originally shipped with Red Hat 5.2. Use egcs as a compiler instead.

3) Red Hat 6.x/5.x users should convert from db1 to db3 format dtabases at your earliest convience. This can be done by running, as root, the command
rpm --rebuilddb
Support for legacy db1 format rpm databases will be removed in the next release of rpm.

4) All platforms: If you chose to install rpm-4.0.2, and then go back to a previous version of rpm, then you will experience segfaults due to an incompatible change in headers in the database. The problem is in legacy versions of rpm going back to rpm-3.0, and is both caused and fixed by rpm-4.0.2. This incompatibility also applies to any/all applications that are statically linked against rpm libraries which should either be upgraded or recompiled to use rpm-4.0.2 libraries. Applications that use shared libraries should not be affected by this problem.

5) All platforms: rpm-4.0.2 will fail to install if you have both db1 and db3 rpm databases in /var/lib/rpm. If the packages do not install, please check the directory /var/lib/rpm for the files "packages.rpm" (the db1 format headers) and "Packages" (the db3 format headers) and rename/remove the older or smaller of the two files in order to upgrade.

4. Solution:

To update all RPMs for your particular architecture, run:

rpm -Fvh <filenames>

where <filenames> is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directly *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

6. RPMs required:

Red Hat Linux 5.2:

SRPMS:
ftp://updates.redhat.com/5.2/SRPMS/rpm-4.0.2-5x.src.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/rpm-4.0.2-5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/rpm-devel-4.0.2-5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/rpm-build-4.0.2-5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/popt-1.6.2-5x.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/i386/rpm-4.0.2-5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/rpm-devel-4.0.2-5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/rpm-build-4.0.2-5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/popt-1.6.2-5x.i386.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/rpm-4.0.2-5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/rpm-devel-4.0.2-5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/rpm-build-4.0.2-5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/popt-1.6.2-5x.sparc.rpm

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/SRPMS/rpm-4.0.2-6x.src.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/rpm-4.0.2-6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/rpm-devel-4.0.2-6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/rpm-build-4.0.2-6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/popt-1.6.2-6x.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/i386/rpm-4.0.2-6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/rpm-devel-4.0.2-6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/rpm-build-4.0.2-6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/popt-1.6.2-6x.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/rpm-4.0.2-6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/rpm-devel-4.0.2-6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/rpm-build-4.0.2-6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/popt-1.6.2-6x.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/SRPMS/rpm-4.0.2-7x.src.rpm

alpha:
ftp://updates.redhat.com/7.0/alpha/rpm-4.0.2-7x.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/rpm-devel-4.0.2-7x.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/rpm-build-4.0.2-7x.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/rpm-python-4.0.2-7x.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/popt-1.6.2-7x.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/i386/rpm-4.0.2-7x.i386.rpm
ftp://updates.redhat.com/7.0/i386/rpm-devel-4.0.2-7x.i386.rpm
ftp://updates.redhat.com/7.0/i386/rpm-build-4.0.2-7x.i386.rpm
ftp://updates.redhat.com/7.0/i386/rpm-python-4.0.2-7x.i386.rpm
ftp://updates.redhat.com/7.0/i386/popt-1.6.2-7x.i386.rpm

7. Verification:

MD5 sum                           Package Name

64691330604ed8c0c5eedde76c2fb184 5.2/SRPMS/rpm-4.0.2-5x.src.rpm
0fba7783b2ed9960d3f57293750238bb 5.2/alpha/popt-1.6.2-5x.alpha.rpm
7aaf74071671d996f6b2ceba5783fa2c 5.2/alpha/rpm-4.0.2-5x.alpha.rpm
ebb5e6ae5892486c8d8a369810cbac71 5.2/alpha/rpm-build-4.0.2-5x.alpha.rpm
fcb56dbdde9859afb8ba607f77ed2064 5.2/alpha/rpm-devel-4.0.2-5x.alpha.rpm
d455f9ec99ecb93835fd2b0c38aff58b 5.2/i386/popt-1.6.2-5x.i386.rpm
eddf2ff8b7cbb1badf0ea5f581e4ff0d 5.2/i386/rpm-4.0.2-5x.i386.rpm
679eaacbc1e225a6797fb0088d745f92 5.2/i386/rpm-build-4.0.2-5x.i386.rpm
8c179f743ebc3a79c76a55dea9584f95 5.2/i386/rpm-devel-4.0.2-5x.i386.rpm
797daa74f557647f3a8da87c0f49eaa7 5.2/sparc/popt-1.6.2-5x.sparc.rpm
b2f031ee0041739dc7ee6d4e6817076a 5.2/sparc/rpm-4.0.2-5x.sparc.rpm
fb20a02cfe1238ad4801ce71222edfd8 5.2/sparc/rpm-build-4.0.2-5x.sparc.rpm
74cb51bb776849459f26ad43378a6286 5.2/sparc/rpm-devel-4.0.2-5x.sparc.rpm
91a8647595c6a534f4084fbdeecd1380 6.2/SRPMS/rpm-4.0.2-6x.src.rpm
b613246a3a48e77f79577165cfe62057 6.2/alpha/popt-1.6.2-6x.alpha.rpm
082aff6cdcf39899574b0226f4eeca53 6.2/alpha/rpm-4.0.2-6x.alpha.rpm
bd0aa3c85732486bade9d662a8a9d025 6.2/alpha/rpm-build-4.0.2-6x.alpha.rpm
2a5c11545da29718ba39e46cd22499ea 6.2/alpha/rpm-devel-4.0.2-6x.alpha.rpm
b0271d8de9211cce3ad146f1e6c62bd9 6.2/i386/popt-1.6.2-6x.i386.rpm
0fb05fb1600edcb55fbcbbdb1edb40d8 6.2/i386/rpm-4.0.2-6x.i386.rpm
76e060bd28312325b2ff221fac847fc9 6.2/i386/rpm-build-4.0.2-6x.i386.rpm
6332e5d1519627108b3c664de6a37b6d 6.2/i386/rpm-devel-4.0.2-6x.i386.rpm
9240547d1df05a9cd43a8507e10ea1f1 6.2/sparc/popt-1.6.2-6x.sparc.rpm
10133d01dcaeedb695e5ea7c9a582427 6.2/sparc/rpm-4.0.2-6x.sparc.rpm
fbb0068debc0faf7f7bc54d920fbffb1 6.2/sparc/rpm-build-4.0.2-6x.sparc.rpm
88f53e91f9da46d85068f5c9795e46bc 6.2/sparc/rpm-devel-4.0.2-6x.sparc.rpm
7af51ac96d8f0f18e139140cfceea9aa 7.0/SRPMS/rpm-4.0.2-7x.src.rpm
a4236ea3635f4325fa3149986cd4a14f 7.0/alpha/popt-1.6.2-7x.alpha.rpm
fa9e0fa03a627f498f07301465ac27dd 7.0/alpha/rpm-4.0.2-7x.alpha.rpm
40e1b82d88a8ad19f98d217e47ef1bf5 7.0/alpha/rpm-build-4.0.2-7x.alpha.rpm
ce4c54eeb33c7c5d0d30767d1d91e7cb 7.0/alpha/rpm-devel-4.0.2-7x.alpha.rpm
447da8566447b4c9115631d9ee7b705a 7.0/alpha/rpm-python-4.0.2-7x.alpha.rpm
e259bf0ba9b4ae2ba85d5f6517df7333 7.0/i386/popt-1.6.2-7x.i386.rpm
998f0871de8bb93af136aba676b9bf48 7.0/i386/rpm-4.0.2-7x.i386.rpm
bb12807e379c9ee46a3629f2e3271215 7.0/i386/rpm-build-4.0.2-7x.i386.rpm
4a96b1b9bfea3b071b19607d7364952f 7.0/i386/rpm-devel-4.0.2-7x.i386.rpm
5901bc8f18e7464b673a185227f95b41 7.0/i386/rpm-python-4.0.2-7x.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm --checksig <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>

8. References:

Copyright(c) 2000, 2001 Red Hat, Inc.