[opensuse-security] digest verification failed
Is there a problem with the updates directory? Refreshing 'openSUSE-10.3-Updates' Digest verification failed for patch-cpio-4474.xml. Expected d50dd8b6dd30a449add408a770b529b5ce4a465c, found 3ab13e46835e8665b95b3ed71f51dd87dc1fb1bd. Continue? [yes/no]: yes Digest verification failed for patch-wvdial-4461.xml. Expected 2b0a7ec9f5b3787277cef713ad6cae857f711965, found 7e33d8c035496ed57e21dc1da25374415cd3ca8b. Continue? [yes/no]: yes Digest verification failed for patch-libiniparser-32bit-4488.xml. Expected 8c8b7e1aac59c6efaeadd69189371850aaa9b79a, found 6f092ec944d66016931dc4ef2f4dc48634acd051. Continue? [yes/no]: yes Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi, On Tue, Nov 13, 2007 at 05:33:08PM +0100, Anders Johansson wrote:
Is there a problem with the updates directory?
Refreshing 'openSUSE-10.3-Updates' Digest verification failed for patch-cpio-4474.xml. Expected d50dd8b6dd30a449add408a770b529b5ce4a465c, found
d50dd8b6dd30a449add408a770b529b5ce4a465c is correct for patch-cpio-4474.xml, from where did you get all those files?
3ab13e46835e8665b95b3ed71f51dd87dc1fb1bd. Continue? [yes/no]: yes Digest verification failed for patch-wvdial-4461.xml. Expected 2b0a7ec9f5b3787277cef713ad6cae857f711965, found 7e33d8c035496ed57e21dc1da25374415cd3ca8b. Continue? [yes/no]: yes Digest verification failed for patch-libiniparser-32bit-4488.xml. Expected 8c8b7e1aac59c6efaeadd69189371850aaa9b79a, found 6f092ec944d66016931dc4ef2f4dc48634acd051. Continue? [yes/no]: yes
Anders
-- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Peter -- "WARNING: This bug is visible to non-employees. Please be respectful!" SUSE LINUX Products GmbH Research & Development
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Nov 13, 2007 at 05:56:08PM +0100, Anders Johansson wrote:
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files
Can you provide me your IP and an possibly an approximate time? Peter -- "WARNING: This bug is visible to non-employees. Please be respectful!" SUSE LINUX Products GmbH Research & Development
On Tuesday 13 November 2007 17:56:08 Anders Johansson wrote:
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files
Actually, the patch-wvdial 404 error page tells me <address> <a href="/">ftp.rrze.uni-erlangen.de</a><br /> Real fun is scrolling down a bit to below the HTML 404 part. The real xml follows It looks like the Erlangen university has configuration problems Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Nov 13, 2007 at 06:05:38PM +0100, Anders Johansson wrote:
On Tuesday 13 November 2007 17:56:08 Anders Johansson wrote:
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files
Actually, the patch-wvdial 404 error page tells me
<address> <a href="/">ftp.rrze.uni-erlangen.de</a><br />
Real fun is scrolling down a bit to below the HTML 404 part. The real xml follows
I can't really reproduce that. The request works just fine and retrieves an intact file from that mirror. However, I _do_ notice that they set Content-Type: application/xml on the reply, instead of Content-Type: text/xml what it would normally be. I've disabled the mirror for now, and will contact them to fix it. But could you please try other mirrors from http://download.opensuse.org/update/10.3/repodata/patch-wvdial-4461.xml?mirr... to see if they better work for you?
It looks like the Erlangen university has configuration problems
Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Peter -- "WARNING: This bug is visible to non-employees. Please be respectful!" SUSE LINUX Products GmbH Research & Development
On Tuesday 13 November 2007 18:13:37 Dr. Peter Poeml wrote:
I can't really reproduce that. The request works just fine and retrieves an intact file from that mirror.
However, I _do_ notice that they set Content-Type: application/xml on the reply, instead of Content-Type: text/xml what it would normally be.
I've disabled the mirror for now, and will contact them to fix it.
But could you please try other mirrors from http://download.opensuse.org/update/10.3/repodata/patch-wvdial-4461.xml?mir rorlist to see if they better work for you?
I deleted the three files and did a "zypper refresh", and that downloaded them again, and now they verify Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Nov 13, 2007 at 06:05:38PM +0100, Anders Johansson wrote:
On Tuesday 13 November 2007 17:56:08 Anders Johansson wrote:
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files
Actually, the patch-wvdial 404 error page tells me
What do you mean with 404 error page? How did you get to that? Browser? Zypper? YaST?
<address> <a href="/">ftp.rrze.uni-erlangen.de</a><br />
Real fun is scrolling down a bit to below the HTML 404 part. The real xml follows
It looks like the Erlangen university has configuration problems
Anders
I don't believe anymore that the Content-Type of application/xml could be an issue -- because half of all mirrors do it that way, as a quick survey shows. I have re-enabled Erlangen again, therefore, as I can't really see any problem with it. The files I retrieved from there verify just fine. It rather looks like a problem at your end, or at your ISP to me. Peter -- "WARNING: This bug is visible to non-employees. Please be respectful!" SUSE LINUX Products GmbH Research & Development
On Tuesday 13 November 2007 18:30:49 Dr. Peter Poeml wrote:
On Tue, Nov 13, 2007 at 06:05:38PM +0100, Anders Johansson wrote:
On Tuesday 13 November 2007 17:56:08 Anders Johansson wrote:
On Tuesday 13 November 2007 17:44:45 Dr. Peter Poeml wrote:
from where did you get all those files?
zypper gave them to me. The repo is download.opensuse.org/update/10.3, but I'm not sure what the real server was that gave me these bogus files
Actually, the patch-wvdial 404 error page tells me
What do you mean with 404 error page? How did you get to that? Browser? Zypper? YaST?
I mean that the file downloaded contained an HTML 404 error page.
It rather looks like a problem at your end, or at your ISP to me.
There is no problem at my end, and my ISP is T-online. I don't think this has anything to do with them either. I don't see how it possibly could. However, I have seen similar problems on other servers when they become overloaded. They suddenly start returning garbage or corrupted files Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Nov 13, 2007 at 05:33:08PM +0100, Anders Johansson wrote:
Is there a problem with the updates directory?
Refreshing 'openSUSE-10.3-Updates' Digest verification failed for patch-cpio-4474.xml. Expected d50dd8b6dd30a449add408a770b529b5ce4a465c, found 3ab13e46835e8665b95b3ed71f51dd87dc1fb1bd. Continue? [yes/no]: yes
patch-cpio-4474.xml is still d50dd8b6dd30a449add408a770b529b5ce4a465c on our side. Have a look at the file if something suspicious stands out. Ciao, Marcus
On Tuesday 13 November 2007 17:45:11 Marcus Meissner wrote:
patch-cpio-4474.xml is still d50dd8b6dd30a449add408a770b529b5ce4a465c on our side.
Have a look at the file if something suspicious stands out.
Hm, yes there is. Extra garbage at the start of the file Accept-Ranges: bytes Content-Length: 5996 Expires: Wed, 14 Nov 2007 16:27:57 GMT Age: 122 Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> [...] patch-wvdial is a 404 error page, and patch-libiniparser also has those HTTP headers at the top Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Nov 13, 2007 at 05:53:56PM +0100, Anders Johansson wrote:
On Tuesday 13 November 2007 17:45:11 Marcus Meissner wrote:
patch-cpio-4474.xml is still d50dd8b6dd30a449add408a770b529b5ce4a465c on our side.
Have a look at the file if something suspicious stands out.
Hm, yes there is. Extra garbage at the start of the file
Accept-Ranges: bytes Content-Length: 5996 Expires: Wed, 14 Nov 2007 16:27:57 GMT Age: 122 Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?> [...]
patch-wvdial is a 404 error page, and patch-libiniparser also has those HTTP headers at the top
Looks like a bad proxy inbetween. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tuesday 13 November 2007 17:53:04 Marcus Meissner wrote:
Looks like a bad proxy inbetween.
Perhaps, but it's certainly not at my end. I don't use a proxy Anders -- Madness takes its toll --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Anders Johansson
-
Dr. Peter Poeml
-
Marcus Meissner