Mailinglist Archive: opensuse-security (9 mails)
| < Previous | Next > |
[opensuse-security] Failed digest verification with package updates from build service projects
- From: "Hans-Peter Jansen" <hpj@xxxxxxxxx>
- Date: Thu, 25 Mar 2010 18:34:30 +0100
- Message-id: <201003251834.30849.hpj@xxxxxxxxx>
Hi,
apart from many connection failures to download.opensuse.org, e.g.:
Retrieving package samba-client-3.5.1-5.1.i586 (145/164), 21.0 M (76.9 M
unpacked)
Retrieving: samba-client-3.5.1-5.1.i586.rpm [error]
Download (curl) error
for
'http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_11.1/i586/samba-client-3.5.1-5.1.i586.rpm':
Error code: Connection failed
Error message: couldn't connect to host
Abort, retry, ignore? [A/r/i]: r
Retrieving: samba-client-3.5.1-5.1.i586.rpm [done (1.7 M/s)]
Installing: samba-client-3.5.1-5.1 [done]
Additional rpm output:
warning: /etc/samba/smb.conf created as /etc/samba/smb.conf.rpmnew
Updating etc/sysconfig/network/dhcp...
and
Retrieving package perl-DBI-1.609-9.1.i586 (131/164), 760.0 K (2.0 M unpacked)
Retrieving: perl-DBI-1.609-9.1.i586.rpm [error]
Download (curl) error
for
'http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_11.1/i586/perl-DBI-1.609-9.1.i586.rpm':
Error code: Connection failed
Error message: couldn't connect to host
Abort, retry, ignore? [A/r/i]: r
Retrieving: perl-DBI-1.609-9.1.i586.rpm [done]
Installing: perl-DBI-1.609-9.1 [done]
that are circumvented with retrying, I get really disconcerting failures like:
Retrieving package libssh2-1-1.2.4-3.1.i586 (14/16), 63.0 K (155.0 K unpacked)
Retrieving: libssh2-1-1.2.4-3.1.i586.rpm [done]
Digest verification failed for libssh2-1-1.2.4-3.1.i586.rpm. Expected
79e86e50140dfba4a5518d9b56aa265d11118457, found
6eae9b5a01ea7ce6549733b65776618d87513452. Continue? [yes/NO]:
Failed to provide Package libssh2-1-1.2.4-3.1. Do you want to retry retrieval?
[devel_languages_python|http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_11.1/]
Can't
provide file './i586/libssh2-1-1.2.4-3.1.i586.rpm' from repository
'devel_languages_python'
History:
- libssh2-1-1.2.4-3.1.i586.rpm has wrong checksum
Abort, retry, ignore? [A/r/i]: i
Retrieving package libcurl4-7.20.0-33.1.i586 (15/16), 165.0 K (347.0 K unpacked)
Retrieving: libcurl4-7.20.0-33.1.i586.rpm [done]
Digest verification failed for libcurl4-7.20.0-33.1.i586.rpm. Expected
ef235bb05c155b78659bc3356b88f4a88b255e20, found
d37f038a4f933efbdb10bc73cfb93946750420c6. Continue? [yes/NO]:
Failed to provide Package libcurl4-7.20.0-33.1. Do you want to retry retrieval?
[devel_languages_python|http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_11.1/]
Can't
provide file './i586/libcurl4-7.20.0-33.1.i586.rpm' from repository
'devel_languages_python'
History:
- libcurl4-7.20.0-33.1.i586.rpm has wrong checksum
Abort, retry, ignore? [A/r/i]: i
Given, that both originate from the same project and both are critical
from a security POV, I _am_ worried about this behavior. Is there somebody
tampering with those packages?
TIA,
Pete
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
apart from many connection failures to download.opensuse.org, e.g.:
Retrieving package samba-client-3.5.1-5.1.i586 (145/164), 21.0 M (76.9 M
unpacked)
Retrieving: samba-client-3.5.1-5.1.i586.rpm [error]
Download (curl) error
for
'http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_11.1/i586/samba-client-3.5.1-5.1.i586.rpm':
Error code: Connection failed
Error message: couldn't connect to host
Abort, retry, ignore? [A/r/i]: r
Retrieving: samba-client-3.5.1-5.1.i586.rpm [done (1.7 M/s)]
Installing: samba-client-3.5.1-5.1 [done]
Additional rpm output:
warning: /etc/samba/smb.conf created as /etc/samba/smb.conf.rpmnew
Updating etc/sysconfig/network/dhcp...
and
Retrieving package perl-DBI-1.609-9.1.i586 (131/164), 760.0 K (2.0 M unpacked)
Retrieving: perl-DBI-1.609-9.1.i586.rpm [error]
Download (curl) error
for
'http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_11.1/i586/perl-DBI-1.609-9.1.i586.rpm':
Error code: Connection failed
Error message: couldn't connect to host
Abort, retry, ignore? [A/r/i]: r
Retrieving: perl-DBI-1.609-9.1.i586.rpm [done]
Installing: perl-DBI-1.609-9.1 [done]
that are circumvented with retrying, I get really disconcerting failures like:
Retrieving package libssh2-1-1.2.4-3.1.i586 (14/16), 63.0 K (155.0 K unpacked)
Retrieving: libssh2-1-1.2.4-3.1.i586.rpm [done]
Digest verification failed for libssh2-1-1.2.4-3.1.i586.rpm. Expected
79e86e50140dfba4a5518d9b56aa265d11118457, found
6eae9b5a01ea7ce6549733b65776618d87513452. Continue? [yes/NO]:
Failed to provide Package libssh2-1-1.2.4-3.1. Do you want to retry retrieval?
[devel_languages_python|http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_11.1/]
Can't
provide file './i586/libssh2-1-1.2.4-3.1.i586.rpm' from repository
'devel_languages_python'
History:
- libssh2-1-1.2.4-3.1.i586.rpm has wrong checksum
Abort, retry, ignore? [A/r/i]: i
Retrieving package libcurl4-7.20.0-33.1.i586 (15/16), 165.0 K (347.0 K unpacked)
Retrieving: libcurl4-7.20.0-33.1.i586.rpm [done]
Digest verification failed for libcurl4-7.20.0-33.1.i586.rpm. Expected
ef235bb05c155b78659bc3356b88f4a88b255e20, found
d37f038a4f933efbdb10bc73cfb93946750420c6. Continue? [yes/NO]:
Failed to provide Package libcurl4-7.20.0-33.1. Do you want to retry retrieval?
[devel_languages_python|http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_11.1/]
Can't
provide file './i586/libcurl4-7.20.0-33.1.i586.rpm' from repository
'devel_languages_python'
History:
- libcurl4-7.20.0-33.1.i586.rpm has wrong checksum
Abort, retry, ignore? [A/r/i]: i
Given, that both originate from the same project and both are critical
from a security POV, I _am_ worried about this behavior. Is there somebody
tampering with those packages?
TIA,
Pete
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
| < Previous | Next > |