https://bugzilla.novell.com/show_bug.cgi?id=821793 https://bugzilla.novell.com/show_bug.cgi?id=821793#c0 Summary: SHA256 checksum errors in updates Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Major Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Ulrich.Windl@rz.uni-regensburg.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0 A moment ago I saw several checksum errors hwn getting updates from http://download.opensuse.org/update/12.3. For example (my own program prints these lines): [3] Getting 'http://download.opensuse.org/update/12.3/x86_64/pm-utils-ndiswrapper-1.4.1-2...' [1] invalid sha256 checksum for x86_64/pm-utils-ndiswrapper-1.4.1-26.5.1.x86_64.rpm~e1~: want: 661d5874501f8d2d8c125f2c891894c2b672f37a3ca5c31753a3fdd262d1e26b have: 9c671bd162cc9fbe8d363b15e172f922509d32d54a51eacf819edb97b2086c98 [3] Getting 'http://download.opensuse.org/update/12.3/x86_64/Mesa-32bit-9.0.2-34.6.1.x86_...' [1] invalid sha256 checksum for x86_64/Mesa-32bit-9.0.2-34.6.1.x86_64.rpm~J0~: want: c922ab60b74c6d41cd82b6ccdaefe3b440c52696525332d3aa1e8d4d5a7eaf03 have: 2e82765b32f2519274dd41185ead084b4f1f5ea780d126a3438e16a4c7d6b239 [3] Getting 'http://download.opensuse.org/update/12.3/x86_64/Mesa-libGL1-9.0.2-34.6.1.x86...' [1] invalid sha256 checksum for x86_64/Mesa-libGL1-9.0.2-34.6.1.x86_64.rpm~am~: want: 2213e33e311ba9ee2492c43cfbb2e71432e5ccdbe11bf8db916ff08f51fd7c87 have: 07cdb85dc628d95a3d8a8efda0421202ba17d0d9485fb8479ed3b96246802247 For reference, I was repodata derived from this signature (the files below pass signature test): gpg: Signature made Fr 24 Mai 2013 15:53:08 CEST using RSA key ID 3DBDC284 gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 -rw-r--r-- 1 wiu09024 users 2428152 24. Mai 15:52 2a2d13185d2f135560b86bc6c0608cd997a586fce8ae85f328765cff8d87c344-other.xml.gz -rw-r--r-- 1 wiu09024 users 4535248 24. Mai 15:52 2ed369c6c192886dd9a1b2e756cc4504f50ebadba33ab5107e12a81165da4329-primary.xml.gz -rw-r--r-- 1 wiu09024 users 155 24. Mai 15:53 32563a2660399134bc76f392681f7eec44b594644cb5373c4059d35b5fe53881-suseinfo.xml.gz -rw-r--r-- 1 wiu09024 users 141493 24. Mai 15:52 36432aa49a5bdf474453dcf9511ceaad6a59330f508b8870d4f8e6e0e271ab14-updateinfo.xml.gz -rw-r--r-- 1 wiu09024 users 202267 24. Mai 15:53 4d36c39ea98748cd925e91e7e571da3286f4ff2a3dc17f4a978fc72444d1b020-deltainfo.xml.gz -rw-r--r-- 1 wiu09024 users 1601058 24. Mai 15:52 ba71444bfdbd015cfb4354031598b0083943d4da81506ab5252bcc40e4b4d771-appdata.xml.gz -rw-r--r-- 1 wiu09024 users 7174717 24. Mai 15:52 f39df04300551cbc510dd9906fa20c9963177577002917bda7b86ba76a53f955-filelists.xml.gz Reproducible: Always Steps to Reproduce: 1. Download current set of updates Actual Results: Checksums fail Expected Results: Chacksums match I hope your site wasn't attacked -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.