Hans-Peter Jansen wrote:
Given, that both originate from the same project and both are critical from a security POV, I _am_ worried about this behavior. Is there somebody tampering with those packages?
It gets stranger and stranger: for some reason, the verification for libcurl4 succeeded in another attempt:
download.opensuse.org redirects to mirrors. Maybe one of them has a corrupted package. I don't know if zypper has options to print redirects. You could try fetching the file manually using wget to see which mirror was used though.
Now that version binds against libssh2, which wasn't installed obviously. With the unfriendly result of:
# zypper zypper: error while loading shared libraries: libssh2.so.1: cannot open shared object file: No such file or directory
Just don't press 'i' ie 'ignore' if zypper prompts you to avoid such errors :-)
@crrodriguez: the whole issue might be a red herring, but let's face it: such moves need a bit more verbose description, and given, that these libs crept into my system via devel:/languages:/python, while they flag themself
Distribution: devel:libraries:c_c++ / openSUSE_11.1
doesn't raise users confidence. In fact, it keeps smelling fishy...
There's an _aggregate file in devel:languages:python/curl that copies curl binaries from devel:libraries:c_c++ to avoid rebuilding curl in devel:languages:python too. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org