- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1371 - Bug Fix Advisory
Synopsis
rpm bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated rpm packages that resolve several issues are now available.
Description
The RPM Package Manager (RPM) is a command line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.
These updated rpm packages provide fixes for the following bugs:
- on 64-bit multilib systems, verifying all packages on the system led to a
large number of files being listed which only differed in timestamp values.
With this update, timestamp differences on multilib systems are now
filtered so that verifying all packages (using the "rpm -Va" command) on
both 32-bit and 64-bit systems results in relevant and useful information
for system administrators. (BZ#426672, BZ#472151)
- verification using the "--root [directory]" option could give false
warnings on file ownership due to using the system's user and group
database instead of the alternate root. RPM now performs verification using
actual chrooted environment to ensure the correct user database is used.
(BZ#434150)
- in some upgrade scenarios YUM would trigger a massive memory
fragmentation in librpm, causing it to use immoderate amounts of memory.
RPM now uses a better allocation algorithm to avoid excessive
fragmentation. In addition, a separate flawed algorithm caused initial
installation to take much longer than it should have. These fixes result in
a better-performing RPM overall. (BZ#435475)
- the "rpmbuild" utility silently applied patches that no longer exactly
match the source code, which could cause packaging of unwanted backup files
or even result in subtle bugs in the software itself. An opt-in mechanism
to enable a stricter mode of patching on a per-spec basis has been
introduced to help packagers notice these cases early in the
package-building process. (BZ#471005)
- on 64-bit multilib systems, RPM permitted installation of packages for
incompatible architectures. RPM now validates package architecture
compatibility on all platforms. (BZ#472065)
- an extra "/" character in source file paths could have caused RPM version
4.4.2.3 to abort builds on packages that were previously able to be built
during the debug-information extraction stage. This update reverts the
error to a warning to let such packages continue to build. (BZ#482903)
- RPM incorrectly calculated the fingerprint of some GPG public keys,
causing false "key not present" errors on package signature-checking. This
update includes a fix to correct the fingerprint calculation in these
cases. (BZ#493777)
- recent RPM versions could fail to verify a valid RSA signature on a
package due to different padding behavior of the low-level cryptography
library now used. RPM now performs the additional zero-padding itself when
necessary, thus allowing RSA signatures to be correctly verified.
(BZ#502791)
- RPM output an invalid Japanese error message when run in a Japanese
locale. The error message translation has been corrected. (BZ#387321)
All users of rpm are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 426672 - Make rpm -V be useful again.
- BZ - 435475 - RFE: [Performance] yum update slower as more packages go into each minor release, esp. bad on IA64 hw
- BZ - 471005 - Allow rpmbuild user to prevent application of hunks into wrong contexts
- BZ - 472065 - rpm packages for different architecture can be installed without warnings on x86_64
- BZ - 472151 - rpm verify fails after a fresh install
- BZ - 482903 - debugedit prints: canonicalization unexpectedly shrank by one character
- BZ - 493777 - rpm --import gets the key id wrong
- BZ - 502791 - Signature checking regression caused by beecrypt -> NSS switch
- BZ - 508074 - rpm -Va --root /external_folder fails sometimes
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
x86_64 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
popt-1.10.2.3-18.el5.x86_64.rpm | SHA-256: 0619b1521b77b82606e4c3f0287d22f474390b381a1657fa5fb60f6577117e55 |
rpm-4.4.2.3-18.el5.x86_64.rpm | SHA-256: da77e0f8670ede485ca259a2ecc0a7e3a1db207c73b0a8a37c6ee0d02c120631 |
rpm-apidocs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 1e18b3ba6e36da6a0c91e1ede627e2db46d558ac4b8c119b4223c8fcf074ed4d |
rpm-build-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 847c36f4cf3bff0f7c24e533bb05f48561a15e98df23974ab20407e920466bcb |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-devel-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 3bcf5804b3f17b0fc8a295c929f93d8a0cf849872dba854b11b0bffa6a72a784 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-libs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: a4c7fb85e8e5c531d758a207c9c97b875ccc8fec97688ab44968b7dc6cde07b2 |
rpm-python-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 53bee9d652b43b7b63ca39c1fcebe9f52dcea8f27853d762215e1ad82bd984d1 |
ia64 | |
popt-1.10.2.3-18.el5.ia64.rpm | SHA-256: 2c71fc2ea1e16eadd8804ce8eca2260301b017416e713bae29d981108151dac1 |
rpm-4.4.2.3-18.el5.ia64.rpm | SHA-256: 193a850515d9dd29292225531d01415decfefe3bbbd798b6c3174213e6352cd8 |
rpm-apidocs-4.4.2.3-18.el5.ia64.rpm | SHA-256: 723665cdc4bda858c5bf74be470b8786452015d1a5e76066891fc63135b00ef0 |
rpm-build-4.4.2.3-18.el5.ia64.rpm | SHA-256: 2b3e00dea166a65b33092fc6ca73abb20f7d2adb72417ca5ad2da14b914da9ac |
rpm-devel-4.4.2.3-18.el5.ia64.rpm | SHA-256: 456e1ed51a1594832b21fd08195542f5c7f4bee3f7c71342c7340fc3355f3a83 |
rpm-libs-4.4.2.3-18.el5.ia64.rpm | SHA-256: aa80723919471ba7f40236159a880a5fa655613a603626d974014c5a22730eea |
rpm-python-4.4.2.3-18.el5.ia64.rpm | SHA-256: 482d343d2b1304991f1486c441656e1e21282c8d41a06ae1ad79f38215829500 |
i386 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
rpm-4.4.2.3-18.el5.i386.rpm | SHA-256: d30d8d447a8f3be1da8c3159bdfe4dc9c66becc1cac1d8284d489606777b25aa |
rpm-apidocs-4.4.2.3-18.el5.i386.rpm | SHA-256: b49b2b138e942b5e6fdc6fccb6eba5c511c2b504c023c7c855f3ce5991d58691 |
rpm-build-4.4.2.3-18.el5.i386.rpm | SHA-256: 61e7ac8f5bd9fdc0cfdf345e30f89fbc98ff01172ca6a928d5bab9783bfc9646 |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-python-4.4.2.3-18.el5.i386.rpm | SHA-256: ea10432a0ad5c6ea8637051746807ea1a3820f98517c90632c5615dc92986dc2 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
x86_64 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
popt-1.10.2.3-18.el5.x86_64.rpm | SHA-256: 0619b1521b77b82606e4c3f0287d22f474390b381a1657fa5fb60f6577117e55 |
rpm-4.4.2.3-18.el5.x86_64.rpm | SHA-256: da77e0f8670ede485ca259a2ecc0a7e3a1db207c73b0a8a37c6ee0d02c120631 |
rpm-apidocs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 1e18b3ba6e36da6a0c91e1ede627e2db46d558ac4b8c119b4223c8fcf074ed4d |
rpm-build-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 847c36f4cf3bff0f7c24e533bb05f48561a15e98df23974ab20407e920466bcb |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-devel-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 3bcf5804b3f17b0fc8a295c929f93d8a0cf849872dba854b11b0bffa6a72a784 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-libs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: a4c7fb85e8e5c531d758a207c9c97b875ccc8fec97688ab44968b7dc6cde07b2 |
rpm-python-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 53bee9d652b43b7b63ca39c1fcebe9f52dcea8f27853d762215e1ad82bd984d1 |
i386 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
rpm-4.4.2.3-18.el5.i386.rpm | SHA-256: d30d8d447a8f3be1da8c3159bdfe4dc9c66becc1cac1d8284d489606777b25aa |
rpm-apidocs-4.4.2.3-18.el5.i386.rpm | SHA-256: b49b2b138e942b5e6fdc6fccb6eba5c511c2b504c023c7c855f3ce5991d58691 |
rpm-build-4.4.2.3-18.el5.i386.rpm | SHA-256: 61e7ac8f5bd9fdc0cfdf345e30f89fbc98ff01172ca6a928d5bab9783bfc9646 |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-python-4.4.2.3-18.el5.i386.rpm | SHA-256: ea10432a0ad5c6ea8637051746807ea1a3820f98517c90632c5615dc92986dc2 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
x86_64 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
popt-1.10.2.3-18.el5.x86_64.rpm | SHA-256: 0619b1521b77b82606e4c3f0287d22f474390b381a1657fa5fb60f6577117e55 |
rpm-4.4.2.3-18.el5.x86_64.rpm | SHA-256: da77e0f8670ede485ca259a2ecc0a7e3a1db207c73b0a8a37c6ee0d02c120631 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-libs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: a4c7fb85e8e5c531d758a207c9c97b875ccc8fec97688ab44968b7dc6cde07b2 |
rpm-python-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 53bee9d652b43b7b63ca39c1fcebe9f52dcea8f27853d762215e1ad82bd984d1 |
i386 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
rpm-4.4.2.3-18.el5.i386.rpm | SHA-256: d30d8d447a8f3be1da8c3159bdfe4dc9c66becc1cac1d8284d489606777b25aa |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-python-4.4.2.3-18.el5.i386.rpm | SHA-256: ea10432a0ad5c6ea8637051746807ea1a3820f98517c90632c5615dc92986dc2 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
s390x | |
popt-1.10.2.3-18.el5.s390.rpm | SHA-256: 4650e958ec36f22d913ae0fff48681f733f4d3141bb23ac9db6bdd737ca87582 |
popt-1.10.2.3-18.el5.s390x.rpm | SHA-256: aac229b8e91ca65a67eeab54d1c5194338cfbc64ed1594d3a8a4e5a2c9270140 |
rpm-4.4.2.3-18.el5.s390x.rpm | SHA-256: 0bd15e97eb944794d361964304750c908d4ed308b248ea8745146cb0ac9f6c17 |
rpm-apidocs-4.4.2.3-18.el5.s390x.rpm | SHA-256: 1aee212b595b5f938c5d166cee88f2de0ea3313c616f74c8ba3b7cd86d9e1d06 |
rpm-build-4.4.2.3-18.el5.s390x.rpm | SHA-256: dc3bab47c1fde07c4dddb80aa2997164731c9d19e2b4a5d3e6915dcbbf2bd42f |
rpm-devel-4.4.2.3-18.el5.s390.rpm | SHA-256: 2f3ce3c326955d37c895a193e2199659730efbd1989594a27a41a3657aff84e3 |
rpm-devel-4.4.2.3-18.el5.s390x.rpm | SHA-256: ad5b3a3a98ed8a3df54f54cc88d9fe9dba4c6e6fe845fa1240779104510d7629 |
rpm-libs-4.4.2.3-18.el5.s390.rpm | SHA-256: 8a9edd0c802894e396917a6d2f9c24d2f1c4f7e9f930ec367eb960fc8b94d179 |
rpm-libs-4.4.2.3-18.el5.s390x.rpm | SHA-256: e6aee906ffbcba866e052de0a2b6fe1f7bd9b7094e6c979a9c30fb218706810c |
rpm-python-4.4.2.3-18.el5.s390x.rpm | SHA-256: 7ad0b02c906029aa709d3cea6e2c12007dcd4ce746abe51773e61b914276ccca |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
ppc | |
popt-1.10.2.3-18.el5.ppc.rpm | SHA-256: ee174e0ffac62296b024463f9ad81e91d049635223591b20052da1f9140824cd |
popt-1.10.2.3-18.el5.ppc64.rpm | SHA-256: c000715f6f84cea76c9e1d208bdffe09b6483e82c16c305f8a7b5e509ad6772e |
rpm-4.4.2.3-18.el5.ppc.rpm | SHA-256: ca383272c061de0f68db0b0e2be44ce9ceb57fa2ed5e34122765ffe2c18e08d1 |
rpm-apidocs-4.4.2.3-18.el5.ppc.rpm | SHA-256: 1828cadd3bd22a6a3cd406f3e9af23a41865584140c8d4a8c09d8ca750bb5ef8 |
rpm-build-4.4.2.3-18.el5.ppc.rpm | SHA-256: ead613fd0e7365eb8d0de108ca24070029574a0eea0c510d6aef0c6ed49c07ad |
rpm-devel-4.4.2.3-18.el5.ppc.rpm | SHA-256: 0a9a90e3cb93742838e560bb75b40710b870f2950b6c72a8e4b29f06075ea4a2 |
rpm-devel-4.4.2.3-18.el5.ppc64.rpm | SHA-256: 90e4c6f2eb9b8f477522a46943dc6c4cea34123ac9644ab7b336f105cfb23306 |
rpm-libs-4.4.2.3-18.el5.ppc.rpm | SHA-256: 686fe612daeb9e97bb740d0fef5d523d8aebec65bb915f964041c4bd9bca3fae |
rpm-libs-4.4.2.3-18.el5.ppc64.rpm | SHA-256: 5f48a54c84c383e8819c2aeacee5f64e875eb6deb897cd8ee5102ad3a64e70ae |
rpm-python-4.4.2.3-18.el5.ppc.rpm | SHA-256: f07d35b624416459246d984d6e7334773e5d0e29304a24cc495621da12b9d8cd |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
rpm-4.4.2.3-18.el5.src.rpm | SHA-256: e0ba4fac87ef5fee15405bb4517e3a29adc837add508679b51030599f3192c3e |
x86_64 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
popt-1.10.2.3-18.el5.x86_64.rpm | SHA-256: 0619b1521b77b82606e4c3f0287d22f474390b381a1657fa5fb60f6577117e55 |
rpm-4.4.2.3-18.el5.x86_64.rpm | SHA-256: da77e0f8670ede485ca259a2ecc0a7e3a1db207c73b0a8a37c6ee0d02c120631 |
rpm-apidocs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 1e18b3ba6e36da6a0c91e1ede627e2db46d558ac4b8c119b4223c8fcf074ed4d |
rpm-build-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 847c36f4cf3bff0f7c24e533bb05f48561a15e98df23974ab20407e920466bcb |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-devel-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 3bcf5804b3f17b0fc8a295c929f93d8a0cf849872dba854b11b0bffa6a72a784 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-libs-4.4.2.3-18.el5.x86_64.rpm | SHA-256: a4c7fb85e8e5c531d758a207c9c97b875ccc8fec97688ab44968b7dc6cde07b2 |
rpm-python-4.4.2.3-18.el5.x86_64.rpm | SHA-256: 53bee9d652b43b7b63ca39c1fcebe9f52dcea8f27853d762215e1ad82bd984d1 |
i386 | |
popt-1.10.2.3-18.el5.i386.rpm | SHA-256: eb1f1138c0fa1fad87eeff150b53667f6ede163c4856df7527e025e69242c4f3 |
rpm-4.4.2.3-18.el5.i386.rpm | SHA-256: d30d8d447a8f3be1da8c3159bdfe4dc9c66becc1cac1d8284d489606777b25aa |
rpm-apidocs-4.4.2.3-18.el5.i386.rpm | SHA-256: b49b2b138e942b5e6fdc6fccb6eba5c511c2b504c023c7c855f3ce5991d58691 |
rpm-build-4.4.2.3-18.el5.i386.rpm | SHA-256: 61e7ac8f5bd9fdc0cfdf345e30f89fbc98ff01172ca6a928d5bab9783bfc9646 |
rpm-devel-4.4.2.3-18.el5.i386.rpm | SHA-256: b2f4a0b0f17218d3e4fdc9bc944d5f95f1ccf7283b8c8aaf592114d6a75f5879 |
rpm-libs-4.4.2.3-18.el5.i386.rpm | SHA-256: 4f66111aee8e7f2d25e31cb161c4f92470ef9a76d63bcebef6d6bcbedb917e36 |
rpm-python-4.4.2.3-18.el5.i386.rpm | SHA-256: ea10432a0ad5c6ea8637051746807ea1a3820f98517c90632c5615dc92986dc2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.