Skip to navigation

Security Advisory rpm-4.0.2 for all Red Hat platforms and releases.

Advisory: RHSA-2001:016-02
Type: Security Advisory
Severity: N/A
Issued on: 2001-02-19
Last updated on: 2001-03-16
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0

Details

A common version of rpm for all Red Hat distributions is being released.
This version of rpm understands legacy version 3 packaging used in Red
Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat
7.x.
In addition, rpm-4.0.2 has support for both the legacy db1 format used in
Red Hat 6.x/5.x databases as well as support for the db3 format database
used in Red Hat 7.x

Several potential problems

1) Red Hat 6.x/5.x users will need to install the db3 packages from
RHEA-2001:015-09.

2) Red Hat 5.x users should note that the default compiler flags in rpm
have changed, and are not compatible with the gcc originally shipped
with Red Hat 5.2. Use egcs as a compiler instead.

3) Red Hat 6.x/5.x users should convert from db1 to db3 format dtabases at
your earliest convience. This can be done by running, as root, the
command
rpm --rebuilddb
Support for legacy db1 format rpm databases will be removed in the next
release of rpm.

4) All platforms: If you chose to install rpm-4.0.2, and then go back to a
previous version of rpm, then you will experience segfaults due to an
incompatible change in headers in the database. The problem is in
legacy versions of rpm going back to rpm-3.0, and is both caused and
fixed by rpm-4.0.2. This incompatibility also applies to any/all
applications that are statically linked against rpm libraries which
should either be upgraded or recompiled to use rpm-4.0.2 libraries.
Applications that use shared libraries should not be affected by this
problem.

5) All platforms: rpm-4.0.2 will fail to install if you have both db1 and
db3 rpm databases in /var/lib/rpm. If the packages do not install,
please check the directory /var/lib/rpm for the files "packages.rpm"
(the db1 format headers) and "Packages" (the db3 format headers)
and rename/remove the older or smaller of the two files in order to
upgrade.


Solution

To update all RPMs for your particular architecture, run:

rpm -Fvh <filenames>

where <filenames> is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directly *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/rpm/4.0.2-6x/SRPMS/rpm-4.0.2-6x.src.rpm
Missing file
    MD5: 91a8647595c6a534f4084fbdeecd1380
 
Sparc:
ftp://updates.redhat.com/rhn/repository/NULL/popt/1.6.2-6x/sparc/popt-1.6.2-6x.sparc.rpm
Missing file
    MD5: 9240547d1df05a9cd43a8507e10ea1f1
ftp://updates.redhat.com/rhn/repository/NULL/rpm/4.0.2-6x/sparc/rpm-4.0.2-6x.sparc.rpm
Missing file
    MD5: 10133d01dcaeedb695e5ea7c9a582427
ftp://updates.redhat.com/rhn/repository/NULL/rpm-build/4.0.2-6x/sparc/rpm-build-4.0.2-6x.sparc.rpm
Missing file
    MD5: fbb0068debc0faf7f7bc54d920fbffb1
ftp://updates.redhat.com/rhn/repository/NULL/rpm-devel/4.0.2-6x/sparc/rpm-devel-4.0.2-6x.sparc.rpm
Missing file
    MD5: 88f53e91f9da46d85068f5c9795e46bc
 
Red Hat Linux 7.0

SRPMS:
rpm-4.0.2-7x.src.rpm
File outdated by:  RHEA-2002:024
    MD5: 7af51ac96d8f0f18e139140cfceea9aa
 
Alpha:
popt-1.6.2-7x.alpha.rpm
File outdated by:  RHEA-2002:024
    MD5: a4236ea3635f4325fa3149986cd4a14f
rpm-4.0.2-7x.alpha.rpm
File outdated by:  RHEA-2002:024
    MD5: fa9e0fa03a627f498f07301465ac27dd
rpm-build-4.0.2-7x.alpha.rpm
File outdated by:  RHEA-2002:024
    MD5: 40e1b82d88a8ad19f98d217e47ef1bf5
rpm-devel-4.0.2-7x.alpha.rpm
File outdated by:  RHEA-2002:024
    MD5: ce4c54eeb33c7c5d0d30767d1d91e7cb
rpm-python-4.0.2-7x.alpha.rpm
File outdated by:  RHEA-2002:024
    MD5: 447da8566447b4c9115631d9ee7b705a
 
IA-32:
popt-1.6.2-7x.i386.rpm
File outdated by:  RHEA-2002:024
    MD5: e259bf0ba9b4ae2ba85d5f6517df7333
rpm-4.0.2-7x.i386.rpm
File outdated by:  RHEA-2002:024
    MD5: 998f0871de8bb93af136aba676b9bf48
rpm-build-4.0.2-7x.i386.rpm
File outdated by:  RHEA-2002:024
    MD5: bb12807e379c9ee46a3629f2e3271215
rpm-devel-4.0.2-7x.i386.rpm
File outdated by:  RHEA-2002:024
    MD5: 4a96b1b9bfea3b071b19607d7364952f
rpm-python-4.0.2-7x.i386.rpm
File outdated by:  RHEA-2002:024
    MD5: 5901bc8f18e7464b673a185227f95b41
 


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/