For CentOS servers an update for the nss-softokn package was release today – nss-softokn-3.14.3-19However, nss-softokn-3.14.3-19 needs nss-softokn-freebl-3.14.3-19 to operate properly, and vice versa, but those packages do not have checks in place to make sure that a matching version of the other package are also installed.
Thus if you yum update only installed one of the packages you will end up with a broken YUM and RPM.
You might see error messages like these when trying to run YUM and RPM commands:
error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID xxx BAD
error: rpmdbNextIterator: skipping h# 1784 Header V3 RSA/SHA1 Signature, key ID xxx BAD
Most of the time you will have had nss-softokn-3.14.3-19 installed but not nss-softokn-freebl-3.14.3-19
To fix this you have to:
1. Manually download nss-softokn-freebl-3.14.3-19
yumdownloader nss-softokn-freebl
or wget the RPMs
64-Bit servers / x86_64 run
wget ftp://195.220.108.108/linux/centos/6.6/updates/x86_64/Packages/nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm
32-Bit Servers / i686 run
wget ftp://195.220.108.108/linux/centos/6.6/updates/i386/Packages/nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm
Note: The FTP IP address above grabs the rpm package from an RPMFIND mirror in France, but you can get it from any other mirror that you usually use.
2. Extract the RPM
64-Bit servers / x86_64 runrpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv
32-Bit Servers / i686 run
rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm | cpio -idmv
3. Copy .libfreeblpriv3.* to correct location
64-Bit servers / x86_64 runcp ./lib64/libfreeblpriv3.* /lib64
32-Bit Servers / i686 run
cp ./lib/libfreeblpriv3.* /lib
4. Rerun Yum Update to update nss-softokn-freebl and FIX YUM and RPM
yum update-----------------------------------------------------------------------------------
Bug Report: https://bugzilla.redhat.com/show_bug.cgi?id=1182337
