Bug 108652
Summary: | up2date does not perform enough sanity checking on downloads | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul W. Frields <stickster> |
Component: | up2date | Assignee: | Bret McMillan <bretm> |
Status: | CLOSED CANTFIX | QA Contact: | Fanny Augustin <fmoquete> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | rawhide | CC: | davids, gczarcinski, gfreeman, redhat-bugzilla, robatino |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | noarch | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-10-29 13:47:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 120092 |
Description
Paul W. Frields
2003-10-30 21:57:44 UTC
Furthermore, once a file exists in /var/spool/up2date with the same name of the file up2date wants to download, up2date assumes that the existing file is complete and doesn't attemt to re-download it. And, since the RedHat server is under heavy load, it frequently drops connections mid-download, and the incomplete download exception is either untriggered (very possible with HTTP) or ignored. As a result, a VERY large number of users have corrupted or incomplete RPM packages in their download directory that effectively block up2date from operating. So for many users who don't know how to manually clear their /var/spool/up2date, up2date is broken and completely unusable. up2date needs to verify package integrity not only before installing, but also before downloading (or rather before not downloading packages that already exist on the machine). Packages that fail verification must be discarded and re-downloaded. I would call this fix a "high-priority", but I'd put it on the same level of importance as patches for exploitable security holes, as the existing versions of up2date are blocking many common users from installing any updates at all, including security patches. Since this problem gets more widespread with time, an errata release fixing this problem should be issued as soon as possible. working on robustifying the yum/apt repo backends atm... no eta promised... *** Bug 122571 has been marked as a duplicate of this bug. *** *** Bug 135333 has been marked as a duplicate of this bug. *** Note that FC2 is no longer supported even by Fedora Legacy. Also, up2date has been replaced by pirut and pup since FC5. FC3 and FC4 are supported by Fedora Legacy for security issues only. If this still occurs on FC3 or FC4 and is a security issue, please reopen and assign to that version and Fedora Legacy. If it occurs on RHEL 3 or 4, please reassign or refile against that product. The codebase for pirut and pup is quite different, so existing bugs do not apply, but please continue testing them on the still supported versions of Fedora Core and file bugs as necessary. |