Bug 1292914 - bodhi allows packages to be downgraded in stable releases
Summary: bodhi allows packages to be downgraded in stable releases
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: bodhi
Version: 23
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Luke Macken
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1296711
TreeView+ depends on / blocked
 
Reported: 2015-12-18 17:48 UTC by Andre Robatino
Modified: 2016-09-20 02:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-21 23:44:08 UTC
Type: Bug


Attachments (Terms of Use)

Description Andre Robatino 2015-12-18 17:48:04 UTC
Description of problem:
qemu-2.4.1-3.fc23 was pushed to stable updates on December, then shortly afterwards 2.4.1-2 was pushed to stable. As a result, a distro-sync wants to downgrade to 2.4.1-2.

Version-Release number of selected component (if applicable):
qemu-2.4.1-2
qemu-2.4.1-3

Comment 1 Andre Robatino 2015-12-18 17:50:15 UTC
Should read "pushed to stable updates on December 14".

See my comment in https://bodhi.fedoraproject.org/updates/FEDORA-2015-b2e8518b8e .

Comment 2 Dennis Gilmore 2015-12-18 17:54:12 UTC
In this case bodhi should never have allowed qemu-2.4.1-2.fc23 to go stable

Comment 3 Luke Macken 2015-12-18 18:22:54 UTC
So basically a +1 of -2 triggered the autokarma threshold and queued it up for stable two days after -3 was pushed. Bodhi needs to be smart enough to handle this scenario by either skipping the tagging, or ejecting the update from the push entirely.

Comment 4 Andre Robatino 2016-01-07 06:00:00 UTC
Something similar happened again - libpng-1.6.19-1.fc23 was downgraded to libpng-1.6.17-3.fc23 after the latter was submitted for stable. See

https://bodhi.fedoraproject.org/updates/FEDORA-2015-4ad4998d00 (libpng-1.6.17-3.fc23)
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9199a1bfe1 (libpng-1.6.19-1.fc23)

Dennis: please fix. Thanks.

Comment 5 Andre Robatino 2016-01-09 06:03:37 UTC
Same thing just happened with bzip2 - the packager submitted an older version for stable and it downgraded a newer version. The version in stable is now -18.

https://bodhi.fedoraproject.org/updates/FEDORA-2015-4a9c774398 (bzip2-1.0.6-18.fc23)
https://bodhi.fedoraproject.org/updates/FEDORA-2015-be3a6f6ed8 (bzip2-1.0.6-19.fc23)

Dennis: please fix. Thanks.

Comment 6 Kamil Páral 2016-01-11 09:08:52 UTC
Some good discussion about what exactly happened is here:
https://lists.fedoraproject.org/archives/list/test%40lists.fedoraproject.org/thread/K5X7652MWYS7NGOXTMQOLF57XPGP2Y25/

Comment 7 Sergio Basto 2016-01-15 23:32:41 UTC
I opened this issue : 

https://github.com/fedora-infra/bodhi/issues/760

with, dnf list extras, I got bzip2-1.0.6-19.fc23 on the list .

Comment 8 Luke Macken 2016-01-21 23:44:08 UTC
A potential fix has been proposed.

https://github.com/fedora-infra/bodhi/pull/768


Note You need to log in before you can comment on or make changes to this bug.