Bug 1292914 - bodhi allows packages to be downgraded in stable releases
bodhi allows packages to be downgraded in stable releases
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: bodhi (Show other bugs)
23
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Luke Macken
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1296711
  Show dependency treegraph
 
Reported: 2015-12-18 12:48 EST by Andre Robatino
Modified: 2016-09-19 22:47 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-21 18:44:08 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andre Robatino 2015-12-18 12:48:04 EST
Description of problem:
qemu-2.4.1-3.fc23 was pushed to stable updates on December, then shortly afterwards 2.4.1-2 was pushed to stable. As a result, a distro-sync wants to downgrade to 2.4.1-2.

Version-Release number of selected component (if applicable):
qemu-2.4.1-2
qemu-2.4.1-3
Comment 1 Andre Robatino 2015-12-18 12:50:15 EST
Should read "pushed to stable updates on December 14".

See my comment in https://bodhi.fedoraproject.org/updates/FEDORA-2015-b2e8518b8e .
Comment 2 Dennis Gilmore 2015-12-18 12:54:12 EST
In this case bodhi should never have allowed qemu-2.4.1-2.fc23 to go stable
Comment 3 Luke Macken 2015-12-18 13:22:54 EST
So basically a +1 of -2 triggered the autokarma threshold and queued it up for stable two days after -3 was pushed. Bodhi needs to be smart enough to handle this scenario by either skipping the tagging, or ejecting the update from the push entirely.
Comment 4 Andre Robatino 2016-01-07 01:00:00 EST
Something similar happened again - libpng-1.6.19-1.fc23 was downgraded to libpng-1.6.17-3.fc23 after the latter was submitted for stable. See

https://bodhi.fedoraproject.org/updates/FEDORA-2015-4ad4998d00 (libpng-1.6.17-3.fc23)
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9199a1bfe1 (libpng-1.6.19-1.fc23)

Dennis: please fix. Thanks.
Comment 5 Andre Robatino 2016-01-09 01:03:37 EST
Same thing just happened with bzip2 - the packager submitted an older version for stable and it downgraded a newer version. The version in stable is now -18.

https://bodhi.fedoraproject.org/updates/FEDORA-2015-4a9c774398 (bzip2-1.0.6-18.fc23)
https://bodhi.fedoraproject.org/updates/FEDORA-2015-be3a6f6ed8 (bzip2-1.0.6-19.fc23)

Dennis: please fix. Thanks.
Comment 6 Kamil Páral 2016-01-11 04:08:52 EST
Some good discussion about what exactly happened is here:
https://lists.fedoraproject.org/archives/list/test%40lists.fedoraproject.org/thread/K5X7652MWYS7NGOXTMQOLF57XPGP2Y25/
Comment 7 Sergio Monteiro Basto 2016-01-15 18:32:41 EST
I opened this issue : 

https://github.com/fedora-infra/bodhi/issues/760

with, dnf list extras, I got bzip2-1.0.6-19.fc23 on the list .
Comment 8 Luke Macken 2016-01-21 18:44:08 EST
A potential fix has been proposed.

https://github.com/fedora-infra/bodhi/pull/768

Note You need to log in before you can comment on or make changes to this bug.