#986: please move PackageKit-0_3_9-4_fc10 into dist-f10-final

Fedora Release Engineering rel-eng at fedoraproject.org
Thu Nov 6 07:58:40 UTC 2008 

#986: please move PackageKit-0_3_9-4_fc10 into dist-f10-final
-----------------------------+----------------------------------------------
 Reporter:  rhughes          |       Owner:  rel-eng at lists.fedoraproject.org
     Type:  enhancement      |      Status:  new                            
Milestone:  Fedora 10 Final  |   Component:  koji                           
 Keywords:                   |  
-----------------------------+----------------------------------------------
 I've just fixed a bug which will affect quite a few users of PackageKit on
 a fresh install:

 * Wed Nov 05 2008 Richard Hughes <rhughes at redhat.com> - 0.3.9-4 - Increase
 the timeout for cleaning up unused transactions. Due to a bug

     in the PkClient library the new TID was not being requested, and the
 old TID was being re-used. This gave a DBUS error if the user spent longer
 than five seconds entering the password the very first time they used
 PackageKit to do an authentication. Apply a simple patch to mitigate this,
 as a more invasive (and correct) patch is upstream. A new release will
 follow in f10-updates. Fixes rh#469950

 Build is here:

 http://koji.fedoraproject.org/koji/taskinfo?taskID=918023

 The patch is trivial, and tested. Any questions, please yell.

 For those interested, here is the upstream commit:

 commit d03c82fa11f4255ea86ac048c4b018784f1d9467 Author: Richard Hughes
 <richard at hughsie.com> Date: Wed Nov 5 07:47:30 2008 +0000

     bugfix: fix protocol violation in the server and client

     PackageKit does not adhere to it's own specification where a new TID
 is required when an error is emitted on the original TID. For a couple of
 releases now we cleanup unused TID's after 5 seconds, to avoid denial of
 service attacks. As we re-use the original TID after showing the signature
 dialog, we wait on the client, and then resumbit after PolicyKit returns
 from the authentication request. If the user takes longer than 5 seconds
 to authenticate, then the TID is timed out, and the helpful error is
 presented to the user:

     Method 'Update System' with signature on interface
 'org.freedesktop.PackageKit.Transaction' doesn't exist.

     Of course, the correct fix is to release the TID on error to prevent
 it being reused, and also to re-request a TID after authentication has
 been obtained.

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/986>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project

More information about the rel-eng mailing list