#986: please move PackageKit-0_3_9-4_fc10 into dist-f10-final
Fedora Release Engineering
rel-eng at fedoraproject.org
Thu Nov 6 07:58:40 UTC 2008
#986: please move PackageKit-0_3_9-4_fc10 into dist-f10-final
-----------------------------+----------------------------------------------
Reporter: rhughes | Owner: rel-eng at lists.fedoraproject.org
Type: enhancement | Status: new
Milestone: Fedora 10 Final | Component: koji
Keywords: |
-----------------------------+----------------------------------------------
I've just fixed a bug which will affect quite a few users of PackageKit on
a fresh install:
* Wed Nov 05 2008 Richard Hughes <rhughes at redhat.com> - 0.3.9-4 - Increase
the timeout for cleaning up unused transactions. Due to a bug
in the PkClient library the new TID was not being requested, and the
old TID was being re-used. This gave a DBUS error if the user spent longer
than five seconds entering the password the very first time they used
PackageKit to do an authentication. Apply a simple patch to mitigate this,
as a more invasive (and correct) patch is upstream. A new release will
follow in f10-updates. Fixes rh#469950
Build is here:
http://koji.fedoraproject.org/koji/taskinfo?taskID=918023
The patch is trivial, and tested. Any questions, please yell.
For those interested, here is the upstream commit:
commit d03c82fa11f4255ea86ac048c4b018784f1d9467 Author: Richard Hughes
<richard at hughsie.com> Date: Wed Nov 5 07:47:30 2008 +0000
bugfix: fix protocol violation in the server and client
PackageKit does not adhere to it's own specification where a new TID
is required when an error is emitted on the original TID. For a couple of
releases now we cleanup unused TID's after 5 seconds, to avoid denial of
service attacks. As we re-use the original TID after showing the signature
dialog, we wait on the client, and then resumbit after PolicyKit returns
from the authentication request. If the user takes longer than 5 seconds
to authenticate, then the TID is timed out, and the helpful error is
presented to the user:
Method 'Update System' with signature on interface
'org.freedesktop.PackageKit.Transaction' doesn't exist.
Of course, the correct fix is to release the TID on error to prevent
it being reused, and also to re-request a TID after authentication has
been obtained.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/986>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list