Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing
|Summary:||Update downloader does not verifiy downloaded files|
|Component:||ui||Assignee:||AOO issues mailing list <issues>|
|Status:||CONFIRMED ---||QA Contact:|
|Priority:||P2||CC:||dirk.voelzke, hans_werner67, issues, Joost.Andrae, kai.sommerfeld, mdxonefour, mechtilde, olaf-openoffice, prooobo-1x_work|
|Issue Type:||DEFECT||Latest Confirmation in:||---|
Description andreschnabel 2010-07-13 10:44:29 UTC
As described in issue 113114, the online update system does not verify a downloaded file. In fact it starts the update installation without any verification of the downloaded file. This should be considered as high security risk and I suggest to disable automatic download and installation of updates until this is fixed.
Comment 1 Olaf Felka 2010-07-13 12:02:21 UTC
@ mh: Please decide how to proceed.
Comment 2 Mechtilde 2010-07-13 12:42:17 UTC
set to all OS
Comment 3 andreschnabel 2010-07-14 08:03:38 UTC
additional info regarding issue 113114: Once a wrong file has been downloaded (in case of issue 113114 it was the "File not found" html page), the update mechanism will not request a correct file from the server, even if the server is reconfigured to deliver the correct file. You need to restart search for updates manually to trigger the new download. This behaviour is logical, assuming that we get a correct file for download, but should be reconsidered when we change the download mechanism.