Issue 113119

Summary: Update downloader does not verifiy downloaded files
Product: General Reporter: andreschnabel <andre.schnabel>
Component: uiAssignee: AOO issues mailing list <issues>
Status: CONFIRMED --- QA Contact:
Severity: Trivial    
Priority: P2 CC: dirk.voelzke, hans_werner67, issues, Joost.Andrae, kai.sommerfeld, mdxonefour, mechtilde, olaf-openoffice, prooobo-1x_work
Version: OOo 3.2.1Keywords: security
Target Milestone: ---   
Hardware: PC   
OS: All   
Issue Type: DEFECT Latest Confirmation in: ---
Developer Difficulty: ---

Description andreschnabel 2010-07-13 10:44:29 UTC 
As described in issue 113114, the online update system does not verify a
downloaded file. In fact it starts the update installation without any
verification of the downloaded file.

This should be considered as high security risk and I suggest to disable
automatic download and installation of updates until this is fixed.
Comment 1 Olaf Felka 2010-07-13 12:02:21 UTC 
@ mh: Please decide how to proceed.
Comment 2 Mechtilde 2010-07-13 12:42:17 UTC 
set to all OS
Comment 3 andreschnabel 2010-07-14 08:03:38 UTC 
additional info regarding issue 113114:

Once a wrong file has been downloaded (in case of issue 113114 it was the "File
not found" html page), the update mechanism will not request a correct file from
the server, even if the server is reconfigured to deliver the correct file. You
need to restart search for updates manually to trigger the new download.

This behaviour is logical, assuming that we get a correct file for download, but
should be reconsidered when we change the download mechanism.
Comment 4 Marcus 2017-05-20 11:35:08 UTC 
Reset assigne to the default "issues@openoffice.apache.org".