[wp-trac] [WordPress Trac] #50918: Failed to WordPress 5.5

WordPress Trac noreply at wordpress.org
Wed Aug 12 20:35:13 UTC 2020 

#50918: Failed to WordPress 5.5
-----------------------------+----------------------
 Reporter:  stinatreats      |       Owner:  (none)
     Type:  defect (bug)     |      Status:  closed
 Priority:  normal           |   Milestone:
Component:  Upgrade/Install  |     Version:  5.5
 Severity:  major            |  Resolution:  invalid
 Keywords:                   |     Focuses:
-----------------------------+----------------------
Changes (by desrosj):

 * keywords:  reporter-feedback =>
 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


Comment:

 Hi @stinatreats,

 I've been talking this through with @johnbillion separately, and this one
 is definitely odd. I don't think there is anything that the Core team or
 contributors can do to help.

 The checksums that are mentioned in your report (which are just MD5 hashes
 of the ZIP file) do not match up with any WordPress release (you can find
 all of the checksums for past releases on the
 [https://wordpress.org/download/releases/ Release Archive page].

 Doing a basic search for the expected hash yields no results anywhere.
 However, a search for the file hash as determined by the server indicates
 that is the MD5 hash for a 0 bytes (which is typically used maliciously).
 This can be [https://3v4l.org/p1khT verified in this simple example].

 There are a few possible issues that could be happening. Some of these are
 vary far reaches, but they theoretically could be contributing to the
 issue you are seeing in some way.

 - The server could be out of space or encountering an inability to write
 the file. When the server attempts to retrieve the WP update ZIP file, it
 would "drop" the resulting download because it cannot fit or be written.
 If the server runs `md5()` on the file it _thinks_ it received, that would
 generate a 0 byte hash (`d41d8cd98f00b204e9800998ecf8427e`). But this
 wouldn't explain the other mysterious hash.
 - The server could be encountering a network hiccup and is receiving a 0
 byte 200 response. This would also result in
 `d41d8cd98f00b204e9800998ecf8427e` as an MD5 hash.
 - If the update was attempted over HTTPS and a network issue was
 encountered resulting in a zero byte file, the TLS decryption would fail
 and there would be a different error message. It's possible that the
 update is still being attempted over HTTP even though your site is HTTPS.
 - It's possible (though highly unlikely) that some type of cached version
 of the WordPress upgrade package is being served by your hosting company.
 - It's possible your hosting company is intercepting the update request
 and offering a modified version of WordPress (though highly unlikely).
 - It's possible that something is redirecting the update requests on your
 site to a malicious source.

 I recommend that you reach out to your hosting company for further help
 debugging as these are not things we can help you with.

 If you are able to figure it out, feel free to circle back and share your
 findings!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50918#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list