[wp-trac] [WordPress Trac] #50918: Failed to WordPress 5.5
WordPress Trac
noreply at wordpress.org
Wed Aug 12 20:35:13 UTC 2020
#50918: Failed to WordPress 5.5
-----------------------------+----------------------
Reporter: stinatreats | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 5.5
Severity: major | Resolution: invalid
Keywords: | Focuses:
-----------------------------+----------------------
Changes (by desrosj):
* keywords: reporter-feedback =>
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hi @stinatreats,
I've been talking this through with @johnbillion separately, and this one
is definitely odd. I don't think there is anything that the Core team or
contributors can do to help.
The checksums that are mentioned in your report (which are just MD5 hashes
of the ZIP file) do not match up with any WordPress release (you can find
all of the checksums for past releases on the
[https://wordpress.org/download/releases/ Release Archive page].
Doing a basic search for the expected hash yields no results anywhere.
However, a search for the file hash as determined by the server indicates
that is the MD5 hash for a 0 bytes (which is typically used maliciously).
This can be [https://3v4l.org/p1khT verified in this simple example].
There are a few possible issues that could be happening. Some of these are
vary far reaches, but they theoretically could be contributing to the
issue you are seeing in some way.
- The server could be out of space or encountering an inability to write
the file. When the server attempts to retrieve the WP update ZIP file, it
would "drop" the resulting download because it cannot fit or be written.
If the server runs `md5()` on the file it _thinks_ it received, that would
generate a 0 byte hash (`d41d8cd98f00b204e9800998ecf8427e`). But this
wouldn't explain the other mysterious hash.
- The server could be encountering a network hiccup and is receiving a 0
byte 200 response. This would also result in
`d41d8cd98f00b204e9800998ecf8427e` as an MD5 hash.
- If the update was attempted over HTTPS and a network issue was
encountered resulting in a zero byte file, the TLS decryption would fail
and there would be a different error message. It's possible that the
update is still being attempted over HTTP even though your site is HTTPS.
- It's possible (though highly unlikely) that some type of cached version
of the WordPress upgrade package is being served by your hosting company.
- It's possible your hosting company is intercepting the update request
and offering a modified version of WordPress (though highly unlikely).
- It's possible that something is redirecting the update requests on your
site to a malicious source.
I recommend that you reach out to your hosting company for further help
debugging as these are not things we can help you with.
If you are able to figure it out, feel free to circle back and share your
findings!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50918#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list