group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1651923] Re: apt https method decodes redirect locations and sends them to the destination undecoded.

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1651923@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Jan 2017 17:31:02 -0000
Reply-to: Bug 1651923 <1651923@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apt - 1.3.4

---------------
apt (1.3.4) yakkety; urgency=medium

  * https: Quote path in URL before passing it to curl (LP: #1651923)

 -- Julian Andres Klode <juliank@xxxxxxxxxx>  Tue, 17 Jan 2017 15:46:33
+0100

** Changed in: apt (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

** Changed in: apt (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1651923

Title:
  apt https method decodes redirect locations and sends them to the
  destination undecoded.

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Xenial:
  Fix Released
Status in apt source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Downloads via HTTPS fail if the URL contains a space (before yakkety only if there is no redirect from a previous space-free https URL). This breaks packages like ttf-mscorefonts-installer and various third party hosters.

  [Test case]
  Install/Upgrade apt-transport-https, that's where the fix is.

  Check that

  /usr/lib/apt/apt-helper download-file
  http://kxstudio.linuxaudio.org/repo/pool/free/ardour4_4.7.0-1kxstudio1_i386.deb
  test.deb

  can successfully download the file (or at least start downloading it)
  and does not fail early with a 505 HTTP version not supported error
  message.

  This problem does not occur with that file on xenial, as it first
  redirects to an https URI without a space which then redirects to an
  HTTPS uri with a space (http w/o space -> https w/o space -> https w/
  space). In xenial, https->https redirects where handled internally by
  curl.

  Another test (applicable to xenial) is to install ttf-mscorefonts-
  installer.

  [Regression potential]
  The added code is:
     Uri.Path = QuoteString(Uri.Path, "+~ ");

  Some servers might not like + or ~ being quoted. We use the same
  quoting call for the http method too, though, so it seems highly
  unlikely to cause an issue.

  [Original bug report]
  Distributor ID:	Ubuntu
  Description:	Ubuntu 16.10
  Release:	16.10
  Codename:	yakkety

  apt version 1.3.3 (also tried 1.4-beta2 .deb, same results)

  When trying to install a package hosted on s3 from the kxstudio repo,
  the download fails with an HTTP error:

  nico@nico-lenovo-ubuntu:~/Downloads$ sudo apt-get install wineasio-amd64
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    wine1.6-amd64
  The following NEW packages will be installed
    wine1.6-amd64 wineasio-amd64
  0 to upgrade, 2 to newly install, 0 to remove and 1 not to upgrade.
  Need to get 30.9 kB/32.6 kB of archives.
  After this operation, 184 kB of additional disk space will be used.
  Do you want to continue? [Y/n] y
  Err:1 http://kxstudio.linuxaudio.org/repo stable/free amd64 wineasio-amd64 amd64 0.9.0+git20110613-2kxstudio3
    505  HTTP Version not supported
  E: Failed to fetch https://github-cloud.s3.amazonaws.com/releases/39372848/0f048802-2fb5-11e5-9d8c-907ec7b97c46.deb?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ/20161222/us-east-1/s3/aws4_request&X-Amz-Date=20161222T022041Z&X-Amz-Expires=300&X-Amz-Signature=750f9b2ee076dcb8ae6992cae911f43208b3eec41976362cebf694e3c72b7aef&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment; filename=wineasio-amd64_0.9.0.git20110613-2kxstudio3_amd64.deb&response-content-type=application/octet-stream  505  HTTP Version not supported
  E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

  Error allegedly not present in Ubuntu 14.04 and 16.04

  More details in these forum posts:

  https://github.com/KXStudio/Repository/issues/73#issuecomment-268649503

  https://www.linuxmusicians.com/viewtopic.php?t=16056

  https://www.drupal.org/node/2324991 (clues on root cause)

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: apt 1.3.3
  ProcVersionSignature: Ubuntu 4.8.0-30.32-lowlatency 4.8.6
  Uname: Linux 4.8.0-30-lowlatency x86_64
  ApportVersion: 2.20.3-0ubuntu8.2
  Architecture: amd64
  CurrentDesktop: X-Cinnamon
  Date: Thu Dec 22 02:31:47 2016
  InstallationDate: Installed on 2016-10-20 (62 days ago)
  InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2)
  SourcePackage: apt
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1651923/+subscriptions