Ubuntu
apt package

apt-get update segmentation fault with backports

Bug #1464801 reported by Brett Johnson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I noticed starting yesterday (2015-06-11) that "apt-get update" would give "segmentation fault" with exit code 139. "apt-get upgrade" would also segfault with exit code 139.

Trying various things, if I comment out in /etc/apt/sources.lst:
deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
... "apt-get update" then works normally and "upgrade" will upgrade new package revisions.
If I add back the backports line and "apt-get update", the segfaults will start happening again.

This only happens on my 12.04 LTS systems. My 14.04 LTS systems do not have any problems with backports.

My 12.04 systems include:
minimally installed laptop
minimally installed VPS
minimally installed firewall
minimally installed virtualbox vm
remastered live CD and its chroot master
remastered ubuntu-rescue-remix live CD and its chroot master
12.04 chroot for running older programs that won't work under 14.04

Since its happening to all the 12.04 installs I have, I think this is widespread. I'm surprised there hasn't been a bug filed on it already.

"apt-cache policy" crashed until I removed backports and did an update again.

I consider this to be a security issue as it was blocking me from getting recent SSL/encryption updates that my 14.04 systems could get without problems. As a whole, it would block all updates until backports was removed.

I did a tar.gz of anything "backports" in /var and attached it. My guess is that some kind of malformed entry in one of the apt description files got corrupted somehow. These files should allow for separate bug reproduction in case backports gets changed in the mean time.

----------

lsb_release -rd
Description: Ubuntu 12.04.5 LTS
Release: 12.04

apt-cache policy apt
apt:
  Installed: 0.8.16~exp12ubuntu10.24
  Candidate: 0.8.16~exp12ubuntu10.24
  Version table:
 *** 0.8.16~exp12ubuntu10.24 0
        500 http://archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
        100 /var/lib/dpkg/status
     0.8.16~exp12ubuntu10.21 0
        500 http://security.ubuntu.com/ubuntu/ precise-security/main i386 Packages
     0.8.16~exp12ubuntu10 0
        500 http://archive.ubuntu.com/ubuntu/ precise/main i386 Packages

Revision history for this message
Brett Johnson (9-spam) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I've filed an RT with our IS folks to inspect the state of the precise-backports portions of our various archive mirrors, 82001.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I believe all the files that were downloaded are genuine, too, though the demonstration is more roundabout than I would like:

sarnold@hunt:/tmp/apt/var/lib/apt/lists$ grep -f <(sha256sum * | awk '{print $1;}') archive.ubuntu.com_ubuntu_dists_precise-backports_Release | grep -v e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 b19dad0241496981159cc4bdd832f68863a16f5257057d4739fe390ad36f1dfa 21644 main/binary-i386/Packages
 7b9cc62fd4281a5e336cd53e1d7265d3c9703f4c04e422dc5a9b263797741708 14665 main/i18n/Translation-en
 42da384f83de934352906c6feed375e98f3a68ac6dc3af3852ae17925e9474c0 202 main/i18n/Index
 5f2fe1e729f1ebec597f50781606a9666703c59f35b7a63905a799ddbf0719e9 19590 multiverse/binary-i386/Packages
 04fe1beea9321f229d08d311cc5fe999a9972f2b35cf433be1acccddc8027c0c 13610 multiverse/i18n/Translation-en
 88b3c3cbfda029d6be3a728c931f4a1647797b2dd77ade2924f4385fc9276a04 202 multiverse/i18n/Index
 403da8f44040aa80cdb6b010de855a5b1c7cdd11cc200e375100f2653da4594b 193 restricted/i18n/Index
 f2229eb5e57ae17f098850b348aa5ddc1d3bdf70a34278bc1b767ec7e06263e7 219987 universe/binary-i386/Packages
 9e3b231b6660ed1d412163f5164b992a183696c83cba35e16852d68f6231eb19 138954 universe/i18n/Translation-en
 8f06375c2c5028c4ea9d7f0fc6010757f7064496877f665c737fca2a35e189aa 205 universe/i18n/Index
sarnold@hunt:/tmp/apt/var/lib/apt/lists$ grep -f <(sha256sum * | awk '{print $1;}') archive.ubuntu.com_ubuntu_dists_precise-backports_Release | grep -v e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | wc -l
10

sarnold@hunt:/tmp/apt/var/lib/apt/lists$ sha256sum * | grep -v archive.ubuntu.com_ubuntu_dists_precise-backports_Release | grep -v e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | wc -l
10

sarnold@hunt:/tmp/apt/var/lib/apt/lists$ gpg *gpg
Detached signature.
Please enter name of data file: archive.ubuntu.com_ubuntu_dists_precise-backports_Release
gpg: Signature made Wed 10 Jun 2015 01:26:14 AM PDT using DSA key ID 437D05B5
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5

Revision history for this message
Brett Johnson (9-spam) wrote :

My 12.04 systems updated normally today with backports in sources.list. Something got fixed there or the older bad data got rotated out.

Marc Deslauriers (mdeslaur)
information type: Private Security → Public
affects: ubuntu → apt (Ubuntu)
Revision history for this message
Julian Andres Klode (juliank) wrote :

OK, marking as fixed then.

Changed in apt (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.