Ubuntu
apt package

Bug #1651923
Comment #55

Comment 55 for bug 1651923

Revision history for this message

Kevin O'Gorman (kogorman-pacbell) wrote on 2017-01-23: Re: [Bug 1651923] Re: apt https method decodes redirect locations and sends them to the destination undecoded.

#55

unnamed Edit (441 bytes, image/gif)

I got those error reports too. It happens when you run wget as root, and
use that directory. I changed it to use /var/tmp and the message went
away. You could also run wget without the sudo (some of the instructions I
saw have done that).

On Sun, Jan 22, 2017 at 1:13 PM, luca <email address hidden> wrote:

> Xenial's package worked for me, although I got these warnings (I guess
> is an unrelated problem though):
>
> /etc/cron.daily/update-notifier-common:
> Get:1 http://downloads.sourceforge.net/corefonts/andale32.exe [198 kB]
> Fetched 198 kB in 2s (69,3 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/andale32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/arial32.exe [554 kB]
> Fetched 554 kB in 3s (155 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/arial32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/arialb32.exe [168 kB]
> Fetched 168 kB in 2s (62,1 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/arialb32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/comic32.exe [246 kB]
> Fetched 246 kB in 2s (87,9 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/comic32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/courie32.exe [646 kB]
> Fetched 646 kB in 3s (165 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/courie32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/georgi32.exe [392 kB]
> Fetched 392 kB in 3s (119 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/georgi32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/impact32.exe [173 kB]
> Fetched 173 kB in 2s (62,5 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/impact32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/times32.exe [662 kB]
> Fetched 662 kB in 3s (177 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/times32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/trebuc32.exe [357 kB]
> Fetched 357 kB in 3s (115 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/trebuc32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/verdan32.exe [352 kB]
> Fetched 352 kB in 3s (113 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/verdan32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/webdin32.exe [185 kB]
> Fetched 185 kB in 2s (66,7 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/webdin32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
>
> After that there was more output (without errors) but the process
> succeeded.
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1642508).
> https://bugs.launchpad.net/bugs/1651923
>
> Title:
> apt https method decodes redirect locations and sends them to the
> destination undecoded.
>
> Status in apt package in Ubuntu:
> Fix Released
> Status in apt source package in Xenial:
> Fix Committed
> Status in apt source package in Yakkety:
> Fix Committed
>
> Bug description:
> [Impact]
> Downloads via HTTPS fail if the URL contains a space (before yakkety
> only if there is no redirect from a previous space-free https URL). This
> breaks packages like ttf-mscorefonts-installer and various third party
> hosters.
>
> [Test case]
> Install/Upgrade apt-transport-https, that's where the fix is.
>
> Check that
>
> /usr/lib/apt/apt-helper download-file
> http://kxstudio.linuxaudio.org/repo/pool/free/ardour4_4.
> 7.0-1kxstudio1_i386.deb
> test.deb
>
> can successfully download the file (or at least start downloading it)
> and does not fail early with a 505 HTTP version not supported error
> message.
>
> This problem does not occur with that file on xenial, as it first
> redirects to an https URI without a space which then redirects to an
> HTTPS uri with a space (http w/o space -> https w/o space -> https w/
> space). In xenial, https->https redirects where handled internally by
> curl.
>
> Another test (applicable to xenial) is to install ttf-mscorefonts-
> installer.
>
> [Regression potential]
> The added code is:
> Uri.Path = QuoteString(Uri.Path, "+~ ");
>
> Some servers might not like + or ~ being quoted. We use the same
> quoting call for the http method too, though, so it seems highly
> unlikely to cause an issue.
>
> [Original bug report]
> Distributor ID: Ubuntu
> Description: Ubuntu 16.10
> Release: 16.10
> Codename: yakkety
>
> apt version 1.3.3 (also tried 1.4-beta2 .deb, same results)
>
> When trying to install a package hosted on s3 from the kxstudio repo,
> the download fails with an HTTP error:
>
> nico@nico-lenovo-ubuntu:~/Downloads$ sudo apt-get install wineasio-amd64
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following additional packages will be installed:
> wine1.6-amd64
> The following NEW packages will be installed
> wine1.6-amd64 wineasio-amd64
> 0 to upgrade, 2 to newly install, 0 to remove and 1 not to upgrade.
> Need to get 30.9 kB/32.6 kB of archives.
> After this operation, 184 kB of additional disk space will be used.
> Do you want to continue? [Y/n] y
> Err:1 http://kxstudio.linuxaudio.org/repo stable/free amd64
> wineasio-amd64 amd64 0.9.0+git20110613-2kxstudio3
> 505 HTTP Version not supported
> E: Failed to fetch https://github-cloud.s3.amazonaws.com/releases/
> 39372848/0f048802-2fb5-11e5-9d8c-907ec7b97c46.deb?X-Amz-
> Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ/20161222/
> us-east-1/s3/aws4_request&X-Amz-Date=20161222T022041Z&X-
> Amz-Expires=300&X-Amz-Signature=750f9b2ee076dcb8ae6992cae911f4
> 3208b3eec41976362cebf694e3c72b7aef&X-Amz-SignedHeaders=host&
> actor_id=0&response-content-disposition=attachment;
> filename=wineasio-amd64_0.9.0.git20110613-2kxstudio3_amd64.
> deb&response-content-type=application/octet-stream 505 HTTP Version not
> supported
> E: Unable to fetch some archives, maybe run apt-get update or try with
> --fix-missing?
>
> Error allegedly not present in Ubuntu 14.04 and 16.04
>
> More details in these forum posts:
>
> https://github.com/KXStudio/Repository/issues/73#issuecomment-268649503
>
> https://www.linuxmusicians.com/viewtopic.php?t=16056
>
> https://www.drupal.org/node/2324991 (clues on root cause)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.10
> Package: apt 1.3.3
> ProcVersionSignature: Ubuntu 4.8.0-30.32-lowlatency 4.8.6
> Uname: Linux 4.8.0-30-lowlatency x86_64
> ApportVersion: 2.20.3-0ubuntu8.2
> Architecture: amd64
> CurrentDesktop: X-Cinnamon
> Date: Thu Dec 22 02:31:47 2016
> InstallationDate: Installed on 2016-10-20 (62 days ago)
> InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64
> (20161012.2)
> SourcePackage: apt
> UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1651923/+subscriptions
>

--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb)) /* Shakespeare */

Please consider the environment before printing this email.

I got those error reports too.  It happens when you run wget as root, and
use that directory.  I changed it to use /var/tmp and the message went
away.  You could also run wget without the sudo (some of the instructions I
saw have done that).

On Sun, Jan 22, 2017 at 1:13 PM, luca <llucax@gmail.com> wrote:

> Xenial's package worked for me, although I got these warnings (I guess
> is an unrelated problem though):
>
> /etc/cron.daily/update-notifier-common:
> Get:1 http://downloads.sourceforge.net/corefonts/andale32.exe [198 kB]
> Fetched 198 kB in 2s (69,3 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/andale32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/arial32.exe [554 kB]
> Fetched 554 kB in 3s (155 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/arial32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/arialb32.exe [168 kB]
> Fetched 168 kB in 2s (62,1 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/arialb32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/comic32.exe [246 kB]
> Fetched 246 kB in 2s (87,9 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/comic32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/courie32.exe [646 kB]
> Fetched 646 kB in 3s (165 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/courie32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/georgi32.exe [392 kB]
> Fetched 392 kB in 3s (119 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/georgi32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/impact32.exe [173 kB]
> Fetched 173 kB in 2s (62,5 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/impact32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/times32.exe [662 kB]
> Fetched 662 kB in 3s (177 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/times32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/trebuc32.exe [357 kB]
> Fetched 357 kB in 3s (115 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/trebuc32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/verdan32.exe [352 kB]
> Fetched 352 kB in 3s (113 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/verdan32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
> Get:1 http://downloads.sourceforge.net/corefonts/webdin32.exe [185 kB]
> Fetched 185 kB in 2s (66,7 kB/s)
> W: Can't drop privileges for downloading as file '/var/lib/update-notifier/
> package-data-downloads/partial/webdin32.exe' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)
>
> After that there was more output (without errors) but the process
> succeeded.
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1642508).
> https://bugs.launchpad.net/bugs/1651923
>
> Title:
>   apt https method decodes redirect locations and sends them to the
>   destination undecoded.
>
> Status in apt package in Ubuntu:
>   Fix Released
> Status in apt source package in Xenial:
>   Fix Committed
> Status in apt source package in Yakkety:
>   Fix Committed
>
> Bug description:
>   [Impact]
>   Downloads via HTTPS fail if the URL contains a space (before yakkety
> only if there is no redirect from a previous space-free https URL). This
> breaks packages like ttf-mscorefonts-installer and various third party
> hosters.
>
>   [Test case]
>   Install/Upgrade apt-transport-https, that's where the fix is.
>
>   Check that
>
>   /usr/lib/apt/apt-helper download-file
>   http://kxstudio.linuxaudio.org/repo/pool/free/ardour4_4.
> 7.0-1kxstudio1_i386.deb
>   test.deb
>
>   can successfully download the file (or at least start downloading it)
>   and does not fail early with a 505 HTTP version not supported error
>   message.
>
>   This problem does not occur with that file on xenial, as it first
>   redirects to an https URI without a space which then redirects to an
>   HTTPS uri with a space (http w/o space -> https w/o space -> https w/
>   space). In xenial, https->https redirects where handled internally by
>   curl.
>
>   Another test (applicable to xenial) is to install ttf-mscorefonts-
>   installer.
>
>   [Regression potential]
>   The added code is:
>      Uri.Path = QuoteString(Uri.Path, "+~ ");
>
>   Some servers might not like + or ~ being quoted. We use the same
>   quoting call for the http method too, though, so it seems highly
>   unlikely to cause an issue.
>
>   [Original bug report]
>   Distributor ID:       Ubuntu
>   Description:  Ubuntu 16.10
>   Release:      16.10
>   Codename:     yakkety
>
>   apt version 1.3.3 (also tried 1.4-beta2 .deb, same results)
>
>   When trying to install a package hosted on s3 from the kxstudio repo,
>   the download fails with an HTTP error:
>
>   nico@nico-lenovo-ubuntu:~/Downloads$ sudo apt-get install wineasio-amd64
>   Reading package lists... Done
>   Building dependency tree
>   Reading state information... Done
>   The following additional packages will be installed:
>     wine1.6-amd64
>   The following NEW packages will be installed
>     wine1.6-amd64 wineasio-amd64
>   0 to upgrade, 2 to newly install, 0 to remove and 1 not to upgrade.
>   Need to get 30.9 kB/32.6 kB of archives.
>   After this operation, 184 kB of additional disk space will be used.
>   Do you want to continue? [Y/n] y
>   Err:1 http://kxstudio.linuxaudio.org/repo stable/free amd64
> wineasio-amd64 amd64 0.9.0+git20110613-2kxstudio3
>     505  HTTP Version not supported
>   E: Failed to fetch https://github-cloud.s3.amazonaws.com/releases/
> 39372848/0f048802-2fb5-11e5-9d8c-907ec7b97c46.deb?X-Amz-
> Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ/20161222/
> us-east-1/s3/aws4_request&X-Amz-Date=20161222T022041Z&X-
> Amz-Expires=300&X-Amz-Signature=750f9b2ee076dcb8ae6992cae911f4
> 3208b3eec41976362cebf694e3c72b7aef&X-Amz-SignedHeaders=host&
> actor_id=0&response-content-disposition=attachment;
> filename=wineasio-amd64_0.9.0.git20110613-2kxstudio3_amd64.
> deb&response-content-type=application/octet-stream  505  HTTP Version not
> supported
>   E: Unable to fetch some archives, maybe run apt-get update or try with
> --fix-missing?
>
>   Error allegedly not present in Ubuntu 14.04 and 16.04
>
>   More details in these forum posts:
>
>   https://github.com/KXStudio/Repository/issues/73#issuecomment-268649503
>
>   https://www.linuxmusicians.com/viewtopic.php?t=16056
>
>   https://www.drupal.org/node/2324991 (clues on root cause)
>
>   ProblemType: Bug
>   DistroRelease: Ubuntu 16.10
>   Package: apt 1.3.3
>   ProcVersionSignature: Ubuntu 4.8.0-30.32-lowlatency 4.8.6
>   Uname: Linux 4.8.0-30-lowlatency x86_64
>   ApportVersion: 2.20.3-0ubuntu8.2
>   Architecture: amd64
>   CurrentDesktop: X-Cinnamon
>   Date: Thu Dec 22 02:31:47 2016
>   InstallationDate: Installed on 2016-10-20 (62 days ago)
>   InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64
> (20161012.2)
>   SourcePackage: apt
>   UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1651923/+subscriptions
>

-- 
Kevin O'Gorman
#define QUESTION ((bb) || (!bb))   /* Shakespeare */

Please consider the environment before printing this email.

Ubuntuapt package

Comment 55 for bug 1651923

Ubuntu
apt package