2019-08-02 14:03:58 |
Eric Desrochers |
bug |
|
|
added bug |
2019-08-02 14:04:05 |
Eric Desrochers |
apt (Ubuntu): status |
New |
Fix Released |
|
2019-08-02 14:04:10 |
Eric Desrochers |
nominated for series |
|
Ubuntu Disco |
|
2019-08-02 14:04:10 |
Eric Desrochers |
bug task added |
|
apt (Ubuntu Disco) |
|
2019-08-02 14:04:10 |
Eric Desrochers |
nominated for series |
|
Ubuntu Bionic |
|
2019-08-02 14:04:10 |
Eric Desrochers |
bug task added |
|
apt (Ubuntu Bionic) |
|
2019-08-02 14:04:17 |
Eric Desrochers |
tags |
|
sts |
|
2019-08-02 14:04:52 |
Eric Desrochers |
apt (Ubuntu Bionic): assignee |
|
Eric Desrochers (slashd) |
|
2019-08-02 14:04:55 |
Eric Desrochers |
apt (Ubuntu Disco): assignee |
|
Eric Desrochers (slashd) |
|
2019-08-02 14:04:59 |
Eric Desrochers |
apt (Ubuntu Disco): status |
New |
In Progress |
|
2019-08-02 14:05:03 |
Eric Desrochers |
apt (Ubuntu Bionic): status |
New |
In Progress |
|
2019-08-05 13:52:55 |
Eric Desrochers |
description |
Currently CONNECT requests use the name of the proxy as Host value, instead of
the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority
of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f |
[Impact]
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
[Test Case]
[Regression Potential]
[Other Info]
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x |
|
2019-08-05 14:01:49 |
Eric Desrochers |
description |
[Impact]
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
[Test Case]
[Regression Potential]
[Other Info]
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x |
[Impact]
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
[Test Case]
Here's one reproducer an impacted user brought to my attention:
# /etc/environment
http_proxy="http://internal:8080"
https_proxy="http://interal:8080"
To support application development activities in-house, I had to configure Azure CLI APT repository following the instructions from "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest":
$ sudo apt-get update
$ sudo apt-get install curl apt-transport-https lsb-release gnupg
$ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
$ gpg --dearmor | \
$ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
$ AZ_REPO=$(lsb_release -cs)
$ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ AZ_REPO main" | \
$ sudo tee /etc/apt/sources.list.d/azure-cli.list
$ sudo apt update
In the final "apt update" command, APT respects system-wide network proxy variables and successfully fetched Canonical repository data over HTTP.
However, it was unable to fetch the newly added Microsoft packages repository served via HTTPS.
By using Wireshark to examine the HTTPS request made by APT, the request body reveals as:
CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
Host: internal:8080\r\n
User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
...
...
[Regression Potential]
* Fix already in debian, and Eoan
* Has been reviewed/approved by juliank
* A test package (pre-sru) has been provided to an impacted user, and he confirms it solves the situation.
[Other Info]
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x |
|
2019-08-05 14:08:59 |
Eric Desrochers |
apt (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2019-08-05 14:09:01 |
Eric Desrochers |
apt (Ubuntu Disco): importance |
Undecided |
Medium |
|
2019-08-05 15:09:41 |
Eric Desrochers |
apt (Ubuntu Bionic): assignee |
Eric Desrochers (slashd) |
|
|
2019-08-05 15:09:51 |
Eric Desrochers |
apt (Ubuntu Bionic): assignee |
|
Julian Andres Klode (juliank) |
|
2019-08-05 15:09:58 |
Eric Desrochers |
apt (Ubuntu Disco): assignee |
Eric Desrochers (slashd) |
Julian Andres Klode (juliank) |
|
2019-08-09 09:31:48 |
Julian Andres Klode |
description |
[Impact]
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
[Test Case]
Here's one reproducer an impacted user brought to my attention:
# /etc/environment
http_proxy="http://internal:8080"
https_proxy="http://interal:8080"
To support application development activities in-house, I had to configure Azure CLI APT repository following the instructions from "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest":
$ sudo apt-get update
$ sudo apt-get install curl apt-transport-https lsb-release gnupg
$ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
$ gpg --dearmor | \
$ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
$ AZ_REPO=$(lsb_release -cs)
$ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ AZ_REPO main" | \
$ sudo tee /etc/apt/sources.list.d/azure-cli.list
$ sudo apt update
In the final "apt update" command, APT respects system-wide network proxy variables and successfully fetched Canonical repository data over HTTP.
However, it was unable to fetch the newly added Microsoft packages repository served via HTTPS.
By using Wireshark to examine the HTTPS request made by APT, the request body reveals as:
CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
Host: internal:8080\r\n
User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
...
...
[Regression Potential]
* Fix already in debian, and Eoan
* Has been reviewed/approved by juliank
* A test package (pre-sru) has been provided to an impacted user, and he confirms it solves the situation.
[Other Info]
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x |
[Impact]
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit[0] fixes this.
[0] - https://salsa.debian.org/apt-team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
[Test Case]
Here's one reproducer an impacted user brought to my attention:
# /etc/environment
http_proxy="http://internal:8080"
https_proxy="http://interal:8080"
To support application development activities in-house, I had to configure Azure CLI APT repository following the instructions from "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest":
$ sudo apt-get update
$ sudo apt-get install curl apt-transport-https lsb-release gnupg
$ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
$ gpg --dearmor | \
$ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
$ AZ_REPO=$(lsb_release -cs)
$ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ AZ_REPO main" | \
$ sudo tee /etc/apt/sources.list.d/azure-cli.list
$ sudo apt update
In the final "apt update" command, APT respects system-wide network proxy variables and successfully fetched Canonical repository data over HTTP.
However, it was unable to fetch the newly added Microsoft packages repository served via HTTPS.
By using Wireshark to examine the HTTPS request made by APT, the request body reveals as:
CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
Host: internal:8080\r\n
User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
...
...
There also is an automated test case in the package that runs as part of autopkgtest that tests a scenario like this, see the commit.
[Regression Potential]
* Fix already in debian, and Eoan
* Has been reviewed/approved by juliank
* A test package (pre-sru) has been provided to an impacted user, and he confirms it solves the situation.
[Other Info]
# salsa
$ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
1.9.0~8
# rmadison apt
=> apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
=> apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x |
|
2019-09-02 15:57:59 |
Łukasz Zemczak |
apt (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
2019-09-02 15:58:03 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-09-02 15:58:07 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2019-09-02 15:58:10 |
Łukasz Zemczak |
tags |
sts |
sts verification-needed verification-needed-disco |
|
2019-09-05 11:58:59 |
Łukasz Zemczak |
apt (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-09-05 11:59:04 |
Łukasz Zemczak |
tags |
sts verification-needed verification-needed-disco |
sts verification-needed verification-needed-bionic verification-needed-disco |
|
2019-09-08 06:26:11 |
Mathew Hodson |
apt (Ubuntu): importance |
Undecided |
Medium |
|
2019-09-10 14:50:20 |
Julian Andres Klode |
tags |
sts verification-needed verification-needed-bionic verification-needed-disco |
sts verification-done verification-done-bionic verification-done-disco |
|
2019-09-12 12:13:46 |
Launchpad Janitor |
apt (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
2019-09-12 12:14:11 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-09-12 12:14:19 |
Launchpad Janitor |
apt (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-12-23 05:38:17 |
Josh Anders |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977930 |
|
2020-12-23 05:38:17 |
Josh Anders |
bug task added |
|
apt (Debian) |
|
2021-03-02 07:02:00 |
Bug Watch Updater |
apt (Debian): status |
Unknown |
Fix Released |
|