2008-05-05 07:28:44 |
Michael |
bug |
|
|
added bug |
2009-02-12 19:38:02 |
Mark Goldfinch |
bug |
|
|
added attachment 'etc-cron.daily-apt.patch' (etc-cron.daily-apt.patch) |
2010-07-12 09:30:44 |
Adam Guthrie |
apt (Ubuntu): status |
New |
Confirmed |
|
2010-09-17 08:51:08 |
Oliver Dungey |
bug |
|
|
added subscriber Oliver Dungey |
2010-09-22 07:32:39 |
Francis De Brabandere |
bug |
|
|
added subscriber Francis De Brabandere |
2011-04-16 08:05:17 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto MURATA |
2011-06-20 16:38:58 |
Eric Carvalho |
bug |
|
|
added subscriber Eric Carvalho |
2011-12-06 08:17:54 |
Johannes Martin |
bug |
|
|
added subscriber Johannes Martin |
2012-03-16 11:53:33 |
Stefan Metzmacher |
bug |
|
|
added subscriber Stefan Metzmacher |
2012-03-26 22:02:20 |
Brian Murray |
apt (Ubuntu): status |
Confirmed |
Triaged |
|
2012-03-26 22:02:27 |
Brian Murray |
apt (Ubuntu): importance |
Undecided |
Medium |
|
2012-03-28 15:41:11 |
Steve Langasek |
tags |
|
rls-mgr-p-tracking |
|
2012-05-11 23:18:12 |
Brian Murray |
bug |
|
|
added subscriber Brian Murray |
2012-06-14 14:17:33 |
Adam Stokes |
nominated for series |
|
Ubuntu Precise |
|
2012-06-14 14:18:03 |
Chris J Arges |
bug task added |
|
apt (Ubuntu Precise) |
|
2012-06-14 14:18:16 |
Chris J Arges |
tags |
rls-mgr-p-tracking |
precise rls-mgr-p-tracking |
|
2012-06-14 14:18:33 |
Chris J Arges |
nominated for series |
|
Ubuntu Lucid |
|
2012-06-14 14:18:33 |
Chris J Arges |
bug task added |
|
apt (Ubuntu Lucid) |
|
2012-06-14 14:18:33 |
Chris J Arges |
nominated for series |
|
Ubuntu Natty |
|
2012-06-14 14:18:33 |
Chris J Arges |
bug task added |
|
apt (Ubuntu Natty) |
|
2012-06-14 14:19:54 |
Chris J Arges |
nominated for series |
|
Ubuntu Oneiric |
|
2012-06-14 14:19:54 |
Chris J Arges |
bug task added |
|
apt (Ubuntu Oneiric) |
|
2012-06-14 14:20:07 |
Chris J Arges |
apt (Ubuntu Precise): importance |
Undecided |
Medium |
|
2012-06-14 14:20:10 |
Chris J Arges |
apt (Ubuntu Lucid): importance |
Undecided |
Medium |
|
2012-06-14 14:20:55 |
Chris J Arges |
apt (Ubuntu Lucid): status |
New |
Triaged |
|
2012-06-14 14:20:58 |
Chris J Arges |
apt (Ubuntu Precise): status |
New |
Triaged |
|
2012-06-14 15:43:44 |
Chris J Arges |
apt (Ubuntu Precise): milestone |
|
ubuntu-12.04.1 |
|
2012-06-18 19:44:55 |
Adam Stokes |
description |
Binary package hint: apt
IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. |
[Impact]
IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval.
[Test Case]
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# wget -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[endless hang] ^C
# iptables -F
# iptables -A OUTPUT -p tcp --dport 80 -j REJECT
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns in 90 seconds]
#
# iptables -F
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
#
#
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# route del default
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
[Regression Potential]
Potential for regression is minimal as this would allow apt-key to successfully timeout if the keyserver is unreachable and allow for continued operation required by other services (i.e. cron executed instances) |
|
2012-06-26 14:52:33 |
Adam Stokes |
description |
[Impact]
IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval.
[Test Case]
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# wget -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[endless hang] ^C
# iptables -F
# iptables -A OUTPUT -p tcp --dport 80 -j REJECT
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns in 90 seconds]
#
# iptables -F
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
#
#
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# route del default
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
[Regression Potential]
Potential for regression is minimal as this would allow apt-key to successfully timeout if the keyserver is unreachable and allow for continued operation required by other services (i.e. cron executed instances) |
[Impact]
IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval. An example, would be attempting to reduce the number of retries wget performs in order to receive the gpg key. The default is 20 tries, however, if the firewall is set to DROP packets then thats a 90*20 timeout.
[Test Case]
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# wget -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[endless hang] ^C
# iptables -F
# iptables -A OUTPUT -p tcp --dport 80 -j REJECT
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns in 90 seconds]
#
# iptables -F
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
#
#
# iptables -A OUTPUT -p tcp --dport 80 -j DROP
# route del default
# wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
[returns instantly]
[Regression Potential]
Potential for regression is minimal as this would allow apt-key to successfully timeout if the keyserver is unreachable and allow for continued operation required by other services (i.e. cron executed instances) |
|
2012-07-05 08:09:37 |
Launchpad Janitor |
apt (Ubuntu Natty): status |
New |
Confirmed |
|
2012-07-05 08:09:37 |
Launchpad Janitor |
apt (Ubuntu Oneiric): status |
New |
Confirmed |
|
2012-07-18 15:21:24 |
Stéphane Graber |
apt (Ubuntu Precise): milestone |
ubuntu-12.04.1 |
precise-updates |
|
2012-10-15 20:23:42 |
Chris J Arges |
bug |
|
|
added subscriber Sustaining Engineering |
2013-05-10 16:01:44 |
Brian Murray |
apt (Ubuntu Natty): status |
Confirmed |
Won't Fix |
|
2013-05-10 16:01:47 |
Brian Murray |
apt (Ubuntu Oneiric): status |
Confirmed |
Won't Fix |
|
2013-05-10 16:20:11 |
Eric Carvalho |
removed subscriber Eric Carvalho |
|
|
|
2014-02-07 15:41:23 |
Curtis Hovey |
removed subscriber Registry Administrators |
|
|
|
2015-06-17 11:29:55 |
Rolf Leggewie |
apt (Ubuntu Lucid): status |
Triaged |
Won't Fix |
|
2017-07-18 15:24:44 |
Julian Andres Klode |
apt (Ubuntu Precise): status |
Triaged |
Won't Fix |
|
2017-10-30 05:05:42 |
Mathew Hodson |
bug task deleted |
apt (Ubuntu Lucid) |
|
|
2017-10-30 05:05:47 |
Mathew Hodson |
bug task deleted |
apt (Ubuntu Natty) |
|
|
2017-10-30 05:05:53 |
Mathew Hodson |
bug task deleted |
apt (Ubuntu Oneiric) |
|
|
2017-10-30 05:05:59 |
Mathew Hodson |
bug task deleted |
apt (Ubuntu Precise) |
|
|