curl: Problem with chunked encoded data

The attachment "Patch from https://github.com/curl/curl/commit/0ab97ba0090f2609760c33000181f08757336a48" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Status changed to 'Confirmed' because the bug affects multiple users.

fix for the bug, uploaded on ppa:costamagnagianfranco/locutusofborg-ppa

patches should be applied not at the bottom :) new debdiff

build ongoing ppa:costamagnagianfranco/costamagnagianfranco-ppa

Hi Joe, LocutusOfBorg
Please update this bug's description as per the SRU bug template.

https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template

done thanks

lol the above links shows my ettercap ppa as "fix" just because it has a new curl

Thank you Graham! Let me know if I can help the next steps in any way to publish updated packages.

@sodabrew: the update for trusty has been uploaded, once it has been accepted into trusty-proposed this bug will be updated, letting you know that you can install the update and verify that it actually fixes the bug. If verification is successful, the update will migrate to trusty-updates.

I was not able to reproduce the problem with the following test case:
curl -v 'http://curl.haxx.se/download/'

If it works for you, please let us know, otherwise let us know of a better test case if you find one.

Hello Joe, or anyone else affected,

Accepted curl into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Using the PHP script from https://bugs.php.net/bug.php?id=72131 we were able to reproduce the bug with curl 7.35.0-1ubuntu2.8 (maybe there's a simpler way to reproduce...):

---------------------------------------------

# dpkg -l | grep curl
ii curl 7.35.0-1ubuntu2.8 amd64 command line tool for transferring data with URL syntax
ii libcurl3:amd64 7.35.0-1ubuntu2.8 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)

(Hmm, the bug tracker ate the rest of my comment?!)

# php test.php
string(2) "OK"
string(0) ""

string(2) "OK"
string(0) ""

string(2) "OK"
string(0) ""

number_format(null) called

bool(false)
string(39) "Problem (2) in the Chunked-Encoded data"

number_format(null) called

---------------------------------------------

The updated packages actually seem to fix the problem - no more "Problem (2) in the Chunked-Encoded data":

# curl http://launchpadlibrarian.net/281937790/libcurl3_7.35.0-1ubuntu2.9_amd64.deb -O

# curl http://launchpadlibrarian.net/281937786/curl_7.35.0-1ubuntu2.9_amd64.deb -O

# dpkg -i *deb
(Reading database ... 67243 files and directories currently installed.)
Preparing to unpack curl_7.35.0-1ubuntu2.9_amd64.deb ...
Unpacking curl (7.35.0-1ubuntu2.9) over (7.35.0-1ubuntu2.9) ...
Preparing to unpack libcurl3_7.35.0-1ubuntu2.9_amd64.deb ...
Unpacking libcurl3:amd64 (7.35.0-1ubuntu2.9) over (7.35.0-1ubuntu2.8) ...
Setting up libcurl3:amd64 (7.35.0-1ubuntu2.9) ...
Setting up curl (7.35.0-1ubuntu2.9) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.9) ...

# dpkg -l |grep curl
ii curl 7.35.0-1ubuntu2.9 amd64 command line tool for transferring data with URL syntax
ii libcurl3:amd64 7.35.0-1ubuntu2.9 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)

# php test.php
string(2) "OK"
string(0) ""

string(2) "OK"
string(0) ""

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

string(2) "OK"
string(0) ""

number_format(null) called

---------------------------------------------

Thanks everyone for the quick support!

This bug was fixed in the package curl - 7.35.0-1ubuntu2.9

---------------
curl (7.35.0-1ubuntu2.9) trusty; urgency=medium

  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

 -- Gianfranco Costamagna <email address hidden> Sun, 28 Aug 2016 21:27:34 +0200

The verification of the Stable Release Update for curl has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.