Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Hi, the recent security update to apt makes bug 710924 much easier to trigger. This bug happens if partial/ contains indexfiles (packages/sources/translations), something that is now more frequent due to the reverification of if-modified-since replies. To fix this I backported the patch that went into apt 0.9.12 about 1 year ago (and are part of the ubuntu 14.04 LTS release as well). Apt simply retires without a range request if it gets a 416 reply from the server. Attached is the full diff that contains some noise due to a missing dh_clean in the 0.9.7.9+deb7u6 upload. I also add a short diff that just contains the part that is relevant. Thanks for your consideration, Michael
Attachment:
apt_0.9.7.9+deb7u7.debdiff.gz
Description: application/gzip
diff -Nru apt-0.9.7.9+deb7u6/debian/changelog apt-0.9.7.9+deb7u7/debian/changelog
--- apt-0.9.7.9+deb7u6/debian/changelog 2014-10-08 10:20:54.000000000 +0200
+++ apt-0.9.7.9+deb7u7/debian/changelog 2014-10-17 09:13:17.000000000 +0200
@@ -1,3 +1,15 @@
+apt (0.9.7.9+deb7u7) stable; urgency=medium
+
+ [ David Kalnischkies ]
+ * methods/http.cc:
+ - retry without partial data after a 416 response (closes: 710924)
+
+ [ Michael Vogt ]
+ * debian/rules:
+ - add missing dh_clean
+
+ -- Michael Vogt <mvo@debian.org> Fri, 17 Oct 2014 09:03:58 +0200
+
apt (0.9.7.9+deb7u6) wheezy-security; urgency=high
* SECURITY UPDATE:
diff -Nru apt-0.9.7.9+deb7u6/debian/rules apt-0.9.7.9+deb7u7/debian/rules
--- apt-0.9.7.9+deb7u6/debian/rules 2013-03-01 11:51:21.000000000 +0100
+++ apt-0.9.7.9+deb7u7/debian/rules 2014-10-17 09:07:23.000000000 +0200
@@ -110,6 +110,7 @@
clean:
dh_testdir
+ dh_clean
[ ! -f Makefile ] || $(MAKE) clean distclean
rm -rf build
diff -Nru apt-0.9.7.9+deb7u6/methods/http.cc apt-0.9.7.9+deb7u7/methods/http.cc
--- apt-0.9.7.9+deb7u6/methods/http.cc 2014-09-18 14:26:56.000000000 +0200
+++ apt-0.9.7.9+deb7u7/methods/http.cc 2014-10-17 08:48:36.000000000 +0200
@@ -604,6 +604,8 @@
Size = strtoull(Val.c_str(), NULL, 10);
if (Size >= std::numeric_limits<unsigned long long>::max())
return _error->Errno("HeaderLine", _("The HTTP server sent an invalid Content-Length header"));
+ else if (Size == 0)
+ HaveContent = false;
return true;
}
@@ -617,7 +619,13 @@
{
HaveContent = true;
- if (sscanf(Val.c_str(),"bytes %llu-%*u/%llu",&StartPos,&Size) != 2)
+ // §14.16 says 'byte-range-resp-spec' should be a '*' in case of 416
+ if (Result == 416 && sscanf(Val.c_str(), "bytes */%llu",&Size) == 1)
+ {
+ StartPos = 1; // ignore Content-Length, it would override Size
+ HaveContent = false;
+ }
+ else if (sscanf(Val.c_str(),"bytes %llu-%*u/%llu",&StartPos,&Size) != 2)
return _error->Error(_("The HTTP server sent an invalid Content-Range header"));
if ((unsigned long long)StartPos > Size)
return _error->Error(_("This HTTP server has broken range support"));
@@ -990,6 +998,12 @@
}
/* else pass through for error message */
}
+ else if (Srv->Result == 416 && FileExists(Queue->DestFile) == true &&
+ unlink(Queue->DestFile.c_str()) == 0)
+ {
+ NextURI = Queue->Uri;
+ return TRY_AGAIN_OR_REDIRECT;
+ }
/* We have a reply we dont handle. This should indicate a perm server
failure */