Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Hi, the recent security update to apt makes bug 710924 much easier to trigger. This bug happens if partial/ contains indexfiles (packages/sources/translations), something that is now more frequent due to the reverification of if-modified-since replies. To fix this I backported the patch that went into apt 0.9.12 about 1 year ago (and are part of the ubuntu 14.04 LTS release as well). Apt simply retires without a range request if it gets a 416 reply from the server. Attached is the full diff that contains some noise due to a missing dh_clean in the 0.9.7.9+deb7u6 upload. I also add a short diff that just contains the part that is relevant. Thanks for your consideration, Michael
Attachment:
apt_0.9.7.9+deb7u7.debdiff.gz
Description: application/gzip
diff -Nru apt-0.9.7.9+deb7u6/debian/changelog apt-0.9.7.9+deb7u7/debian/changelog --- apt-0.9.7.9+deb7u6/debian/changelog 2014-10-08 10:20:54.000000000 +0200 +++ apt-0.9.7.9+deb7u7/debian/changelog 2014-10-17 09:13:17.000000000 +0200 @@ -1,3 +1,15 @@ +apt (0.9.7.9+deb7u7) stable; urgency=medium + + [ David Kalnischkies ] + * methods/http.cc: + - retry without partial data after a 416 response (closes: 710924) + + [ Michael Vogt ] + * debian/rules: + - add missing dh_clean + + -- Michael Vogt <mvo@debian.org> Fri, 17 Oct 2014 09:03:58 +0200 + apt (0.9.7.9+deb7u6) wheezy-security; urgency=high * SECURITY UPDATE: diff -Nru apt-0.9.7.9+deb7u6/debian/rules apt-0.9.7.9+deb7u7/debian/rules --- apt-0.9.7.9+deb7u6/debian/rules 2013-03-01 11:51:21.000000000 +0100 +++ apt-0.9.7.9+deb7u7/debian/rules 2014-10-17 09:07:23.000000000 +0200 @@ -110,6 +110,7 @@ clean: dh_testdir + dh_clean [ ! -f Makefile ] || $(MAKE) clean distclean rm -rf build diff -Nru apt-0.9.7.9+deb7u6/methods/http.cc apt-0.9.7.9+deb7u7/methods/http.cc --- apt-0.9.7.9+deb7u6/methods/http.cc 2014-09-18 14:26:56.000000000 +0200 +++ apt-0.9.7.9+deb7u7/methods/http.cc 2014-10-17 08:48:36.000000000 +0200 @@ -604,6 +604,8 @@ Size = strtoull(Val.c_str(), NULL, 10); if (Size >= std::numeric_limits<unsigned long long>::max()) return _error->Errno("HeaderLine", _("The HTTP server sent an invalid Content-Length header")); + else if (Size == 0) + HaveContent = false; return true; } @@ -617,7 +619,13 @@ { HaveContent = true; - if (sscanf(Val.c_str(),"bytes %llu-%*u/%llu",&StartPos,&Size) != 2) + // §14.16 says 'byte-range-resp-spec' should be a '*' in case of 416 + if (Result == 416 && sscanf(Val.c_str(), "bytes */%llu",&Size) == 1) + { + StartPos = 1; // ignore Content-Length, it would override Size + HaveContent = false; + } + else if (sscanf(Val.c_str(),"bytes %llu-%*u/%llu",&StartPos,&Size) != 2) return _error->Error(_("The HTTP server sent an invalid Content-Range header")); if ((unsigned long long)StartPos > Size) return _error->Error(_("This HTTP server has broken range support")); @@ -990,6 +998,12 @@ } /* else pass through for error message */ } + else if (Srv->Result == 416 && FileExists(Queue->DestFile) == true && + unlink(Queue->DestFile.c_str()) == 0) + { + NextURI = Queue->Uri; + return TRY_AGAIN_OR_REDIRECT; + } /* We have a reply we dont handle. This should indicate a perm server failure */