Package: libcurl3-gnutls
Version: 8.6.0-1
tl;dr: I found a regression in bug-compatibility but I have no idea if
it should be considered a problem.
Hi.
I investigated the failing dgit autopkgtest, which is (at leasat one
of the reasons) preventing src:curl from migrating.
I found that the root cause was that dgit's test suite has a stunt
http server which mishandles HTTP HEAD requests: it doesn't look at
the request method at all, so it responds to HEAD the same as GET,
with a body. So that is wrong.
The new libcurl rejects this, with a "Weird server reply" error.
I have filed the bug in the test case's stunt httpd as #1063341 (with
severity serious) and we will fix it in src:dgit soon.
However, I wonder whether this behavioural change in curl is
intentional or desirable. It seems to me that it might pose a
compatibility hazard. I know that compatibility, even with broken
peers, is often important in the web space.
I haven't tested the behaviour with HTTP/1.1. HTTP/1.1 has different
framing arrangements: depending on the framing, a similar bug in a
server would result in a framing error so such a buggy server wouldn't
survive. But with HTTP/1.0, a response which erroneously includes the
body is unambiguous and parseable.
I don't know if HTTP/1.0 is common enough, and compatibility with such
buggy HTTP servers important enough, to be concerned. I thought I
would file this bug to inform you about the situation and let you
decide. I hope you find that helpful.
Please downgrade, close, or forward to upstream, or upgrade, this bug,
as seems appropriate.
Thanks for your attention and your maintenance of this critical
package.
Regards,
Ian.
30178 read(7, "H", 1) = 1
| 00000 48 H |
30178 read(7, "E", 1) = 1
| 00000 45 E |
30178 read(7, "A", 1) = 1
| 00000 41 A |
30178 read(7, "D", 1) = 1
| 00000 44 D |
30178 read(7, " ", 1) = 1
| 00000 20 |
30178 read(7, "/", 1) = 1
| 00000 2f / |
30178 read(7, "p", 1) = 1
| 00000 70 p |
...
30178 write(7, "HTTP/1.0 404 Not found\r\nContent-Type: text/html;
charset=ISO-8859-1\r\n\r\n<!DOCTYPE html\n\tPUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"\n\t
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\n<html
xmlns=\"http://www.w3.org/1999/xhtml\"; lang=\"en-US\"
xml:lang=\"en-US\">\n<head>\n<title>Not found</title>\n<meta
http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"
/>\n</head>\n<body>\n<h1>Not found</h1>\n</body>\n</html>", 426) = 426
| 00000 48 54 54 50 2f 31 2e 30 20 34 30 34 20 4e 6f 74 HTTP/1.0 404 Not |
| 00010 20 66 6f 75 6e 64 0d 0a 43 6f 6e 74 65 6e 74 2d found..Content- |
| 00020 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b Type: text/html; |
| 00030 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 charset=ISO-885 |
| 00040 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 9-1....<!DOCTYPE |
| 00050 20 68 74 6d 6c 0a 09 50 55 42 4c 49 43 20 22 2d html..PUBLIC "- |
| 00060 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c //W3C//DTD XHTML |
| 00070 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 1.0 Transitiona |
| 00080 6c 2f 2f 45 4e 22 0a 09 20 22 68 74 74 70 3a 2f l//EN".. "http:/ |
| 00090 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 /www.w3.org/TR/x |
| 000a0 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 html1/DTD/xhtml1 |
| 000b0 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 -transitional.dt |
| 000c0 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d d">.<html xmlns= |
| 000d0 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f "http://www.w3.o |
| 000e0 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c rg/1999/xhtml" l |
| 000f0 61 6e 67 3d 22 65 6e 2d 55 53 22 20 78 6d 6c 3a ang="en-US" xml: |
| 00100 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 lang="en-US">.<h |
| 00110 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 ead>.<title>Not |
| 00120 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d found</title>.<m |
| 00130 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 eta http-equiv=" |
| 00140 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f Content-Type" co |
| 00150 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c ntent="text/html |
| 00160 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 ; charset=iso-88 |
| 00170 35 39 2d 31 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 59-1" />.</head> |
| 00180 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 .<body>.<h1>Not |
| 00190 66 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 found</h1>.</bod |
| 001a0 79 3e 0a 3c 2f 68 74 6d 6c 3e y>.</html> |
30178 close(7) = 0
...
dgit: error: fetch of http://127.0.0.1:40339/pari-extra.git/HEAD failed (Weird
server reply):
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
