This fix breaks CloudFront URLs, because the reencoding of URLs results
in some HTML entities being replaced by their plain characters.
CloudFront signing requires that the the whole URL matches the
signature, as compared to S3 URLs which prune the querystring before
validating the signature.
I still had the mscorefonts problem (errors in sourceforge mirrors) in 19.04.
Found this workaround in #1655431. Quoting: Boris Rybalkin (ribalkin) wrote on
2017-11-26:#18
Was able to fix sf mirrors issue by replacing sf mirror with some github copy:
sudo sed -i
Additionally I ran this workaround but when running apt-get upgrade it
still tries to upgrade this ttf install and fails the same way
workaround:
wget http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/ttf-
mscorefonts-installer_3.6_all.deb
sudo dpkg -i
I still have this issue. I upgraded from 16.04.4 LTS yesterday and now
have 18.04LTS and still have this issue.
I'd rather get it fixed than resulting to cheap tricks.
Is anyone going to work on this?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
I'm still having this issue. Has the fix been pushed out yet?
I'm using Xubuntu 16.04 LTS 64-bit.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https
Yes, please file a new bug. And that really seems more like an
unattended-upgrades bug, I can't believe it's a regression in 1.2.19 -
the change in 1.2.19 is just that:
+ Uri.Path = QuoteString(Uri.Path, "+~ ");
- just quoting the path component of the Uri before downloading it (in
the https
Martin, I think you should file a new issue for what you described.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations
Before version 1.2.19, I was able to automatically upgrade package
"gitlab-ce" using unattended-upgrades. The update to version 1.2.19
seems to render my configuration useless.
>From file `apt/apt.conf.d/50unattended-upgrades`:
Unattended-Upgrade::Origins-Pattern {
Many thanks!
Cheers,
Nico
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations and sends them to the
destination
This bug was fixed in the package apt - 1.2.19
---
apt (1.2.19) xenial; urgency=medium
* https: Quote path in URL before passing it to curl (LP: #1651923)
-- Julian Andres Klode Tue, 17 Jan 2017 15:48:51
+0100
--
You received this bug notification because
This bug was fixed in the package apt - 1.3.4
---
apt (1.3.4) yakkety; urgency=medium
* https: Quote path in URL before passing it to curl (LP: #1651923)
-- Julian Andres Klode Tue, 17 Jan 2017 15:46:33
+0100
** Changed in: apt (Ubuntu Yakkety)
I got those error reports too. It happens when you run wget as root, and
use that directory. I changed it to use /var/tmp and the message went
away. You could also run wget without the sudo (some of the instructions I
saw have done that).
On Sun, Jan 22, 2017 at 1:13 PM, luca
Xenial's package worked for me, although I got these warnings (I guess
is an unrelated problem though):
/etc/cron.daily/update-notifier-common:
Get:1 http://downloads.sourceforge.net/corefonts/andale32.exe [198 kB]
Fetched 198 kB in 2s (69,3 kB/s)
W: Can't drop privileges for downloading as file
I have this problem still. What I found to work was to remove the failed
install and install it using the deb. I wrote an article about it on my blog
for future reference...
https://computerobz.wordpress.com/2016/12/15/ttf-mscorefonts-installer-fails-to-installupgrade/
Basically:
1.) Launch a
The Content-Range issue with partial downloads on SF is tracked in bug
1657567 now. That's less urgent though, so we may just want to roll that
one out when I do the next "scheduled" bugfix update.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
OK. We now have comments of success from yakkety and xenial, and I have
also checked both, so marking it verified-done.
I'll open up a new bug for the partial download issue.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you
I have tested the new package on Xenial, following the instructions in
https://wiki.ubuntu.com/Testing/EnableProposed
APT packages installed before updating:
apt 1.2.18
apt-transport-https 1.2.18
apt-utils1.2.18
libapt-inst2.0 1.2.18
libapt-pkg5.0
Julian: Ah, indeed. If I make sure to use https against the SF, and make
sure the file doesn't exist, it works reliably. Sorry for the confusion!
So, LGTM from xenial.
Thanks a lot for working this out!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
The first log looks entirely correct. The server is broken, vorboss does
not support partial requests, but instead of responding correctly with
all the content, it just redirects to another location. That other
location is http, so unencrypted which we do not allow for security
reasons.
Re the
And note that the redirect from vorboss is to a site that indicates a
failure, not the file.
Or in short: Sourceforge sucks, don't use it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
Yep, fixed! Great work! Thanks for your time!
```
norru@GBWWSRUNUBWS02:~$ sudo apt install apt-transport-https
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
apt-transport-https
1 to upgrade, 0 to newly
Again: You need to install apt-transport-https, not apt. Nobody cares
about your version of the apt package, the fix is in apt-transport-
https.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
Another test case is downloading
"https://people.debian.org/~jak/a b/c"
with apt-helper. That fails in 1.2.18 and succeeds in 1.2.19.
** Description changed:
[Impact]
- Downloads via HTTPS fail if the URL contains a space. This breaks packages
like ttf-mscorefonts-installer and various
This problem does not occur with that file on xenial, as it first
redirects to an https URI without a space which then redirects to an
HTTPS uri with a space (http w/o space -> https w/o space -> https w/
space). In xenial, https->https redirects where handled internally by
curl.
Another test
Here is the debug output with 1.2.18.
** Attachment added: "debug-output.txt"
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1651923/+attachment/4805952/+files/debug-output.txt
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
@Robin: I just confirmed that apt 1.2.19 fixes the corefonts issue:
All fonts downloaded and installed.
Setting up ttf-mscorefonts-installer (3.4+nmu1ubuntu2) ...
Did you really upgrade apt-transport-https or only apt?
But bdmurray is right, the ardour thing works fine in 1.2.18. In xenial
Could you provide logs with -o debug::acquire::https=1 and
debug::acquire::http=1
Maybe thw redirect changed and the test case this started working again?
I'll check soon.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt
While the new version of the package worked for me, so did apt version
1.2.18 - shouldn't it have failed?
bdmurray@clean-xenial-amd64:~$ apt-cache policy apt
apt:
Installed: 1.2.18
Candidate: 1.2.18
Version table:
*** 1.2.18 500
500 http://192.168.10.7/ubuntu xenial-updates/main
Just checked apt 1.2.9 from proposed on an x86_64 16.04 system . The package
ttf-mscorefonts-installer version 3.4+nmu1ubuntu2 fails to download font files,
but rather returns a 403 error on the first file download attempt.
Directly accessing the failed link through a browser gives the expected
@llucax there are two versions (and two calls for testing). 1.2.19 for
xenial and 1.3.4 for yakkety.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https
Should we test that package too in xenial? Or there will be another test
package for xenial?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method
Hello Nico, or anyone else affected,
Accepted apt into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/1.2.19 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Thanks for the hard work!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations and sends them to the
destination
Releases uploaded. The fix is exactly the same as in zesty, I just added
an additional test case based on the new 1.4~beta4 release (the test
case also needed some porting because the framework between 1.4 and 1.3
is a bit different).
** Changed in: apt (Ubuntu Xenial)
Status: Triaged =>
** Description changed:
+ [Impact]
+ Downloads via HTTPS fail if the URL contains a space. This breaks packages
like ttf-mscorefonts-installer and various third party hosters.
+
+ [Test case]
+ Check that /usr/lib/apt/apt-helper download-file
Fix has been committed upstream with an additional test case:
https://anonscm.debian.org/cgit/apt/apt.git/commit/?id=994515e689dcc5f963f5fed58284831750a5da03
I'll sync the new version from Debian unstable once I have uploaded and
it is known by Launchpad. I will also upload SRUs tomorrow - the
downloads.sourceforge.net is just a redirection service to an auto-
selected mirror. Using the full URL
(sourceforge.net/projects/corefonts/files/...) also auto-selects a
mirror (credited on the right of the web page: "Mirror provided by
...").
--
You received this bug notification because you
As far as ttf-mscorefonts-installer is concerned, I looked on the
sourceforge website and it's no longer at
http://downloads.sourceforge.net/corefonts/andale32.exe . The file has
been moved and I velieve is located at :
https://sourceforge.net/projects/corefonts/files/the
fonts/final/andale32.exe
Bumping the severity because this is causing problems for a lot of
people. There are hundreds of people who have marked this bug (or a
duplicate) as affecting them.
** Changed in: apt (Ubuntu Yakkety)
Importance: Medium => High
** Changed in: apt (Ubuntu Xenial)
Importance: Medium => High
** Changed in: apt (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: apt (Ubuntu Yakkety)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
This bug was fixed in the package apt - 1.4~beta3ubuntu1
---
apt (1.4~beta3ubuntu1) zesty; urgency=medium
* https: Quote path in URL before passing it to curl (LP: #1651923)
-- Julian Andres Klode Wed, 11 Jan 2017 00:13:59
+0100
** Changed in: apt (Ubuntu)
I just uploaded 1.4~rc3ubuntu1 to zesty. It's building now, and should
hit zesty-proposed soon, and hopefully migrate without issues to zesty
release repository.
This is the included workaround for now:
commit 12d5863a6ecd358db5645a4c1ca75576ef3c6232
Author: Julian Andres Klode
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apt (Ubuntu Yakkety)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
** No longer affects: apt (Ubuntu Trusty)
** Changed in: apt (Ubuntu Yakkety)
Status: Confirmed => Triaged
** Changed in: apt (Ubuntu Xenial)
Status: Confirmed => Triaged
** Changed in: apt (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apt (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apt (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
** Also affects: apt (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you
** Changed in: apt (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations
Bah, I was not clear. Github apparently started adding spaces into their
URI. That's what is causing this issue, it's not really a change in apt
that is causing it. That said, the redirect handling changed a bit -
https redirects used to be handled by curl itself prior to 1.3.
** Changed in: apt
No regression. The quick hack we can try for now is parsing the URI we
get and then encoding the local part. This is what I'm aiming for this
month and it will fix this issue.
The correct fix requires restructuring the whole acquire system to not
decode URIs in redirect requests and encode given
+1 for a backport, even if it's a "dirty hack"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations and sends them to the
A year to fix a regression (bug not apparent in 14.04)? Oh, dear! :(
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations
"A correct fix will have to wait until the end of the year" - do you really
mean the end of 2017?
But even if you can only release a workaround for now, please backport to 16.04
LTS as well, where it broke e.g. the ttf-mscorefonts-installer.
--
You received this bug notification because you
I believe this will take quite some time to fix. A correct fix will have
to wait until the end of the year, but we might be able to hack
something in like what I did there - but really only quoting the local
part and not the entire URL - which obviously fails.
--
You received this bug
Good news, thanks! Would it be possible to schedule a backported patch
to 16.10? The problem is significant in the general case.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
Currently running CI on https://github.com/Debian/apt/compare/master
...julian-klode:bugfix/lp-1653094-https-quote?expand=1 let's see if that
simple change works or if it needs more work.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
The problem is: the http methods URL-encodes URLs before sending them,
the https one does not. And our redirecting code decodes the locations
given, because the http method encodes them.
This is of course horribly broken: We should not decode the location and
re-encode it in the first place. That
** Summary changed:
- 505 HTTP Version not supported - installing kxstudio packages
+ apt https method decodes redirect locations and sends them to the destination
undecoded.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
58 matches
Mail list logo