[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2021-03-01 Thread Bug Watch Updater
** Changed in: apt (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Disco:
  Fix Released
Status in apt package in Debian:
  Fix Released

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2020-12-22 Thread Josh Anders
** Bug watch added: Debian Bug tracker #977930
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977930

** Also affects: apt (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977930
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Disco:
  Fix Released
Status in apt package in Debian:
  Unknown

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-12 Thread Launchpad Bug Tracker
This bug was fixed in the package apt - 1.8.3

---
apt (1.8.3) unstable; urgency=medium

  [ Simon Körner ]
  * http: Fix Host header in proxied https connections (LP: #1838771)

  [ Brian Murray ]
  * Do not include squashfs file systems in df output. (LP: #1756595)

apt (1.8.2) unstable; urgency=medium

  [ Alwin Henseler ]
  * Flip /: in documented default value of DPkg::Path (Closes: #917986)

  [ TilmanK ]
  * Fix typo in German manpage translation

  [ Américo Monteiro ]
  * Portuguese manpages translation update (Closes: #926614)

  [ Jean-Pierre Giraud ]
  * French manpages translation update (Closes: #929290)

  [ Michael Zhivich ]
  * methods: https: handle requests for TLS re-handshake (LP: #1829861)

  [ Julian Andres Klode ]
  * Unlock dpkg locks in reverse locking order (LP: #1829860)

 -- Julian Andres Klode   Fri, 09 Aug 2019 11:16:15
+0200

** Changed in: apt (Ubuntu Disco)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Disco:
  Fix Released

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-12 Thread Launchpad Bug Tracker
This bug was fixed in the package apt - 1.6.12

---
apt (1.6.12) bionic; urgency=medium

  [ TilmanK ]
  * Fix typo in German manpage translation

  [ Michael Zhivich ]
  * methods: https: handle requests for TLS re-handshake (LP: #1829861)

  [ Julian Andres Klode ]
  * Unlock dpkg locks in reverse locking order (LP: #1829860)

  [ Simon Körner ]
  * http: Fix Host header in proxied https connections (LP: #1838771)

  [ Brian Murray ]
  * Do not include squashfs file systems in df output. (LP: #1756595)

 -- Julian Andres Klode   Tue, 03 Sep 2019 12:05:35
+0200

** Changed in: apt (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Disco:
  Fix Released

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-12 Thread Eric Desrochers
[VERIFICATION BIONIC]

It looks good to me testing with the above [Test Case].

# apt-get update
Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
==> Hit:2 https://packages.microsoft.com/repos/azure-cli bionic InRelease   
 
Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease 
   
Hit:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease   
Hit:6 http://archive.ubuntu.com/ubuntu bionic-proposed InRelease
Reading package lists... Done

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-12 Thread Łukasz Zemczak
Eric, could you check the package and make sure the fix works as
expected for you as well?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-10 Thread Julian Andres Klode
The included autopkgtest the verifies this fix has passed for both 1.8.3
and 1.6.12

(221/256) Testcase test-proxy-connect:  P P P P P P P P P P P P P P

The two apport autopkgtest failures for 1.6.12 for bionic remain, they
seem to be the usual launchpad timeout/unavailable issue.

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-disco
** Tags added: verification-done verification-done-bionic 
verification-done-disco

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-08 Thread Mathew Hodson
** Changed in: apt (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-05 Thread Łukasz Zemczak
Hello Eric, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/1.6.12 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: apt (Ubuntu Bionic)
   Status: In Progress => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-09-02 Thread Łukasz Zemczak
Hello Eric, or anyone else affected,

Accepted apt into disco-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/1.8.3 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-disco to verification-done-disco. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-disco. In either case, without details of your
testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: apt (Ubuntu Disco)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-disco

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  Fix Committed

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
  $ gpg --dearmor | \
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
  $ AZ_REPO=$(lsb_release -cs)
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list
  $ sudo apt update

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
  Host: internal:8080\r\n
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
  ...
  ...

  There also is an automated test case in the package that runs as part
  of autopkgtest that tests a scenario like this, see the commit.

  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-08-09 Thread Julian Andres Klode
Uploaded apt 1.8.3 to disco (this is a sync (*) from Debian unstable,
and also includes some other bug fixes from 1.8.2 which I forgot to sync
earlier)

(*) uploaded with --no-lp so we get a diff for sru-review

** Description changed:

  [Impact]
  
  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.
  
  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."
  
  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.
  
  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
  
  [Test Case]
  
  Here's one reproducer an impacted user brought to my attention:
  
- # /etc/environment 
- http_proxy="http://internal:8080; 
- https_proxy="http://interal:8080; 
+ # /etc/environment
+ http_proxy="http://internal:8080;
+ https_proxy="http://interal:8080;
  
  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":
  
- $ sudo apt-get update 
- $ sudo apt-get install curl apt-transport-https lsb-release gnupg 
- $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \ 
- $ gpg --dearmor | \ 
- $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null 
- $ AZ_REPO=$(lsb_release -cs) 
- $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \ 
- $ sudo tee /etc/apt/sources.list.d/azure-cli.list 
- $ sudo apt update 
+ $ sudo apt-get update
+ $ sudo apt-get install curl apt-transport-https lsb-release gnupg
+ $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \
+ $ gpg --dearmor | \
+ $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
+ $ AZ_REPO=$(lsb_release -cs)
+ $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \
+ $ sudo tee /etc/apt/sources.list.d/azure-cli.list
+ $ sudo apt update
  
  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data over
  HTTP.
  
  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.
  
  By using Wireshark to examine the HTTPS request made by APT, the request
  body reveals as:
  
- CONNECT packages.microsoft.com:443 HTTP/1.1\r\n 
- Host: internal:8080\r\n 
- User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n 
- ... 
- ... 
+ CONNECT packages.microsoft.com:443 HTTP/1.1\r\n
+ Host: internal:8080\r\n
+ User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n
+ ...
+ ...
  
+ There also is an automated test case in the package that runs as part of
+ autopkgtest that tests a scenario like this, see the commit.
  
  [Regression Potential]
  
  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.
  
  [Other Info]
  
  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8
  
  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  In Progress

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment
  http_proxy="http://internal:8080;
  https_proxy="http://interal:8080;

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg
  $ curl -sL 

[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-08-05 Thread Eric Desrochers
** Changed in: apt (Ubuntu Bionic)
 Assignee: Eric Desrochers (slashd) => (unassigned)

** Changed in: apt (Ubuntu Bionic)
 Assignee: (unassigned) => Julian Andres Klode (juliank)

** Changed in: apt (Ubuntu Disco)
 Assignee: Eric Desrochers (slashd) => Julian Andres Klode (juliank)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  In Progress

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment 
  http_proxy="http://internal:8080; 
  https_proxy="http://interal:8080; 

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update 
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg 
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \ 
  $ gpg --dearmor | \ 
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null 
  $ AZ_REPO=$(lsb_release -cs) 
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \ 
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list 
  $ sudo apt update 

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n 
  Host: internal:8080\r\n 
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n 
  ... 
  ... 

  
  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-08-05 Thread Eric Desrochers
** Changed in: apt (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: apt (Ubuntu Disco)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  In Progress

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment 
  http_proxy="http://internal:8080; 
  https_proxy="http://interal:8080; 

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update 
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg 
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \ 
  $ gpg --dearmor | \ 
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null 
  $ AZ_REPO=$(lsb_release -cs) 
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \ 
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list 
  $ sudo apt update 

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n 
  Host: internal:8080\r\n 
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n 
  ... 
  ... 

  
  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-08-05 Thread Eric Desrochers
** Description changed:

  [Impact]
  
  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.
  
  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."
  
  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.
  
  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
  
  [Test Case]
  
+ Here's one reproducer an impacted user brought to my attention:
+ 
+ # /etc/environment 
+ http_proxy="http://internal:8080; 
+ https_proxy="http://interal:8080; 
+ 
+ To support application development activities in-house, I had to
+ configure Azure CLI APT repository following the instructions from
+ "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
+ =azure-cli-latest":
+ 
+ $ sudo apt-get update 
+ $ sudo apt-get install curl apt-transport-https lsb-release gnupg 
+ $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \ 
+ $ gpg --dearmor | \ 
+ $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null 
+ $ AZ_REPO=$(lsb_release -cs) 
+ $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \ 
+ $ sudo tee /etc/apt/sources.list.d/azure-cli.list 
+ $ sudo apt update 
+ 
+ In the final "apt update" command, APT respects system-wide network
+ proxy variables and successfully fetched Canonical repository data over
+ HTTP.
+ 
+ However, it was unable to fetch the newly added Microsoft packages
+ repository served via HTTPS.
+ 
+ By using Wireshark to examine the HTTPS request made by APT, the request
+ body reveals as:
+ 
+ CONNECT packages.microsoft.com:443 HTTP/1.1\r\n 
+ Host: internal:8080\r\n 
+ User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n 
+ ... 
+ ... 
+ 
+ 
  [Regression Potential]
+ 
+ * Fix already in debian, and Eoan
+ * Has been reviewed/approved by juliank
+ * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the situation.
  
  [Other Info]
  
  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8
  
  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  In Progress

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  Here's one reproducer an impacted user brought to my attention:

  # /etc/environment 
  http_proxy="http://internal:8080; 
  https_proxy="http://interal:8080; 

  To support application development activities in-house, I had to
  configure Azure CLI APT repository following the instructions from
  "https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view
  =azure-cli-latest":

  $ sudo apt-get update 
  $ sudo apt-get install curl apt-transport-https lsb-release gnupg 
  $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | \ 
  $ gpg --dearmor | \ 
  $ sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null 
  $ AZ_REPO=$(lsb_release -cs) 
  $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $ $ 
AZ_REPO main" | \ 
  $ sudo tee /etc/apt/sources.list.d/azure-cli.list 
  $ sudo apt update 

  In the final "apt update" command, APT respects system-wide network
  proxy variables and successfully fetched Canonical repository data
  over HTTP.

  However, it was unable to fetch the newly added Microsoft packages
  repository served via HTTPS.

  By using Wireshark to examine the HTTPS request made by APT, the
  request body reveals as:

  CONNECT packages.microsoft.com:443 HTTP/1.1\r\n 
  Host: internal:8080\r\n 
  User-Agent: Debian APT-HTTP/1.3 (1.6.11)\r\n 
  ... 
  ... 

  
  [Regression Potential]

  * Fix already in debian, and Eoan
  * Has been reviewed/approved by juliank
  * A test package (pre-sru) has been provided to an impacted user, and he 
confirms it solves the 

[Touch-packages] [Bug 1838771] Re: http:Fix Host header in proxied https connections

2019-08-05 Thread Eric Desrochers
** Description changed:

- Currently CONNECT requests use the name of the proxy as Host value, instead of
- the origin server's name.
+ [Impact]
  
- According to RFC 2616 "The Host field value MUST represent the naming 
authority
- of the origin server or gateway given by the original URL."
+ Currently CONNECT requests use the name of the proxy as Host value,
+ instead of the origin server's name.
+ 
+ According to RFC 2616 "The Host field value MUST represent the naming
+ authority of the origin server or gateway given by the original URL."
  
  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.
  
- # salsa
- $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72 
- 1.9.0~8 
- 
- # rmadison apt 
- => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x 
- => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x 
- apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x
- 
  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f
+ 
+ [Test Case]
+ 
+ [Regression Potential]
+ 
+ [Other Info]
+ 
+ # salsa
+ $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
+ 1.9.0~8
+ 
+ # rmadison apt
+ => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
+ => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
+ apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1838771

Title:
  http:Fix Host header in proxied https connections

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  In Progress
Status in apt source package in Disco:
  In Progress

Bug description:
  [Impact]

  Currently CONNECT requests use the name of the proxy as Host value,
  instead of the origin server's name.

  According to RFC 2616 "The Host field value MUST represent the naming
  authority of the origin server or gateway given by the original URL."

  The current implementation causes problems with some proxy vendors. This
  commit[0] fixes this.

  [0] - https://salsa.debian.org/apt-
  
team/apt/commit/86d4d98060f36c7e71c34af20a1193a75496ef72#54d3193c5d10a0032c80c3a6d3f069507265547f

  [Test Case]

  [Regression Potential]

  [Other Info]

  # salsa
  $ git describe --contains 86d4d98060f36c7e71c34af20a1193a75496ef72
  1.9.0~8

  # rmadison apt
  => apt | 1.6.11 | bionic-updates | source, amd64, arm64, armhf, i386, 
ppc64el, s390x
  => apt | 1.8.1 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, 
s390x
  apt | 1.9.1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1838771/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp