[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

The change seem to be buggy, at least it created bug #1849004 which changelog fetchning stopped working in case without proxy in use -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

This bug was fixed in the package ubuntu-release-upgrader - 1:16.04.27 --- ubuntu-release-upgrader (1:16.04.27) xenial; urgency=medium * Use HTTPS for changelogs.ubuntu.com (LP: #1744318) * Run pre-build script to update mirror list, hold apt-btrfs-snapshot changes -- Julian

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

This bug was fixed in the package update-manager - 1:16.04.16 --- update-manager (1:16.04.16) xenial; urgency=medium * Use HTTPS for changelogs.ubuntu.com (LP: #1744318) * Add support for HTTPS proxies; this breaks UpdateManager.Core.utils.init_proxy() API - the return value

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

FWIW, This was for the correct versions. # dpkg -l ubuntu-release-upgrader-core update-manager-core Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

Oh silly me, I had https proxy set to non-existing hostname, this works fine after removing it! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

old version tries to connect to port 80, hangs because I blocked it. [pid 1035] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("91.189.95.15")}, 16) = -1 EINPROGRESS (Operation now in progress) [pid 1035] poll([{fd=3, events=POLLOUT|POLLERR}], 1, 2 afterwards it

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

Blocking access: ufw deny out to 2001:67c:1560:8008::11 port 80 ufw deny out to 91.189.95.15 port 80 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

FTR: All autopkgtests have passed now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about this bug go to:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

Hello TJ, or anyone else affected, Accepted ubuntu-release-upgrader into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /ubuntu-release-upgrader/1:16.04.27 in a few hours, and then in the -proposed repository. Please help us by testing this

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Merge proposal linked: https://code.launchpad.net/~juliank/ubuntu/+source/ubuntu-release-upgrader/+git/ubuntu-release-upgrader/+merge/373494 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

Hello TJ, or anyone else affected, Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update- manager/1:16.04.16 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Changed in: ubuntu-release-upgrader (Ubuntu Xenial) Status: New => In Progress ** Changed in: ubuntu-release-upgrader (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: update-manager (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: update-manager

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Description changed: - Although the packages listed in meta-release files on - changelogs.ubuntu.com are signature-checked there doesn't appear to be - any way to verify the meta-release files are valid so a man-in-the- - middle could maliciously supply an alternate meta-release. + [Impact] +

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Tags added: id-5ce6d6855257155f211b5d3f -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about this bug go to:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

I think the issue I remembered was bug 1771914 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about this bug go

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

I think I vaguely recall some issues that occured after this SRU in bionic, but I'm not sure anymore. It certainly means that tools stop working for people behind proxies in quite a few cases (e.g. various apt proxies not allowing https connect; or access to changelogs.ubuntu.com). So we need to

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

This bug was fixed in the package ubuntu-release-upgrader - 1:18.04.12 --- ubuntu-release-upgrader (1:18.04.12) bionic; urgency=medium [ Simon Quigley ] * Port away from kdesudo. [ Brian Murray ] * Increase the size of the buffer used when calculating the free space to

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

This bug was fixed in the package update-manager - 1:18.04.6 --- update-manager (1:18.04.6) bionic; urgency=medium * Use HTTPS for changelogs.ubuntu.com (LP: #1744318) -- Julian Andres Klode Thu, 15 Mar 2018 14:19:24 +0100 ** Changed in: update-manager

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Changed in: ubuntu-release-upgrader (Ubuntu Bionic) Status: New => Fix Committed ** Changed in: update-manager (Ubuntu Bionic) Status: Triaged => In Progress ** Changed in: update-manager (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Also affects: ubuntu-release-upgrader (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Branch linked: lp:~juliank/ubuntu-release-upgrader/https-changelogs ** Branch linked: lp:~juliank/update-manager/https-changelogs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

I think we'll turn on https for now, and defer GPG to a later time. There are essentially two ways we could go for that: (1) implement GPG verification in UpdateManager. gpg is hard to use, so I'd expect us to mess up somewhere. Also should have rollback and starving prevention

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Tags added: id-5a733ec9244ad5f76d9cf9c8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about this bug go to:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Tags added: rls-bb-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about this bug go to:

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744318 Title: changelogs.ubuntu.com should be using HTTPS To manage notifications about

[Bug 1744318] Re: changelogs.ubuntu.com should be using HTTPS

1) probably needs an RT to https-ify the subdomain 2) probably needs an RT/trello planning for inline gpg signed meta-releases 3) probably needs a trello planning for code changes to use the inline gpg signed meta-releases and/or https ** Changed in: update-manager (Ubuntu) Assignee: