Unfortunately, I cannot reproduce the bug by deliberately running apt
update while the captive portal is in effect.
I think I must have hit some obscure edge case that isn't covered by the
existing fix. Maybe something to do with switching networks during an
automatic update? Who knows. Clearly I
I believe I have just experienced this bug in xenial with apt 1.2.32.
Files in /var/lib/apt/lists contained HTML from a captive portal, breaking apt
until they were removed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
** Tags added: precise
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bug go to:
https://bugs.lau
Come on guys, Trusty users still encounter the issue.
** Tags added: trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manag
Seeing a bunch of reports about Ubiquity crashing and showing the same
MergeList error in translation files, I insist that the fix for this
issue *must* be backported to Trusty.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
** Changed in: apt (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notification
> It's always the same file that is corrupted.
/var/lib/apt/lists/za.archive.ubuntu.com_ubuntu_dists_trusty-
updates_main_i18n_Translation-en
That's enough to mark it as a duplicate. APT was vulnerable precisely to the
corrupted translation files.
If you don't believe (and have enough time), look
I open a possible duplicate bug #1343205, and it was marked as a
duplicate by Monsta, but...
The symptoms of this in my case are different.
1. It's always the same file that is corrupted.
/var/lib/apt/lists/za.archive.ubuntu.com_ubuntu_dists_trusty-updates_main_i18n_Translation-en
2. This happe
** Branch linked: lp:debian/apt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bug go to:
https:/
Ok great, and when will the fix be backported into Trusty?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications ab
This bug was fixed in the package apt - 1.0.4ubuntu5
---
apt (1.0.4ubuntu5) utopic; urgency=medium
[ Michael Vogt ]
* Try not to parse invalid translation files (LP: #756317)
[ Iain Lane ]
* Remove stray *.debhelper files.
-- Iain LaneFri, 04 Jul 2014 10:15:28 +0100
**
** Branch linked: lp:ubuntu/utopic-proposed/apt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bu
So when will this fix get into Trusty?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bug go to:
Are you sure it's alright to not have any protection from the corrupted
files in /var/lib/apt/lists directory?
You may have fixed this particular bug, but there may be others related
to the corruption of the lists.
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
Tim Hortons' captive portals break apt. Do they have Tim Horton's coffee
shop in your neck of the woods?
Bryan Harris, PE
Research Engineer
Structures and Materials Evaluation Group
University of Dayton Research Institute
bryan.har...@udri.udayton.edu
http://www.udri.udayton.edu/
(937) 229-5561
No. Corrupted files in /var/lib/apt/lists will still produce errors. APT
downloads files to a "partial" subdirectory, and moves them to the lists
directory if they verify correctly (contain a Package: field). Those,
corrupt files cannot end up in the lists directory.
--
You received this bug noti
The normal use does not break, apt-get update && apt-get dist-upgrade,
and also some usage of apt-cache - all went successfully.
But shouldn't the reading of the corrupted files be fixed somehow?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
Just checking that normal use without a portal does not break also
helps.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage n
How to test it without an access to a captive portal or too clever adsl
modem?
If I corrupt any of Translation files manually, APT still behaves like
before (i.e. ceases to function). Should I do some other test?
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Exactly.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubu
You mean this PPA?
https://launchpad.net/~deity/+archive/ubuntu-tests
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notif
** Changed in: apt (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notific
I pushed a package for trusty with this fixed to
ppa:deity/sid
(currently building)
This is almost completely untested, it just re-enables verification for
all indices.
You can try it out and report back if this produces any error.
--
You received this bug notification because you are a membe
(The version number is 0.9.15.4ubuntu2+jak1)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
To manage notifications about this bug g
The problem is that most people don't use apt at all. Their computer goes
out to see if there are updates and breaks silently. It happens without
user knowledge or intervention.
On Mar 23, 2014 6:01 AM, "Monsta" <756...@bugs.launchpad.net> wrote:
> Would be really nice if you'd fixed it before U
With the current situation, you do not even have to actively use APT behind
such a portal for the bug to be triggered.
When my main internet connection was working with such a portal, APT just
stopped working seemingly randomly because there apparently is some kind of
auto fetch daemon running b
This is too complicated to fix before the trusty release. Any fix for
this needs proper testing, and we cannot do this in such a short time
frame. Most people do not use APT behind such portals, and we need to be
sure to not break things for them.
--
You received this bug notification because you
Would be really nice if you'd fixed it before Ubuntu 14.04 LTS is
finally released...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt translation indices
I already wrote it: The check already exist. It is in
pkgAcqIndex::Done() in apt-pkg/acquire-item.cc, it is just disabled in
commit c5f661b715fbd86fcbca694c44bb8422f01db267 for some type of indices
(optional ones like translations). I do not know why.
This is not a denial of service. APT clearly i
I see that there are http and https methods for downloading items. What if
we just removed http download of files and defaulted to https? This would
neatly guarantee that a captive portal (either broken or malicious) cannot
get away with pretending to be a download server. Assuming https is
impl
I'm willing to spend some time working on a patch.
Does anybody have an idea where in the code a syntax check should go?
Bryan Harris, PE
Research Engineer
Structures and Materials Evaluation Group
University of Dayton Research Institute
bryan.har...@udri.udayton.edu
http://www.udri.udayton.edu/
On 21/03/14 16:41, Monsta wrote:
> It's problematic for one simple reason: APT ceases to function normally
> until you remove the offending files and update the package index again.
>
Simply, it is a Denial of Service.
Quite a neat way to create a window of opportunity for so-called zero-
day vu
It's problematic for one simple reason: APT ceases to function normally
until you remove the offending files and update the package index again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756317
Ti
33 matches
Mail list logo
