The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: apt (Ubuntu Precise)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1157943
Title:
apt-get update fails hash checks on https repositories when file size
changes
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Precise:
Won't Fix
Bug description:
apt uses its own strategy for sending Range: requests on https,
instead of the libcurl handling. Here's is a scenario where it gets it
wrong:
1) apt downloads the file but doesn't put the file in place yet (perhaps it
got interrupted or something)
2) the file on the server gets replaced by a smaller file
3) the next update run wants to download the file, sees a partial read, and
asks for Range: (len(file)-1)-
4) the server sees a Range: request for a byte-range past the end of (the
current version of) the file, considers it invalid, and streams the entire
file. (This is correct behavior.)
5) apt assumes the response is the range it expected, and appends it to the
local staging copy (minus one byte).
Instead of rolling apt's own attempt to handle ranges in the https
method, it should just use libcurl's. Attached is a patch which solves
the problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1157943/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
