Ubuntu
apt-cacher-ng package

apt-cacher-ng data corruption with HTTP headers

Bug #1162876 reported by Chris J Arges
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt-cacher-ng (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Medium
Chris J Arges

Bug Description

apt-cacher-ng is reporting hash mismatches for packages in an archive at random. This is due to the fact that apt-cacher-ng is storing the HTTP headers related to the package download in the .deb file.

This issue happens intermittently on precise apt-cacher-ng 0.7.2-1ubuntu1, but seems to be fixed in 0.7.4.

SRU Justification:
[Impact]

 * When using apt-cacher-ng hash mismatches failures for packages can cause problems when installing packages.

[Test Case]

 * Set up apt-cacher-ng
 * Intermittent failures due to hash-mismatches may occur in versions <= 0.7.2-1ubuntu1

[Regression Potential]

 * This adds a few patches that fix the issue. Unfortuantely I was unable to find an upstream VCS to be able to separate out patches from each other. Therfore I tried to remove the very obvious bits of the code that did not address the issue. All of this code is already in newer versions of the package.
 * This package has been tested in an environment with a apt-cache-ng server and 10 client machines and has been run for days without any hash mismatches.

See original description
Revision history for this message
Chris J Arges (arges) wrote :

Attached is an example log of the problem.

Changed in apt-cacher-ng (Ubuntu):
status: In Progress → Fix Released
assignee: Chris J Arges (arges) → nobody
importance: Medium → Undecided
Changed in apt-cacher-ng (Ubuntu Precise):
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Chris J Arges (arges)
Revision history for this message
Chris J Arges (arges) wrote :

Attached is a patch that fixes the issue.
A test build is here:
http://people.canonical.com/~arges/lp1162876/

Chris J Arges (arges)
description: updated
Revision history for this message
Colin Watson (cjwatson) wrote :

Sponsored, thanks!

Revision history for this message
Steve Langasek (vorlon) wrote :

Chris, I'm accepting this into precise-proposed because from Colin I understand re-validating a prospective patch is quite time-consuming with a long customer round-trip. But the patch here is suboptimal; in future SRUs, please avoid code changes unrelated to the bugs you're trying to fix.

In this case, there are:

 - renamed members in a class (m_nReqRangeFrom, m_nReqRangeTo)
 - an API change that affects parsing behavior when an option appears more than once in the config, which is unrelated to the bugs here (SetOption)
 - renamed defines (EFLAG_DISCON, EFLAG_DO_DISCON)
 - logging changes

All of these are unrelated to the bugfixes, and make code review of the diff more time-consuming and error-prone. I've satisfied myself that they're reasonably safe here, but such changes should not be included in an SRU - an SRU should include the minimal change necessary to fix the bug.

Changed in apt-cacher-ng (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Chris, or anyone else affected,

Accepted apt-cacher-ng into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apt-cacher-ng/0.7.2-1ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Jonathan Davies (jpds)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Chris J Arges (arges) wrote :

@vorlon,
Thanks for the feedback, I agree completely with your assessment. I did attempt this; however, I was a bit too conservative with hacking down the patch. Noted for next time.

Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt-cacher-ng - 0.7.2-1ubuntu2

---------------
apt-cacher-ng (0.7.2-1ubuntu2) precise; urgency=low

   [ Eduard Bloch ]
   * Option to disable Range/If-Range for volatile files (LP: #983128)
   * Fixes storage of HTTP header data in cached files under certain
         circumstances (now really closes: #644959) (LP: #1162876)
 -- Chris J Arges <email address hidden> Tue, 09 Apr 2013 00:21:04 +0100

Changed in apt-cacher-ng (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.