Bug#785681: marked as done (apt-cacher: Infinite loop in ssl_proxy())

Wed, 17 Jun 2015 10:06:42 -0700 

Your message dated Wed, 17 Jun 2015 17:03:33 +0000
with message-id <[email protected]>
and subject line Bug#785681: fixed in apt-cacher 1.7.11
has caused the Debian Bug report #785681,
regarding apt-cacher: Infinite loop in ssl_proxy()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
785681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785681
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: apt-cacher
Version: 1.7.10
Severity: normal

Dear Maintainer,

Hello, after adding HTTPS sources ("deb https://deb.packager.io/gh/pkgr/gogs 
wheezy pkgr")
on a client PC I noticed apt-cacher's CPU usage go through the roof.

Some poking around led to the discovery that ssl_proxy() doesn't appear to
notice EOF on the upstream connection, leading to an infinite loop. I added
a debugging message (and a sleep :P) inside the main loop, resulting in:

Tue May 19 12:10:56 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=318 count=318
Tue May 19 12:10:56 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=4096 count=4414
Tue May 19 12:10:56 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=1368 count=5782
Tue May 19 12:10:56 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=1081 count=6863
Tue May 19 12:10:56 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=126 count=6989
Tue May 19 12:10:56 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=51 count=7040
Tue May 19 12:10:57 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=141 count=7181
Tue May 19 12:10:57 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=844 count=8025
Tue May 19 12:10:57 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=31 count=8056
Tue May 19 12:10:57 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:57 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:57 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:58 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=192.95.29.226 
to=::ffff:134.115.83.129 num=0 count=8056
Tue May 19 12:10:59 2015|debug [11968]:    from=::ffff:134.115.83.129 
to=192.95.29.226 num=0 count=8056
[ad infinitum]

Note that sysread() returns 0 on EOF, which is never checked for!

Steps to reproduce:
 - configure apt-cacher to allow HTTPS, eg:
      allowed_ssl_locations = deb.packager.io, 
pkgr-production-deb.s3.amazonaws.com
 - fetch something over HTTPS via apt-cacher, eg:
      curl -x http://apt-cache:3142/ -D - 
https://deb.packager.io/gh/pkgr/gogs/dists/wheezy/Release

-- System Information:
Debian Release: 8.0
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'stable'), (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages apt-cacher depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  ed                     1.10-2
ii  libdpkg-perl           1.17.25
ii  libfilesys-df-perl     0.92-5+b1
ii  libfreezethaw-perl     0.5001-1
ii  libio-interface-perl   1.07-2+b1
ii  libipc-shareable-perl  0.61-1
ii  libnetaddr-ip-perl     4.075+dfsg-1+b1
ii  libsys-syscall-perl    0.25-2
ii  libwww-curl-perl       4.17-1+b1
ii  libwww-perl            6.08-1
ii  lsb-base               4.1+Debian13+nmu1
ii  perl                   5.20.2-3
ii  ucf                    3.0030
ii  update-inetd           4.43

Versions of packages apt-cacher recommends:
ii  libberkeleydb-perl  0.54-2+b1

Versions of packages apt-cacher suggests:
ii  libio-socket-inet6-perl  2.72-1

-- Configuration Files:
/etc/apt-cacher/apt-cacher.conf changed:
group = www-data
user = www-data

/etc/default/apt-cacher 7b55798086dfb263f3c4ba2a6ddfce65 [Errno 2] No such file 
or directory: u'/etc/default/apt-cacher 7b55798086dfb263f3c4ba2a6ddfce65'

-- debconf information:
* apt-cacher/mode: daemon

--- End Message ---
--- Begin Message --- 
Source: apt-cacher
Source-Version: 1.7.11

We believe that the bug you reported is fixed in the latest version of
apt-cacher, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Hindley <[email protected]> (supplier of updated apt-cacher package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jun 2015 09:28:35 +0100
Source: apt-cacher
Binary: apt-cacher
Architecture: source all
Version: 1.7.11
Distribution: unstable
Urgency: low
Maintainer: Mark Hindley <[email protected]>
Changed-By: Mark Hindley <[email protected]>
Description:
 apt-cacher - Caching proxy server for Debian/Ubuntu software repositories
Closes: 760141 782126 785681 786661
Changes:
 apt-cacher (1.7.11) unstable; urgency=low
 .
   * Add Ubuntu codenames 15.04 (vivid) and 15.10 (wily).
   * Fix apt-cacher-import.pl in copy mode so that a valid Content-Length
     header is generated. Patch from Pip Cet (closes: #782126).
   * Correctly detect and handle EOF in  ssl_proxy() (closes: #785681).
   * Upgrade Standards Version to 3.9.6. No changes.
   * Create /var/run/apt-cacher in init script for CGI/inetd mode (closes:
     786661).
   * Verify existence (or create) /var/run/apt-cacher in
     apt-cacher-cleanup.pl (closes: #760141).
   * Automatically reap forked processes in apt-cacher-cleanup.pl.
Checksums-Sha1:
 6ae92d122a151df06ec7e20c95317c5e7451de0b 1446 apt-cacher_1.7.11.dsc
 fb1e0a2c9dcd6ee07f7cd290a09b100699906419 97644 apt-cacher_1.7.11.tar.xz
 02774a505b6e8129179ebb6ab144671edef17699 101376 apt-cacher_1.7.11_all.deb
Checksums-Sha256:
 04b168e1fdc95bb5ebe980ab093a2a49e51d849e23209fa6afb96c345e0f5399 1446 
apt-cacher_1.7.11.dsc
 5141e9c9d773d12006edfbeb4219daa3ffea98109d33148ae27c6c6050eee005 97644 
apt-cacher_1.7.11.tar.xz
 9192584243231074cca65e4a4791bb13e438d89cff8f849601bc404140bab313 101376 
apt-cacher_1.7.11_all.deb
Files:
 ce9450a8a41d69c0ab38d2a718d0c899 1446 net optional apt-cacher_1.7.11.dsc
 edc7c5bfb6677671764ba5504e68da79 97644 net optional apt-cacher_1.7.11.tar.xz
 81e1e3ba803a5f8ca7aa9bb08eea54b6 101376 net optional apt-cacher_1.7.11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVYGjlml0DlyzX+w8AQhrHg//W4c+4sg/QozaN2EfuJ3Al4bxsTvojtzm
L4mxGQ6hPNJC0e6WbeACQhCuIBwE2yNkISItTrf+lQcsJBOCjF9L5eGKJZ3K1bSg
FMKOSBtIuoorvn/Vn93kmLJHvKvEnZBeirMs2l7Hu/sCwTDhzFRuVrcRlvx4JeuK
UYN6lQAPCXKQs4xg+NJvZ8l3S35GSJNahI5mjUlkoIgvIYDZmR1iAggGX1UuG9Sd
zWRQ0J1b5foEURXRcduiK7dxgeHT4OiqiY4wWTEw0g23vtEfbkGSy7FdaFhA70d9
dBN0R1J9XhNytGe+R4q/Iolkk5UXWpMZoVGu31boLgnjvVnBJKeLdWw5Vafr7f+Z
gy4y0rVEqycJSCZQfNDh4JOplbvtx/rVHXCpbRU+/qtrGjGG65T7RWg8+kLMgX3n
z4wxqzX/gdJ1ZPWzeeNcr20LOsPaVYTgL3w7iri9wmGNYKcyPioMFaSGuBr2meqG
xpopmuF6SiY8M/lpFDdMOnWze768WElUUzeQ5kCyPM0CugA6EKasUmSH6WrJ/L/U
ZNh8K6LkmHjOPFxbGM9RJfwb3stRRR7eRGIr21JqJ2Os3fycUlALarGJUdOrr9ns
/O24P+/k6OfL2zOJoWe0Zd/2IYYjwDXmg8JVk2MpUYpI/aRk06Kedc7miY2kOWmV
UMYNzSEn4no=
=WcPX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to