[Bug 1055614] Re: captive web portal corrupt Indexes

Bryan 1055614 at bugs.launchpad.net
Wed Sep 26 12:38:47 UTC 2012 

I have pointed this out privately.

brywilharris (at) gmail (dot) com
On Sep 25, 2012 11:25 AM, "Paul F" <boxjunk at hotmail.co.uk> wrote:

> See also Bug #756317, Bug #1001209, Bug #1034834
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1055614
>
> Title:
>   captive web portal corrupt Indexes
>
> Status in “update-manager” package in Ubuntu:
>   Confirmed
>
> Bug description:
>   When the computer is connected to a captive web portal, the update
>   manager does not check to see that files downloaded are valid indexes.
>   This results in the web portal's html file being written over some or
>   all of the files in /var/lib/apt/lists.  I have been able to remove
>   the corrupted files (assuming if they are that easy to overwrite, then
>   blowing them away will be OK too) with the following command:
>
>   cd /var/lib/apt/lists
>   for foo in `grep -r weblogin.jsp .|cut -f 1 -d ':'`; do sudo rm -f $foo;
> done
>
>   This is not something a new user could be expected to do.   I don't
>   know if the behavior has changed recently, but this is the second time
>   I have run into this bug in the last month.
>
>   This results in complete breakage of the update system stops all
>   updating until it is fixed.  The user does get a little red error icon
>   with an relatively opaque error message which was how I knew to look
>   in the /var/lib/apt/lists directory.
>
>   This prevents all security updates so I have flagged it as a security
>   vulnerability.
>
>   1) The release of Ubuntu you are using, via 'lsb_release -rd' or System
> -> About Ubuntu
>   bryan at bryan-Aspire-V3-771:~/temp$ lsb_release -rd
>   Description:  Ubuntu 12.04.1 LTS
>   Release:      12.04
>
>   2) The version of the package you are using, via 'apt-cache policy
> pkgname' or by checking in Software Center
>   bryan at bryan-Aspire-V3-771:~/temp$ apt-cache policy update-manager
>   update-manager:
>     Installed: 1:0.156.14.9
>     Candidate: 1:0.156.14.9
>     Version table:
>    *** 1:0.156.14.9 0
>           500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main
> amd64 Packages
>           100 /var/lib/dpkg/status
>        1:0.156.14.5 0
>           500 http://security.ubuntu.com/ubuntu/ precise-security/main
> amd64 Packages
>        1:0.156.14 0
>           500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64
> Packages
>
>   3) What you expected to happen
>   /var/lib/apt/lists should not get corrupted when the computer is on a
> captive portal before login.
>
>   4) What happened instead
>   /var/lib/apt/lists does get corrupted in a way that has no (obvious to a
> normal user) fix.
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1055614/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1055614

Title:
  captive web portal corrupt Indexes

Status in “update-manager” package in Ubuntu:
  Confirmed

Bug description:
  When the computer is connected to a captive web portal, the update
  manager does not check to see that files downloaded are valid indexes.
  This results in the web portal's html file being written over some or
  all of the files in /var/lib/apt/lists.  I have been able to remove
  the corrupted files (assuming if they are that easy to overwrite, then
  blowing them away will be OK too) with the following command:

  cd /var/lib/apt/lists
  for foo in `grep -r weblogin.jsp .|cut -f 1 -d ':'`; do sudo rm -f $foo; done

  This is not something a new user could be expected to do.   I don't
  know if the behavior has changed recently, but this is the second time
  I have run into this bug in the last month.

  This results in complete breakage of the update system stops all
  updating until it is fixed.  The user does get a little red error icon
  with an relatively opaque error message which was how I knew to look
  in the /var/lib/apt/lists directory.

  This prevents all security updates so I have flagged it as a security
  vulnerability.

  1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
  bryan at bryan-Aspire-V3-771:~/temp$ lsb_release -rd
  Description:	Ubuntu 12.04.1 LTS
  Release:	12.04

  2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
  bryan at bryan-Aspire-V3-771:~/temp$ apt-cache policy update-manager
  update-manager:
    Installed: 1:0.156.14.9
    Candidate: 1:0.156.14.9
    Version table:
   *** 1:0.156.14.9 0
          500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1:0.156.14.5 0
          500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
       1:0.156.14 0
          500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

  3) What you expected to happen
  /var/lib/apt/lists should not get corrupted when the computer is on a captive portal before login.  

  4) What happened instead
  /var/lib/apt/lists does get corrupted in a way that has no (obvious to a normal user) fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1055614/+subscriptions

More information about the foundations-bugs mailing list