Upgrade to 16.04 blocked by firewall due to HTTP violation

Bug #1561215 reported by Xavier Aragon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
Fix Released
Medium
Brian Murray
Xenial
Fix Released
Medium
Brian Murray

Bug Description

Upgrading from 15.10 to 16.04 may fail e.g. in corporate environments where firewall or IDS/IPS equipment enforce strict HTTP protocol usage. The failure occurs right in the beginning of the upgrade, as the upgrader fails to retrieve the release announcement that would be shown to the user. The problem is the URI in the HTTP request, which contains the version string '16.04 LTS' without proper encoding. Spaces should be encoded as '%20' in an URI, but method _get_release_notes_uri_query_string() in MetaRelease.py of package python3-update-manager seems to add the version string dist.version as a query parameter to the URI without any encoding:

       # get the version to upgrade to
        q += "ver=%s" % dist.version

I think it would be necessary to use something like urllib.parse.quote(dist.version) instead.

Below is the problematic HTTP request. It is dropped by the firewalls in the corporation where I work. At home the upgrade works without problem.

HEAD /ubuntu//dists/xenial/main/dist-upgrader-all/current/DevelReleaseAnnouncement.html?lang=en_US&os=ubuntu&ver=16.04 LTS HTTP/1.1
Accept-Encoding: identity
User-Agent: Python-urllib/3.4
Connection: close
Host: archive.ubuntu.com

Release and package info:

Description: Ubuntu 15.10
Release: 15.10

python3-update-manager:
  Installed: 1:15.10.3
  Candidate: 1:15.10.3
  Version table:
 *** 1:15.10.3 0
        500 http://se.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
        100 /var/lib/dpkg/status

Tags: kubuntu xenial
Revision history for this message
Xavier Aragon (xarax-lp) wrote :

This problem only seems to affect Kubuntu upgrades, where the graphical frontend 'DistUpgradeViewKDE' is used.

If the text mode upgrade is used (e.g. 'do-release-upgrade -d') the release notes are not shown at all. Also if the GTK graphical frontend is used (e.g. 'do-release-upgrade -d --frontend=DistUpgradeViewGtk3') there is no problem, the release notes are correctly downloaded and shown. But with the KDE frontend ('do-release-upgrade -d --frontend=DistUpgradeViewKDE' or 'kubuntu-devel-release-upgrade'), the HTTP request is made with an illegal URI containing a space. In presence of a strict firewall that request may be dropped, and the upgrade doesn't proceed.

The reason why the GTK frontend works is that the invalid URI is passed to WebKit, which "fixes" the URI, i.e. encodes the space in the URI as %20 before sending the HTTP request to the server. With the KDE frontend, however, the URI is passed to python's urllib.request.urlopen() function, which doesn't "fix" the URI, i.e. the HTTP request is made with the illegal URI containing a space (coming from the version string '16.04 LTS', i.e. this problem only affects upgrades to LTS releases).

I believe this is a bug in MetaRelease.py which produces the 'dist.releaseNotesHtmlUri' but doesn't encode it properly for use as an URI.

tags: added: kubuntu xenial
Changed in ubuntu-release-upgrader (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

MetaRelease.py is actually part of update-manager but bundled with ubuntu-release-upgrader. I'm switching the package appropriately.

$ ls -lh DistUpgrade/MetaRelease.py
lrwxrwxrwx 1 bdmurray bdmurray 64 Feb 8 14:32 DistUpgrade/MetaRelease.py -> /usr/lib/python3/dist-packages/UpdateManager/Core/MetaRelease.py

affects: ubuntu-release-upgrader (Ubuntu Xenial) → update-manager (Ubuntu Xenial)
Revision history for this message
Brian Murray (brian-murray) wrote :

Looking at MetaRelease.py some more its not even clear to me why we add these query parameters to the URI since they don't do anything.

Changed in update-manager (Ubuntu Xenial):
assignee: nobody → Brian Murray (brian-murray)
Changed in update-manager (Ubuntu Xenial):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:16.04.3

---------------
update-manager (1:16.04.3) xenial; urgency=medium

  * Quote URL parameters for the Release Announcement. (LP: #1561215)

 -- Brian Murray <email address hidden> Mon, 11 Apr 2016 18:49:09 -0700

Changed in update-manager (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.