Report forwarded
to debian-bugs-dist@lists.debian.org, Michael Vogt <mvo@debian.org>: Bug#870321; Package squid-deb-proxy-client.
(Tue, 01 Aug 2017 01:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupre <anarcat@debian.org>:
New Bug report received and forwarded. Copy sent to Michael Vogt <mvo@debian.org>.
(Tue, 01 Aug 2017 01:27:03 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: disabled proxies hide working proxies
Date: Mon, 31 Jul 2017 21:22:54 -0400
Package: squid-deb-proxy-client
Version: 0.8.9
Severity: normal
Tags: patch
Hi!
I must admit: I have a broken setup. So maybe this could be argued as
"garbage in, garbage out". But hear me out before you discard this
one. :)
In my home network, I did some tests to setup apt-cacher-ng on my
workstation, then deployed the results on the real local server. As a
result, I have *two* apt-cacher-ng services (or so I thought), running
in the local network.
It turns out the workstation one isn't working very well and is
refusing connexions:
nc: unable to connect to address 192.168.0.175, service 3142
Oops. Not sure what happened there. Oh well. But
squid-deb-proxy-client don't care right? He'll survive this, there's
this timing thing to rate proxies and chose the fastest one and
all. Wrong! It actually completely fails to find the right proxy,
because the above misconfiguration triggers an exception on the client
side:
$ apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd05:5f2d:569f::fc3', 3142, 0, 0): 9223372036854775807 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.0.175', 3142): 9223372036854775807 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://192.168.0.3:3142/
Boom. Here you can see the correct proxy URL is shown, but only
*after* uncaught exceptions are dumped on the console. APT, naturally,
freaks out and doesn't find the proxy and falls back to just doing a
direct connexion.
This could be fine, except it means that a local proxy can be "hidden"
with a deliberately misconfigured Avahi service. Now I don't think
this is a security issue per se - merely an annoyance. But it *does*
make debugging quite hard, because everything seems fine from the
client's perspective: the real server is properly configured and
answering requests. It's only when you run that script by hand that
you realize you left that other service running.
I have found, mostly through trial and error, that the following patch
fixes the issue:
--- apt-avahi-discover 2013-09-20 08:04:12 +0000
+++ apt-avahi-discover 2017-08-01 01:21:12 +0000
@@ -48,6 +48,11 @@
self._time_init = time.time()
self.time_to_connect = sys.maxint
self.address = addr
+ def handle_connect_event(self):
+ try:
+ asyncore.dispatcher.handle_connect_event(self)
+ except Exception as e:
+ DEBUG("error from dispatcher: %s" % e)
def handle_connect(self):
self.time_to_connect = time.time() - self._time_init
self.close()
I originally tried to add exception handlers in __init__ and
handle_connect but for some reason, handle_connect_event is where the
exception is raised. Go figure.
With the above, my APT client works correctly even if there's a
misbehaving Avahi server out there.
Thanks!
-- System Information:
Debian Release: 8.9
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages squid-deb-proxy-client depends on:
ii apt 1.0.9.8.4
ii avahi-utils 0.6.31-5
ii python 2.7.9-1
squid-deb-proxy-client recommends no packages.
squid-deb-proxy-client suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Michael Vogt <mvo@debian.org>: Bug#870321; Package squid-deb-proxy-client.
(Wed, 09 Oct 2019 14:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to bugs@k2c42.dy.fi:
Extra info received and forwarded to list. Copy sent to Michael Vogt <mvo@debian.org>.
(Wed, 09 Oct 2019 14:24:05 GMT) (full text, mbox, link).
I bumped into the same problem.
It seems it can also be fixed by adding an error handler:
def handle_error(self):
DEBUG(...)
Information forwarded
to debian-bugs-dist@lists.debian.org, Michael Vogt <mvo@debian.org>: Bug#870321; Package squid-deb-proxy-client.
(Mon, 16 Aug 2021 08:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mikko Tuumanen <bugs@k2c42.dy.fi>:
Extra info received and forwarded to list. Copy sent to Michael Vogt <mvo@debian.org>.
(Mon, 16 Aug 2021 08:33:02 GMT) (full text, mbox, link).
Subject: Re: disabled proxies hide working proxies
Date: Mon, 16 Aug 2021 11:12:49 +0300
On Wed, 9 Oct 2019 17:15:05 +0300 bugs@k2c42.dy.fi wrote:
> I bumped into the same problem.
>
> It seems it can also be fixed by adding an error handler:
>
> def handle_error(self):
> DEBUG(...)
>
I stumbled into another problem. If someone advertises a proxy with an ipv6
address that is not reachable by the clients, then apt-avahi-discover crashes
with
File "/usr/lib/python2.7/asyncore.py", line 356, in connect
raise socket.error(err, errorcode[err])
socket.error: [Errno 101] ENETUNREACH
A workaround for that is to catch the exception:
try:
hosts.append(AptAvahiClient(addr))
except socket.error:
DEBUG("Socket error, skipping")
But then error handler needs to close the client to avoid an infinite loop:
def handle_error(self):
DEBUG("error")
self.close()
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Mon, 21 Oct 2024 17:54:15 GMT) (full text, mbox, link).
Notification sent
to Antoine Beaupre <anarcat@debian.org>:
Bug acknowledged by developer.
(Mon, 21 Oct 2024 17:54:16 GMT) (full text, mbox, link).
To: 724229-done@bugs.debian.org,762428-done@bugs.debian.org,779129-done@bugs.debian.org,779917-done@bugs.debian.org,799332-done@bugs.debian.org,822365-done@bugs.debian.org,826970-done@bugs.debian.org,827201-done@bugs.debian.org,870321-done@bugs.debian.org,876996-done@bugs.debian.org,890213-done@bugs.debian.org,904847-done@bugs.debian.org,932501-done@bugs.debian.org,1009067-done@bugs.debian.org,1026397-done@bugs.debian.org,1039383-done@bugs.debian.org,1051479-done@bugs.debian.org,
Cc: squid-deb-proxy@packages.debian.org
Subject: Bug#1081589: Removed package(s) from unstable
Date: Mon, 21 Oct 2024 17:50:32 +0000
Version: 0.8.16+rm
Dear submitter,
as the package squid-deb-proxy has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1081589
The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 19 Nov 2024 07:25:39 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.