[Bug 1561215] Re: Upgrade to 16.04 blocked by firewall due to HTTP violation

Xavier Aragon 1561215 at bugs.launchpad.net
Thu Mar 31 12:45:25 UTC 2016 

This problem only seems to affect Kubuntu upgrades, where the graphical
frontend 'DistUpgradeViewKDE' is used.

If the text mode upgrade is used (e.g. 'do-release-upgrade -d') the
release notes are not shown at all. Also if the GTK graphical frontend
is used (e.g. 'do-release-upgrade -d --frontend=DistUpgradeViewGtk3')
there is no problem, the release notes are correctly downloaded and
shown. But with the KDE frontend ('do-release-upgrade -d
--frontend=DistUpgradeViewKDE' or 'kubuntu-devel-release-upgrade'), the
HTTP request is made with an illegal URI containing a space. In presence
of a strict firewall that request may be dropped, and the upgrade
doesn't proceed.

The reason why the GTK frontend works is that the invalid URI is passed
to WebKit, which "fixes" the URI, i.e. encodes the space in the URI as
%20 before sending the HTTP request to the server. With the KDE
frontend, however, the URI is passed to python's
urllib.request.urlopen() function, which doesn't "fix" the URI, i.e. the
HTTP request is made with the illegal URI containing a space (coming
from the version string '16.04 LTS', i.e. this problem only affects
upgrades to LTS releases).

I believe this is a bug in MetaRelease.py which produces the
'dist.releaseNotesHtmlUri' but doesn't encode it properly for use as an
URI.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1561215

Title:
  Upgrade to 16.04 blocked by firewall due to HTTP violation

Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  Upgrading from 15.10 to 16.04 may fail e.g. in corporate environments
  where firewall or IDS/IPS equipment enforce strict HTTP protocol
  usage. The failure occurs right in the beginning of the upgrade, as
  the upgrader fails to retrieve the release announcement that would be
  shown to the user. The problem is the URI in the HTTP request, which
  contains the version string '16.04 LTS' without proper encoding.
  Spaces should be encoded as '%20' in an URI, but method
  _get_release_notes_uri_query_string() in MetaRelease.py of package
  python3-update-manager seems to add the version string dist.version as
  a query parameter to the URI without any encoding:

         # get the version to upgrade to
          q += "ver=%s" % dist.version

  I think it would be necessary to use something like
  urllib.parse.quote(dist.version) instead.

  Below is the problematic HTTP request. It is dropped by the firewalls
  in the corporation where I work. At home the upgrade works without
  problem.

  HEAD /ubuntu//dists/xenial/main/dist-upgrader-all/current/DevelReleaseAnnouncement.html?lang=en_US&os=ubuntu&ver=16.04 LTS HTTP/1.1
  Accept-Encoding: identity
  User-Agent: Python-urllib/3.4
  Connection: close
  Host: archive.ubuntu.com

  
  Release and package info:

  Description:    Ubuntu 15.10
  Release:        15.10

  python3-update-manager:
    Installed: 1:15.10.3
    Candidate: 1:15.10.3
    Version table:
   *** 1:15.10.3 0
          500 http://se.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1561215/+subscriptions

More information about the foundations-bugs mailing list