Bug#602412: apt incorrectly escapes url from 301 response

To: submit@bugs.debian.org
Subject: Bug#602412: apt incorrectly escapes url from 301 response
From: Tomas Cohen Arazi <tomascohen@gmail.com>
Date: Thu, 4 Nov 2010 14:27:25 -0300
Message-id: <[🔎] AANLkTikTm9YSK=6XDfh6NPp0qKB1BtUM9RWDppr8B=jD@mail.gmail.com>
Reply-to: Tomas Cohen Arazi <tomascohen@gmail.com>, 602412@bugs.debian.org

Package: apt
Version: 0.8.3ubuntu7
Severity: important

I set an internal ubuntu mirror in our network and have a proxy that
redirects traffic to http://ar.archive.ubuntu.com/ubuntu to
http://ubuntu.unc.edu.ar/ubuntu
In the case we have to fetch a .deb file that has '~' in its name, apt
renames the file substituting '~' for '%7e' which is fine. When the
proxy response arrives it does with a redirection that consists of a
fqdn substitution. Then, apt escapes the URL from the response
substituting '%' for '%25' so it asks for the incorrect file in the
internal mirror:

apt tries to download
http://ar.archive.ubuntu.unc.edu.ar/ubuntu/pool/main/u/ubufox/ubufox_0.9~rc2-0ubuntu5.1_all.deb
sends a
GET http://ar.archive.ubuntu.com/ubuntu/pool/main/u/ubufox/ubufox_0.9%7erc2-0ubuntu5.1_all.deb
receives
301 http://ubuntu.unc.edu.ar/ubuntu/pool/main/u/ubufox/ubufox_0.9%7erc2-0ubuntu5.1_all.deb
then sends a
GET http://ubuntu.unc.edu.ar/ubuntu/pool/main/u/ubufox/ubufox_0.9%257erc2-0ubuntu5.1_all.deb

This was checked with wireshark.
We suggest avoiding the string escape if it doesn't have security implications.

Reply to:

Prev by Date: Bug#602354: base: apt-get runs in top consuming 90% cpu. 0% idle. uptime 18:45.
Next by Date: Bug#596141: marked as done (apt: updated german program translation)
Previous by thread: интересуют листовки
Next by thread: Bug#596141: marked as done (apt: updated german program translation)
Index(es):
- Date
- Thread