Bug#602412: incorrectly escapes url from 301 response
Package: apt
Version: 0.8.10.3
Severity: normal
Just like the previous poster, I am administrating a internal debian
mirror server and can confirm this problem. As our users should be able
to leave the internal mirror in their sources.list when they take their
laptops outside our network, our mirror is configured to redirect
request from outside our network to the official mirrors. Here's one
example of a connection to the mirror:
APT:
GET /debian-security/pool/updates/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.7-2%7esqueeze1_amd64.deb HTTP/1.1
Host: [...]
Connection: keep-alive
User-Agent: Debian APT-HTTP/1.3 (0.8.10.3)
OUR MIRROR:
HTTP/1.1 301 Moved Permanently
Location: http://security.debian.org/pool/updates/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.7-2%7esqueeze1_amd64.deb
Content-Length: 0
Date: Thu, 21 Apr 2011 09:18:33 GMT
Server: lighttpd/1.4.28
APT -- NOTE: % from Location was incorrectly replaced by %25
GET /pool/updates/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.7-2%257esqueeze1_amd64.deb HTTP/1.1
Host: security.debian.org
Connection: keep-alive
User-Agent: Debian APT-HTTP/1.3 (0.8.10.3)
DEBIAN MIRROR (security.debian.org):
HTTP/1.1 404 Not Found
Date: Thu, 21 Apr 2011 09:18:11 GMT
Server: Apache
Content-Length: 350
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
As you can see, aptitude incorrectly replaces the % in the already
urlencoded header by %25, so security.debian.org cannot find the
package. I have checked the original URL that aptitude requests from our
internal mirror with HEAD (libwww-perl), curl, wget and chromium which
all do not rewrite the % in the Location header and thus can access the
package.
Kind regards.
Roman
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- (no /etc/apt/preferences present) --
-- (/etc/apt/sources.list present, but not submitted) --
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian a
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.6.3-3.2 terminal-based package manager (te
ii bzip2 1.0.5-6 high-quality block-sorting file co
pn dpkg-dev <none> (no description available)
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.100.1 Python interface to libapt-pkg
-- no debconf information
Reply to: