Report forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#79002; Package apt.   debian-bugs-dist@lists.debian.orgAPT Development Team  Subject: Bug#79002: http method should support HTTP redirects Reply-To: Lee Maguire , 79002@bugs.debian.org Resent-From: Lee Maguire Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: APT Development Team Resent-Date: Thu, 07 Dec 2000 15:03:06 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 79002 X-Debian-PR-Package: apt X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by bugs@bugs.debian.org id=B.97619701012401 (code B ref -1); Thu, 07 Dec 2000 15:03:06 GMT Date: Thu, 7 Dec 2000 13:51:40 +0000 From: Lee Maguire To: Debian Bug Tracking System Message-ID: <20001207135140.A16298@enzo.hexkey.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Reportbug-Version: 1.7 Delivered-To: submit@bugs.debian.org Package: apt Version: 0.3.19 Severity: wishlist The http apt method doesn't appear to support HTTP redirection codes, i.e. when recieving 301 (Permanent Redirect) or 302 (Temp) code it gives back "Err". I can see this facility to be desirable in several instances, including - temp redirects when mirrors are in the process of being updated or undergoing maintainance. - redirects to software that is stored in .deb format, but not in an apt-able archive. See [RFC2068 10.3]   Acknowledgement sent to Lee Maguire <lee-debian@hexkey.co.uk>:
New Bug report received and forwarded. Copy sent to APT Development Team <deity@lists.debian.org>.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: Lee Maguire Subject: Bug#79002: Acknowledgement (http method should support HTTP redirects) Message-ID: In-Reply-To: <20001207135140.A16298@enzo.hexkey.org> References: <20001207135140.A16298@enzo.hexkey.org> X-Debian-PR-Message: ack 79002 Thank you for the problem report you have sent regarding Debian. This is an automatically generated reply, to let you know your message has been received. It is being forwarded to the developers mailing list for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): APT Development Team If you wish to submit further information on your problem, please send it to 79002@bugs.debian.org (and *not* to bugs@bugs.debian.org). Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at submit) by bugs.debian.org; 7 Dec 2000 13:50:10 +0000 From lee@hexkey.org Thu Dec 07 07:50:09 2000 Return-path: Received: from enzo.hexkey.org [212.25.240.42] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 1441R2-0003Da-00; Thu, 07 Dec 2000 07:50:08 -0600 Received: from lee by enzo.hexkey.org with local (Exim 3.16) id 1441SW-0004GZ-00; Thu, 07 Dec 2000 13:51:40 +0000 Date: Thu, 7 Dec 2000 13:51:40 +0000 From: Lee Maguire To: Debian Bug Tracking System Subject: http method should support HTTP redirects Message-ID: <20001207135140.A16298@enzo.hexkey.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Reportbug-Version: 1.7 Delivered-To: submit@bugs.debian.org Package: apt Version: 0.3.19 Severity: wishlist The http apt method doesn't appear to support HTTP redirection codes, i.e. when recieving 301 (Permanent Redirect) or 302 (Temp) code it gives back "Err". I can see this facility to be desirable in several instances, including - temp redirects when mirrors are in the process of being updated or undergoing maintainance. - redirects to software that is stored in .deb format, but not in an apt-able archive. See [RFC2068 10.3]   Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#79002; Package apt.   debian-bugs-dist@lists.debian.orgAPT Development Team  Subject: Bug#79002: http method should support HTTP redirects Reply-To: Itai Zukerman , 79002@bugs.debian.org Resent-From: Itai Zukerman Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: APT Development Team Resent-Date: Mon, 11 Dec 2000 13:03:03 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 79002 X-Debian-PR-Package: apt X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by 79002-bugs@bugs.debian.org id=B79002.97653970629381 (code B ref 79002); Mon, 11 Dec 2000 13:03:03 GMT To: 79002@bugs.debian.org From: Itai Zukerman Date: 11 Dec 2000 08:01:44 -0500 Message-ID: <87r93faz7r.fsf@matt.w80.math-hat.com> Lines: 11 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: 79002@bugs.debian.org Looking at the http method, it seems like it would be pretty easy to enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is definitely a hack (it messes up concurrent downloads?), and what we really need, I think, is a new message we can pass back to apt: 30x URI Redirection Then, apt can re-issue a 600 to the appropriate method. Is this being worked on? I need it for a project I'm doing... -itai   Acknowledgement sent to Itai Zukerman <zukerman@math-hat.com>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: Itai Zukerman Subject: Bug#79002: Info received (was Bug#79002: http method should support HTTP redirects) Message-ID: In-Reply-To: <87r93faz7r.fsf@matt.w80.math-hat.com> References: <87r93faz7r.fsf@matt.w80.math-hat.com> X-Debian-PR-Message: ack-info-maintonly 79002 Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developer(s) and to the developers mailing list to accompany the original report. Your message has been sent to the package maintainer(s): APT Development Team If you wish to continue to submit further information on your problem, please send it to 79002@bugs.debian.org, as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at 79002) by bugs.debian.org; 11 Dec 2000 13:01:46 +0000 From zukerman@math-hat.com Mon Dec 11 07:01:46 2000 Return-path: Received: from zukerman-1.dsl.speakeasy.net [216.254.75.142] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 145SaQ-0007dm-00; Mon, 11 Dec 2000 07:01:46 -0600 Received: from (matt.w80.math-hat.com) [216.254.75.141] by zukerman-1.dsl.speakeasy.net with esmtp (Exim 3.12 #1 (Debian)) id 145SNC-00026z-00; Mon, 11 Dec 2000 07:48:06 -0500 Received: from zukerman by matt.w80.math-hat.com with local (Exim 3.20 #1 (Debian)) id 145SaO-0008Ia-00 for <79002@bugs.debian.org>; Mon, 11 Dec 2000 08:01:44 -0500 To: 79002@bugs.debian.org Subject: Re: Bug#79002: http method should support HTTP redirects From: Itai Zukerman Date: 11 Dec 2000 08:01:44 -0500 Message-ID: <87r93faz7r.fsf@matt.w80.math-hat.com> Lines: 11 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: 79002@bugs.debian.org Looking at the http method, it seems like it would be pretty easy to enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is definitely a hack (it messes up concurrent downloads?), and what we really need, I think, is a new message we can pass back to apt: 30x URI Redirection Then, apt can re-issue a 600 to the appropriate method. Is this being worked on? I need it for a project I'm doing... -itai   Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#79002; Package apt.   debian-bugs-dist@lists.debian.orgAPT Development Team  Subject: Bug#79002: http method should support HTTP redirects Reply-To: Jason Gunthorpe , 79002@bugs.debian.org Resent-From: Jason Gunthorpe Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: APT Development Team Resent-Date: Mon, 11 Dec 2000 19:03:18 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 79002 X-Debian-PR-Package: apt X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by 79002-bugs@bugs.debian.org id=B79002.9765599338287 (code B ref 79002); Mon, 11 Dec 2000 19:03:18 GMT Date: Mon, 11 Dec 2000 11:38:02 -0700 (MST) From: Jason Gunthorpe X-Sender: jgg@wakko.deltatee.com To: Itai Zukerman , 79002@bugs.debian.org cc: debian-bugs-dist@lists.debian.org, APT Development Team In-Reply-To: <87r93faz7r.fsf@matt.w80.math-hat.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Delivered-To: 79002@bugs.debian.org On 11 Dec 2000, Itai Zukerman wrote: > Looking at the http method, it seems like it would be pretty easy to > enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is > definitely a hack (it messes up concurrent downloads?), and what we > really need, I think, is a new message we can pass back to apt: > > 30x URI Redirection > > Then, apt can re-issue a 600 to the appropriate method. Is this being > worked on? I need it for a project I'm doing... Doing redirects is extremly risky, you may not get the file you requested after following the redirect, and it tends to hide misconfigured mirrors. I am not super interested in having it supported by default. Generajing redirect messages is probably the best way to do it, but that is somewhat complicated to get right. Jason   Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: Jason Gunthorpe Subject: Bug#79002: Info received (was Bug#79002: http method should support HTTP redirects) Message-ID: In-Reply-To: References: X-Debian-PR-Message: ack-info-maintonly 79002 Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developer(s) and to the developers mailing list to accompany the original report. Your message has been sent to the package maintainer(s): APT Development Team If you wish to continue to submit further information on your problem, please send it to 79002@bugs.debian.org, as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at 79002) by bugs.debian.org; 11 Dec 2000 18:38:53 +0000 From jgg@debian.org Mon Dec 11 12:38:53 2000 Return-path: Received: from (crash.ab.videon.ca) [206.75.216.220] (root) by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 145Xqe-00027X-00; Mon, 11 Dec 2000 12:38:53 -0600 Received: from wakko.deltatee.com (mail@wakko.powersurfr.com [24.108.173.63]) by crash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id LAA14759; Mon, 11 Dec 2000 11:38:03 -0700 (MST) Received: from localhost ([127.0.0.1] helo=wakko.deltatee.com ident=jgg) by wakko.deltatee.com with smtp (Exim 3.16 #1 (Debian)) id 145Xpq-0006ea-00; Mon, 11 Dec 2000 11:38:02 -0700 Date: Mon, 11 Dec 2000 11:38:02 -0700 (MST) From: Jason Gunthorpe X-Sender: jgg@wakko.deltatee.com To: Itai Zukerman , 79002@bugs.debian.org cc: debian-bugs-dist@lists.debian.org, APT Development Team Subject: Re: Bug#79002: http method should support HTTP redirects In-Reply-To: <87r93faz7r.fsf@matt.w80.math-hat.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Delivered-To: 79002@bugs.debian.org On 11 Dec 2000, Itai Zukerman wrote: > Looking at the http method, it seems like it would be pretty easy to > enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is > definitely a hack (it messes up concurrent downloads?), and what we > really need, I think, is a new message we can pass back to apt: > > 30x URI Redirection > > Then, apt can re-issue a 600 to the appropriate method. Is this being > worked on? I need it for a project I'm doing... Doing redirects is extremly risky, you may not get the file you requested after following the redirect, and it tends to hide misconfigured mirrors. I am not super interested in having it supported by default. Generajing redirect messages is probably the best way to do it, but that is somewhat complicated to get right. Jason   Changed Bug title. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 25 Jul 2003 12:52:38 +0000 From mdz@csh.rit.edu Fri Jul 25 07:52:33 2003 Return-path: Received: from smtp01.mrf.mail.rcn.net [207.172.4.60] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 19g23j-0007uT-00; Fri, 25 Jul 2003 07:52:31 -0500 Received: from 216-15-124-77.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com ([216.15.124.77] helo=mizar.alcor.net) by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #4) id 19g23j-0007HF-00 for control@bugs.debian.org; Fri, 25 Jul 2003 08:52:31 -0400 Received: from mdz by mizar.alcor.net with local (Exim 3.36 #1 (Debian)) id 19g23j-0004tz-00 for ; Fri, 25 Jul 2003 08:52:31 -0400 Date: Fri, 25 Jul 2003 08:52:31 -0400 From: Matt Zimmerman To: control@bugs.debian.org Subject: ... Message-ID: <20030725125231.GL8935@alcor.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Sender: Matt Zimmerman Delivered-To: control@bugs.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_20,USER_AGENT_MUTT version=2.53-bugs.debian.org_2003_07_20 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp) retitle 178854 [methods/http] Should apt's HTTP engine follow 302 redirects? retitle 79002 [methods/http] http method should support HTTP redirects merge 178854 79002 thanks -- - mdz   Merged 79002 178854. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 25 Jul 2003 12:52:38 +0000 From mdz@csh.rit.edu Fri Jul 25 07:52:33 2003 Return-path: Received: from smtp01.mrf.mail.rcn.net [207.172.4.60] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 19g23j-0007uT-00; Fri, 25 Jul 2003 07:52:31 -0500 Received: from 216-15-124-77.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com ([216.15.124.77] helo=mizar.alcor.net) by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #4) id 19g23j-0007HF-00 for control@bugs.debian.org; Fri, 25 Jul 2003 08:52:31 -0400 Received: from mdz by mizar.alcor.net with local (Exim 3.36 #1 (Debian)) id 19g23j-0004tz-00 for ; Fri, 25 Jul 2003 08:52:31 -0400 Date: Fri, 25 Jul 2003 08:52:31 -0400 From: Matt Zimmerman To: control@bugs.debian.org Subject: ... Message-ID: <20030725125231.GL8935@alcor.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Sender: Matt Zimmerman Delivered-To: control@bugs.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_20,USER_AGENT_MUTT version=2.53-bugs.debian.org_2003_07_20 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp) retitle 178854 [methods/http] Should apt's HTTP engine follow 302 redirects? retitle 79002 [methods/http] http method should support HTTP redirects merge 178854 79002 thanks -- - mdz   Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#79002; Package apt.   debian-bugs-dist@lists.debian.orgAPT Development Team  X-Loop: owner@bugs.debian.org Subject: Bug#79002: Old problem still strikes.... Reply-To: Marcin Kasperski , 79002@bugs.debian.org Resent-From: Marcin Kasperski Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: APT Development Team Resent-Date: Fri, 15 Feb 2008 17:45:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 79002 X-Debian-PR-Package: apt X-Debian-PR-Keywords: X-Debian-PR-Source: apt Received: via spool by 79002-submit@bugs.debian.org id=B79002.12030973841935 (code B ref 79002); Fri, 15 Feb 2008 17:45:01 +0000 Received: (at 79002) by bugs.debian.org; 15 Feb 2008 17:43:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00,FOURLA autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Received: from bozon2.n.softax.com.pl ([83.238.10.48] helo=bozon2.softax.com.pl) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JQ4aW-0000TC-9x for 79002@bugs.debian.org; Fri, 15 Feb 2008 17:43:04 +0000 Received: from bozon2.softax.pl (localhost.localdomain [127.0.0.1]) by bozon2.softax.com.pl (Postfix) with ESMTP id 25F84DC01A for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:43:01 +0100 (CET) Received: from 127.0.0.1 (127.0.0.1) by bozon2.softax.pl (F-Secure/fsigk_smtp/488/bozon2.softax.pl); Fri, 15 Feb 2008 18:43:01 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/488/bozon2.softax.pl) Received: from localhost (localhost.localdomain [127.0.0.1]) by bozon2.softax.com.pl (Postfix) with ESMTP id C641BDC018 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:43:00 +0100 (CET) Received: from bozon2.softax.com.pl ([127.0.0.1]) by localhost (bozon2.softax.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06635-03 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:42:59 +0100 (CET) Received: from cauchy.softax.local (cauchy.softax.local [16.193.144.107]) by bozon2.softax.com.pl (Postfix) with ESMTP id 3E1E1DC010 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:42:59 +0100 (CET) From: Marcin Kasperski To: 79002@bugs.debian.org Date: Fri, 15 Feb 2008 18:43:37 +0100 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200802151843.37809.Marcin.Kasperski@softax.com.pl> X-Virus-Scanned: amavisd-new at softax.pl Well, adding a note as I just faced the problem (in this case, admin of xapian repositories at www.xapian.org/repo/path reconfigured the system and started to redirect to xapian.org/repo/path, buuuuum). a) The opinion that 'doing redirects is extremly risky' is simply false. In case mirror admin is hostile, he or she can directly provide hostile content or proxy it instead of redirecting. b) HTTP redirects are fairly standard and frequently used, and website admins tend to believe they can transparently use them. Debian official mirrors admins probably know about the problem, but people who are publishing small repositories for dedicated packages may need to use them or just does not know about the problem. c) There may be cases when HTTP redirects would reduce traffic, if the same file is reused in multiple distributions/architectures, redirecting (instead of server-side symlinking) would reuse cache on in-between proxies...   Acknowledgement sent to Marcin Kasperski <Marcin.Kasperski@softax.com.pl>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.   -t  Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) Content-Type: text/plain; charset=utf-8 X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Marcin Kasperski Subject: Bug#79002: Info received (Old problem still strikes....) Message-ID: References: <200802151843.37809.Marcin.Kasperski@softax.com.pl> X-Debian-PR-Message: ack-info 79002 X-Debian-PR-Package: apt X-Debian-PR-Source: apt Reply-To: 79002@bugs.debian.org Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): APT Development Team If you wish to submit further information on this problem, please send it to 79002@bugs.debian.org, as before. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. --=20 79002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D79002 Debian Bug Tracking System Contact owner@bugs.debian.org with problems   Received: (at 79002) by bugs.debian.org; 15 Feb 2008 17:43:04 +0000 From Marcin.Kasperski@softax.com.pl Fri Feb 15 17:43:04 2008 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00,FOURLA autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from bozon2.n.softax.com.pl ([83.238.10.48] helo=bozon2.softax.com.pl) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JQ4aW-0000TC-9x for 79002@bugs.debian.org; Fri, 15 Feb 2008 17:43:04 +0000 Received: from bozon2.softax.pl (localhost.localdomain [127.0.0.1]) by bozon2.softax.com.pl (Postfix) with ESMTP id 25F84DC01A for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:43:01 +0100 (CET) Received: from 127.0.0.1 (127.0.0.1) by bozon2.softax.pl (F-Secure/fsigk_smtp/488/bozon2.softax.pl); Fri, 15 Feb 2008 18:43:01 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/488/bozon2.softax.pl) Received: from localhost (localhost.localdomain [127.0.0.1]) by bozon2.softax.com.pl (Postfix) with ESMTP id C641BDC018 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:43:00 +0100 (CET) Received: from bozon2.softax.com.pl ([127.0.0.1]) by localhost (bozon2.softax.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06635-03 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:42:59 +0100 (CET) Received: from cauchy.softax.local (cauchy.softax.local [16.193.144.107]) by bozon2.softax.com.pl (Postfix) with ESMTP id 3E1E1DC010 for <79002@bugs.debian.org>; Fri, 15 Feb 2008 18:42:59 +0100 (CET) From: Marcin Kasperski To: 79002@bugs.debian.org Subject: Old problem still strikes.... Date: Fri, 15 Feb 2008 18:43:37 +0100 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200802151843.37809.Marcin.Kasperski@softax.com.pl> X-Virus-Scanned: amavisd-new at softax.pl Well, adding a note as I just faced the problem (in this case, admin of xapian repositories at www.xapian.org/repo/path reconfigured the system and started to redirect to xapian.org/repo/path, buuuuum). a) The opinion that 'doing redirects is extremly risky' is simply false. In case mirror admin is hostile, he or she can directly provide hostile content or proxy it instead of redirecting. b) HTTP redirects are fairly standard and frequently used, and website admins tend to believe they can transparently use them. Debian official mirrors admins probably know about the problem, but people who are publishing small repositories for dedicated packages may need to use them or just does not know about the problem. c) There may be cases when HTTP redirects would reduce traffic, if the same file is reused in multiple distributions/architectures, redirecting (instead of server-side symlinking) would reuse cache on in-between proxies...   Forcibly Merged 79002 178854 479350. Request was from Daniel Burrows <dburrows@debian.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 31 Aug 2008 21:01:27 +0000 From dburrows@debian.org Sun Aug 31 21:01:27 2008 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=4.0 tests=BAYES_00,FORGED_RCVD_HELO, FROMDEVELOPER,MDO_AUTORESP3 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from algebraicthunk.net ([67.207.130.13]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1KZu32-0002uy-6F for control@bugs.debian.org; Sun, 31 Aug 2008 21:01:25 +0000 Received: from 71-217-31-80.tukw.qwest.net ([71.217.31.80]:62642 helo=emurlahn.burrows.local) by algebraicthunk.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1KZu31-00017C-FI for control@bugs.debian.org; Sun, 31 Aug 2008 14:01:23 -0700 From: Daniel Burrows To: control@bugs.debian.org Subject: setting package to apt, forcibly merging 79002 479350 Date: Sun, 31 Aug 2008 14:00:49 -0700 X-BTS-Version: 2.10.35 Message-ID: <1220216449-1796-bts-dburrows@debian.org> Delivered-To: control@bugs.debian.org # Automatically generated email from bts, devscripts version 2.10.35 package apt forcemerge 79002 479350   Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#79002; Package apt.   debian-bugs-dist@lists.debian.orgAPT Development Team  X-Loop: owner@bugs.debian.org Subject: Bug#79002: Bug#212732: support redirects and interactive authentication (Progeny) Reply-To: Anthony Towns , 79002@bugs.debian.org Resent-From: Anthony Towns Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: APT Development Team Resent-Date: Sun, 21 Dec 2008 12:48:08 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: followup 79002 X-Debian-PR-Package: apt X-Debian-PR-Keywords: X-Debian-PR-Source: apt Received: via spool by 79002-submit@bugs.debian.org id=B79002.122986358616705 (code B ref 79002); Sun, 21 Dec 2008 12:48:08 +0000 Received: (at 79002) by bugs.debian.org; 21 Dec 2008 12:46:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rietz.debian.org X-Spam-Level: X-Spam-Bayes: score:0.0000 Tokens: new, 0; hammy, 151; neutral, 543; spammy, 0. spammytokens: hammytokens:0.000-+--H*c:protocol, 0.000-+--H*c:micalg, 0.000-+--H*c:signed, 0.000-+--H*c:pgp-signature, 0.000-+--H*c:pgp-sha1 X-Spam-Status: No, score=-3.9 required=4.0 tests=AWL,BAYES_00,FAKE_REPLY_C, FOURLA,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1, MURPHY_WRONG_WORD2 autolearn=unavailable version=3.2.3-bugs.debian.org_2005_01_02 Received: from azure.humbug.org.au ([66.179.181.62] helo=azure.erisian.com.au ident=Debian-exim) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1LENhS-0004K9-5O; Sun, 21 Dec 2008 12:46:26 +0000 Received: from mail by azure.erisian.com.au with local-bsmtp (Exim 4.63 #1 (Debian)) id 1LENhS-0003vc-Kk; Sun, 21 Dec 2008 22:46:26 +1000 Received: from aj by blae.erisian.com.au with local (Exim 4.69 #1 (Debian)) id 1LENgH-0002q5-5T; Sun, 21 Dec 2008 22:45:13 +1000 Date: Sun, 21 Dec 2008 22:45:13 +1000 From: Anthony Towns To: 212732@bugs.debian.org, 427909@bugs.debian.org, 79002@bugs.debian.org Message-ID: <20081221124513.GA10081@blae.erisian.com.au> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline Organisation: Lacking X-PGP: http://azure.humbug.org.au/~aj/aj_key.asc Mail-Copies-To: nobody User-Agent: Mutt/1.5.18 (2008-05-17) --CUfgB8w4ZwR/yMy5 Content-Type: multipart/mixed; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Attached is a patch against apt 0.7.19 (current in lenny/sid) including just the Redirect support from Jeff Licquia's patch in Bug#212732.=20 As far as the issues described in Bug#66434 with bad redirection and mod_speling, that seems mostly unlikely to be a problem these days thanks to the md5 validation and signature support. The only way you could get unexpected data is if your original Release and Release.gpg files were redirected to the wrong place, but were completely consistent and had corresponding Packages files and debs. In the event that is a concern, the patch lets the user set the=20 Acquire::http::AllowRedirect config option to false to block that behaviour. It'd be possible to have an option to verify the filename part of the URL is unchanged as well without much difficulty. I bumped the library version, mostly so I could be sure I was testing the right thing, but I presume this requires a libapt-pkg ABI bump anyway (there's an Acquire::Redirect() callback added), so I left it in the patch. Cheers, aj --tThc/1wpZn/ma/RB Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename=diff Content-Transfer-Encoding: quoted-printable diff -urb apt-0.7.19/apt-pkg/acquire-method.cc apt-0.7.19aj1/apt-pkg/acquir= e-method.cc --- apt-0.7.19/apt-pkg/acquire-method.cc 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-method.cc 2008-12-21 21:50:41.000000000 += 1000 @@ -447,6 +447,38 @@ } /*}}}*/ =20 +// AcqMethod::Redirect - Send a redirect message /*{= {{*/ +// --------------------------------------------------------------------- +/* This method sends the redirect message and also manipulates the queue + to keep the pipeline synchronized. */ +void pkgAcqMethod::Redirect(const string &NewURI) +{ + string CurrentURI =3D ""; + if (Queue !=3D 0) + CurrentURI =3D Queue->Uri; +=20 + char S[1024]; + snprintf(S, sizeof(S)-50, "103 Redirect\nURI: %s\nNew-URI: %s\n\n", + CurrentURI.c_str(), NewURI.c_str()); + + if (write(STDOUT_FILENO,S,strlen(S)) !=3D (ssize_t)strlen(S)) + exit(100); + + // Change the URI for the request. + Queue->Uri =3D NewURI; + + /* To keep the pipeline synchronized, move the current request to + the end of the queue, past the end of the current pipeline. */ + FetchItem *I; + for (I =3D Queue; I->Next !=3D 0; I =3D I->Next) ; + I->Next =3D Queue; + Queue =3D Queue->Next; + I->Next->Next =3D 0; + if (QueueBack =3D=3D 0) + QueueBack =3D I->Next; +} + /*= }}}*/ + // AcqMethod::FetchResult::FetchResult - Constructor /*{{{*/ // --------------------------------------------------------------------- /* */ diff -urb apt-0.7.19/apt-pkg/acquire-method.h apt-0.7.19aj1/apt-pkg/acquire= -method.h --- apt-0.7.19/apt-pkg/acquire-method.h 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-method.h 2008-12-21 21:50:02.000000000 +1= 000 @@ -84,6 +84,8 @@ void Log(const char *Format,...); void Status(const char *Format,...); =20 + void Redirect(const string &NewURI); +=20 int Run(bool Single =3D false); inline void SetFailExtraMsg(string Msg) {FailExtra =3D Msg;}; =20 diff -urb apt-0.7.19/apt-pkg/acquire-worker.cc apt-0.7.19aj1/apt-pkg/acquir= e-worker.cc --- apt-0.7.19/apt-pkg/acquire-worker.cc 2008-11-24 19:35:21.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-worker.cc 2008-12-21 21:42:06.000000000 += 1000 @@ -220,6 +220,20 @@ Status =3D LookupTag(Message,"Message"); break; =20 + // 103 Redirect + case 103: + { + if (Itm =3D=3D 0) + { + _error->Error("Method gave invalid 103 Redirect message"); + break; + } +=20 + string NewURI =3D LookupTag(Message,"New-URI",URI.c_str()); + Itm->URI =3D NewURI; + break; + } + =20 // 200 URI Start case 200: { diff -urb apt-0.7.19/apt-pkg/makefile apt-0.7.19aj1/apt-pkg/makefile --- apt-0.7.19/apt-pkg/makefile 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/makefile 2008-12-21 21:54:58.000000000 +1000 @@ -13,7 +13,7 @@ # methods/makefile - FIXME LIBRARY=3Dapt-pkg LIBEXT=3D$(GLIBC_VER)$(LIBSTDCPP_VER) -MAJOR=3D4.6 +MAJOR=3D4.7 MINOR=3D0 SLIBS=3D$(PTHREADLIB) $(INTLLIBS) -lutil APT_DOMAIN:=3Dlibapt-pkg$(MAJOR) diff -urb apt-0.7.19/methods/http.cc apt-0.7.19aj1/methods/http.cc --- apt-0.7.19/methods/http.cc 2008-11-24 19:32:23.000000000 +1000 +++ apt-0.7.19aj1/methods/http.cc 2008-12-21 22:25:28.000000000 +1000 @@ -39,6 +39,7 @@ #include #include #include +#include #include =20 // Internet stuff @@ -57,6 +58,7 @@ time_t HttpMethod::FailTime =3D 0; unsigned long PipelineDepth =3D 10; unsigned long TimeOut =3D 120; +bool AllowRedirect =3D false; bool Debug =3D false; URI Proxy; =20 @@ -628,6 +630,12 @@ return true; } =20 + if (stringcasecmp(Tag,"Location:") =3D=3D 0) + { + Location =3D Val; + return true; + } + return true; } /*}}}*/ @@ -900,7 +908,9 @@ 1 - IMS hit 3 - Unrecoverable error=20 4 - Error with error content page - 5 - Unrecoverable non-server error (close the connection) */ + 5 - Unrecoverable non-server error (close the connection)=20 + 6 - Try again with a new or changed URI + */ int HttpMethod::DealWithHeaders(FetchResult &Res,ServerState *Srv) { // Not Modified @@ -912,6 +922,27 @@ return 1; } =20 + /* Redirect + * + * Note that it is only OK for us to treat all redirection the same + * because we *always* use GET, not other HTTP methods. There are + * three redirection codes for which it is not appropriate that we + * redirect. Pass on those codes so the error handling kicks in. + */ + if (AllowRedirect + && (Srv->Result > 300 && Srv->Result < 400) + && (Srv->Result !=3D 300 // Multiple Choices + && Srv->Result !=3D 304 // Not Modified + && Srv->Result !=3D 306)) // (Not part of HTTP/1.1, reserved) + { + if (!Srv->Location.empty()) + { + NextURI =3D Srv->Location; + return 6; + } + /* else pass through for error message */ + } +=20 /* We have a reply we dont handle. This should indicate a perm server failure */ if (Srv->Result < 200 || Srv->Result >=3D 300) @@ -1026,6 +1057,7 @@ if (pkgAcqMethod::Configuration(Message) =3D=3D false) return false; =20 + AllowRedirect =3D _config->FindB("Acquire::http::AllowRedirect",true); TimeOut =3D _config->FindI("Acquire::http::Timeout",TimeOut); PipelineDepth =3D _config->FindI("Acquire::http::Pipeline-Depth", PipelineDepth); @@ -1039,6 +1071,10 @@ /* */ int HttpMethod::Loop() { + typedef vector StringVector; + typedef vector::iterator StringVectorIterator; + map Redirected; + signal(SIGTERM,SigTerm); signal(SIGINT,SigTerm); =20 @@ -1225,6 +1261,46 @@ break; } =20 + // Try again with a new URL + case 6: + { + // Clear rest of response if there is content + if (Server->HaveContent) + { + File =3D new FileFd("/dev/null",FileFd::WriteExists); + Server->RunData(); + delete File; + File =3D 0; + } + + /* Detect redirect loops. No more redirects are allowed + after the same URI is seen twice in a queue item. */ + StringVector &R =3D Redirected[Queue->DestFile]; + bool StopRedirects =3D false; + if (R.size() =3D=3D 0) + R.push_back(Queue->Uri); + else if (R[0] =3D=3D "STOP" || R.size() > 10) + StopRedirects =3D true; + else + { + for (StringVectorIterator I =3D R.begin(); I !=3D R.end(); = I++) + if (Queue->Uri =3D=3D *I) + { + R[0] =3D "STOP"; + break; + } +=20 + R.push_back(Queue->Uri); + } +=20 + if (StopRedirects =3D=3D false) + Redirect(NextURI); + else + Fail(); +=20 + break; + } + default: Fail(_("Internal error")); break; diff -urb apt-0.7.19/methods/http.h apt-0.7.19aj1/methods/http.h --- apt-0.7.19/methods/http.h 2008-06-10 07:10:09.000000000 +1000 +++ apt-0.7.19aj1/methods/http.h 2008-12-21 21:35:53.000000000 +1000 @@ -99,6 +99,7 @@ enum {Chunked,Stream,Closes} Encoding; enum {Header, Data} State; bool Persistent; + string Location; =20 // This is a Persistent attribute of the server itself. bool Pipeline; @@ -143,6 +144,8 @@ static time_t FailTime; static void SigTerm(int); =20 + string NextURI; + =20 public: friend class ServerState; =20 diff -urb apt-0.7.19/methods/makefile apt-0.7.19aj1/methods/makefile --- apt-0.7.19/methods/makefile 2008-11-24 19:32:23.000000000 +1000 +++ apt-0.7.19aj1/methods/makefile 2008-12-21 21:57:50.000000000 +1000 @@ -7,7 +7,7 @@ BIN :=3D $(BIN)/methods =20 # FIXME.. -LIB_APT_PKG_MAJOR =3D 4.6 +LIB_APT_PKG_MAJOR =3D 4.7 APT_DOMAIN :=3D libapt-pkg$(LIB_APT_PKG_MAJOR) =20 # The file method --tThc/1wpZn/ma/RB-- --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklOOlkACgkQOxe8dCpOPqp93wCeLVZ8J278mu0kzm/uVED1XyHe P/8AnR6O9VTgwr3DLznfJ/UPfEh0RdMA =XiPL -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5--   Acknowledgement sent to Anthony Towns <aj@azure.humbug.org.au>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.   -t  Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) Content-Type: text/plain; charset=utf-8 X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Anthony Towns Subject: Bug#79002: Info received (Bug#212732: support redirects and interactive authentication (Progeny)) Message-ID: References: <20081221124513.GA10081@blae.erisian.com.au> X-Debian-PR-Message: ack-info 79002 X-Debian-PR-Package: apt X-Debian-PR-Source: apt Reply-To: 79002@bugs.debian.org Date: Sun, 21 Dec 2008 12:48:09 +0000 Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): APT Development Team If you wish to submit further information on this problem, please send it to 79002@bugs.debian.org, as before. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. --=20 79002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D79002 Debian Bug Tracking System Contact owner@bugs.debian.org with problems   Received: (at 79002) by bugs.debian.org; 21 Dec 2008 12:46:26 +0000 From aj@azure.humbug.org.au Sun Dec 21 12:46:26 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rietz.debian.org X-Spam-Level: X-Spam-Bayes: score:0.0000 Tokens: new, 0; hammy, 151; neutral, 543; spammy, 0. spammytokens: hammytokens:0.000-+--H*c:protocol, 0.000-+--H*c:micalg, 0.000-+--H*c:signed, 0.000-+--H*c:pgp-signature, 0.000-+--H*c:pgp-sha1 X-Spam-Status: No, score=-3.9 required=4.0 tests=AWL,BAYES_00,FAKE_REPLY_C, FOURLA,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1, MURPHY_WRONG_WORD2 autolearn=unavailable version=3.2.3-bugs.debian.org_2005_01_02 Return-path: Received: from azure.humbug.org.au ([66.179.181.62] helo=azure.erisian.com.au ident=Debian-exim) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1LENhS-0004K9-5O; Sun, 21 Dec 2008 12:46:26 +0000 Received: from mail by azure.erisian.com.au with local-bsmtp (Exim 4.63 #1 (Debian)) id 1LENhS-0003vc-Kk; Sun, 21 Dec 2008 22:46:26 +1000 Received: from aj by blae.erisian.com.au with local (Exim 4.69 #1 (Debian)) id 1LENgH-0002q5-5T; Sun, 21 Dec 2008 22:45:13 +1000 Date: Sun, 21 Dec 2008 22:45:13 +1000 From: Anthony Towns To: 212732@bugs.debian.org, 427909@bugs.debian.org, 79002@bugs.debian.org Subject: Re: Bug#212732: support redirects and interactive authentication (Progeny) Message-ID: <20081221124513.GA10081@blae.erisian.com.au> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline Organisation: Lacking X-PGP: http://azure.humbug.org.au/~aj/aj_key.asc Mail-Copies-To: nobody User-Agent: Mutt/1.5.18 (2008-05-17) --CUfgB8w4ZwR/yMy5 Content-Type: multipart/mixed; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Attached is a patch against apt 0.7.19 (current in lenny/sid) including just the Redirect support from Jeff Licquia's patch in Bug#212732.=20 As far as the issues described in Bug#66434 with bad redirection and mod_speling, that seems mostly unlikely to be a problem these days thanks to the md5 validation and signature support. The only way you could get unexpected data is if your original Release and Release.gpg files were redirected to the wrong place, but were completely consistent and had corresponding Packages files and debs. In the event that is a concern, the patch lets the user set the=20 Acquire::http::AllowRedirect config option to false to block that behaviour. It'd be possible to have an option to verify the filename part of the URL is unchanged as well without much difficulty. I bumped the library version, mostly so I could be sure I was testing the right thing, but I presume this requires a libapt-pkg ABI bump anyway (there's an Acquire::Redirect() callback added), so I left it in the patch. Cheers, aj --tThc/1wpZn/ma/RB Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename=diff Content-Transfer-Encoding: quoted-printable diff -urb apt-0.7.19/apt-pkg/acquire-method.cc apt-0.7.19aj1/apt-pkg/acquir= e-method.cc --- apt-0.7.19/apt-pkg/acquire-method.cc 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-method.cc 2008-12-21 21:50:41.000000000 += 1000 @@ -447,6 +447,38 @@ } /*}}}*/ =20 +// AcqMethod::Redirect - Send a redirect message /*{= {{*/ +// --------------------------------------------------------------------- +/* This method sends the redirect message and also manipulates the queue + to keep the pipeline synchronized. */ +void pkgAcqMethod::Redirect(const string &NewURI) +{ + string CurrentURI =3D ""; + if (Queue !=3D 0) + CurrentURI =3D Queue->Uri; +=20 + char S[1024]; + snprintf(S, sizeof(S)-50, "103 Redirect\nURI: %s\nNew-URI: %s\n\n", + CurrentURI.c_str(), NewURI.c_str()); + + if (write(STDOUT_FILENO,S,strlen(S)) !=3D (ssize_t)strlen(S)) + exit(100); + + // Change the URI for the request. + Queue->Uri =3D NewURI; + + /* To keep the pipeline synchronized, move the current request to + the end of the queue, past the end of the current pipeline. */ + FetchItem *I; + for (I =3D Queue; I->Next !=3D 0; I =3D I->Next) ; + I->Next =3D Queue; + Queue =3D Queue->Next; + I->Next->Next =3D 0; + if (QueueBack =3D=3D 0) + QueueBack =3D I->Next; +} + /*= }}}*/ + // AcqMethod::FetchResult::FetchResult - Constructor /*{{{*/ // --------------------------------------------------------------------- /* */ diff -urb apt-0.7.19/apt-pkg/acquire-method.h apt-0.7.19aj1/apt-pkg/acquire= -method.h --- apt-0.7.19/apt-pkg/acquire-method.h 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-method.h 2008-12-21 21:50:02.000000000 +1= 000 @@ -84,6 +84,8 @@ void Log(const char *Format,...); void Status(const char *Format,...); =20 + void Redirect(const string &NewURI); +=20 int Run(bool Single =3D false); inline void SetFailExtraMsg(string Msg) {FailExtra =3D Msg;}; =20 diff -urb apt-0.7.19/apt-pkg/acquire-worker.cc apt-0.7.19aj1/apt-pkg/acquir= e-worker.cc --- apt-0.7.19/apt-pkg/acquire-worker.cc 2008-11-24 19:35:21.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/acquire-worker.cc 2008-12-21 21:42:06.000000000 += 1000 @@ -220,6 +220,20 @@ Status =3D LookupTag(Message,"Message"); break; =20 + // 103 Redirect + case 103: + { + if (Itm =3D=3D 0) + { + _error->Error("Method gave invalid 103 Redirect message"); + break; + } +=20 + string NewURI =3D LookupTag(Message,"New-URI",URI.c_str()); + Itm->URI =3D NewURI; + break; + } + =20 // 200 URI Start case 200: { diff -urb apt-0.7.19/apt-pkg/makefile apt-0.7.19aj1/apt-pkg/makefile --- apt-0.7.19/apt-pkg/makefile 2008-06-10 07:10:08.000000000 +1000 +++ apt-0.7.19aj1/apt-pkg/makefile 2008-12-21 21:54:58.000000000 +1000 @@ -13,7 +13,7 @@ # methods/makefile - FIXME LIBRARY=3Dapt-pkg LIBEXT=3D$(GLIBC_VER)$(LIBSTDCPP_VER) -MAJOR=3D4.6 +MAJOR=3D4.7 MINOR=3D0 SLIBS=3D$(PTHREADLIB) $(INTLLIBS) -lutil APT_DOMAIN:=3Dlibapt-pkg$(MAJOR) diff -urb apt-0.7.19/methods/http.cc apt-0.7.19aj1/methods/http.cc --- apt-0.7.19/methods/http.cc 2008-11-24 19:32:23.000000000 +1000 +++ apt-0.7.19aj1/methods/http.cc 2008-12-21 22:25:28.000000000 +1000 @@ -39,6 +39,7 @@ #include #include #include +#include #include =20 // Internet stuff @@ -57,6 +58,7 @@ time_t HttpMethod::FailTime =3D 0; unsigned long PipelineDepth =3D 10; unsigned long TimeOut =3D 120; +bool AllowRedirect =3D false; bool Debug =3D false; URI Proxy; =20 @@ -628,6 +630,12 @@ return true; } =20 + if (stringcasecmp(Tag,"Location:") =3D=3D 0) + { + Location =3D Val; + return true; + } + return true; } /*}}}*/ @@ -900,7 +908,9 @@ 1 - IMS hit 3 - Unrecoverable error=20 4 - Error with error content page - 5 - Unrecoverable non-server error (close the connection) */ + 5 - Unrecoverable non-server error (close the connection)=20 + 6 - Try again with a new or changed URI + */ int HttpMethod::DealWithHeaders(FetchResult &Res,ServerState *Srv) { // Not Modified @@ -912,6 +922,27 @@ return 1; } =20 + /* Redirect + * + * Note that it is only OK for us to treat all redirection the same + * because we *always* use GET, not other HTTP methods. There are + * three redirection codes for which it is not appropriate that we + * redirect. Pass on those codes so the error handling kicks in. + */ + if (AllowRedirect + && (Srv->Result > 300 && Srv->Result < 400) + && (Srv->Result !=3D 300 // Multiple Choices + && Srv->Result !=3D 304 // Not Modified + && Srv->Result !=3D 306)) // (Not part of HTTP/1.1, reserved) + { + if (!Srv->Location.empty()) + { + NextURI =3D Srv->Location; + return 6; + } + /* else pass through for error message */ + } +=20 /* We have a reply we dont handle. This should indicate a perm server failure */ if (Srv->Result < 200 || Srv->Result >=3D 300) @@ -1026,6 +1057,7 @@ if (pkgAcqMethod::Configuration(Message) =3D=3D false) return false; =20 + AllowRedirect =3D _config->FindB("Acquire::http::AllowRedirect",true); TimeOut =3D _config->FindI("Acquire::http::Timeout",TimeOut); PipelineDepth =3D _config->FindI("Acquire::http::Pipeline-Depth", PipelineDepth); @@ -1039,6 +1071,10 @@ /* */ int HttpMethod::Loop() { + typedef vector StringVector; + typedef vector::iterator StringVectorIterator; + map Redirected; + signal(SIGTERM,SigTerm); signal(SIGINT,SigTerm); =20 @@ -1225,6 +1261,46 @@ break; } =20 + // Try again with a new URL + case 6: + { + // Clear rest of response if there is content + if (Server->HaveContent) + { + File =3D new FileFd("/dev/null",FileFd::WriteExists); + Server->RunData(); + delete File; + File =3D 0; + } + + /* Detect redirect loops. No more redirects are allowed + after the same URI is seen twice in a queue item. */ + StringVector &R =3D Redirected[Queue->DestFile]; + bool StopRedirects =3D false; + if (R.size() =3D=3D 0) + R.push_back(Queue->Uri); + else if (R[0] =3D=3D "STOP" || R.size() > 10) + StopRedirects =3D true; + else + { + for (StringVectorIterator I =3D R.begin(); I !=3D R.end(); = I++) + if (Queue->Uri =3D=3D *I) + { + R[0] =3D "STOP"; + break; + } +=20 + R.push_back(Queue->Uri); + } +=20 + if (StopRedirects =3D=3D false) + Redirect(NextURI); + else + Fail(); +=20 + break; + } + default: Fail(_("Internal error")); break; diff -urb apt-0.7.19/methods/http.h apt-0.7.19aj1/methods/http.h --- apt-0.7.19/methods/http.h 2008-06-10 07:10:09.000000000 +1000 +++ apt-0.7.19aj1/methods/http.h 2008-12-21 21:35:53.000000000 +1000 @@ -99,6 +99,7 @@ enum {Chunked,Stream,Closes} Encoding; enum {Header, Data} State; bool Persistent; + string Location; =20 // This is a Persistent attribute of the server itself. bool Pipeline; @@ -143,6 +144,8 @@ static time_t FailTime; static void SigTerm(int); =20 + string NextURI; + =20 public: friend class ServerState; =20 diff -urb apt-0.7.19/methods/makefile apt-0.7.19aj1/methods/makefile --- apt-0.7.19/methods/makefile 2008-11-24 19:32:23.000000000 +1000 +++ apt-0.7.19aj1/methods/makefile 2008-12-21 21:57:50.000000000 +1000 @@ -7,7 +7,7 @@ BIN :=3D $(BIN)/methods =20 # FIXME.. -LIB_APT_PKG_MAJOR =3D 4.6 +LIB_APT_PKG_MAJOR =3D 4.7 APT_DOMAIN :=3D libapt-pkg$(LIB_APT_PKG_MAJOR) =20 # The file method --tThc/1wpZn/ma/RB-- --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklOOlkACgkQOxe8dCpOPqp93wCeLVZ8J278mu0kzm/uVED1XyHe P/8AnR6O9VTgwr3DLznfJ/UPfEh0RdMA =XiPL -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5--