From 9082a1fc7be02f58cbe18a34539c6a3436463dd0 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 14 Feb 2014 00:30:58 +0100
Subject: allow http protocol to switch to https

switch protocols at random is a bad idea if e.g. http can switch to
file, so we limit the possibilities to http to http and http to https.

As very few people (less than 1% according to popcon) have https
installed this likely changes nothing in terms of failure. The commit is
adding a friendly hint which package needs to be installed though.
---
 apt-pkg/acquire-worker.cc                        |  7 +++-
 methods/server.cc                                | 14 ++++---
 test/integration/framework                       |  2 +-
 test/integration/test-bug-738785-switch-protocol | 52 ++++++++++++++++++++++++
 4 files changed, 68 insertions(+), 7 deletions(-)
 create mode 100755 test/integration/test-bug-738785-switch-protocol

diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 44a84216a..44c3e4e17 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -109,7 +109,12 @@ bool pkgAcquire::Worker::Start()
    // Get the method path
    string Method = _config->FindDir("Dir::Bin::Methods") + Access;
    if (FileExists(Method) == false)
-      return _error->Error(_("The method driver %s could not be found."),Method.c_str());
+   {
+      _error->Error(_("The method driver %s could not be found."),Method.c_str());
+      if (Access == "https")
+	 _error->Notice(_("Is the package %s installed?"), "apt-transport-https");
+      return false;
+   }
 
    if (Debug == true)
       clog << "Starting method '" << Method << '\'' << endl;
diff --git a/methods/server.cc b/methods/server.cc
index 76faa7e7f..6dd3970a6 100644
--- a/methods/server.cc
+++ b/methods/server.cc
@@ -291,11 +291,15 @@ ServerMethod::DealWithHeaders(FetchResult &Res)
       }
       else
       {
-         NextURI = DeQuoteString(Server->Location);
-         URI tmpURI = NextURI;
-         // Do not allow a redirection to switch protocol
-         if (tmpURI.Access == "http")
-            return TRY_AGAIN_OR_REDIRECT;
+	 NextURI = DeQuoteString(Server->Location);
+	 URI tmpURI = NextURI;
+	 URI Uri = Queue->Uri;
+	 // same protocol redirects are okay
+	 if (tmpURI.Access == Uri.Access)
+	    return TRY_AGAIN_OR_REDIRECT;
+	 // as well as http to https
+	 else if (Uri.Access == "http" && tmpURI.Access == "https")
+	    return TRY_AGAIN_OR_REDIRECT;
       }
       /* else pass through for error message */
    }
diff --git a/test/integration/framework b/test/integration/framework
index 5b9a58568..f3699861b 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -190,7 +190,7 @@ setupenvironment() {
 	mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
 	touch var/lib/dpkg/available
 	mkdir -p usr/lib/apt
-	ln -s ${BUILDDIRECTORY}/methods usr/lib/apt/methods
+	ln -s ${METHODSDIR} usr/lib/apt/methods
 	cd ..
 	local PACKAGESFILE=$(echo "$(basename $0)" | sed -e 's/^test-/Packages-/' -e 's/^skip-/Packages-/')
 	if [ -f "${TESTDIRECTORY}/${PACKAGESFILE}" ]; then
diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol
new file mode 100755
index 000000000..d3469f34f
--- /dev/null
+++ b/test/integration/test-bug-738785-switch-protocol
@@ -0,0 +1,52 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
+
+# setup http redirecting to https
+setupaptarchive --no-update
+changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \
+	-o 'aptwebserver::support::http=false'
+changetohttpswebserver
+sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/*
+
+testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1
+
+msgtest 'Test that the webserver does not answer' 'http requests'
+downloadfile 'http://localhost:8080//pool/apt_1.0/changelog' >/dev/null 2>&1 && msgfail || msgpass
+
+echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf
+testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris
+
+testsuccess aptget changelog apt -d
+testsuccess test -s apt.changelog
+rm -f apt.changelog
+
+testsuccess aptget download apt
+testsuccess test -s apt_1.0_all.deb
+rm apt_1.0_all.deb
+
+testsuccess aptget install apt -y
+testdpkginstalled 'apt'
+
+# create a copy of all methods, expect https
+eval `aptconfig shell METHODS Dir::Bin::Methods/d`
+COPYMETHODS='usr/lib/apt/methods'
+rm rootdir/$COPYMETHODS
+mkdir -p rootdir/$COPYMETHODS
+cd rootdir/$COPYMETHODS
+find $METHODS \! -type d | while read meth; do
+	ln -s $meth
+done
+rm https
+cd - >/dev/null
+echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf
+
+aptget download apt
+testsuccess test ! -e apt_1.0_all.deb
-- 
cgit v1.2.3