From b5595da902e62af7c295f1603ae5b43ba4cef281 Mon Sep 17 00:00:00 2001 From: "bubulle@debian.org" <> Date: Wed, 10 Apr 2013 11:28:11 +0200 Subject: Fix English spelling error in a message ('A error'). Unfuzzy translations. Closes: #705087 --- methods/http.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/http.h b/methods/http.h index 7a3ccda54..7446119cd 100644 --- a/methods/http.h +++ b/methods/http.h @@ -158,7 +158,7 @@ class HttpMethod : public pkgAcqMethod ERROR_UNRECOVERABLE, /** \brief The server reported a error with a error content page */ ERROR_WITH_CONTENT_PAGE, - /** \brief A error on the client side */ + /** \brief An error on the client side */ ERROR_NOT_FROM_SERVER, /** \brief A redirect or retry request */ TRY_AGAIN_OR_REDIRECT -- cgit v1.2.3 From 1dea08eb2e1115b8da14cc3da02d53f8e069ba14 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 8 May 2013 17:45:17 +0200 Subject: properly handle if-modfied-since with libcurl/https (closes: #705648) --- methods/https.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/https.cc b/methods/https.cc index c1a49ba60..d85415b2f 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -285,6 +285,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) long curl_servdate; curl_easy_getinfo(curl, CURLINFO_FILETIME, &curl_servdate); + // If the server returns 200 OK but the If-Modified-Since condition is not + // met, CURLINFO_CONDITION_UNMET will be set to 1 + long curl_condition_unmet = 0; + curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &curl_condition_unmet); + File->Close(); // cleanup @@ -312,7 +317,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) Res.Filename = File->Name(); Res.LastModified = Buf.st_mtime; Res.IMSHit = false; - if (curl_responsecode == 304) + if (curl_responsecode == 304 || curl_condition_unmet) { unlink(File->Name().c_str()); Res.IMSHit = true; -- cgit v1.2.3 From 5b63d2a9a2e088bb7df7c703e9452af7efc88210 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 8 May 2013 17:50:15 +0200 Subject: merged patch from Daniel Hartwig to fix URI and proxy releated issues --- methods/http.cc | 14 +++++++------- methods/https.cc | 20 +++++++++++++++++++- 2 files changed, 26 insertions(+), 8 deletions(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index fddf8a78e..db1085a2d 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -667,7 +667,12 @@ void HttpMethod::SendReq(FetchItem *Itm,CircleBuf &Out) // The HTTP server expects a hostname with a trailing :port char Buf[1000]; - string ProperHost = Uri.Host; + string ProperHost; + + if (Uri.Host.find(':') != string::npos) + ProperHost = '[' + Uri.Host + ']'; + else + ProperHost = Uri.Host; if (Uri.Port != 0) { sprintf(Buf,":%u",Uri.Port); @@ -975,12 +980,7 @@ HttpMethod::DealWithHeaders(FetchResult &Res,ServerState *Srv) { URI Uri = Queue->Uri; if (Uri.Host.empty() == false) - { - if (Uri.Port != 0) - strprintf(NextURI, "http://%s:%u", Uri.Host.c_str(), Uri.Port); - else - NextURI = "http://" + Uri.Host; - } + NextURI = URI::SiteOnly(Uri); else NextURI.clear(); NextURI.append(DeQuoteString(Srv->Location)); diff --git a/methods/https.cc b/methods/https.cc index b44642ab2..84ce2d68f 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -63,6 +63,12 @@ void HttpsMethod::SetupProxy() /*{{{*/ { URI ServerName = Queue->Uri; + // Curl should never read proxy settings from the environment, as + // we determine which proxy to use. Do this for consistency among + // methods and prevent an environment variable overriding a + // no-proxy ("DIRECT") setting in apt.conf. + curl_easy_setopt(curl, CURLOPT_PROXY, ""); + // Determine the proxy setting - try https first, fallback to http and use env at last string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host, _config->Find("Acquire::http::Proxy::" + ServerName.Host).c_str()); @@ -81,7 +87,14 @@ void HttpsMethod::SetupProxy() /*{{{*/ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) return; } else { - const char* result = getenv("http_proxy"); + const char* result = getenv("https_proxy"); + // FIXME: Fall back to http_proxy is to remain compatible with + // existing setups and behaviour of apt.conf. This should be + // deprecated in the future (including apt.conf). Most other + // programs do not fall back to http proxy settings and neither + // should Apt. + if (result == NULL) + result = getenv("http_proxy"); UseProxy = result == NULL ? "" : result; } @@ -92,6 +105,11 @@ void HttpsMethod::SetupProxy() /*{{{*/ if (Proxy.Port != 1) curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port); curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str()); + if (Proxy.User.empty() == false || Proxy.Password.empty() == false) + { + curl_easy_setopt(curl, CURLOPT_PROXYUSERNAME, Proxy.User.c_str()); + curl_easy_setopt(curl, CURLOPT_PROXYPASSWORD, Proxy.Password.c_str()); + } } } /*}}}*/ // HttpsMethod::Fetch - Fetch an item /*{{{*/ -- cgit v1.2.3 From 245ba2c306e663fb311b7796fdf13a7ae7073a4d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 18:20:35 +0200 Subject: Fix double free (closes: #711045) * Fix double free (closes: #711045) * Fix crash when the "mirror" method does not find any entry (closes: #699303) --- methods/mirror.cc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'methods') diff --git a/methods/mirror.cc b/methods/mirror.cc index d6c5ba955..854366318 100644 --- a/methods/mirror.cc +++ b/methods/mirror.cc @@ -311,6 +311,9 @@ bool MirrorMethod::InitMirrors() AllMirrors.push_back(s); } + if (AllMirrors.empty()) { + return _error->Error(_("No entry found in mirror file '%s'"), MirrorFile.c_str()); + } Mirror = AllMirrors[0]; UsedMirror = Mirror; return true; -- cgit v1.2.3 From 3a61adbba8bfc9ba76d1262e0e8118f78920f9fe Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 19 May 2013 18:53:19 +0200 Subject: remove -ldl from cdrom and -lutil from apt-get linkage Building src:apt shows: dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/apt/usr/lib/apt/methods/cdrom was not linked against libdl.so.2 (it uses none of the library's symbols) dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/apt/usr/bin/apt-get was not linked against libutil.so.1 (it uses none of the library's symbols) --- methods/makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/makefile b/methods/makefile index a271aff5e..294c55d23 100644 --- a/methods/makefile +++ b/methods/makefile @@ -39,7 +39,7 @@ include $(PROGRAM_H) # The cdrom method PROGRAM=cdrom -SLIBS = -lapt-pkg -ldl $(INTLLIBS) +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = cdrom.cc include $(PROGRAM_H) -- cgit v1.2.3 From ae99ce2e3cadb07c80b89ab2afc804875b1026c5 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 17 Jun 2013 11:23:13 +0200 Subject: trigger NODATA error for invalid InRelease files With the selfgrown splitting we got the problem of not recovering from networks which just reply with invalid data like those sending us login pages to authenticate with the network (e.g. hotels) back. The good thing about the InRelease file is that we know that it must be clearsigned (a Release file might or might not have a detached sig) so if we get a file but are unable to split it something is seriously wrong, so there is not much point in trying further. The Acquire system already looks out for a NODATA error from gpgv, so this adds a new error message sent to the acquire system in case the splitting we do now ourselves failed including this magic word. Closes: #712486 --- methods/gpgv.cc | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'methods') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 3f814b9f0..fe8bac6c9 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -55,9 +55,6 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, vector &NoPubKeySigners) { bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); - // setup a (empty) stringstream for formating the return value - std::stringstream ret; - ret.str(""); if (Debug == true) std::clog << "inside VerifyGetSigners" << std::endl; @@ -170,18 +167,19 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return ""; } else if (WEXITSTATUS(status) == 1) - { return _("At least one invalid signature was encountered."); - } else if (WEXITSTATUS(status) == 111) + return _("Could not execute 'gpgv' to verify signature (is gpgv installed?)"); + else if (WEXITSTATUS(status) == 112) { - ioprintf(ret, _("Could not execute 'gpgv' to verify signature (is gpgv installed?)")); - return ret.str(); + // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings) + std::string errmsg; + //TRANSLATORS: %s is a single techy word like 'NODATA' + strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA"); + return errmsg; } else - { return _("Unknown error executing gpgv"); - } } bool GPGVMethod::Fetch(FetchItem *Itm) -- cgit v1.2.3 From 2b9c9b7f28b18f6ae3e422020e8934872b06c9f3 Mon Sep 17 00:00:00 2001 From: Raphael Geissert Date: Sun, 14 Jul 2013 18:38:03 +0200 Subject: Do not send a connection: keep-alive, at all --- methods/http.cc | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index db1085a2d..6e03e9d63 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -683,27 +683,14 @@ void HttpMethod::SendReq(FetchItem *Itm,CircleBuf &Out) if (Itm->Uri.length() >= sizeof(Buf)) abort(); - /* Build the request. We include a keep-alive header only for non-proxy - requests. This is to tweak old http/1.0 servers that do support keep-alive - but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server - will glitch HTTP/1.0 proxies because they do not filter it out and - pass it on, HTTP/1.1 says the connection should default to keep alive - and we expect the proxy to do this */ - if (Proxy.empty() == true || Proxy.Host.empty()) - { - // see LP bugs #1003633 and #1086997. The "+" is encoded as a workaround - // for a amazon S3 bug - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", - QuoteString(Uri.Path,"+~ ").c_str(),ProperHost.c_str()); - } - else - { - /* Generate a cache control header if necessary. We place a max - cache age on index files, optionally set a no-cache directive - and a no-store directive for archives. */ - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", - Itm->Uri.c_str(),ProperHost.c_str()); - } + /* Build the request. No keep-alive is included as it is the default + in 1.1, can cause problems with proxies, and we are an HTTP/1.1 + client anyway. + C.f. https://tools.ietf.org/wg/httpbis/trac/ticket/158 */ + // see LP bugs #1003633 and #1086997. The "+" is encoded as a workaround + // for a amazon S3 bug + sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", + QuoteString(Uri.Path,"+~ ").c_str(),ProperHost.c_str()); // generate a cache control header (if needed) if (_config->FindB("Acquire::http::No-Cache",false) == true) { -- cgit v1.2.3 From c104200045ef19f5ee061c4a00b468482ac65dc4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 25 Jul 2013 20:16:31 +0200 Subject: =?UTF-8?q?fix=20off-by-one=20error=20in=20HttpMethod::=E2=80=8BAu?= =?UTF-8?q?toDetectProxy()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- methods/http.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index db1085a2d..ec5b1ff52 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -1401,7 +1401,7 @@ bool HttpMethod::AutoDetectProxy() char buf[512]; int InFd = Pipes[0]; close(Pipes[1]); - int res = read(InFd, buf, sizeof(buf)); + int res = read(InFd, buf, sizeof(buf)-1); ExecWait(Process, "ProxyAutoDetect", true); if (res < 0) -- cgit v1.2.3 From 1b7bf822ad9504f6d01cd4422d830e8815143912 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 25 Jul 2013 20:55:18 +0200 Subject: add missing "free(buffer) for allocated buffer --- methods/gpgv.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'methods') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index fe8bac6c9..ea8a26fd4 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -152,6 +152,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, } } fclose(pipein); + free(buffer); int status; waitpid(pid, &status, 0); -- cgit v1.2.3 From f2380a78aa90ff8a3b76607c0c140810aff84086 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 26 Jul 2013 09:22:52 +0200 Subject: request absolute URIs from proxies again (0.9.9.3 regession) Commit 2b9c9b7f28b18f6ae3e422020e8934872b06c9f3 not only removes keep-alive, but also changes the request URI send to proxies which are required to be absolute URIs rather than the usual absolute paths. Closes: 717891 --- methods/http.cc | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index 6e03e9d63..82456d78b 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -682,15 +682,27 @@ void HttpMethod::SendReq(FetchItem *Itm,CircleBuf &Out) // Just in case. if (Itm->Uri.length() >= sizeof(Buf)) abort(); - + + /* RFC 2616 ยง5.1.2 requires absolute URIs for requests to proxies, + but while its a must for all servers to accept absolute URIs, + it is assumed clients will sent an absolute path for non-proxies */ + std::string requesturi; + if (Proxy.empty() == true || Proxy.Host.empty()) + requesturi = Uri.Path; + else + requesturi = Itm->Uri; + + // The "+" is encoded as a workaround for a amazon S3 bug + // see LP bugs #1003633 and #1086997. + requesturi = QuoteString(requesturi, "+~ "); + /* Build the request. No keep-alive is included as it is the default in 1.1, can cause problems with proxies, and we are an HTTP/1.1 client anyway. C.f. https://tools.ietf.org/wg/httpbis/trac/ticket/158 */ - // see LP bugs #1003633 and #1086997. The "+" is encoded as a workaround - // for a amazon S3 bug sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", - QuoteString(Uri.Path,"+~ ").c_str(),ProperHost.c_str()); + requesturi.c_str(),ProperHost.c_str()); + // generate a cache control header (if needed) if (_config->FindB("Acquire::http::No-Cache",false) == true) { -- cgit v1.2.3 From 11d0fb919954e79f929ef5e755f602a6ed3be46d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Jul 2013 22:12:36 +0200 Subject: fix missing va_end() --- methods/ftp.cc | 1 + methods/rsh.cc | 2 ++ 2 files changed, 3 insertions(+) (limited to 'methods') diff --git a/methods/ftp.cc b/methods/ftp.cc index d55ac1224..979adca62 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -436,6 +436,7 @@ bool FTPConn::WriteMsg(unsigned int &Ret,string &Text,const char *Fmt,...) char S[400]; vsnprintf(S,sizeof(S) - 4,Fmt,args); strcat(S,"\r\n"); + va_end(args); if (Debug == true) cerr << "-> '" << QuoteString(S,"") << "'" << endl; diff --git a/methods/rsh.cc b/methods/rsh.cc index fb3782314..d76dca6ef 100644 --- a/methods/rsh.cc +++ b/methods/rsh.cc @@ -218,6 +218,8 @@ bool RSHConn::WriteMsg(std::string &Text,bool Sync,const char *Fmt,...) // sprintf the description char S[512]; vsnprintf(S,sizeof(S) - 4,Fmt,args); + va_end(args); + if (Sync == true) strcat(S," 2> /dev/null || echo\n"); else -- cgit v1.2.3