Bug #1653094 “apt-helper fails on urls with space” : Bugs : apt package : Ubuntu

Revision history for this message

Julian Andres Klode (juliank) wrote on 2016-12-29:

#1

It does work. The input URL you pass to it must not be encoded, though.

http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe

will be encoded to

http://downloads.sourceforge.net/project/corefonts/the%2520fonts/final/andale32.exe

(the % is encoded as %25) and that causes things to fail.

Revision history for this message

Julian Andres Klode (juliank) wrote on 2016-12-29:

#2

Oh wait. You did not pass the %20 one, but the other thing.

Revision history for this message

Julian Andres Klode (juliank) wrote on 2016-12-29:

#3

That's a duplicate of bug 1651923 - our HTTP method handles the http redirect just fine, but once it goes to the https method it seems to decode the %20 to a space and just send it with a space.

GET /corefonts/andale32.exe HTTP/1.1
Host: downloads.sourceforge.net
User-Agent: Debian APT-HTTP/1.3 (1.4~beta2)

Answer for: http://downloads.sourceforge.net/corefonts/andale32.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 29 Dec 2016 12:42:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Content-Length: 178

GET /project/corefonts/the%20fonts/final/andale32.exe HTTP/1.1
Host: downloads.sourceforge.net
User-Agent: Debian APT-HTTP/1.3 (1.4~beta2)

Answer for: http://downloads.sourceforge.net/project/corefonts/the fonts/final/andale32.exe
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 29 Dec 2016 12:42:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
content-disposition: attachment; filename="andale32.exe"
Set-Cookie: sf_mirror_attempt="corefonts:freefr:the%20fonts/final/andale32.exe"; expires=120; Path=/
Location: https://freefr.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Content-Length: 162

* Trying 88.191.250.136...
* TCP_NODELAY set
* Connected to freefr.dl.sourceforge.net (88.191.250.136) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 696 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: freefr.dl.sourceforge.net (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=freefr.dl.sourceforge.net
* start date: Mon, 31 Oct 2016 19:27:00 GMT
* expire date: Sun, 29 Jan 2017 19:27:00 GMT
* issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /project/corefonts/the fonts/final/andale32.exe HTTP/1.1
Host: freefr.dl.sourceforge.net
User-Agent: Debian APT-CURL/1.0 (1.4~beta2)
Accept: */*
Cache-Control: max-age=0

That's a duplicate of bug 1651923 - our HTTP method handles the http redirect just fine, but once it goes to the https method it seems to decode the %20 to a space and just send it with a space.

GET /corefonts/andale32.exe HTTP/1.1
Host: downloads.sourceforge.net
User-Agent: Debian APT-HTTP/1.3 (1.4~beta2)

Answer for: http://downloads.sourceforge.net/corefonts/andale32.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 29 Dec 2016 12:42:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Content-Length: 178

GET /project/corefonts/the%20fonts/final/andale32.exe HTTP/1.1
Host: downloads.sourceforge.net
User-Agent: Debian APT-HTTP/1.3 (1.4~beta2)

Answer for: http://downloads.sourceforge.net/project/corefonts/the fonts/final/andale32.exe
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 29 Dec 2016 12:42:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
content-disposition: attachment; filename="andale32.exe"
Set-Cookie: sf_mirror_attempt="corefonts:freefr:the%20fonts/final/andale32.exe"; expires=120; Path=/
Location: https://freefr.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Content-Length: 162

*   Trying 88.191.250.136...
* TCP_NODELAY set
* Connected to freefr.dl.sourceforge.net (88.191.250.136) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 696 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: freefr.dl.sourceforge.net (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=freefr.dl.sourceforge.net
* 	 start date: Mon, 31 Oct 2016 19:27:00 GMT
* 	 expire date: Sun, 29 Jan 2017 19:27:00 GMT
* 	 issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
* 	 compression: NULL
* ALPN, server accepted to use http/1.1
> GET /project/corefonts/the fonts/final/andale32.exe HTTP/1.1
Host: freefr.dl.sourceforge.net
User-Agent: Debian APT-CURL/1.0 (1.4~beta2)
Accept: */*
Cache-Control: max-age=0

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-01-12:

#4

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu):
status:	New → Confirmed

Ubuntu
apt package

apt-helper fails on urls with space

Bug Description

Other bug subscribers

Remote bug watches

Ubuntuapt package

apt-helper fails on urls with space

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
apt package