Package: apt-proxy Version: 1.9.35 Severity: normal Tags: patch Hi,
Attached is the diff for my apt-proxy 1.9.35-0.1 NMU.
diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/apt_proxy/fetchers.py /tmp/pPXWdysC6N/apt-proxy-1.9.35/apt_proxy/fetchers.py --- /tmp/NrgCfDj69G/apt-proxy-1.9.35/apt_proxy/fetchers.py 2006-08-14 14:44:57.000000000 +0200 +++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/apt_proxy/fetchers.py 2006-12-27 12:33:47.000000000 +0100 @@ -21,7 +21,7 @@ network backends """ -import re, os, string, time, glob, signal, stat, base64 +import re, os, string, time, glob, signal, stat, base64, urllib from twisted.web import static, http from twisted.internet import protocol, reactor, defer, error, abstract from twisted.python import failure @@ -244,6 +244,23 @@ self.connection_closed(self.fetcher) self.deferred.callback((True, "")) +def uri_path_to_path(path, check_part): + # Split into parts and unescape them. + parts = [urllib.unquote(part) for part in path.split('/')] + for part in parts: + if not check_part(part): + return None + # Join up the parts. + return os.sep.join(parts) + +def is_valid_local_path_part(part): + # Deny use of parent directory or characters that are invalid in a + # path part. + return not (part == os.pardir + or '\0' in part + or os.sep in part + or (os.altsep and os.altsep in part)) + class FileFetcher: """ A Fetcher that simply copies files from disk @@ -268,7 +285,11 @@ self.cache_mtime = mtime self.request_uri = uri - self.local_file = self.backendServer.uri[len("file://"):] + '/' + uri + path = uri_path_to_path(uri, is_valid_local_path_part) + if path is None: + self.parent.file_not_found() + return + self.local_file = self.backendServer.uri[len("file://"):] + '/' + path if not os.path.exists(self.local_file): self.parent.file_not_found() return @@ -508,6 +529,13 @@ self.connection.transport.loseConnection() self.isConnected = False +# RFC 959 says pathnames must be ASCII and not include CR or LF. +ftp_path_part_re = re.compile(r'[^\r\n\x80-\xFF]+$') +def is_valid_ftp_path_part(part): + # Also deny use of parent directory, assuming Unix path conventions + # on the server. + return part != '..' and ftp_path_part_re.match(part) + class FtpFetcher(protocol.Protocol): """ This is the secuence here: @@ -575,8 +603,12 @@ self.parent = fetcher self.cache_mtime = mtime self.request_uri = uri + path = uri_path_to_path(uri, is_valid_ftp_path_part) + if path is None: + self.parent.file_not_found() + return self.remote_file = (self.parent.backendServer.path + '/' - + uri) + + path) self.ftpFetchMtime() def ftpFetchMtime(self): @@ -645,11 +677,11 @@ def ftpListResult(self, msg): __pychecker__ = 'unusednames=msg' - if len(filelist.files)== 0: + if len(self.filelist.files)== 0: log.debug("Not found on backend server",'ftp_client') self.parent.file_not_found() return - file = filelist.files[0] + file = self.filelist.files[0] self.parent.server_size(file['size']) fetcher.ftpFetchFile() @@ -1101,4 +1133,4 @@ def stop(self): for q in self.queues.values(): - q.stop() \ No newline at end of file + q.stop() diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/debian/changelog /tmp/pPXWdysC6N/apt-proxy-1.9.35/debian/changelog --- /tmp/NrgCfDj69G/apt-proxy-1.9.35/debian/changelog 2006-08-15 00:01:41.000000000 +0200 +++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/debian/changelog 2006-12-27 12:33:23.000000000 +0100 @@ -1,3 +1,16 @@ +apt-proxy (1.9.35-0.1) unstable; urgency=high + + * Non-maintainer upload. + * Use "self.filelist" instead of "filelist" in ftpListResult() (in + fetchers.py), as the latter is a non-existant variable, giving 500 + errors when SIZE failed in an FTP session for some reason. + (Closes: #402481) + * Make the FTP fetcher unescape file names before fetching, which makes + ~ in file names work again with FTP; patch from Ben Hutchings. + (Closes: #393483, #386344) + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Wed, 27 Dec 2006 12:20:45 +0100 + apt-proxy (1.9.35) unstable; urgency=low * http_proxy option: diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/apt-proxy.pot /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/apt-proxy.pot --- /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/apt-proxy.pot 2006-08-14 14:48:00.000000000 +0200 +++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/apt-proxy.pot 2006-12-27 12:26:20.000000000 +0100 @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2006-08-14 12:59+0100\n" +"POT-Creation-Date: 2006-12-27 12:26+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <[EMAIL PROTECTED]>\n" "Language-Team: LANGUAGE <[EMAIL PROTECTED]>\n" @@ -699,7 +699,7 @@ # type: TH #: doc/apt-proxy-import.8:2 #, no-wrap -msgid "August 2006" +msgid "December 2006" msgstr "" # type: TH @@ -708,12 +708,6 @@ msgid "Debian GNU/Linux" msgstr "" -# type: TH -#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1 -#, no-wrap -msgid " " -msgstr "" - # type: Plain text #: doc/apt-proxy-import.8:5 msgid "apt-proxy-import - Import packages into the apt-proxy cache." diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/fr.po /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/fr.po --- /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/fr.po 2006-08-14 14:48:00.000000000 +0200 +++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/fr.po 2006-12-27 12:26:20.000000000 +0100 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: apt-proxy 1.3.6.1\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2006-08-14 12:59+0100\n" +"POT-Creation-Date: 2006-12-27 12:26+0100\n" "PO-Revision-Date: 2005-10-18 19:14+0200\n" "Last-Translator: Sylvain Archenault <[EMAIL PROTECTED]>\n" "Language-Team: French <French <debian-l10n-french@lists.debian.org>>\n" @@ -799,9 +799,9 @@ # type: TH #: doc/apt-proxy-import.8:2 -#, no-wrap -msgid "August 2006" -msgstr "" +#, fuzzy, no-wrap +msgid "December 2006" +msgstr "novembre 2002" # type: TH #: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1 @@ -809,12 +809,6 @@ msgid "Debian GNU/Linux" msgstr "Debian GNU/Linux" -# type: TH -#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1 -#, fuzzy, no-wrap -msgid " " -msgstr " " - # type: Plain text #: doc/apt-proxy-import.8:5 msgid "apt-proxy-import - Import packages into the apt-proxy cache." @@ -1086,6 +1080,11 @@ msgstr "Manuel Estrada Sainz E<lt>[EMAIL PROTECTED]<gt>" # type: TH +#, fuzzy +#~ msgid " " +#~ msgstr " " + +# type: TH #~ msgid "October 2005" #~ msgstr "Octobre 2005"