Package: apt-proxy
Version: 1.9.35
Severity: normal
Tags: patch
Hi,
Attached is the diff for my apt-proxy 1.9.35-0.1 NMU.
diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/apt_proxy/fetchers.py /tmp/pPXWdysC6N/apt-proxy-1.9.35/apt_proxy/fetchers.py
--- /tmp/NrgCfDj69G/apt-proxy-1.9.35/apt_proxy/fetchers.py 2006-08-14 14:44:57.000000000 +0200
+++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/apt_proxy/fetchers.py 2006-12-27 12:33:47.000000000 +0100
@@ -21,7 +21,7 @@
network backends
"""
-import re, os, string, time, glob, signal, stat, base64
+import re, os, string, time, glob, signal, stat, base64, urllib
from twisted.web import static, http
from twisted.internet import protocol, reactor, defer, error, abstract
from twisted.python import failure
@@ -244,6 +244,23 @@
self.connection_closed(self.fetcher)
self.deferred.callback((True, ""))
+def uri_path_to_path(path, check_part):
+ # Split into parts and unescape them.
+ parts = [urllib.unquote(part) for part in path.split('/')]
+ for part in parts:
+ if not check_part(part):
+ return None
+ # Join up the parts.
+ return os.sep.join(parts)
+
+def is_valid_local_path_part(part):
+ # Deny use of parent directory or characters that are invalid in a
+ # path part.
+ return not (part == os.pardir
+ or '\0' in part
+ or os.sep in part
+ or (os.altsep and os.altsep in part))
+
class FileFetcher:
"""
A Fetcher that simply copies files from disk
@@ -268,7 +285,11 @@
self.cache_mtime = mtime
self.request_uri = uri
- self.local_file = self.backendServer.uri[len("file://"):] + '/' + uri
+ path = uri_path_to_path(uri, is_valid_local_path_part)
+ if path is None:
+ self.parent.file_not_found()
+ return
+ self.local_file = self.backendServer.uri[len("file://"):] + '/' + path
if not os.path.exists(self.local_file):
self.parent.file_not_found()
return
@@ -508,6 +529,13 @@
self.connection.transport.loseConnection()
self.isConnected = False
+# RFC 959 says pathnames must be ASCII and not include CR or LF.
+ftp_path_part_re = re.compile(r'[^\r\n\x80-\xFF]+$')
+def is_valid_ftp_path_part(part):
+ # Also deny use of parent directory, assuming Unix path conventions
+ # on the server.
+ return part != '..' and ftp_path_part_re.match(part)
+
class FtpFetcher(protocol.Protocol):
"""
This is the secuence here:
@@ -575,8 +603,12 @@
self.parent = fetcher
self.cache_mtime = mtime
self.request_uri = uri
+ path = uri_path_to_path(uri, is_valid_ftp_path_part)
+ if path is None:
+ self.parent.file_not_found()
+ return
self.remote_file = (self.parent.backendServer.path + '/'
- + uri)
+ + path)
self.ftpFetchMtime()
def ftpFetchMtime(self):
@@ -645,11 +677,11 @@
def ftpListResult(self, msg):
__pychecker__ = 'unusednames=msg'
- if len(filelist.files)== 0:
+ if len(self.filelist.files)== 0:
log.debug("Not found on backend server",'ftp_client')
self.parent.file_not_found()
return
- file = filelist.files[0]
+ file = self.filelist.files[0]
self.parent.server_size(file['size'])
fetcher.ftpFetchFile()
@@ -1101,4 +1133,4 @@
def stop(self):
for q in self.queues.values():
- q.stop()
\ No newline at end of file
+ q.stop()
diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/debian/changelog /tmp/pPXWdysC6N/apt-proxy-1.9.35/debian/changelog
--- /tmp/NrgCfDj69G/apt-proxy-1.9.35/debian/changelog 2006-08-15 00:01:41.000000000 +0200
+++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/debian/changelog 2006-12-27 12:33:23.000000000 +0100
@@ -1,3 +1,16 @@
+apt-proxy (1.9.35-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Use "self.filelist" instead of "filelist" in ftpListResult() (in
+ fetchers.py), as the latter is a non-existant variable, giving 500
+ errors when SIZE failed in an FTP session for some reason.
+ (Closes: #402481)
+ * Make the FTP fetcher unescape file names before fetching, which makes
+ ~ in file names work again with FTP; patch from Ben Hutchings.
+ (Closes: #393483, #386344)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Wed, 27 Dec 2006 12:20:45 +0100
+
apt-proxy (1.9.35) unstable; urgency=low
* http_proxy option:
diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/apt-proxy.pot /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/apt-proxy.pot
--- /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/apt-proxy.pot 2006-08-14 14:48:00.000000000 +0200
+++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/apt-proxy.pot 2006-12-27 12:26:20.000000000 +0100
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2006-08-14 12:59+0100\n"
+"POT-Creation-Date: 2006-12-27 12:26+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <[EMAIL PROTECTED]>\n"
"Language-Team: LANGUAGE <[EMAIL PROTECTED]>\n"
@@ -699,7 +699,7 @@
# type: TH
#: doc/apt-proxy-import.8:2
#, no-wrap
-msgid "August 2006"
+msgid "December 2006"
msgstr ""
# type: TH
@@ -708,12 +708,6 @@
msgid "Debian GNU/Linux"
msgstr ""
-# type: TH
-#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
-#, no-wrap
-msgid " "
-msgstr ""
-
# type: Plain text
#: doc/apt-proxy-import.8:5
msgid "apt-proxy-import - Import packages into the apt-proxy cache."
diff -Nru /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/fr.po /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/fr.po
--- /tmp/NrgCfDj69G/apt-proxy-1.9.35/doc/po/fr.po 2006-08-14 14:48:00.000000000 +0200
+++ /tmp/pPXWdysC6N/apt-proxy-1.9.35/doc/po/fr.po 2006-12-27 12:26:20.000000000 +0100
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: apt-proxy 1.3.6.1\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-08-14 12:59+0100\n"
+"POT-Creation-Date: 2006-12-27 12:26+0100\n"
"PO-Revision-Date: 2005-10-18 19:14+0200\n"
"Last-Translator: Sylvain Archenault <[EMAIL PROTECTED]>\n"
"Language-Team: French <French <[email protected]>>\n"
@@ -799,9 +799,9 @@
# type: TH
#: doc/apt-proxy-import.8:2
-#, no-wrap
-msgid "August 2006"
-msgstr ""
+#, fuzzy, no-wrap
+msgid "December 2006"
+msgstr "novembre 2002"
# type: TH
#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
@@ -809,12 +809,6 @@
msgid "Debian GNU/Linux"
msgstr "Debian GNU/Linux"
-# type: TH
-#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
-#, fuzzy, no-wrap
-msgid " "
-msgstr " "
-
# type: Plain text
#: doc/apt-proxy-import.8:5
msgid "apt-proxy-import - Import packages into the apt-proxy cache."
@@ -1086,6 +1080,11 @@
msgstr "Manuel Estrada Sainz E<lt>[EMAIL PROTECTED]<gt>"
# type: TH
+#, fuzzy
+#~ msgid " "
+#~ msgstr " "
+
+# type: TH
#~ msgid "October 2005"
#~ msgstr "Octobre 2005"
