Bug#636794: doesn't escape '+' properly for buildd webjump

[Axel Beckert]

reassign 636794 buildd.debian.org
retitle 636794 Redirects from http(s)://buildd.debian.org/$packagename don't 
escape "+" properly
kthxbye

Christoph Egger wrote:
> Package: conkeror
> Version: 0.9.3+git110719-1
> Severity: minor
> 
>     using the buildd webjump e.g. for `buildd getfem++` will fail
> because the '+' sign is not properly escaped as %2b

I just investigated this issue closer: It's definitely a bug on
buildd.debian.org, namely in its redirects:

Conkeror escapes it correctly, you can glimpse that in the status bar
at the bottom if the page is not yet cached. I'll show the issue by
comparing the debpkg and buildd webjumps, as both are defined the same
way:

define_webjump("debpkg", "http://packages.debian.org/%s";);
define_webjump("buildd", "https://buildd.debian.org/%s";);

Both target the shortcut URLs to be able to use all the features
packed in those redirects.

While both http://packages.debian.org/getfem%2B%2B (as from the
"debpkg getfem++" webjump) and http://packages.debian.org/getfem++
properly redirect
http://packages.debian.org/search?keywords=getfem%2B%2B and hence show
the expect result, that doesn't work for the buildd.debian.org
redirect:

$ GET -SUsed 'http://buildd.debian.org/getfem%2B%2B'
GET http://buildd.debian.org/getfem%2B%2B
User-Agent: lwp-request/6.00 libwww-perl/6.02

301 Moved Permanently
Connection: close
Date: Sun, 04 Sep 2011 20:01:11 GMT
Location: https://buildd.debian.org/getfem++
Server: Apache
Vary: Accept-Encoding
Content-Length: 309
Content-Type: text/html; charset=iso-8859-1
Client-Date: Sun, 04 Sep 2011 20:01:11 GMT
Client-Peer: 194.177.211.200:80
Client-Response-Num: 1
Title: 301 Moved Permanently

GET https://buildd.debian.org/getfem++
User-Agent: lwp-request/6.00 libwww-perl/6.02

302 Found
Connection: close
Date: Sun, 04 Sep 2011 20:01:12 GMT
Location: https://buildd.debian.org/status/package.php?p=getfem++
Server: Apache
Vary: Accept-Encoding
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
Client-Date: Sun, 04 Sep 2011 20:01:12 GMT
Client-Peer: 2001:648:2ffc:deb:214:22ff:fe74:1fa:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: 
/O=Debian/CN=ca.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cert-Subject: 
/O=Debian/CN=buildd.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 302 Found

GET https://buildd.debian.org/status/package.php?p=getfem++
User-Agent: lwp-request/6.00 libwww-perl/6.02

200 OK
Connection: close
Date: Sun, 04 Sep 2011 20:01:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Client-Date: Sun, 04 Sep 2011 20:01:13 GMT
Client-Peer: 2001:648:2ffc:deb:214:22ff:fe74:1fa:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: 
/O=Debian/CN=ca.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cert-Subject: 
/O=Debian/CN=buildd.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Socket-Class: IO::Socket::SSL
Client-Transfer-Encoding: chunked
Link: <media/revamp.css>; rel="stylesheet"; type="text/css"
Link: <media/pkg.css>; rel="StyleSheet"; type="text/css"
Link: <media/status.css>; rel="StyleSheet"; type="text/css"
Title: Buildd status for getfem
X-Powered-By: PHP/5.3.3-7+squeeze3

So there are actually several redirects involved and the first one
from http to https seems to introduce the breakage in our case:

http://buildd.debian.org/getfem%2B%2B
https://buildd.debian.org/getfem++
https://buildd.debian.org/status/package.php?p=getfem++

But initiall requesting it via https doesn't help:

 GET -SUsed 'https://buildd.debian.org/getfem%2B%2B'
GET https://buildd.debian.org/getfem%2B%2B
User-Agent: lwp-request/6.00 libwww-perl/6.02

302 Found
Connection: close
Date: Sun, 04 Sep 2011 20:05:39 GMT
Location: https://buildd.debian.org/status/package.php?p=getfem++
Server: Apache
Vary: Accept-Encoding
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
Client-Date: Sun, 04 Sep 2011 20:05:40 GMT
Client-Peer: 2001:648:2ffc:deb:214:22ff:fe74:1fa:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: 
/O=Debian/CN=ca.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cert-Subject: 
/O=Debian/CN=buildd.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 302 Found

GET https://buildd.debian.org/status/package.php?p=getfem++
User-Agent: lwp-request/6.00 libwww-perl/6.02

200 OK
Connection: close
Date: Sun, 04 Sep 2011 20:05:40 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Client-Date: Sun, 04 Sep 2011 20:05:40 GMT
Client-Peer: 2001:648:2ffc:deb:214:22ff:fe74:1fa:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: 
/O=Debian/CN=ca.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cert-Subject: 
/O=Debian/CN=buildd.debian.org/emailAddress=debian-ad...@debian.org
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Socket-Class: IO::Socket::SSL
Client-Transfer-Encoding: chunked
Link: <media/revamp.css>; rel="stylesheet"; type="text/css"
Link: <media/pkg.css>; rel="StyleSheet"; type="text/css"
Link: <media/status.css>; rel="StyleSheet"; type="text/css"
Title: Buildd status for getfem
X-Powered-By: PHP/5.3.3-7+squeeze3

I could workaround that in Conkeror by not using the redirect feature,
but I think this should be fixed at the origin of the problem, hence
reassigning the bug to buildd.debian.org.

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org