[apt-proxy-devel] r643 - in branches/etch: . apt_proxy debian doc/po

Chris Halls halls at alioth.debian.org
Wed Jan 24 13:54:07 CET 2007 

Author: halls
Date: Wed Jan 24 13:54:07 2007
New Revision: 643

Added:
   branches/etch/
      - copied from r642, tags/1.9.35/
Modified:
   branches/etch/apt_proxy/fetchers.py
   branches/etch/debian/changelog
   branches/etch/doc/po/apt-proxy.pot
   branches/etch/doc/po/fr.po
Log:
Import NMU:
	apt-proxy (1.9.35-0.1) unstable; urgency=high

	  * Non-maintainer upload.
	  * Use "self.filelist" instead of "filelist" in ftpListResult() (in
	    fetchers.py), as the latter is a non-existant variable, giving 500
	    errors when SIZE failed in an FTP session for some reason.
	    (Closes: #402481)
	  * Make the FTP fetcher unescape file names before fetching, which makes
	    ~ in file names work again with FTP; patch from Ben Hutchings.
	    (Closes: #393483, #386344)

	 -- Steinar H. Gunderson <sesse at debian.org>  Wed, 27 Dec 2006 12:20:45 +0100


Modified: branches/etch/apt_proxy/fetchers.py
==============================================================================
--- tags/1.9.35/apt_proxy/fetchers.py	(original)
+++ branches/etch/apt_proxy/fetchers.py	Wed Jan 24 13:54:07 2007
@@ -21,7 +21,7 @@
 network backends
 """
 
-import re, os, string, time, glob, signal, stat, base64
+import re, os, string, time, glob, signal, stat, base64, urllib
 from twisted.web import static, http
 from twisted.internet import protocol, reactor, defer, error, abstract
 from twisted.python import failure
@@ -244,6 +244,23 @@
             self.connection_closed(self.fetcher)
         self.deferred.callback((True, ""))
 
+def uri_path_to_path(path, check_part):
+    # Split into parts and unescape them.
+    parts = [urllib.unquote(part) for part in path.split('/')]
+    for part in parts:
+        if not check_part(part):
+            return None
+    # Join up the parts.
+    return os.sep.join(parts)
+
+def is_valid_local_path_part(part):
+    # Deny use of parent directory or characters that are invalid in a
+    # path part.
+    return not (part == os.pardir
+                or '\0' in part
+                or os.sep in part
+                or (os.altsep and os.altsep in part))
+
 class FileFetcher:
     """
     A Fetcher that simply copies files from disk
@@ -268,7 +285,11 @@
         self.cache_mtime = mtime
         self.request_uri = uri
 
-        self.local_file = self.backendServer.uri[len("file://"):] + '/' + uri
+        path = uri_path_to_path(uri, is_valid_local_path_part)
+        if path is None:
+            self.parent.file_not_found()
+            return
+        self.local_file = self.backendServer.uri[len("file://"):] + '/' + path
         if not os.path.exists(self.local_file):
             self.parent.file_not_found()
             return
@@ -508,6 +529,13 @@
             self.connection.transport.loseConnection()
             self.isConnected = False
 
+# RFC 959 says pathnames must be ASCII and not include CR or LF.
+ftp_path_part_re = re.compile(r'[^\r\n\x80-\xFF]+$')
+def is_valid_ftp_path_part(part):
+    # Also deny use of parent directory, assuming Unix path conventions
+    # on the server.
+    return part != '..' and ftp_path_part_re.match(part)
+
 class FtpFetcher(protocol.Protocol):
     """
     This is the secuence here:
@@ -575,8 +603,12 @@
         self.parent = fetcher
         self.cache_mtime = mtime
         self.request_uri = uri
+        path = uri_path_to_path(uri, is_valid_ftp_path_part)
+        if path is None:
+            self.parent.file_not_found()
+            return
         self.remote_file = (self.parent.backendServer.path + '/' 
-                            + uri)
+                            + path)
         self.ftpFetchMtime()
 
     def ftpFetchMtime(self):
@@ -645,11 +677,11 @@
 
     def ftpListResult(self, msg):
         __pychecker__ = 'unusednames=msg'
-        if len(filelist.files)== 0:
+        if len(self.filelist.files)== 0:
             log.debug("Not found on backend server",'ftp_client')
             self.parent.file_not_found()
             return
-        file = filelist.files[0]
+        file = self.filelist.files[0]
         self.parent.server_size(file['size'])
         fetcher.ftpFetchFile()
 
@@ -1101,4 +1133,4 @@
 
     def stop(self):
         for q in self.queues.values():
-            q.stop()
\ No newline at end of file
+            q.stop()

Modified: branches/etch/debian/changelog
==============================================================================
--- tags/1.9.35/debian/changelog	(original)
+++ branches/etch/debian/changelog	Wed Jan 24 13:54:07 2007
@@ -1,3 +1,16 @@
+apt-proxy (1.9.35-0.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Use "self.filelist" instead of "filelist" in ftpListResult() (in
+    fetchers.py), as the latter is a non-existant variable, giving 500
+    errors when SIZE failed in an FTP session for some reason.
+    (Closes: #402481)
+  * Make the FTP fetcher unescape file names before fetching, which makes
+    ~ in file names work again with FTP; patch from Ben Hutchings.
+    (Closes: #393483, #386344)
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Wed, 27 Dec 2006 12:20:45 +0100
+
 apt-proxy (1.9.35) unstable; urgency=low
 
   * http_proxy option:

Modified: branches/etch/doc/po/apt-proxy.pot
==============================================================================
--- tags/1.9.35/doc/po/apt-proxy.pot	(original)
+++ branches/etch/doc/po/apt-proxy.pot	Wed Jan 24 13:54:07 2007
@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2006-08-14 12:59+0100\n"
+"POT-Creation-Date: 2006-12-27 12:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
 "Language-Team: LANGUAGE <LL at li.org>\n"
@@ -699,7 +699,7 @@
 # type: TH
 #: doc/apt-proxy-import.8:2
 #, no-wrap
-msgid "August 2006"
+msgid "December 2006"
 msgstr ""
 
 # type: TH
@@ -708,12 +708,6 @@
 msgid "Debian GNU/Linux"
 msgstr ""
 
-# type: TH
-#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
-#, no-wrap
-msgid " "
-msgstr ""
-
 # type: Plain text
 #: doc/apt-proxy-import.8:5
 msgid "apt-proxy-import - Import packages into the apt-proxy cache."

Modified: branches/etch/doc/po/fr.po
==============================================================================
--- tags/1.9.35/doc/po/fr.po	(original)
+++ branches/etch/doc/po/fr.po	Wed Jan 24 13:54:07 2007
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: apt-proxy 1.3.6.1\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-08-14 12:59+0100\n"
+"POT-Creation-Date: 2006-12-27 12:26+0100\n"
 "PO-Revision-Date: 2005-10-18 19:14+0200\n"
 "Last-Translator: Sylvain Archenault <sylvain.archenault at laposte.net>\n"
 "Language-Team: French <French <debian-l10n-french at lists.debian.org>>\n"
@@ -799,9 +799,9 @@
 
 # type: TH
 #: doc/apt-proxy-import.8:2
-#, no-wrap
-msgid "August 2006"
-msgstr ""
+#, fuzzy, no-wrap
+msgid "December 2006"
+msgstr "novembre 2002"
 
 # type: TH
 #: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
@@ -809,12 +809,6 @@
 msgid "Debian GNU/Linux"
 msgstr "Debian GNU/Linux"
 
-# type: TH
-#: doc/apt-proxy-import.8:2 doc/apt-proxy-v1tov2.8:1
-#, fuzzy, no-wrap
-msgid " "
-msgstr " "
-
 # type: Plain text
 #: doc/apt-proxy-import.8:5
 msgid "apt-proxy-import - Import packages into the apt-proxy cache."
@@ -1086,6 +1080,11 @@
 msgstr "Manuel Estrada Sainz E<lt>ranty at debian.orgE<gt>"
 
 # type: TH
+#, fuzzy
+#~ msgid " "
+#~ msgstr " "
+
+# type: TH
 #~ msgid "October 2005"
 #~ msgstr "Octobre 2005"

More information about the apt-proxy-devel mailing list