The problem is: the http methods URL-encodes URLs before sending them,
the https one does not. And our redirecting code decodes the locations
given, because the http method encodes them.
This is of course horribly broken: We should not decode the location and
re-encode it in the first place. That said, we can't fix this right now,
so a simple work around for this issue is probably to just do the
quoting in the https method as well.
I hope we can get rid of the https method, and just add TLS support to
our own method - that will get rid of a lot of problems with the https
one.
** No longer affects: curl (Ubuntu)
** Changed in: apt (Ubuntu)
Importance: Undecided => Medium
** Changed in: apt (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1651923
Title:
apt https method decodes redirect locations and sends them to the
destination undecoded.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1651923/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
