Bug#497983: apt-transport-https: Timeout incorrectly applied to Curl in https method
Package: apt-transport-https
Version: 0.7.14+b1
Severity: important
Tags: patch
*** Please type your report below this line ***
apt-transport-https incorrectly applies the connection timeout,
specified as Acquire::http::Timeout, to CURLOPT_TIMEOUT and
CURLOPT_CONNECTTIMEOUT. The 'http' method correctly applies the timeout
to only the initial connection whereas apt-transport-https is applying
the same timeout to both the initial connection and the life of the
connection itself. Upon reaching this timeout, Curl immediately
terminates the connection, including active ones. This results in large
packages (such as kernels) being downloaded over slow internet
connections being unobtainable via apt. The recommended solution should
be to avoid setting CURLOPT_TIMEOUT. According to Curl documentation,
there is no default value for CURLOPT_TIMEOUT.
Patch listed below, to apply:
- Copy all content between '%%%' markers
- Paste into a new file, such as apt-0.7.14-https_timeout_fix.patch
- Download apt source, ie: apt-get source apt-transport-https
- Enter the source tree
- Apply patch, ie: patch -p0 < apt-0.7.14-https_timeout_fix.patch
- Build: dpkg-buildpackage -us -uc
- Install and test
%%%
diff -Naur ../apt-0.7.14.orig/methods/https.cc ./methods/https.cc
--- ../apt-0.7.14.orig/methods/https.cc 2008-05-28 06:22:14.000000000 -0700
+++ ./methods/https.cc 2008-09-05 12:17:58.000000000 -0700
@@ -170,7 +170,6 @@
// set timeout
int timeout = _config->FindI("Acquire::http::Timeout",120);
- curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
// debug
%%%
References:
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTTIMEOUT
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCONNECTTIMEOUT
--
Charles Hooper
Systems Engineer, NeuralIQ
GPG PubKey ID: 0x31A529AD
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apt-transport-https depends on:
ii apt [libapt-pkg-libc6.7-6-4.6 0.7.14+b1 Advanced front-end for dpkg
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libcurl3-gnutls 7.18.2-7 Multi-protocol file
transfer libra
ii libgcc1 1:4.3.1-7 GCC support library
ii libstdc++6 4.3.1-7 The GNU Standard C++ Library v3
apt-transport-https recommends no packages.
apt-transport-https suggests no packages.
-- no debconf information
Reply to: