Bug#497983: apt-transport-https: Timeout incorrectly applied to Curl in https method

To: submit@bugs.debian.org
Subject: Bug#497983: apt-transport-https: Timeout incorrectly applied to Curl in https method
From: Charles Hooper <chooper@neuraliq.com>
Date: Fri, 05 Sep 2008 15:12:09 -0700
Message-id: <[🔎] 48C1AEB9.6020100@neuraliq.com>
Reply-to: Charles Hooper <chooper@neuraliq.com>, 497983@bugs.debian.org

Package: apt-transport-https
Version: 0.7.14+b1
Severity: important
Tags: patch

*** Please type your report below this line ***
apt-transport-https incorrectly applies the connection timeout,
specified as Acquire::http::Timeout, to CURLOPT_TIMEOUT and
CURLOPT_CONNECTTIMEOUT. The 'http' method correctly applies the timeout
to only the initial connection whereas apt-transport-https is applying
the same timeout to both the initial connection and the life of the
connection itself. Upon reaching this timeout, Curl immediately
terminates the connection, including active ones. This results in large
packages (such as kernels) being downloaded over slow internet
connections being unobtainable via apt. The recommended solution should
be to avoid setting CURLOPT_TIMEOUT. According to Curl documentation,
there is no default value for CURLOPT_TIMEOUT.

Patch listed below, to apply:
- Copy all content between '%%%' markers
- Paste into a new file, such as apt-0.7.14-https_timeout_fix.patch
- Download apt source, ie: apt-get source apt-transport-https
- Enter the source tree
- Apply patch, ie: patch -p0 < apt-0.7.14-https_timeout_fix.patch
- Build: dpkg-buildpackage -us -uc
- Install and test

%%%
diff -Naur ../apt-0.7.14.orig/methods/https.cc ./methods/https.cc
--- ../apt-0.7.14.orig/methods/https.cc 2008-05-28 06:22:14.000000000 -0700
+++ ./methods/https.cc  2008-09-05 12:17:58.000000000 -0700
@@ -170,7 +170,6 @@

    // set timeout
    int timeout = _config->FindI("Acquire::http::Timeout",120);
-   curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
    curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);

    // debug
%%%

References:
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTTIMEOUT
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCONNECTTIMEOUT

--
Charles Hooper
Systems Engineer, NeuralIQ
GPG PubKey ID: 0x31A529AD

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apt-transport-https depends on:
ii  apt [libapt-pkg-libc6.7-6-4.6 0.7.14+b1  Advanced front-end for dpkg
ii  libc6                         2.7-12     GNU C Library: Shared libraries
ii  libcurl3-gnutls               7.18.2-7   Multi-protocol file
transfer libra
ii  libgcc1                       1:4.3.1-7  GCC support library
ii  libstdc++6                    4.3.1-7    The GNU Standard C++ Library v3

apt-transport-https recommends no packages.

apt-transport-https suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Bug#459873: marked as done (python-apt: Unmet dependencies)
Next by Date: Processed: your mail
Previous by thread: Bug#459873: marked as done (python-apt: Unmet dependencies)
Next by thread: Processed: your mail
Index(es):
- Date
- Thread