--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: https method breaks with ignored range requests
- From: Marius Vollmer <marius.vollmer@nokia.com>
- Date: Thu, 10 Mar 2011 09:54:56 +0200
- Message-id: <8762rr2ywf.fsf@big.research.nokia.com>
Package: apt
Version: 0.8.10.3
Severity: normal
Tags: patch
The https method make a range request for files that are already
partially downloaded. However, it does not handle the case where the
server ignores the range request and replies with the complete file
anyway, which is legal (status code 200 OK and not status code 206
Partial Content).
The attached patch fixes this by simply not making any range requests.
That's not optimal, of course, but better than corrupting files.
I haven't really looked at libcurl to see what it would take to properly
support range requests. If just the status code needs to be checked,
then it should be fairly easy, but I am not totally sure about that.
-- Package-specific info:
-- (no /etc/apt/preferences present) --
-- (/etc/apt/sources.list present, but not submitted) --
-- System Information:
Debian Release: 6.0
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian a
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.6.3-3.2 terminal-based package manager (te
ii bzip2 1.0.5-6 high-quality block-sorting file co
ii dpkg-dev 1.15.8.10 Debian package development tools
pn lzma <none> (no description available)
ii python-apt 0.7.100.1 Python interface to libapt-pkg
ii synaptic 0.70~pre1+b1 Graphical package manager
-- no debconf information
Index: apt/methods/https.cc
===================================================================
--- apt.orig/methods/https.cc 2011-03-09 15:54:49.000000000 +0200
+++ apt/methods/https.cc 2011-03-09 15:56:51.000000000 +0200
@@ -99,7 +99,6 @@
bool HttpsMethod::Fetch(FetchItem *Itm)
{
stringstream ss;
- struct stat SBuf;
struct curl_slist *headers=NULL;
char curl_errorstr[CURL_ERROR_SIZE];
long curl_responsecode;
@@ -249,25 +248,20 @@
// error handling
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr);
- // if we have the file send an if-range query with a range header
- if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
- {
- char Buf[1000];
- sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",
- (long)SBuf.st_size - 1,
- TimeRFC1123(SBuf.st_mtime).c_str());
- headers = curl_slist_append(headers, Buf);
- }
- else if(Itm->LastModified > 0)
+ if(Itm->LastModified > 0)
{
curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified);
}
- // go for it - if the file exists, append on it
+ // go for it
+
+ // XXX - If the file exists, we replace it completely. using a
+ // range request would be better, but then we need to handle
+ // all the possible responses to it, which doesn't seem to be
+ // entirely trivial.
+
File = new FileFd(Itm->DestFile, FileFd::WriteAny);
- if (File->Size() > 0)
- File->Seek(File->Size() - 1);
// keep apt updated
Res.Filename = Itm->DestFile;
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 0.9.12
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 617643@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Oct 2013 22:39:41 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.9.12
Distribution: unstable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description:
apt - commandline package manager
apt-doc - documentation for APT
apt-transport-https - https download transport for APT
apt-utils - package management related utility programs
libapt-inst1.5 - deb package format runtime library
libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
libapt-pkg-doc - documentation for APT development
libapt-pkg4.12 - package management runtime library
Closes: 617643 617690 667699 710924 722207 722710 723586 724073 724995 725483
Changes:
apt (0.9.12) unstable; urgency=low
.
[ Christian Perrier ]
* Fix typo in apt-private/private-show.cc. Thanks to Benjamin
Keresa. Closes: #724073
.
[ Mark Hymers ]
* fix libapt-inst for >2G debs (closes: #725483)
.
[ David Kalnischkies ]
* don't strip :any from dependencies in single-arch (Closes: 723586)
* pkg from only trusted sources keeps being trusted (Closes: 617690)
* compression-neutral message for missing data.tar member (Closes: 722710)
* print-uris prints regardless of quiet-level again (Closes: 722207)
* retry without partial data after a 416 response (Closes: 710924)
* replace "filesize - 1" trick in http with proper 416 handling
* fix partial (206 and 416) support in https
* handle complete responses to https range requests (Closes: 617643, 667699)
(LP: 1157943)
* don't consider holds for autoremoval (Closes: 724995)
* put fetch errors in 'source' on our errorstack
* use pkgAcqArchive in 'download' for proper errors
* fix lzma-support detection via xz binary
* do not ++ on erased package pointers in autoremove
.
[ Michael Vogt ]
* Add new "apt-get upgrade --with-new-pkgs" option (and add man-page for it).
So "apt-get upgrade --with-new-pkgs" will pull in new dependencies but
never remove packages
* Rename "--dpkg-progress" to "--show-progress" and document it in
apt-get.8. This will show global install progress information in the
terminal.
* Fix status-fd progress calculation for certain multi-arch install/upgrade
situations
* add new -o DpkgPM::Progress-Fancy for nicer dpkg progress output
on vt100+ terminals
* fix libapt-inst for >2G debs (closes: #725483), thanks to Mark Hymers
* debian/apt.postinst: use --compare-versions lt instead of lt-nl,
to ensure the apt-auto-removal file is correctly create,
thanks to Ben Hutchings
* update Uploaders to match recent uploaders better
* Set the default "Acquire::PDiffs::FileLimit" to 20. If the amount
of pdiffs is bigger things tend to get slower. Set
Acquire::PDiffs::FileLimit "0";
in /etc/apt/apt.conf to get the old behavior back.
Checksums-Sha1:
f30d3d9a0d4ebfb020f041c25ac949eb245de582 1609 apt_0.9.12.dsc
2224fad62772ef680a69357c502f591497661260 3419550 apt_0.9.12.tar.gz
eecd0f1cb9548d12e20ea90e745dea7669542971 266314 apt-doc_0.9.12_all.deb
2696057cabfc260de12f03fc449663e5151d8bce 555266 libapt-pkg-doc_0.9.12_all.deb
0181c031db98b81923d0ab9cf7fdfc83b1e2f0f3 718538 libapt-pkg4.12_0.9.12_amd64.deb
760c0684d431cd56bcba3d8fba39bfcf2c162428 157690 libapt-inst1.5_0.9.12_amd64.deb
cf5f9f98cb3f7a91046737986893ba457e5ef047 1046148 apt_0.9.12_amd64.deb
dd88ce5ba4490dcb6eca49aa3fc67ddcbf44a0aa 179468 libapt-pkg-dev_0.9.12_amd64.deb
ec3b2bc19f2b2f440b16bcd0bdcc2c952b0f7a6b 345404 apt-utils_0.9.12_amd64.deb
bb59de5c0700e00fc96b524419c3a36e6cccc38e 124516 apt-transport-https_0.9.12_amd64.deb
Checksums-Sha256:
78f24fd16bf6c254c23e19f53b83710d8839808d1090c327c2b32b5045c8a467 1609 apt_0.9.12.dsc
513f3601229973dd50cba8d8f15dc1cf132055ffb1c719392d6a24625ccb83b7 3419550 apt_0.9.12.tar.gz
7face62fa792b822d1343e1200e30db234250f737aab66231fab541cd23adf31 266314 apt-doc_0.9.12_all.deb
605a91c4501520140bc3115264b7c80c1c142de8fb97f52c1c3c303e783cd44f 555266 libapt-pkg-doc_0.9.12_all.deb
ec9c773acb5db60a2d1967e052c2a2a1a421712fef86f2b79f8694c4e05c4357 718538 libapt-pkg4.12_0.9.12_amd64.deb
a27cf901e23add6e7dd36366c4dcedb2a722f51e8597ae022032213ade6e5626 157690 libapt-inst1.5_0.9.12_amd64.deb
b15111fa0f182441fb7a4618964e690f70b1cd313fc81b18b9354de3153eaf9b 1046148 apt_0.9.12_amd64.deb
c5158266624c96d73a90256e145e7301a45eb830d68d77025bb15245c4f2e412 179468 libapt-pkg-dev_0.9.12_amd64.deb
43c1fcf32fe3b6fca479fce4d45b138df95d91e0cc33440c813a51124cad3762 345404 apt-utils_0.9.12_amd64.deb
35dec3a27c91d249227f780164823f33f10d0e3175d7315bc0d7b7cae3bb7250 124516 apt-transport-https_0.9.12_amd64.deb
Files:
312e8d9df65d80b4bef2a8ec14a88054 1609 admin important apt_0.9.12.dsc
0dbe02d0054d0886d6f21586bb84c8fb 3419550 admin important apt_0.9.12.tar.gz
638d20811f837847c438bdb784757d56 266314 doc optional apt-doc_0.9.12_all.deb
1b6e1c2d85e48c2552156a5264f63d65 555266 doc optional libapt-pkg-doc_0.9.12_all.deb
c8dda7aea9305c969db4f0cc57372c77 718538 libs important libapt-pkg4.12_0.9.12_amd64.deb
7b2273106d08b906fb41e4c47dfdaf3b 157690 libs important libapt-inst1.5_0.9.12_amd64.deb
668965baa0d2dc197ef08e7bf5a9995b 1046148 admin important apt_0.9.12_amd64.deb
adf956bc624f31f5c0ae002896137460 179468 libdevel optional libapt-pkg-dev_0.9.12_amd64.deb
a5562bba051294a97652e756364d1028 345404 admin important apt-utils_0.9.12_amd64.deb
237639eabd7b9adb206b023dd455c877 124516 admin optional apt-transport-https_0.9.12_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iEYEARECAAYFAlJVwLwACgkQliSD4VZixzRgiwCeOvrieGtTn5UYcu4VS2VFJgO6
9pEAn39VFRNyBeTa2ODwfUPsVshnskv0
=yZZr
-----END PGP SIGNATURE-----
--- End Message ---