Encode any ":", "@" or "/" within the user and password field in proxy settings.

This also happens with entering using authentication via the gui proxy settings.

My understanding was that in apt.conf it should work if you URL encode the @ sign ie:

http_proxy=http://user:p%40ssword@server:9080

But entering this via the gui or by directly adding it to apt.conf did not work.

Using the gui with the above it would complain that "could not find host ssword@server" so somewhere there someone was URL decodign the string before splitting on the @ sign as well.

This was in a Ubuntu 7.10 installation

According to the specs (http://www.w3.org/Addressing/rfc1738.txt) the scheme http://<user>:<password>@<host>:<port>/ is not valid.
The specs also mentioned that:
"The user name (and password), if present, are followed by a
   commercial at-sign "@". Within the user and password field, any ":",
   "@", or "/" must be encoded.
"

So there is a synaptic issue not encoding username and password and an apt issue accepting an invalid scheme but this behavior is documented in the apt.conf man page.
Setting to triaged.

This is a bit of a stack in the dark, but could you please try:

=== modified file 'apt-pkg/acquire-worker.cc'
--- apt-pkg/acquire-worker.cc 2009-07-21 14:05:52 +0000
+++ apt-pkg/acquire-worker.cc 2010-03-25 14:05:09 +0000
@@ -464,7 +464,7 @@
    {
       if (Top->Value.empty() == false)
       {
- string Line = "Config-Item: " + QuoteString(Top->FullTag(),"=\"\n") + "=";
+ string Line = "Config-Item: " + QuoteString(Top->FullTag(),"%=\"\n") + "=";
   Line += QuoteString(Top->Value,"\n") + '\n';
   Message += Line;
       }

and see if that helps?

I just played with this in python-apt:

>>> import apt_pkg
>>> s="http://user2:p%40s%2Fs%3Aword@localhost:3128"
>>> apt_pkg.DeQuoteString(apt_pkg.QuoteString(s, '="\n'))
'http://user2:p@s/s:word@localhost:3128'
>>> apt_pkg.DeQuoteString(apt_pkg.QuoteString(s, '="\n%'))
'http://user2:p%40s%2Fs%3Aword@localhost:3128'
>>> apt_pkg.DeQuoteString(apt_pkg.QuoteString(s, '="\n%')) == s
True

And I think it may fix the problem.

debug log.

The proxy string http://user2:p%40ssword@localhost:3128
And you'll see the host part interpreted by apt is "ssword@localhost:3128"
The parser in strutl stops at the 1rst @ (which is correct)
The password shouldn't be unquoted before being parsed.

The problem is not the encoding of messages between the worker and the method but in the method's configuration handler AcqMethod::Configuration

This method takes the message string, unquote all the items (hence the URI), and set the associated configuration item.
The De/QuoteString method is not bijective if the string already contains one of the unquoted character.
e.g
http://user2:p%40ssword@localhost:3128 is unquoted to http://user2:p@ssword@localhost:3128
the resulting string is an invalid URI and cannot be parsed and the quoting cannot be reversed because
http://user2:p@ssword@localhost:3128 will give http://user2:p%40ssword%40localhost:3128

I made a quick fix to the parser for the '@' but if the password contains an '/' it becomes quite tricky and it's more of a hack than a fix. Furthermore the problem is not the uri parser here.

We cannot escape the URI in HttpMethod::Configuration for the reason above.

At first sight, a solution could be to add an exclusion list of items that should not be dequoted in the configuration handler and processed specifically in each method.

I'll try to post a prototype.

Apt fix committed to my branch r1755

For information the latest about URI syntax is RFC is 3986

reaffecting to gnome-terminal since it's it that set http_proxy.

here is the patch for the gnome-terminal.

Note to sponsors, this is a group a 3 patches. the synaptic and gnome-terminal patches make sense only if the apt patch is applied.

Thanks.

the following updated patch has been applied upstream to gnome-terminal
http://git.gnome.org/browse/gnome-terminal/commit/?id=f0720f921f3e06e5773ac378fa6da78b9329972a

Thanks to Behdad Esfahbod

The fox for apt is at http://bazaar.launchpad.net/~donkult/apt/sid/revision/1985

This bug was fixed in the package apt - 0.7.25.3ubuntu5

---------------
apt (0.7.25.3ubuntu5) lucid; urgency=low

  [ David Kalnischkies ]
  * cmdline/apt-get.cc:
    - try version match in FindSrc first exact than fuzzy (LP: #551178)

  [ Jean-Baptiste Lallement ]
  * apt-pkg/contrib/strutl.cc:
    - always escape '%' (LP: #130289) (Closes: #500560)
    - unescape '%' sequence only if followed by 2 hex digit
    - username/password are urlencoded in proxy string (RFC 3986)
 -- Michael Vogt <email address hidden> Wed, 31 Mar 2010 21:59:42 +0200

synaptic (0.63.1ubuntu3) lucid; urgency=low

  [ Jean-Baptiste Lallement ]
  * * gtk/rgpreferenceswindow.cc: escape '@/:%' in proxy auth string (LP:
+130289)