[Bug 1065429] Re: Long passwords for authenticated repositories not handled well
Brian Murray
brian at ubuntu.com
Thu Oct 11 16:48:17 UTC 2012
** Description changed:
If there is a repository that needs authentication with a long password
- (>64 chars) this is not handled well in apt. It will simply cut it off
- and the authentication will fail with a error from the server instead of
- indicating that the password is too long.
+ or username (>64 chars) this is not handled well in apt. It will simply
+ cut it off and the authentication will fail with a error from the server
+ instead of indicating that the password is too long.
The maximum size of the user/password needs to be increased and a proper
error message on overflow needs to be given.
To test this we need a repository with a long username/password.
+
+ = Test Case =
+ We'll use a pretend repository without any packages at murraytwins.com
+ 1) Add the following line to /etc/apt/sources.list:
+ deb http://murraytwins.com/repository precise multiverse
+ 2) Add the following line (yes, it's all one line) to /etc/apt/auth.conf (likely a new file)
+ machine murraytwins.com/repository/ login mrzx4l98d4tp89jab6giohdrjqysbyjs4npz2ccq25kvjmf5h8u4cmidcko7s4tfr6ur1teuv4ju1af-bp8wz2-hwbqs6tox1bv6csee9psn5309v7488f3dugifm692db2xfq8n1fsz7l87835tr0q36m2p3ftwpoqoy6 password password
+ 3) Run apt-get update
+ 4) Observe a 401 for murraytwins.com:
+ W: Failed to fetch http://murraytwins.com/repository/dists/precise/multiverse/binary-amd64/Packages 401 Authorization Required
+
+ With the version of the package from -proposed you'll receive a 404
+ instead of a 401.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1065429
Title:
Long passwords for authenticated repositories not handled well
Status in “apt” package in Ubuntu:
Fix Released
Status in “apt” source package in Precise:
In Progress
Bug description:
If there is a repository that needs authentication with a long
password or username (>64 chars) this is not handled well in apt. It
will simply cut it off and the authentication will fail with a error
from the server instead of indicating that the password is too long.
The maximum size of the user/password needs to be increased and a
proper error message on overflow needs to be given.
To test this we need a repository with a long username/password.
= Test Case =
We'll use a pretend repository without any packages at murraytwins.com
1) Add the following line to /etc/apt/sources.list:
deb http://murraytwins.com/repository precise multiverse
2) Add the following line (yes, it's all one line) to /etc/apt/auth.conf (likely a new file)
machine murraytwins.com/repository/ login mrzx4l98d4tp89jab6giohdrjqysbyjs4npz2ccq25kvjmf5h8u4cmidcko7s4tfr6ur1teuv4ju1af-bp8wz2-hwbqs6tox1bv6csee9psn5309v7488f3dugifm692db2xfq8n1fsz7l87835tr0q36m2p3ftwpoqoy6 password password
3) Run apt-get update
4) Observe a 401 for murraytwins.com:
W: Failed to fetch http://murraytwins.com/repository/dists/precise/multiverse/binary-amd64/Packages 401 Authorization Required
With the version of the package from -proposed you'll receive a 404
instead of a 401.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1065429/+subscriptions
More information about the foundations-bugs
mailing list