[Bug 1065429] Re: Long passwords for authenticated repositories not handled well

Brian Murray brian at ubuntu.com
Thu Oct 11 19:48:52 UTC 2012 

Hello Michael, or anyone else affected,

Accepted apt into precise-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from
verification-needed to verification-done.  If it does not, change the
tag to verification-failed.  In either case, details of your testing
will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: apt (Ubuntu Precise)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1065429

Title:
  Long passwords for authenticated repositories not handled well

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Committed

Bug description:
  If there is a repository that needs authentication with a long
  password or username (>64 chars) this is not handled well in apt. It
  will simply cut it off and the authentication will fail with a error
  from the server instead of indicating that the password is too long.

  The maximum size of the user/password needs to be increased and a
  proper error message on overflow needs to be given.

  To test this we need a repository with a long username/password.

  = Test Case =
  We'll use a pretend repository without any packages at murraytwins.com
  1) Add the following line to /etc/apt/sources.list:
  deb http://murraytwins.com/repository precise multiverse
  2) Add the following line (yes, it's all one line) to /etc/apt/auth.conf (likely a new file)
  machine murraytwins.com/repository/ login mrzx4l98d4tp89jab6giohdrjqysbyjs4npz2ccq25kvjmf5h8u4cmidcko7s4tfr6ur1teuv4ju1af-bp8wz2-hwbqs6tox1bv6csee9psn5309v7488f3dugifm692db2xfq8n1fsz7l87835tr0q36m2p3ftwpoqoy6 password password
  3) Run apt-get update
  4) Observe a 401 for murraytwins.com:
  W: Failed to fetch http://murraytwins.com/repository/dists/precise/multiverse/binary-amd64/Packages  401  Authorization Required

  With the version of the package from -proposed you'll receive a 404
  instead of a 401.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1065429/+subscriptions

More information about the foundations-bugs mailing list