[Bug 1065429] Re: Long passwords for authenticated repositories not handled well

Launchpad Bug Tracker 1065429 at bugs.launchpad.net
Wed Oct 24 16:30:16 UTC 2012 

This bug was fixed in the package apt - 0.8.16~exp12ubuntu10.5

---------------
apt (0.8.16~exp12ubuntu10.5) precise-proposed; urgency=low

  * apt-pkg/pkgcachegen.cc:
    - Fix crash if the cache is remapped while writing a Provides version
      (LP: #1066445).

apt (0.8.16~exp12ubuntu10.4) precise-proposed; urgency=low

  [ David Kalnischkies ]
  * apt-pkg/packagemanager.cc:
    - do not run into loop on new-pre-depends-breaks (Closes: #673536)
      LP: #1050791
  * apt-pkg/cachefile.cc:
    - clean up lost atomic cachefiles with 'clean' (Closes: #650513)
      LP: #1050779

  [ TJ ]
  * apt-pkg/contrib/netrc.cc:
    - increase LOGINSIZE/PASSWORDSIZE limits and add proper error
      if the limits are reached (LP: #1065429)

  [ Michael Vogt ]
  * lp:~mvo/apt/lp346386-precise:
    - fail gracefully when a InRelease file is not valid, e.g. behind
      paywalls (LP: #346386)
 -- Colin Watson <cjwatson at ubuntu.com>   Mon, 15 Oct 2012 05:42:45 +0100

** Changed in: apt (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1065429

Title:
  Long passwords for authenticated repositories not handled well

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Released

Bug description:
  If there is a repository that needs authentication with a long
  password or username (>64 chars) this is not handled well in apt. It
  will simply cut it off and the authentication will fail with a error
  from the server instead of indicating that the password is too long.

  The maximum size of the user/password needs to be increased and a
  proper error message on overflow needs to be given.

  To test this we need a repository with a long username/password.

  = Test Case =
  We'll use a pretend repository without any packages at murraytwins.com
  1) Add the following line to /etc/apt/sources.list:
  deb http://murraytwins.com/repository precise multiverse
  2) Add the following line (yes, it's all one line) to /etc/apt/auth.conf (likely a new file)
  machine murraytwins.com/repository/ login mrzx4l98d4tp89jab6giohdrjqysbyjs4npz2ccq25kvjmf5h8u4cmidcko7s4tfr6ur1teuv4ju1af-bp8wz2-hwbqs6tox1bv6csee9psn5309v7488f3dugifm692db2xfq8n1fsz7l87835tr0q36m2p3ftwpoqoy6 password password
  3) Run apt-get update
  4) Observe a 401 for murraytwins.com:
  W: Failed to fetch http://murraytwins.com/repository/dists/precise/multiverse/binary-amd64/Packages  401  Authorization Required

  With the version of the package from -proposed you'll receive a 404
  instead of a 401.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1065429/+subscriptions

More information about the foundations-bugs mailing list