[Bug 2067361] Re: Programs using netrc with containing an entry without a password fail with an exception "malformed machine entry <> terminated by ''"

Eero Aaltonen 2067361 at bugs.launchpad.net
Tue Jun 11 18:47:47 UTC 2024 

Hi Dan, thanks for taking a look.

I fixed the changelog entry on patch-V2.

Regarding the upstream commit 7f5ddb4a75fcb64046e3fc2af885960d2800a5b3,
I think that cannot be be cherry-picked to a stable release as is, due
to the added security check. While the security check makes sense, an
affected user would see this as an error out of nowhere.

I've picked here only the changes required to avoid the parsing
exception in an effort to meet the criteria for an "obviously safe
patch", since with a smaller change it's easier to reason about the
extent of possible effects.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.10 in Ubuntu.
https://bugs.launchpad.net/bugs/2067361

Title:
  Programs using netrc with containing an entry without a password fail
  with an exception "malformed machine entry <> terminated by ''"

Status in python3.10 package in Ubuntu:
  Incomplete
Status in python3.10 source package in Jammy:
  New

Bug description:
  Some services use provide token authentication, where the users token is input as the "username" field, resulting in a netrc entry containing
  ```
  machine SOME_ADDRESS
  login SOME_TOKEN
  ```

  but no password entry.

  Trying to run some python based program, that uses netrc, such as
  ```
  ansible-galaxy collection install SOME_PACKAGE
  ```

  with this such a netrc file will fail with an exception
  "malformed machine entry SOME_ADDRESS terminated by ''".

  This is upstream bug https://bugs.python.org/issue34908 fixed in
  python3.11.

  [ Impact ]

   * Users are not able to run Python based programs using netrc
  credentials, such as ansible.

  [ Test Plan ]

   * Install ansible with `sudo apt install ansible`

   * Add an entry to ~/.netrc containing only the "machine" and "login"
  tokens

   * observe failure when trying to run `ansible-galaxy collection
  install community.crypto`

  [ Where problems could occur ]

   * Some over specific test suite relying on current overly strict
  parsing. However such a test suite would have to be fixed for
  python3.11 anyway.

  [ Other Info ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.10/+bug/2067361/+subscriptions

More information about the foundations-bugs mailing list