crypt.crypt() changed in Xenial causing incorrectly generated .htpasswd entries
Bug #1722209 reported by
Haw Loeung
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Colin Watson |
Bug Description
Hi,
Private PPAs are locked down using htaccess/
Unfortunately, it seems that crypt.crypt() has changed and if the salt used contains dashes ('-'), it would return None where previously it would be allowed. The salt LP uses is usually the first two characters of the username.
| >>> crypt.crypt(
| >>>
Thanks to cjwatson for discovering and confirming this.
Related branches
lp:~cjwatson/launchpad/htpasswd-salt
- William Grant: Approve (code)
-
Diff: 102 lines (+33/-13)2 files modifiedlib/lp/archivepublisher/htaccess.py (+20/-4)
lib/lp/archivepublisher/tests/test_htaccess.py (+13/-9)
description: | updated |
Changed in launchpad: | |
assignee: | nobody → Colin Watson (cjwatson) |
status: | Triaged → In Progress |
tags: |
added: qa-ok removed: qa-needstesting |
To post a comment you must log in.
Changed in glibc 2.17 (precise had 2.15): https:/ /sourceware. org/git/ ?p=glibc. git;a=commitdif f;h=4ba74a35737 6c8f8bf49487f96 ae71cf2460c3f3