crypt.crypt() changed in Xenial causing incorrectly generated .htpasswd entries
Bug #1722209 reported by
Haw Loeung
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Critical
|
Colin Watson | ||
Bug Description
Hi,
Private PPAs are locked down using htaccess/
Unfortunately, it seems that crypt.crypt() has changed and if the salt used contains dashes ('-'), it would return None where previously it would be allowed. The salt LP uses is usually the first two characters of the username.
| >>> crypt.crypt(
| >>>
Thanks to cjwatson for discovering and confirming this.
Related branches
lp:~cjwatson/launchpad/htpasswd-salt
- William Grant: Approve (code)
-
Diff: 102 lines (+33/-13)2 files modifiedlib/lp/archivepublisher/htaccess.py (+20/-4)
lib/lp/archivepublisher/tests/test_htaccess.py (+13/-9)
Revision history for this message
| Colin Watson (cjwatson) wrote | #1 |
| tags: | added: lp-soyuz ppa regression soyuz-publish |
| Changed in launchpad: | |
| status: | New → Triaged |
| importance: | Undecided → Critical |
| description: | updated |
| Changed in launchpad: | |
| assignee: | nobody → Colin Watson (cjwatson) |
| status: | Triaged → In Progress |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #2 |
| tags: | added: qa-needstesting |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Colin Watson (cjwatson) wrote | #3 |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Changed in glibc 2.17 (precise had 2.15): https:/