Long passwords for authenticated repositories not handled well
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If there is a repository that needs authentication with a long password or username (>64 chars) this is not handled well in apt. It will simply cut it off and the authentication will fail with a error from the server instead of indicating that the password is too long.
The maximum size of the user/password needs to be increased and a proper error message on overflow needs to be given.
To test this we need a repository with a long username/password.
= Test Case =
We'll use a pretend repository without any packages at murraytwins.com
1) Add the following line to /etc/apt/
deb http://
2) Add the following line (yes, it's all one line) to /etc/apt/auth.conf (likely a new file)
machine murraytwins.
3) Run apt-get update
4) Observe a 401 for murraytwins.com:
W: Failed to fetch http://
With the version of the package from -proposed you'll receive a 404 instead of a 401.
Related branches
Changed in apt (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → Medium |
Changed in apt (Ubuntu Precise): | |
status: | New → In Progress |
importance: | Undecided → Medium |
description: | updated |
To be clear it was fixed with this upload to quantal:
This bug was fixed in the package apt - 0.9.7.5ubuntu1
---------------
apt (0.9.7.5ubuntu1) quantal; urgency=low
[ Michael Vogt ]
* merged latest fixes from the debian-sid branch
[ TJ ] contrib/ netrc.cc: PASSWORDSIZE limits and add proper error
* apt-pkg/
- increase LOGINSIZE/
if the limits are reached (LP: #1008289)