Bug 11585

Summary: htpasswd broken
Product: Mageia Reporter: franck villaume <franck.villaume>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: ennael1, sysadmin-bugs, tmb
Version: 3Keywords: PATCH, Triaged, UPSTREAM, validated_update
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
URL: https://issues.apache.org/bugzilla/show_bug.cgi?id=54735
Whiteboard: advisory mga3-32-ok, mga3-64-ok
Source RPM: apache-2.4.4-7.4.mga3.src.rpm CVE:
Status comment:

Description franck villaume 2013-11-02 16:14:55 CET 
Description of problem:

the htpasswd command does not set correctly passwd.
See URL for all demonstration.

I have to use htpasswd -nb then copy the result in the htpasswd file.


Version-Release number of selected component (if applicable):
apache-2.4.4-7.4.mga3


Reproducible: 

Steps to Reproduce:
Manuel Hiebel 2013-11-03 00:00:35 CET

Keywords: (none) => PATCH, Triaged, UPSTREAM
Assignee: bugsquad => guillomovitch

Comment 1 Guillaume Rousse 2013-11-08 10:43:22 CET 
I submitted a 2.4.4-7.5 release with upstream patch applied in updates_testing.

Status: NEW => ASSIGNED

Comment 2 David Walser 2013-11-13 16:34:22 CET 
Is this ready to be tested and pushed as an update?  Please assign to QA if so.
Comment 3 Guillaume Rousse 2013-12-22 14:13:09 CET 
This is indeed ready for testing.

Suggested advisory:
The htpasswd command shipped in our apache package suffers from an upstream bug, leading to malformed password files. The 2.4.4-7.5 release fixes this issue.

Assignee: guillomovitch => qa-bugs

Comment 4 Anne Nicolas 2014-01-16 10:04:38 CET 
Tested on both i586 and x86_64.

Before updating, I tried to protect access for a given directory using htpasswd command: 
htpasswd -c .htpasswd ennael

then modified then add AllowOverride AuthConfig on the proper directory to use it. I could not login.

I updated to apache 2.4.4-7.5. Then I re excuted the command htpasswd to generate a new file .htpasswd. Login was then successfull.

It worked on both architectures. No regression around.

CC: (none) => ennael1
Whiteboard: (none) => mga3-32-ok, mga3-64-ok

Comment 5 Anne Nicolas 2014-01-16 10:08:32 CET 
Update validated.
Thanks.

Advisory:
The htpasswd command shipped in our apache package suffers from an upstream bug, leading to malformed password files. The 2.4.4-7.5 release fixes this issue.

SRPM: apache-2.4.4-7.4.mga3.src.rpm

Could sysadmin please push from core/updates_testing to core/updates.

Thank you!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2014-01-17 01:41:40 CET 

Update pushed:
http://advisories.mageia.org/MGAA-2014-0004.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Whiteboard: mga3-32-ok, mga3-64-ok => advisory mga3-32-ok, mga3-64-ok