Bug 11585 - htpasswd broken
Summary: htpasswd broken
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 3
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: https://issues.apache.org/bugzilla/sh...
Whiteboard: advisory mga3-32-ok, mga3-64-ok
Keywords: PATCH, Triaged, UPSTREAM, validated_update
Depends on:
Blocks:
 
Reported: 2013-11-02 16:14 CET by franck villaume
Modified: 2014-01-17 01:41 CET (History)
3 users (show)

See Also:
Source RPM: apache-2.4.4-7.4.mga3.src.rpm
CVE:
Status comment:


Attachments

Description franck villaume 2013-11-02 16:14:55 CET
Description of problem:

the htpasswd command does not set correctly passwd.
See URL for all demonstration.

I have to use htpasswd -nb then copy the result in the htpasswd file.


Version-Release number of selected component (if applicable):
apache-2.4.4-7.4.mga3


Reproducible: 

Steps to Reproduce:
Manuel Hiebel 2013-11-03 00:00:35 CET

Keywords: (none) => PATCH, Triaged, UPSTREAM
Assignee: bugsquad => guillomovitch

Comment 1 Guillaume Rousse 2013-11-08 10:43:22 CET
I submitted a 2.4.4-7.5 release with upstream patch applied in updates_testing.

Status: NEW => ASSIGNED

Comment 2 David Walser 2013-11-13 16:34:22 CET
Is this ready to be tested and pushed as an update?  Please assign to QA if so.
Comment 3 Guillaume Rousse 2013-12-22 14:13:09 CET
This is indeed ready for testing.

Suggested advisory:
The htpasswd command shipped in our apache package suffers from an upstream bug, leading to malformed password files. The 2.4.4-7.5 release fixes this issue.

Assignee: guillomovitch => qa-bugs

Comment 4 Anne Nicolas 2014-01-16 10:04:38 CET
Tested on both i586 and x86_64.

Before updating, I tried to protect access for a given directory using htpasswd command: 
htpasswd -c .htpasswd ennael

then modified then add AllowOverride AuthConfig on the proper directory to use it. I could not login.

I updated to apache 2.4.4-7.5. Then I re excuted the command htpasswd to generate a new file .htpasswd. Login was then successfull.

It worked on both architectures. No regression around.

CC: (none) => ennael1
Whiteboard: (none) => mga3-32-ok, mga3-64-ok

Comment 5 Anne Nicolas 2014-01-16 10:08:32 CET
Update validated.
Thanks.

Advisory:
The htpasswd command shipped in our apache package suffers from an upstream bug, leading to malformed password files. The 2.4.4-7.5 release fixes this issue.

SRPM: apache-2.4.4-7.4.mga3.src.rpm

Could sysadmin please push from core/updates_testing to core/updates.

Thank you!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2014-01-17 01:41:40 CET

Update pushed:
http://advisories.mageia.org/MGAA-2014-0004.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Whiteboard: mga3-32-ok, mga3-64-ok => advisory mga3-32-ok, mga3-64-ok


Note You need to log in before you can comment on or make changes to this bug.