Bug#496217: mt-daapd: web interface still refusing valid credentials
Package: mt-daapd
Version: 0.9~r1696-1.4
Followup-For: Bug #496217
Julien BLACHE [EMAIL PROTECTED] wrote:
Even in 0.9~r1696-1.4 still refuses valid credentials for the web
interface. I haven't been able to track that down further.
The solution proposed by Martijn Plak is not correct, if you look at
the source of webserver.c, the method ws_decodepassword returns
TRUE if the decoding of the base64 header succeeded. However, TRUE is
defined as 1, not 0. So, a better solution would be:
+ if((auth) (TRUE == ws_decodepassword(auth,username, password))) {
Hope it helps,
Jan Willem
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496217: mt-daapd: web interface still refusing valid credentials
My patch was for the r1376 debian package, not r1696. To be precise, it
fixed an incomplete backport of a security fix. For those sources, it is
correct.
In r1376, ws_decodepassword returns 0 on success. ws_decodepassword was
changed to return TRUE in r1622.
If the debian package is upgraded to newer upstream sources, every patch
needs to be reconsidered. Especially for backported changes, it is not
surprising the patch is not needed anymore. Which seems to be the case
here.
Package: mt-daapd
Version: 0.9~r1696-1.4
Followup-For: Bug #496217
Julien BLACHE [EMAIL PROTECTED] wrote:
Even in 0.9~r1696-1.4 still refuses valid credentials for the web
interface. I haven't been able to track that down further.
The solution proposed by Martijn Plak is not correct, if you look at
the source of webserver.c, the method ws_decodepassword returns
TRUE if the decoding of the base64 header succeeded. However, TRUE is
defined as 1, not 0. So, a better solution would be:
+ if((auth) (TRUE == ws_decodepassword(auth,username, password))) {
Hope it helps,
Jan Willem
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496217: mt-daapd: web interface still refusing valid credentials
I'd like to chime and mention that I have orphaned the package on wnpp
because I can't deal with this shit anymore. Especially since I had
nothing to do with this security update, i have no motivation to deal
with it (in addition to being frustrated with mt-daapd's robustness in
general.)
So if anyone's up to it, upload away.
-Josh
On Fri, Sep 05, 2008 at 10:21:27AM +0200, Martijn Plak wrote:
My patch was for the r1376 debian package, not r1696. To be precise, it
fixed an incomplete backport of a security fix. For those sources, it is
correct.
In r1376, ws_decodepassword returns 0 on success. ws_decodepassword was
changed to return TRUE in r1622.
If the debian package is upgraded to newer upstream sources, every patch
needs to be reconsidered. Especially for backported changes, it is not
surprising the patch is not needed anymore. Which seems to be the case
here.
Package: mt-daapd
Version: 0.9~r1696-1.4
Followup-For: Bug #496217
Julien BLACHE [EMAIL PROTECTED] wrote:
Even in 0.9~r1696-1.4 still refuses valid credentials for the web
interface. I haven't been able to track that down further.
The solution proposed by Martijn Plak is not correct, if you look at
the source of webserver.c, the method ws_decodepassword returns
TRUE if the decoding of the base64 header succeeded. However, TRUE is
defined as 1, not 0. So, a better solution would be:
+ if((auth) (TRUE == ws_decodepassword(auth,username, password))) {
Hope it helps,
Jan Willem
--
Joshua Kwan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496217: mt-daapd: web interface still refusing valid credentials
[EMAIL PROTECTED] (Joshua Kwan) wrote: Hi, So if anyone's up to it, upload away. I'm going to NMU, and I'll try to fix a few other things at the same time. I'll also set the Maintainer to QA. JB. -- Julien BLACHE [EMAIL PROTECTED] | Debian, because code matters more Debian GNU/Linux Developer| http://www.debian.org Public key available on http://www.jblache.org - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496217: mt-daapd: web interface still refusing valid credentials
Package: mt-daapd Version: 0.9~r1696-1.4 Followup-For: Bug #496217 Hi, Even in 0.9~r1696-1.4 still refuses valid credentials for the web interface. I haven't been able to track that down further. Anyway, it's still broken. JB. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24.3 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages mt-daapd depends on: ii adduser3.110 add and remove users and groups ii avahi-daemon 0.6.23-2 Avahi mDNS/DNS-SD daemon ii libavahi-compat-howl0 0.6.23-2 Avahi Howl compatibility library ii libavcodec51 0.svn20080206-12 ffmpeg codec library ii libavformat52 0.svn20080206-12 ffmpeg file format library ii libavutil490.svn20080206-12 ffmpeg utility library ii libc6 2.7-13GNU C Library: Shared libraries ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libogg01.1.3-4 Ogg Bitstream Library ii libsqlite3-0 3.5.9-4 SQLite 3 shared library ii libtagc0 1.5-3 TagLib Audio Meta-Data Library (C ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisfile3 1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime mt-daapd recommends no packages. mt-daapd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
