Package: ruby1.9 Version: 1.9.0.2-9lenny1 Severity: normal Tags: patch
XMLRPC::Client has support for basic auth. This tries to encode the combination of the username and password with the base64 algorithm using Array.pack. If however your username and password exceed a certain length the truncate algorithm of Array.pack kicks in and adds a newline character in the result, which creates HTTP headers that are invalid. If I understand the documentation of Array.pack correctly, this can be suppressed by using the pack template 'm0' instead of 'm', but this does not yield to any change in the output. Maybe I've misunderstood the documentation at this point, but this might be another bug. I've added an ugly workaround by using the double of the length. Since base64 adds about 30% in length this should be enough for everybody (famous last words) -- System Information: Debian Release: 5.0.8 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-bpo.4-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ruby1.9 depends on: ii libc6 2.7-18lenny7 GNU C Library: Shared libraries ii libruby1.9 1.9.0.2-9lenny1 Libraries necessary to run Ruby 1. ruby1.9 recommends no packages. Versions of packages ruby1.9 suggests: ii rdoc1.9 1.9.0.2-9lenny1 Generate documentation from Ruby s pn ri1.9 <none> (no description available) pn ruby1.9-examples <none> (no description available) ii rubygems1.9 1.2.0-3 package management framework for R -- no debconf information
--- client.rb.orig 2011-07-14 10:53:14.000000000 +0200 +++ client.rb 2011-07-14 10:53:39.000000000 +0200 @@ -493,7 +493,7 @@ else a = "#@user" a << ":#@password" if @password != nil - @auth = ("Basic " + [a].pack("m")).chomp + @auth = ("Basic " + [a].pack("m#{a.length*2}")).chomp end end