I'd like to chime and mention that I have orphaned the package on wnpp
because I can't deal with this shit anymore. Especially since I had
nothing to do with this security update, i have no motivation to deal
with it (in addition to being frustrated with mt-daapd's robustness in
general.)
So if anyone's up to it, upload away.
-Josh
On Fri, Sep 05, 2008 at 10:21:27AM +0200, Martijn Plak wrote:
> My patch was for the r1376 debian package, not r1696. To be precise, it
> fixed an incomplete backport of a security fix. For those sources, it is
> correct.
>
> In r1376, ws_decodepassword returns 0 on success. ws_decodepassword was
> changed to return TRUE in r1622.
>
> If the debian package is upgraded to newer upstream sources, every patch
> needs to be reconsidered. Especially for backported changes, it is not
> surprising the patch is not needed anymore. Which seems to be the case
> here.
>
>
>
>
> > Package: mt-daapd
> > Version: 0.9~r1696-1.4
> > Followup-For: Bug #496217
> >
> >> Julien BLACHE <[EMAIL PROTECTED]> wrote:
> >> Even in 0.9~r1696-1.4 still refuses valid credentials for the web
> >> interface. I haven't been able to track that down further.
> >
> > The solution proposed by Martijn Plak is not correct, if you look at
> > the source of "webserver.c", the method "ws_decodepassword" returns
> > TRUE if the decoding of the base64 header succeeded. However, TRUE is
> > defined as 1, not 0. So, a better solution would be:
> >
> > + if((auth) && (TRUE == ws_decodepassword(auth,&username, &password))) {
> >
> > Hope it helps,
> >
> > Jan Willem
> >
> >
>
>
>
--
Joshua Kwan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
