Package: python-cracklib Version: 2.9.0-2 Severity: grave In jessie, cracklib-check works, but the python binding looks totally broken. It accepts anything:
Cracklib command line does work ok: $ /usr/sbin/cracklib-check ncc-1701 ncc-1701: it is based on a dictionary word a a: it is WAY too short bc bc: it is WAY too short ^C Test with Debian 7.3: $ python Python 2.7.3 (default, Jan 2 2013, 13:56:14) [GCC 4.7.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import crack >>> crack.FascistCheck('toto') Traceback (most recent call last): File "<stdin>", line 1, in <module> ValueError: it is too short >>> crack.FascistCheck('secret') Traceback (most recent call last): File "<stdin>", line 1, in <module> ValueError: it is based on a dictionary word This is the expected behavior. But with debian testing: $ python Python 2.7.6 (default, Jan 11 2014, 17:06:02) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import crack >>> crack.FascistCheck('toto') 'toto' >>> crack.FascistCheck('secret') 'secret' Everything is accepted, checks are totally disabled ! -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.12-1-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-cracklib depends on: ii cracklib-runtime 2.9.0-2 ii libc6 2.17-97 ii libcrack2 2.9.0-2 ii python 2.7.5-5 python-cracklib recommends no packages. python-cracklib suggests no packages. -- no debconf information
signature.asc
Description: This is a digitally signed message part.