since wget1.11.1 jumped in the system commands such as : wget --user=john --password=xx http://somesite/somedir/somefile -O currfile fail tried many combinations, quoting password, username, mixing with --http-user/password args.. rolling back to 1.10.2 solved everything
please review the documentation for how to properly file a bug: http://www.gentoo.org/doc/en/bugzilla-howto.xml you need to post `emerge --info` you should also test wget-1.11.2 if that fails, you should post a usable example ... wget-1.11.1 works fine for me
same problem here. I've written a small php script which shows the problem: <?php header('Content-type: text/plain'); echo "user: $_SERVER[PHP_AUTH_USER]\n"; echo "pw: $_SERVER[PHP_AUTH_PW]\n"; ?> this should output the used username and password. in /etc/portage.mask >net-misc/wget-1.10.2 $ emerge wget -av $ wget --version GNU Wget 1.10.2 $ rm -rf user.txt ; wget --user=XXX --password=YYY http://klingsor.informatik.uni-freiburg.de/wget_bug/get_user_pw.php -O user.txt ; cat user.txt ... user: XXX pw: YYY actual net-misc/wget stabe $ wget --version GNU Wget 1.11.1 $ rm -rf user.txt ; wget --user=XXX --password=YYY http://klingsor.informatik.uni-freiburg.de/wget_bug/get_user_pw.php -O user.txt ; cat user.txt ... user: pw: in package.keywords net-misc/wget ~x86 $ emerge wget -av $ wget --version GNU Wget 1.11.2 $ rm -rf user.txt ; wget --user=XXX --password=YYY http://klingsor.informatik.uni-freiburg.de/wget_bug/get_user_pw.php -O user.txt ; cat user.txt ... user: pw: My emerge --info Portage 2.1.4.4 (default-linux/x86/2006.1, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r3 i686) ================================================================= System uname: 2.6.24-gentoo-r3 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Timestamp of tree: Fri, 09 May 2008 16:45:01 +0000 app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r9 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/export/distfiles" FEATURES="autoaddcvs ccache distcc distlocks keepwork metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/" LC_ALL="C" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X alsa apm audiofile bash-completion berkdb bzip2 cdr cjk cli cracklib crypt cups directfb dri dvd dvdr encode escreen ffmpeg flac foomaticdb fortran gdbm gif gimpprint gmp gpm gtk gtk2 iconv imagemagick imap imlib ipv6 isdnlog jpeg lcms libwww mad maildir midi mmx mp3 mpeg mudflap mysql ncurses nptl nptlonly ogg openal opengl openmp oss pam pcre perl plotutils png ppds pppd python quicktime readline reflection sasl sdl session sndfile speex spl sqlite sse ssl svg svga tcp tcpd tetex tiff truetype unicode vorbis wavpack wmf x86 xml xml2 xorg xprint xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia vesa fbdev nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
thanks, that test case reproduces the issue nicely for me
i tested some more and this is a feature. wget-1.10.2 would always default to including basic authentication in the http headers. the new wget is a little smarter ... it'll first attempt to fetch w/out any authentication and if that fails, it'll retry with authentication. i put the php file in a public area and wget fetched it w/out user/pass. when i protected it with htaccess/htpasswd, wget would fetch it twice ... the second time with the proper authentication method (since the first request tells wget what sort of authentication method is required). so you're going to have to provide an example where this behavior causes a failure. otherwise this looks like correct behavior to me. .htaccess: AuthUserFile /var/www/localhost/htdocs/.htpasswd AuthType Basic AuthName "Secret Place" <LIMIT GET POST> require valid-user </LIMIT> .htpasswd (user/pass = moo/foo): moo:$1$hEQ0xEqq$7XzAQ4RJK3NyjOldmsORi0
The new wget is smarter, I agree, but this behaviour is not always what you've exepected. You don't necessarily get an error from the webserver if the user name and password are not valid. Radpidshare is a good example of this: If you want to download some file and you don't have passed correct login information then rapidshare won't send you 401 or 403 error code but a normal html file which include a login button and information about the benefits of being a (paying) member. In that case you would want wget to send the login information right in the first attempt, otherwise wget would think, that everything went ok since wget didn't get any error.
use --auth-no-challenge then closing as this is expected behavior now
(In reply to comment #6) > use --auth-no-challenge then > > closing as this is expected behavior now > I'm so stupid :( I've searched for something like that but I was to blind to see this, that's why I thought it could be a bug. Thanks.
