Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 468306 - htpasswd is broken in apache-2.4.4
Summary: htpasswd is broken in apache-2.4.4
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gerrit Helm
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: apache-2.4-stable
  Show dependency tree
 
Reported: 2013-05-02 15:26 UTC by Zoltán Halassy
Modified: 2013-11-22 09:49 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Proposed ebuild to fix critical bug in apache-tools-2.4.4 (apache-tools-2.4.4-r2.ebuild,2.25 KB, text/plain)
2013-06-19 17:06 UTC, Chet McNeill
Details
Proposed patch to fix critical bug in apache-tools-2.4.4 (apache-tools-2.4.4-htpasswd.patch,15.90 KB, patch)
2013-06-19 17:07 UTC, Chet McNeill
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Zoltán Halassy 2013-05-02 15:26:22 UTC
Upstream bug:

https://issues.apache.org/bugzilla/show_bug.cgi?id=54735

Fixed in 2.4.5, which is not out yet.

This bug can be closed as fixed when 2.4.5 came out and entered the portage tree.
Comment 1 Zoltán Halassy 2013-05-02 15:30:53 UTC
This bug is intended to be a blocker for Apache 2.4 stable request ( bug 468302 )
Comment 2 Chet McNeill 2013-06-19 17:06:08 UTC
Created attachment 351406 [details]
Proposed ebuild to fix critical bug in apache-tools-2.4.4
Comment 3 Chet McNeill 2013-06-19 17:07:24 UTC
Created attachment 351408 [details, diff]
Proposed patch to fix critical bug in apache-tools-2.4.4

Source of patch is https://issues.apache.org/bugzilla/show_bug.cgi?id=54735
Comment 4 Chet McNeill 2013-06-19 17:07:50 UTC
This appears to be a critical bug. When 2.4.4 is emerged into a working system, and changes are made to access control files using htpasswd, users are disallowed from accessing password protected resources via http. Once the change is made to a htpasswd file it can not be repaired except by finding a back-up copy of the unaltered file and restoring it.

I have attached a proposed ebuild and patch file as a temporary fix to 2.4.4 until 2.4.5 is released.

More information on the bug (and the source of the patch file) can be found at https://issues.apache.org/bugzilla/show_bug.cgi?id=54735
Comment 5 Lars Wendler (Polynomial-C) gentoo-dev 2013-11-22 09:28:27 UTC
Is this still an issue with apache-2.4.6?
Comment 6 Zoltán Halassy 2013-11-22 09:49:02 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #5)
> Is this still an issue with apache-2.4.6?

Nope, it's working as intended.