Package: ruby1.9
Version: 1.9.0.2-9lenny1
Severity: normal
Tags: patch
XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.
If I understand the documentation of Array.pack correctly, this can be
suppressed by using the pack template 'm0' instead of 'm', but this does
not yield to any change in the output. Maybe I've misunderstood the
documentation at this point, but this might be another bug.
I've added an ugly workaround by using the double of the length. Since
base64 adds about 30% in length this should be enough for everybody
(famous last words)
-- System Information:
Debian Release: 5.0.8
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-bpo.4-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ruby1.9 depends on:
ii libc6 2.7-18lenny7 GNU C Library: Shared libraries
ii libruby1.9 1.9.0.2-9lenny1 Libraries necessary to run
Ruby 1.
ruby1.9 recommends no packages.
Versions of packages ruby1.9 suggests:
ii rdoc1.9 1.9.0.2-9lenny1 Generate documentation from
Ruby s
pn ri1.9 <none> (no description available)
pn ruby1.9-examples <none> (no description available)
ii rubygems1.9 1.2.0-3 package management
framework for R
-- no debconf information
--- client.rb.orig 2011-07-14 10:53:14.000000000 +0200
+++ client.rb 2011-07-14 10:53:39.000000000 +0200
@@ -493,7 +493,7 @@
else
a = "#@user"
a << ":#@password" if @password != nil
- @auth = ("Basic " + [a].pack("m")).chomp
+ @auth = ("Basic " + [a].pack("m#{a.length*2}")).chomp
end
end