Red Hat Bugzilla – Bug 69023
http basic authentication broken in htdig-3.2.0b4-011302
Last modified: 2015-03-04 20:11:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610
Description of problem:
The basic authentication code is broken in the htdig-3.2.0b4-011302 version of
htdig included in 7.3 (and currently available as a security update for other
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Set up a website with basic authentication.
2.Add an authorization: <username>:<password> line to htdig.conf
Actual Results: rundig (actually htdig) doesn't dig the protected pages.
Expected Results: rundig to load and index the protected pages.
I found this problem described at:
I did some more digging on the issue of broken basic auth
in the htdig-3.2.0b4-011302 snapshot.
> According to Roman Maeder:
> > > Well, what would you consider a recent code change? Or more specifically,
> > > what was the last version that you had running on your system? The HTTP
> > > > the one installed and known to work is htdig-3.2.0b4-111801.
> > I didn't test authentication with htdig-3.2.0b4-122301, because it
> > had other problems.
> > Well, that's strange. I looked through the recent changes to
> htnet/HtHTTP.cc since late November, and I don't see anything there that
> would break basic authentication. The only thing even remotely related
> to it would be the addition of "const" keywords on lines 919 and 934 of
> that file (the SetCredentials method), but I don't see what harm that
> would cause.
looks like this change broke it after all, because it was not done
in the base class as well, so the method was no longer overridden, but
a different one was defined, but the inherited one was used.
Created attachment 68404 [details]
pretested patch for authentication problem
This was fixed in the htdig CVS source repository on Jan 18, 2002.
I'm one of the ht://Dig developers. We get a lot of complaints
about this problem on the htdig-general mailing list. Even though
the bug existed only for a week in the CVS code tree, it's been
"immortalized" by Red Hat. That's the problem with basing a
standard package on a pre-release snapshot of a beta version.
We still recommend to users that they stick to the 3.1.6 stable
release of ht://Dig, unless they really need the features of the
3.2 betas (like phrase searching). However, if Red Hat really
would prefer to stick with a beta that's still under development,
I'd recommend grabbing the upcoming Aug. 11, 2002 snapshot,
which fixes quite a few problems in addition to the one with
By the way, this problem isn't just in 7.3, but also the update
rpms of htdig for 7.2 and 7.1, also based on the buggy 011302
I've updated our htdig packages to the latest snapshot of 20021103.
If you could give it a shot and verify that it fixes the problem i'd greately
Read ya, Phil
No response in over 1 year, assume this bug to be closed.
Read ya, Phil