-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling of .netrc entries with username / password longer than 128 characters broken in 8.11.0 #15513
Comments
@bagder : Thanks a lot for the quick fix ❤️ |
ZhongRuoyu
added a commit
to Homebrew/homebrew-core
that referenced
this issue
Nov 8, 2024
The next curl release is not taking place soon [1] so let's backport another fix that affects some users [2] [3]. [1]: https://lists.haxx.se/pipermail/daniel/2024-November/000089.html [2]: curl/curl#15513 [3]: Homebrew/brew#18726 (comment)
ZhongRuoyu
added a commit
to Homebrew/homebrew-core
that referenced
this issue
Nov 8, 2024
The next curl release is not taking place soon [1] so let's backport another fix that affects some users [2] [3]. The existing netrc parsing patch is updated to the version on master. The previous one was taken from the in-progress pull request. [1]: https://lists.haxx.se/pipermail/daniel/2024-November/000089.html [2]: curl/curl#15513 [3]: Homebrew/brew#18726 (comment)
algitbot
pushed a commit
to alpinelinux/aports
that referenced
this issue
Nov 11, 2024
algitbot
pushed a commit
to alpinelinux/aports
that referenced
this issue
Nov 11, 2024
orgads
added a commit
to orgads/MINGW-packages
that referenced
this issue
Nov 11, 2024
lazka
pushed a commit
to msys2/MINGW-packages
that referenced
this issue
Nov 11, 2024
dscho
pushed a commit
to dscho/MINGW-packages
that referenced
this issue
Nov 14, 2024
See curl/curl#15496 and curl/curl#15513 Cherry-picked from 8b1c7bd (curl: Fix regression reading netrc, 2024-11-11) in msys2/MINGW-packages. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
bell-sw
pushed a commit
to bell-sw/alpaquita-aports
that referenced
this issue
Nov 15, 2024
[ commit c9d8feba3205b9b36bb7492ffc47d11e646b6ad4 ] fixes: https://gitlab.alpinelinux.org/alpine/aports/-/issues/16599 upstream: curl/curl#15513
ognevny
pushed a commit
to ognevny/MINGW-packages
that referenced
this issue
Nov 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
Following the update to 8.11.0, we are seeing
.netrc parser errors
, similar to what is reported in #15496. The fix for that issue however did not work for us. We've narrowed to issue down to entries with usernames and/or passwords that are longer than 128 characters (short-lived tokens in our case).Root cause seems to be https://github.com/curl/curl/blame/3b43a05e000aa8f65bda513f733a73fefe35d5ca/lib/netrc.c#L115C25-L115C40, which reduced the maximum token size from 4096 (https://github.com/curl/curl/blame/962097b8dd44ed5b9e7984bc1cdffdbdd566857f/lib/netrc.c#L86C10-L86C10) to 128.
I expected the following
.netrc
files with longer passwords / usernames are parsed correctly.curl/libcurl version
operating system
Alpine Linux 3.20
The text was updated successfully, but these errors were encountered: