My patch was for the r1376 debian package, not r1696. To be precise, it
fixed an incomplete backport of a security fix. For those sources, it is
correct.
In r1376, ws_decodepassword returns 0 on success. ws_decodepassword was
changed to return TRUE in r1622.
If the debian package is upgraded to newer upstream sources, every patch
needs to be reconsidered. Especially for backported changes, it is not
surprising the patch is not needed anymore. Which seems to be the case
here.
> Package: mt-daapd
> Version: 0.9~r1696-1.4
> Followup-For: Bug #496217
>
>> Julien BLACHE <[EMAIL PROTECTED]> wrote:
>> Even in 0.9~r1696-1.4 still refuses valid credentials for the web
>> interface. I haven't been able to track that down further.
>
> The solution proposed by Martijn Plak is not correct, if you look at
> the source of "webserver.c", the method "ws_decodepassword" returns
> TRUE if the decoding of the base64 header succeeded. However, TRUE is
> defined as 1, not 0. So, a better solution would be:
>
> + if((auth) && (TRUE == ws_decodepassword(auth,&username, &password))) {
>
> Hope it helps,
>
> Jan Willem
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
