aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Copeland <ben.copeland@linaro.org>2017-04-10 17:09:48 +0100
committerBen Copeland <ben.copeland@linaro.org>2017-04-10 16:14:23 +0000
commit5736fb00d529ecd120fc059af20dd67b1884beec (patch)
tree18353a9a1f82d92272bdbbd978b8d9a1a695aa40
parentd8adcd58301f49d9251702c09938bb050f2aff5a (diff)
gitolite: Fix for CVE-2016-599
We shouldn't use encodestring, due to it adding a \n to the string. A CVE fix was released to fix this issue (https://bugs.python.org/issue22928). Change-Id: I2c2ab1b9337f1b8412bd429304b891a8bc43f2da
-rwxr-xr-xgitolite-tools/gitolite-groups2
1 files changed, 1 insertions, 1 deletions
diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups
index a6c8008..c50f86a 100755
--- a/gitolite-tools/gitolite-groups
+++ b/gitolite-tools/gitolite-groups
@@ -59,7 +59,7 @@ def get_groups(user):
crowd_error = False
if user:
params = {"username": user}
- auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd))
+ auth = base64.b64encode('{0}:{1}'.format(crowd_usr, crowd_pwd))
headers = {
"Authorization": "Basic {0}".format(auth),
"Accept": "application/json"