Your message dated Fri, 10 Mar 2017 15:48:44 +0000
with message-id <[email protected]>
and subject line Bug#857027: fixed in android-platform-tools-apksig 
0.5+git165~g42d07eb-1
has caused the Debian Bug report #857027,
regarding non-ASCII passwords fail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
857027: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857027
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apksigner
Version: 0.4+git162~g85a854b-1
Severity: severe
Tags: fixed-upstream upstream

upstream bug report
https://code.google.com/p/android/issues/detail?id=234089

    When keytool and jarsigner obtain the keystore/key password via
    stdin or console, contrary to the expectation of Java KeyStore API,
    they do not appear to encrypt/decrypt the keystore/key using the
    Unicode characters comprising the password. Instead, these tools
    appear to convert the password to their encoded form (using the
    console's character encoding) and then upcast each resulting Java byte
    into a Java char. The keystore/key appears to be encrypted using the
    resulting array of characters.

    This behavior may be a remnant from the early days of Java when there
    was no standard way to convert textual input obtained via stdin to
    Unicode characters. The behavior is consistent with simply treating
    each Java byte read via stdin as a Java char and then passing in the
    resulting array of characters into KeyStore API as password.

    Unfortunately, when the password is passed in into keytool/jarsigner
    via the command-line, or when other tools (including apksigner) use
    the Java KeyStore API to create/read keystores/keys, the above
    strange behavior does not occur. As a result, there's a mismatch for
    non-ASCII passwords.

--- End Message ---
--- Begin Message ---
Source: android-platform-tools-apksig
Source-Version: 0.5+git165~g42d07eb-1

We believe that the bug you reported is fixed in the latest version of
android-platform-tools-apksig, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hans-Christoph Steiner <[email protected]> (supplier of updated 
android-platform-tools-apksig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 10 Mar 2017 13:58:11 +0100
Source: android-platform-tools-apksig
Binary: libapksig-java apksigner
Architecture: source all
Version: 0.5+git165~g42d07eb-1
Distribution: unstable
Urgency: medium
Maintainer: Android Tools Maintainers 
<[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Description:
 apksigner  - command line tool to sign and verify Android APKs
 libapksig-java - library to sign and verify Android APKs
Closes: 857027
Changes:
 android-platform-tools-apksig (0.5+git165~g42d07eb-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #857027)
   * Add bash-completion
Checksums-Sha1:
 1a8b3bb75bbe1502d50850d2ca91008cb821944f 2189 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.dsc
 4c246d7dca2860cf2591e53189bf7e0d223525df 111437 
android-platform-tools-apksig_0.5+git165~g42d07eb.orig.tar.gz
 037db04bd26ee984dd9d40a7abc8b2d28c8f866a 6068 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.debian.tar.xz
 31696c27a715f95ab357c2cabe9e703ea00d732e 16437 
android-platform-tools-apksig_0.5+git165~g42d07eb-1_amd64.buildinfo
 b1de177901d7f3d67f1446cce5ab7c87181c5903 213630 
apksigner_0.5+git165~g42d07eb-1_all.deb
 63172c39a34babc42663888855c4e61223ae04bc 180024 
libapksig-java_0.5+git165~g42d07eb-1_all.deb
Checksums-Sha256:
 e054c00ed48a18b13ee11b67f553f38eccdad76a2c21ce68597f68141241605a 2189 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.dsc
 d49da1b7efec2d1848d9bccde8115ddfff77b8cfd42c7ff97b61dfdde1261875 111437 
android-platform-tools-apksig_0.5+git165~g42d07eb.orig.tar.gz
 b9d141e023a5edd1022a92f1d65f9833744f3bc1e771d10244432c00357822b7 6068 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.debian.tar.xz
 563b747f14fca78300d94d754ea883c4226eac966b2468ba784c78815224f7e2 16437 
android-platform-tools-apksig_0.5+git165~g42d07eb-1_amd64.buildinfo
 0de2dbdae90a55d37e92613244af646f8cd3df49f255e8dfff5f0931845cbe0d 213630 
apksigner_0.5+git165~g42d07eb-1_all.deb
 7b797af589c7cdb2435622b3bfea322d113dc07d60f5353e36c30fd0fa8b6e60 180024 
libapksig-java_0.5+git165~g42d07eb-1_all.deb
Files:
 560d8399901c110acf2efedfee2d7413 2189 java optional 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.dsc
 b0fed9d5055deb43a5b8a2742a537c77 111437 java optional 
android-platform-tools-apksig_0.5+git165~g42d07eb.orig.tar.gz
 bb03930c4552d6080e31a452a806965b 6068 java optional 
android-platform-tools-apksig_0.5+git165~g42d07eb-1.debian.tar.xz
 07a20b38ed14dda5b0c1880742aa9a99 16437 java optional 
android-platform-tools-apksig_0.5+git165~g42d07eb-1_amd64.buildinfo
 2488afcaf5bffce31bb07cdaf70c4604 213630 java optional 
apksigner_0.5+git165~g42d07eb-1_all.deb
 5a08d3413d697a716e285567659942b1 180024 java optional 
libapksig-java_0.5+git165~g42d07eb-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPG for Android - https://guardianproject.info/code/gnupg/

iQEcBAEBCAAGBQJYwsfUAAoJED4XeBe6G5v6a3MH/0o3w2tWlbUHU/GIFumNtUCK
KYiuuhyPvePyk/cDYixZhLmKo5eS/Nl16JEaX7d5d4kaGIOkkYbcTmpBCjYOpmXl
PPHNXs/efj8dlGEnU77TsHkMNLr9Wi+RFQYZmdHWC9WekcOgxkyGLzu7Fxa3g6Wn
zFeMFZ11kr0qHIddxQPHY2dgm2zEiDe6cMToEosp22Op9i0lO4F4bWRRceI3BcKm
iAE6vYlSd55RszeF6fhl2rydLUwqepq33RgNiW0KoU3f7mSpOdw04yGhWZF5Gcjh
2WkqzNOv3k1PPyKCbFxiTrvnPC+s3VyyyXZbKgQtIh0QMWoFCcRMncZfQZxGCeQ=
=ulAn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to