Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Hi Stable Release Managers, The basez version released in buster is affected by bug #931041 and is consequently not properly decoding base64url stream. This bug has been fixed in sid and testing. I've prepared fixed basez/1.6-3+deb10u1 package for buster. See attached debdiff. Milan
diff -Nru basez-1.6/debian/changelog basez-1.6/debian/changelog --- basez-1.6/debian/changelog 2016-10-27 09:33:37.000000000 -0400 +++ basez-1.6/debian/changelog 2019-08-11 18:59:28.000000000 -0400 @@ -1,3 +1,9 @@ +basez (1.6-3+deb10u1) buster; urgency=medium + + * Properly decode base64url encoded strings (closes: #931041) + + -- Milan Kupcevic <mi...@debian.org> Sun, 11 Aug 2019 18:59:28 -0400 + basez (1.6-3) unstable; urgency=medium * Remove configure getconf libs. diff -Nru basez-1.6/debian/patches/base64url-decode-bug-931041 basez-1.6/debian/patches/base64url-decode-bug-931041 --- basez-1.6/debian/patches/base64url-decode-bug-931041 1969-12-31 19:00:00.000000000 -0500 +++ basez-1.6/debian/patches/base64url-decode-bug-931041 2019-08-03 23:29:13.000000000 -0400 @@ -0,0 +1,16 @@ +Description: properly decode base64url encoded strings +Author: Milan Kupcevic <mi...@debian.org> +Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931041 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/base64.c ++++ b/base64.c +@@ -188,7 +188,7 @@ + bout[0] = bout[0] | c[bin[1]] >> 4; + } + +- switch(c64d[bin[2]]) ++ switch(c[bin[2]]) + { + case 0xfe: + if(bin[3] == '=') diff -Nru basez-1.6/debian/patches/series basez-1.6/debian/patches/series --- basez-1.6/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 +++ basez-1.6/debian/patches/series 2019-08-03 22:15:31.000000000 -0400 @@ -0,0 +1 @@ +base64url-decode-bug-931041