[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
This bug was fixed in the package apt - 1.6.13
---
apt (1.6.13) bionic; urgency=medium
[ David Kalnischkies ]
* Fix incorrect base64 encoding due to int promotion (LP: #1916050)
* Harden test for no new acquires after transaction abort (Closes: #984966)
(LP: #1918920)
[ Julian Andres Klode ]
* Implement update --error-on=any (Closes: #594813) (LP: #1693900)
* Include all translations when building the cache (LP: #1907850)
* Add basic support for the Protected field
* Do not require force-loopbreak on Important packages
(Closes: #983014) (LP: #1916725)
* Protect currently running kernel at run-time (LP: #1615381)
* Make ADDARG{,C}() macros expand to single statements
* Improve immediate configuration handling (LP: #1871268)
- Do not immediately configure m-a: same packages in lockstep
- Ignore failures from immediate configuration. This does not change the
actual installation ordering - we never passed the return code to the
caller and installation went underway anyway if it could be ordered at a
later stage, this just removes spurious after-the-fact errors.
(Closes: #973305, #188161, #211075, #649588)
* Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
(LP: #1918907)
[ Balint Reczey ]
* Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its
--help
(LP: #1806076)
-- Julian Andres Klode Fri, 12 Mar 2021 14:09:15
+0100
** Changed in: apt (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: apt (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1916050
Title:
Invalid base64 for high-bit characters
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Confirmed
Status in apt source package in Bionic:
Fix Released
Status in apt source package in Focal:
Fix Released
Status in apt source package in Groovy:
Fix Released
Status in apt source package in Hirsute:
Fix Released
Bug description:
[Impact]
The Base64Encode function incorrectly encodes using char instead of uint8_t,
leading to characters with the high bit set to be encoded wrongly. This
function is used for base authentication, and high bits are set for UTF-8
character sequences, so it's likely affecting people with utf-8 user names and
passwords and might cause them to be denied access to their https resources
(though arguably they'd work around that).
[Test case]
A unit test has been added that checks that the encoding is correct.
[Where problems could occur]
This only affects the base64 encoding function, which is only used for
quoting user names and passwords in basic auth in http, but it's also exposed
to library users and like in python-apt, so problems could occur wherever they
use that base64 encoding function as well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
This bug was fixed in the package apt - 2.0.5
---
apt (2.0.5) focal; urgency=medium
[ Julian Andres Klode ]
* private-search: Only use V.TranslatedDescription() if good (LP: #1877987)
* Implement update --error-on=any (Closes: #594813) (LP: #1693900)
* Include all translations when building the cache (LP: #1907850)
* Add basic support for the Protected field, and do not require
force-loopbreak
on Protected/Important packages (Closes: #983014) (LP: #1916725)
* Protect currently running kernel at run-time (LP: #1615381)
* Make ADDARG{,C}() macros expand to single statements
* Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
(LP: #1918907)
[ David Kalnischkies ]
* Fix incorrect base64 encoding due to int promotion (LP: #1916050)
* Harden test for no new acquires after transaction abort (Closes: #984966)
(LP: #1918920)
-- Julian Andres Klode Fri, 12 Mar 2021 12:47:30
+0100
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1916050
Title:
Invalid base64 for high-bit characters
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Confirmed
Status in apt source package in Bionic:
Fix Released
Status in apt source package in Focal:
Fix Released
Status in apt source package in Groovy:
Fix Released
Status in apt source package in Hirsute:
Fix Released
Bug description:
[Impact]
The Base64Encode function incorrectly encodes using char instead of uint8_t,
leading to characters with the high bit set to be encoded wrongly. This
function is used for base authentication, and high bits are set for UTF-8
character sequences, so it's likely affecting people with utf-8 user names and
passwords and might cause them to be denied access to their https resources
(though arguably they'd work around that).
[Test case]
A unit test has been added that checks that the encoding is correct.
[Where problems could occur]
This only affects the base64 encoding function, which is only used for
quoting user names and passwords in basic auth in http, but it's also exposed
to library users and like in python-apt, so problems could occur wherever they
use that base64 encoding function as well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
This bug was fixed in the package apt - 2.1.10ubuntu0.3
---
apt (2.1.10ubuntu0.3) groovy; urgency=medium
[ David Kalnischkies ]
* Fix incorrect base64 encoding due to int promotion (LP: #1916050)
* Harden test for no new acquires after transaction abort (Closes: #984966)
(LP: #1918920)
[ Julian Andres Klode ]
* Implement update --error-on=any (Closes: #594813) (LP: #1693900)
* Include all translations when building the cache (LP: #1907850)
* Do not require force-loopbreak on Protected packages (Closes: #983014)
(LP: #1916725)
* RunScripts: Do not reset SIGQUIT and SIGINT to SIG_DFL (LP: #1898026)
* Protect currently running kernel at run-time (LP: #1615381)
* Make ADDARG{,C}() macros expand to single statements
-- Julian Andres Klode Fri, 12 Mar 2021 09:22:11
+0100
** Changed in: apt (Ubuntu Groovy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1916050
Title:
Invalid base64 for high-bit characters
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Confirmed
Status in apt source package in Bionic:
Fix Committed
Status in apt source package in Focal:
Fix Committed
Status in apt source package in Groovy:
Fix Released
Status in apt source package in Hirsute:
Fix Released
Bug description:
[Impact]
The Base64Encode function incorrectly encodes using char instead of uint8_t,
leading to characters with the high bit set to be encoded wrongly. This
function is used for base authentication, and high bits are set for UTF-8
character sequences, so it's likely affecting people with utf-8 user names and
passwords and might cause them to be denied access to their https resources
(though arguably they'd work around that).
[Test case]
A unit test has been added that checks that the encoding is correct.
[Where problems could occur]
This only affects the base64 encoding function, which is only used for
quoting user names and passwords in basic auth in http, but it's also exposed
to library users and like in python-apt, so problems could occur wherever they
use that base64 encoding function as well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
autopkgtests for apt have passed, so validation was successful. I'm confident the autopkgtest failures are unrelated intermittent ones; I've done some more retries. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-groovy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Fix Committed Status in apt source package in Focal: Fix Committed Status in apt source package in Groovy: Fix Committed Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
Hello Julian, or anyone else affected, Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.13 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: apt (Ubuntu Bionic) Status: Confirmed => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Fix Committed Status in apt source package in Focal: Fix Committed Status in apt source package in Groovy: Fix Committed Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
Hello Julian, or anyone else affected, Accepted apt into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.0.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: apt (Ubuntu Focal) Status: Confirmed => Fix Committed ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Confirmed Status in apt source package in Focal: Fix Committed Status in apt source package in Groovy: Fix Committed Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
Hello Julian, or anyone else affected, Accepted apt into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.1.10ubuntu0.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-groovy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: apt (Ubuntu Groovy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-groovy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Confirmed Status in apt source package in Focal: Confirmed Status in apt source package in Groovy: Fix Committed Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
** Changed in: apt (Ubuntu Groovy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Confirmed Status in apt source package in Focal: Confirmed Status in apt source package in Groovy: In Progress Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916050] Re: Invalid base64 for high-bit characters
It's not really fixed in hirsute yet, but the bug is not closed in the 2.1.1.9 changelog, so marking it as such otherwise we'll just forget about it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1916050 Title: Invalid base64 for high-bit characters Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Confirmed Status in apt source package in Bionic: Confirmed Status in apt source package in Focal: Confirmed Status in apt source package in Groovy: Triaged Status in apt source package in Hirsute: Fix Released Bug description: [Impact] The Base64Encode function incorrectly encodes using char instead of uint8_t, leading to characters with the high bit set to be encoded wrongly. This function is used for base authentication, and high bits are set for UTF-8 character sequences, so it's likely affecting people with utf-8 user names and passwords and might cause them to be denied access to their https resources (though arguably they'd work around that). [Test case] A unit test has been added that checks that the encoding is correct. [Where problems could occur] This only affects the base64 encoding function, which is only used for quoting user names and passwords in basic auth in http, but it's also exposed to library users and like in python-apt, so problems could occur wherever they use that base64 encoding function as well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1916050/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
