Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi Stable Release Managers,
The basez version released in stretch is affected by bug #931041 and is
consequently not properly decoding base64url stream. This bug has been
fixed in sid, testing and buster-pu. I'm about to upload fixed
basez/1.6-3+deb9u1 package for stretch. See attached debdiff.
Milan
diff -Nru basez-1.6/debian/changelog basez-1.6/debian/changelog
--- basez-1.6/debian/changelog 2016-10-27 09:33:37.0 -0400
+++ basez-1.6/debian/changelog 2019-08-22 22:07:39.0 -0400
@@ -1,3 +1,9 @@
+basez (1.6-3+deb9u1) stretch; urgency=medium
+
+ * Properly decode base64url encoded strings (closes: #931041)
+
+ -- Milan Kupcevic Thu, 22 Aug 2019 22:07:39 -0400
+
basez (1.6-3) unstable; urgency=medium
* Remove configure getconf libs.
diff -Nru basez-1.6/debian/patches/base64url-decode-bug-931041
basez-1.6/debian/patches/base64url-decode-bug-931041
--- basez-1.6/debian/patches/base64url-decode-bug-9310411969-12-31
19:00:00.0 -0500
+++ basez-1.6/debian/patches/base64url-decode-bug-9310412019-08-03
23:29:13.0 -0400
@@ -0,0 +1,16 @@
+Description: properly decode base64url encoded strings
+Author: Milan Kupcevic
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931041
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/base64.c
b/base64.c
+@@ -188,7 +188,7 @@
+ bout[0] = bout[0] | c[bin[1]] >> 4;
+ }
+
+- switch(c64d[bin[2]])
++ switch(c[bin[2]])
+ {
+ case 0xfe:
+ if(bin[3] == '=')
diff -Nru basez-1.6/debian/patches/series basez-1.6/debian/patches/series
--- basez-1.6/debian/patches/series 1969-12-31 19:00:00.0 -0500
+++ basez-1.6/debian/patches/series 2019-08-03 22:15:31.0 -0400
@@ -0,0 +1 @@
+base64url-decode-bug-931041