[Pkg-openssl-devel] Bug#1068045: Bug#1068045: libssl3: breaks YAPET
Sean Whitton
spwhitton at spwhitton.name
Sat Apr 6 10:17:45 BST 2024
Hello,
On Sat 30 Mar 2024 at 03:01pm +01, Sebastian Andrzej Siewior wrote:
> On 30 March 2024 13:14:37 CET, Sean Whitton <spwhitton at spwhitton.name> wrote:
>
>>I downgraded, changed the password for my database to 'asdf',
>>changed it back to the password it had before, upgraded libssl3,
>>and the bug did not appear.
>>
>>I reverted to my original db, downgraded again, deleted an entry without
>>changing the password, upgraded, and the bug appeared.
>>
>>I can't really say more without compromising my opsec. But does the
>>above give any clues / further debugging ideas?
>
> I would look at the function yapet is using from openssl and compare the results.
> Could create a database from scratch an use similar patterns in terms number
> of entries and password (length, special characters) until you have something
> that you can share with me. I don't mind if throw it in my inbox without Cc:
> the bug.
It looks like the problem is opening YAPET1.0-format databases, which
the manpage explicitly says is meant to work.
I've made a sample YAPET1.0 database using a stretch VM. Using the
attached:
- On bookworm, invoke 'yapet yapet1.0.pet', and you can decrypt it.
- On stable or on bookworm with libssl3/3.0.13-1~deb12u1, you can't.
Thanks again.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yapet1.0.pet
Type: application/octet-stream
Size: 1472 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240406/839aef2b/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240406/839aef2b/attachment-0001.sig>
More information about the Pkg-openssl-devel
mailing list