[Pkg-openssl-devel] Bug#1068045: Bug#1068045: libssl3: breaks YAPET

Sean Whitton spwhitton at spwhitton.name
Sat Mar 30 12:14:37 GMT 2024


Hello,

On Sat 30 Mar 2024 at 09:29am +01, Sebastian Andrzej Siewior wrote:

> On 2024-03-30 09:25:27 [+0800], Sean Whitton wrote:
>> Package: libssl3
>> Version: 3.0.13-1~deb12u1
>> Severity: grave
>> Justification: renders package unusable
>> X-Debbugs-Cc: team at security.debian.org
>> Control: affects -1 + yapet
>>
>> Dear maintainer,
>>
>> This version of libssl3 from bookworm-proposed-updates breaks YAPET.
>> When I try to open my passwords database, it claims the master password I type
>> is incorrect.  But downgrading libssl3 fixes the problem.
>
> Can you give me more to go on? I installed yapet created a database,
> updated and it remains to work.
> Maybe supply a test database which works with the old but not with the
> new library.

I downgraded, changed the password for my database to 'asdf',
changed it back to the password it had before, upgraded libssl3,
and the bug did not appear.

I reverted to my original db, downgraded again, deleted an entry without
changing the password, upgraded, and the bug appeared.

I can't really say more without compromising my opsec.  But does the
above give any clues / further debugging ideas?

> Also, yapet is unchanged in unstable. Is the problem there, too?

Unfortunately I do not have an unstable machine to hand right now, and
until we know more about the xz-utils situation I would want to set up
something air-gapped before copying my password db in there -- but can
do that if we can't otherwise make progress.

Thanks for looking!

-- 
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240330/f42b637e/attachment.sig>


More information about the Pkg-openssl-devel mailing list