[Pkg-openssl-devel] Bug#1068045: Bug#1068045: libssl3: breaks YAPET

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Sat Mar 30 14:01:13 GMT 2024



On 30 March 2024 13:14:37 CET, Sean Whitton <spwhitton at spwhitton.name> wrote:
>Hello,

Hi,


>I downgraded, changed the password for my database to 'asdf',
>changed it back to the password it had before, upgraded libssl3,
>and the bug did not appear.
>
>I reverted to my original db, downgraded again, deleted an entry without
>changing the password, upgraded, and the bug appeared.
>
>I can't really say more without compromising my opsec.  But does the
>above give any clues / further debugging ideas?

I would look at the function yapet is using from openssl and compare the results.
Could create  a database from scratch an use similar patterns in terms number of entries and password (length, special characters) until you have something that you can share with me. I don't mind if throw it in my inbox without Cc: the bug.

>
>> Also, yapet is unchanged in unstable. Is the problem there, too?
>
>Unfortunately I do not have an unstable machine to hand right now, and
>until we know more about the xz-utils situation I would want to set up
>something air-gapped before copying my password db in there -- but can
>do that if we can't otherwise make progress.

The 5.6 xz is no more in unstable. But as you wish. I was just curious why this was not yet reported.

>
>Thanks for looking!
>

-- 
Sebastian



More information about the Pkg-openssl-devel mailing list