Hello, On Sat 30 Mar 2024 at 09:29am +01, Sebastian Andrzej Siewior wrote:
> On 2024-03-30 09:25:27 [+0800], Sean Whitton wrote: >> Package: libssl3 >> Version: 3.0.13-1~deb12u1 >> Severity: grave >> Justification: renders package unusable >> X-Debbugs-Cc: t...@security.debian.org >> Control: affects -1 + yapet >> >> Dear maintainer, >> >> This version of libssl3 from bookworm-proposed-updates breaks YAPET. >> When I try to open my passwords database, it claims the master password I >> type >> is incorrect. But downgrading libssl3 fixes the problem. > > Can you give me more to go on? I installed yapet created a database, > updated and it remains to work. > Maybe supply a test database which works with the old but not with the > new library. I downgraded, changed the password for my database to 'asdf', changed it back to the password it had before, upgraded libssl3, and the bug did not appear. I reverted to my original db, downgraded again, deleted an entry without changing the password, upgraded, and the bug appeared. I can't really say more without compromising my opsec. But does the above give any clues / further debugging ideas? > Also, yapet is unchanged in unstable. Is the problem there, too? Unfortunately I do not have an unstable machine to hand right now, and until we know more about the xz-utils situation I would want to set up something air-gapped before copying my password db in there -- but can do that if we can't otherwise make progress. Thanks for looking! -- Sean Whitton
signature.asc
Description: PGP signature