Hello, On Sat 30 Mar 2024 at 03:01pm +01, Sebastian Andrzej Siewior wrote:
> On 30 March 2024 13:14:37 CET, Sean Whitton <spwhit...@spwhitton.name> wrote: > >>I downgraded, changed the password for my database to 'asdf', >>changed it back to the password it had before, upgraded libssl3, >>and the bug did not appear. >> >>I reverted to my original db, downgraded again, deleted an entry without >>changing the password, upgraded, and the bug appeared. >> >>I can't really say more without compromising my opsec. But does the >>above give any clues / further debugging ideas? > > I would look at the function yapet is using from openssl and compare the > results. > Could create a database from scratch an use similar patterns in terms number > of entries and password (length, special characters) until you have something > that you can share with me. I don't mind if throw it in my inbox without Cc: > the bug. It looks like the problem is opening YAPET1.0-format databases, which the manpage explicitly says is meant to work. I've made a sample YAPET1.0 database using a stretch VM. Using the attached: - On bookworm, invoke 'yapet yapet1.0.pet', and you can decrypt it. - On stable or on bookworm with libssl3/3.0.13-1~deb12u1, you can't. Thanks again. -- Sean Whitton
yapet1.0.pet
Description: Binary data
signature.asc
Description: PGP signature
