Bug#886146: Testing and Issues

To: 886146@bugs.debian.org
Subject: Bug#886146: Testing and Issues
From: Philipp Berger <newsletters@philippberger.de>
Date: Thu, 12 Apr 2018 11:46:21 +0200
Message-id: <[🔎] 4fba7d82-88f3-68d9-64f6-ac1a33922831@philippberger.de>
Reply-to: Philipp Berger <newsletters@philippberger.de>, 886146@bugs.debian.org
References: <4fad8fdc-ecdc-0679-6cdc-2149e111c771@debian.org>

Dear Julien, dear Maintainers,

the OpenSSL 1.1.x compatibility patch that was applied for #828555
breaks the package and leads to segfaults.
This breaks for example "skrooge" and other applications depending on
libsqlcipher0. I have no idea why this was not caught before the
release, but on a fresh install of Debian 9.4, all default settings, I
installed "skrooge". After opening the program, click "New", then "Save
As", enter a valid name, e.g. "test" and save - the program immediately
crashes with the described problem in LibSQLCipher.

So this is definitely an existing issue, even in the most current
version of Debian 9!

For the path:
I diffed src/crypto_openssl.c against the most current version (3.4.1)
and noticed the switch to the non-deprecated API function around
EVP_CipherInit_ex instead of EVP_CipherInit.
I ported these differences to 3.2.0-2, recompiled the package from
Debian sources including my patch. The resulting binaries no longer
produce segfaults and work as expected.
This is in line with release 3.4.1-1 on sid.

Reply to:

Prev by Date: Bug#895489: marked as done (nmu: kodi (libnfs transition))
Next by Date: Bug#895537: stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u3
Previous by thread: Bug#895489: marked as done (nmu: kodi (libnfs transition))
Next by thread: Bug#895537: stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u3
Index(es):
- Date
- Thread