Your message dated Tue, 16 Sep 2025 21:36:10 +0200
with message-id <[email protected]>
and subject line Re: Bug#1071431: libssl3t64: apt full-upgrade replaced
libssl3:amd64 with libssl3t64:i386, breaking sudo…
has caused the Debian Bug report #1071431,
regarding libssl3t64: apt full-upgrade replaced libssl3:amd64 with
libssl3t64:i386, breaking sudo…
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1071431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071431
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl3t64
Version: 3.2.1-3
Severity: important
Dear Maintainer,
This is also meant as a friendly heads up, as #1065135.
I don't know if this happened due to specifities of my system, which has been
upgraded several times, since more than 10 years.
It left my system without a working sudo to fix it, so it was critical for me.
I leave it to maintainers to adjust severity, if it also happens to other
users.
(And also I was fortunate to find a solution, that I include here in case it
could be useful to others.)
* What led up to the situation?
sudo apt full-upgrade
* What was the outcome of this action?
Extracts from apt full-upgrade output:
"Les paquets suivants seront ENLEVÉS :" (Following packages will be REMOVED)
[…] libssl3 libssl3:i386 […]
"Les NOUVEAUX paquets suivants seront installés :" (NEW packages will be
installed)
[…] libssl3t64 libssl3t64:i386 […]
(which looked ok — and most other libraries were actually replaced by their t64
substitutes)
But then:
[…]
(Lecture de la base de données... 614199 fichiers et répertoires déjà
installés.)
Suppression de libssl3:i386 (3.1.5-1) ...
dpkg: libssl3:amd64 : problèmes de dépendance, mais suppression comme demandé :
wpasupplicant dépend de libssl3 (>= 3.0.0).
w3m dépend de libssl3 (>= 3.0.0).
virtuoso-opensource-7-common dépend de libssl3 (>= 3.0.0).
transmission-gtk dépend de libssl3 (>= 3.0.0).
tnftp dépend de libssl3 (>= 3.0.0).
systemd-container dépend de libssl3 (>= 3.0.0).
systemd dépend de libssl3 (>= 3.0.0).
sudo dépend de libssl3 (>= 3.0.0).
socat dépend de libssl3 (>= 3.0.0).
rsync dépend de libssl3 (>= 3.0.0).
python3-cryptography dépend de libssl3 (>= 3.0.0).
ppp dépend de libssl3 (>= 3.0.0).
postgresql-client-16 dépend de libssl3 (>= 3.0.0).
postgresql-client-15 dépend de libssl3 (>= 3.0.0).
postgresql-client-14 dépend de libssl3 (>= 3.0.0).
postgresql-16 dépend de libssl3 (>= 3.0.0).
postgresql-15 dépend de libssl3 (>= 3.0.0).
postgresql-14 dépend de libssl3 (>= 3.0.0).
perl-openssl-defaults:amd64 dépend de libssl3 (>= 3.0.0).
openvpn dépend de libssl3 (>= 3.0.0).
openssl dépend de libssl3 (>= 3.0.9).
openssh-server dépend de libssl3 (>= 3.0.0).
openssh-client dépend de libssl3 (>= 3.0.0).
nmap dépend de libssl3 (>= 3.0.0).
mumble dépend de libssl3 (>= 3.0.0).
linux-kbuild-6.6.15 dépend de libssl3 (>= 3.0.0).
linux-kbuild-6.6.13 dépend de libssl3 (>= 3.0.0).
libzip4:amd64 dépend de libssl3 (>= 3.0.0).
libxmlsec1-openssl:amd64 dépend de libssl3 (>= 3.0.0).
libwinpr2-2:amd64 dépend de libssl3 (>= 3.0.0).
libvirtodbc0 dépend de libssl3 (>= 3.0.0).
libtss2-esys-3.0.2-0:amd64 dépend de libssl3 (>= 3.0.0).
libsystemd-shared:amd64 dépend de libssl3 (>= 3.0.0).
libssl-dev:amd64 dépend de libssl3 (= 3.1.5-1).
libssh-4:amd64 dépend de libssl3 (>= 3.0.0).
libspice-client-glib-2.0-8:amd64 dépend de libssl3 (>= 3.0.0).
libshout3:amd64 dépend de libssl3 (>= 3.0.0).
libruby3.1:amd64 dépend de libssl3 (>= 3.0.0).
libruby3.0:amd64 dépend de libssl3 (>= 3.0.0).
librabbitmq4:amd64 dépend de libssl3 (>= 3.0.0).
libqt6network6:amd64 dépend de libssl3.
libqt5network5:amd64 dépend de libssl3.
libqca-qt5-2-plugins:amd64 dépend de libssl3 (>= 3.0.0).
libpython3.12-minimal:amd64 dépend de libssl3 (>= 3.0.0).
libpq5:amd64 dépend de libssl3 (>= 3.0.0).
libpkcs11-helper1:amd64 dépend de libssl3 (>= 3.0.0).
libpipewire-0.3-modules:amd64 dépend de libssl3 (>= 3.0.0).
libopusfile0:amd64 dépend de libssl3 (>= 3.0.0).
libnvme1 dépend de libssl3 (>= 3.0.0).
libnet-ssleay-perl:amd64 dépend de libssl3 (>= 3.0.0).
libneon27:amd64 dépend de libssl3 (>= 3.0.0).
libmariadb3:amd64 dépend de libssl3 (>= 3.0.0).
libkmod2:amd64 dépend de libssl3 (>= 3.0.0).
libjim0.82:amd64 dépend de libssl3 (>= 3.0.0).
libimobiledevice6:amd64 dépend de libssl3 (>= 3.0.0).
libhdf5-openmpi-103-1:amd64 dépend de libssl3 (>= 3.0.0).
libhdf5-103-1:amd64 dépend de libssl3 (>= 3.0.0).
libgrpc29:amd64 dépend de libssl3 (>= 3.0.0).
libgdal34:amd64 dépend de libssl3 (>= 3.0.0).
libfsverity0:amd64 dépend de libssl3 (>= 3.0.0).
libfreerdp2-2:amd64 dépend de libssl3 (>= 3.0.0).
libfido2-1:amd64 dépend de libssl3 (>= 3.0.0).
libcryptsetup12:amd64 dépend de libssl3 (>= 3.0.0).
libcrypt-ssleay-perl dépend de libssl3 (>= 3.0.0).
libaprutil1:amd64 dépend de libssl3 (>= 3.0.0).
kmod dépend de libssl3 (>= 3.0.0).
dillo dépend de libssl3 (>= 3.0.0).
coreutils dépend de libssl3 (>= 3.0.0).
bind9-utils dépend de libssl3 (>= 3.0.0).
bind9-libs:amd64 dépend de libssl3 (>= 3.0.0).
apache2-bin dépend de libssl3 (>= 3.0.0).
Suppression de libssl3:amd64 (3.1.5-1) ...
Sélection du paquet libssl3t64:i386 précédemment désélectionné.
(Lecture de la base de données... 614181 fichiers et répertoires déjà
installés.)
Préparation du dépaquetage de .../libssl3t64_3.2.1-3_i386.deb ...
Dépaquetage de libssl3t64:i386 (3.2.1-3) ...
[…]
So apt apparently intended to remove libssl3:i386, and replace it with
libssl3t64:i386,
but instead it actually removed libssl3:amd64…
This broke my system, leaving sudo unable to run (so I could not fix this
manually):
$ sudo
sudo: error while loading shared libraries: libcrypto.so.3: cannot open shared
object file: No such file or directory
Fortunately, I ended up finding out about pkexec, and was able to use it to
become root and manually reinstall libcrypto.so.3 by running:
dpkg -i libssl3t64_3.2.1-3_amd64.deb
* What outcome did you expect instead?
I expected libssl3 to be replaced by libssl3t64 for the same architecture(s)
The version of apt used for the full-upgrade was 2.7.12,
and it attempted to upgrade itself to 2.9.2, later than the above extracts —
but systemctl was also broken:
[…]
Préparation du dépaquetage de .../archives/apt_2.9.2_amd64.deb ...
Dépaquetage de apt (2.9.2) sur (2.7.12) ...
Paramétrage de apt (2.9.2) ...
systemctl: error while loading shared libraries: libcrypto.so.3: cannot open
shared object file: No such file or directory
systemctl: error while loading shared libraries: libcrypto.so.3: cannot open
shared object file: No such file or directory
systemctl: error while loading shared libraries: libcrypto.so.3: cannot open
shared object file: No such file or directory
apt-daily-upgrade.timer is a disabled or a static unit not running, not
starting it.
systemctl: error while loading shared libraries: libcrypto.so.3: cannot open
shared object file: No such file or directory
systemctl: error while loading shared libraries: libcrypto.so.3: cannot open
shared object file: No such file or directory
apt-daily.timer is a disabled or a static unit not running, not starting it.
[…]
-- System Information:
Debian Release: trixie/sid
APT prefers stable-security
APT policy: (990, 'stable-security'), (990, 'testing'), (500,
'stable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable'), (500,
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.6.15-rt-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libssl3t64 depends on:
ii libc6 2.38-11
ii libzstd1 1.5.5+dfsg2-2
ii zlib1g 1:1.3.dfsg-3.1
libssl3t64 recommends no packages.
libssl3t64 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On 2024-05-29 19:18:18 [+0200], Jean-Guilhem Cailton wrote:
> To reproduce, you would likely have to have some :i386 package installed,
> that depended on libssl3:i386. (Or maybe just libssl3:i386 would be enough?)
I'm closing this one now. I didn't manage to reproduce it, it did pop
after the release of Trixie and we had a point release by now.
> Jean-Guilhem
Sebastian
--- End Message ---