Dear Julien, dear Maintainers,

the OpenSSL 1.1.x compatibility patch that was applied for #828555
breaks the package and leads to segfaults.
This breaks for example "skrooge" and other applications depending on
libsqlcipher0. I have no idea why this was not caught before the
release, but on a fresh install of Debian 9.4, all default settings, I
installed "skrooge". After opening the program, click "New", then "Save
As", enter a valid name, e.g. "test" and save - the program immediately
crashes with the described problem in LibSQLCipher.

So this is definitely an existing issue, even in the most current
version of Debian 9!

For the path:
I diffed src/crypto_openssl.c against the most current version (3.4.1)
and noticed the switch to the non-deprecated API function around
EVP_CipherInit_ex instead of EVP_CipherInit.
I ported these differences to 3.2.0-2, recompiled the package from
Debian sources including my patch. The resulting binaries no longer
produce segfaults and work as expected.
This is in line with release 3.4.1-1 on sid.

Reply via email to