Package: password-gorilla
Version: 1.6.0~git20180203.228bbbb-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: bell...@snarkjaeger.ch
Dear Maintainer,
The duplicate uuids do not appear to affect the operation of
password-gorilla itself, but may affect the working of utilities
on other platforms that use the same password store file format
and provide the same functionality.
I encountered the problem after copying a password database generated by
password-gorilla to an android smartphone and used it with the PasswdSafe
app. Duplicate uids in the file resulted in the android app displaying
incorrect information for some entries and copying incorrect information
to the clipboard.
Problem is known and is fixed in a later version of password-gorilla.
Using later version of password-gorilla corrects uuid generation and
repairs password database files that are affected by the problem. I have
confirmed that using a repaired password database file for the android
PasswdSafe app produces the expected display and clipboard copy of the
information requested.
password-gorilla version 1.6.0~git20180203.228bbbb-1 aka 1.6.0 beta1
is now quite old, a more recent "1.6.0 beta-2" version is available.
Request that this newer version is packaged into the next Debian release.
Background
password-gorilla is an implementation of the functionality of the
Password Safe utility originally implemented on Windows; the functionality
has been implemented for other platforms including the PasswdSafe
app on Android. (The current version of the Windows utility (3.65.0)
recognises and repairs duplicated uuids.)
For android PasswdSafe discussion of the problem, see
https://sourceforge.net/p/passwdsafe/discussion/1067588/
(PasswdSafe on SourceForge ... Discussion ... Help ... "problem with psafe3
file from password gorilla".)
For password-gorilla description of problem and correction see
https://github.com/zdia/gorilla/issues/203
Problem is fixed in password gorilla 1.6.0 beta-2 which can be downloaded
as a system-independent "kit" file from
https://gorilla.dp100.com/downloads/
It can be run using the appropriate tclkit executable from
https://gorilla.dp100.com/downloads/tclkit/
and this is the method I used to confirm that the problem as I encountered
it is fixed in version 1.6.0 beta-2.
I imagine that the same procedure that was used to package the beta1 version
for Debian distribution will also work for beta-2.
Regards
Peter Lee (bell...@snarkjaeger.ch)
-- System Information:
Debian Release: bookworm/sid
APT prefers jammy-updates
APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'),
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.5.0-15-generic (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages password-gorilla depends on:
ii itcl3 3.4.3-3.1
ii tcl 8.6.11+1build2
ii tcllib 1.20+dfsg-1
ii tk 8.6.11+1build2
ii tklib 0.7+20210111-1
password-gorilla recommends no packages.
password-gorilla suggests no packages.
-- no debconf information
