Bug 2292507

Summary:	Request libkeepass dependency update to fix composite key computation for BytesIO
Product:	[Fedora] Fedora	Reporter:	dev
Component:	secrets	Assignee:	Artem <ego.cordatus>
Status:	CLOSED ERRATA	QA Contact:
Severity:	urgent	Docs Contact:
Priority:	unspecified
Version:	40	CC:	ego.cordatus
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	secrets-9.3-5.fc41 secrets-9.3-5.fc40	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2024-06-30 05:06:05 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description dev 2024-06-15 16:03:38 UTC

Upstream developers bundle a patched version of libkeepass in the flatpak at flathub: 
- https://gitlab.gnome.org/World/secrets/-/issues/537
- https://github.com/libkeepass/pykeepass/pull/388

Without the fix, Secrets will corrupt databases using composite keys on any database update, since they basically save the database using an empty keyfile. 



Reproducible: Always

Steps to Reproduce:
1. Create a new Safe with a composite key (passphrase + keyfile)
2. Unlock the safe.
3. Add a new entry.
4. Save the safe and close Secrets.
5. Reopen Secrets and try to unlock the safe.
Actual Results:  
The unlocking fails and the safe remains locked.

Expected Results:  
The safe is unlocked.

Locked out database can be recovered with a specific patch as explained here: https://gitlab.gnome.org/World/secrets/-/issues/537

Comment 1 Fedora Update System 2024-06-21 08:04:57 UTC

FEDORA-2024-d9de78912c (python-pykeepass-4.0.7.post1-3.20240621git5f42802.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-d9de78912c

Comment 2 Fedora Update System 2024-06-21 08:08:00 UTC

FEDORA-2024-24f8c70191 (secrets-9.3-5.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-24f8c70191

Comment 3 Fedora Update System 2024-06-21 08:08:26 UTC

FEDORA-2024-d9de78912c (python-pykeepass-4.0.7.post1-3.20240621git5f42802.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 4 Fedora Update System 2024-06-21 08:11:27 UTC

FEDORA-2024-24f8c70191 (secrets-9.3-5.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 5 Fedora Update System 2024-06-21 08:21:12 UTC

FEDORA-2024-05251e45f9 (python-pykeepass-4.0.7.post1-4.20240621git5f42802.fc40 and secrets-9.3-5.fc40) has been submitted as an update to Fedora 40.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-05251e45f9

Comment 6 Artem 2024-06-21 08:24:30 UTC

Thanks a lot for reporting. Sorry for some delay. Very unlucky timing for me due lack of time which i could dedicate to update and testing so please test this update before it goes to Stable repos https://bodhi.fedoraproject.org/updates/FEDORA-2024-05251e45f9

Comment 7 dev 2024-06-21 10:10:41 UTC

`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-05251e45f9` says there is nothing to do. 
How can I test on Fedora 40 if it’s not in update-testing repo?

Comment 8 Artem 2024-06-21 10:26:43 UTC

Yep, Fedora infra requires some time to push updates into updates-testing. But you can download and install it without waiting:

``
mkdir tmp-updates-testing
cd tmp-updates-testing
bodhi updates download --updateid=FEDORA-2024-05251e45f9
sudo dnf upgrade *.rpm
``

Comment 9 dev 2024-06-21 11:06:26 UTC

I confirm the proposed update FEDORA-2024-05251e45f9 (1) solves this issue: changes (adding new entry, deleting existing entry...) are properly saved to Safes and Safes are not corrupted anymore.
I didn’t see side effects but I didn’t not test it extensively either.


(1) I have upgraded the packages downloaded manually from the builds in https://bodhi.fedoraproject.org/updates/FEDORA-2024-05251e45f9:
- https://koji.fedoraproject.org/koji/search?terms=python-pykeepass-4.0.7.post1-4.20240621git5f42802.fc40&type=build&match=exact
- https://koji.fedoraproject.org/koji/search?terms=secrets-9.3-5.fc40&type=build&match=exact

Thank you!

Comment 10 Fedora Update System 2024-06-22 06:36:11 UTC

FEDORA-2024-05251e45f9 has been pushed to the Fedora 40 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-05251e45f9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-05251e45f9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2024-06-30 05:06:05 UTC

FEDORA-2024-05251e45f9 (python-pykeepass-4.0.7.post1-4.20240621git5f42802.fc40 and secrets-9.3-5.fc40) has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.