Balint Reczey <balint.rec...@canonical.com> writes: > On Sun, Mar 14, 2021 at 3:49 PM <wf...@niif.hu> wrote: > >> Debugging suggests that the internal SHA-1 implementation does not work >> on big-endian architectures. The easy way out is switching to the >> libcrypto implementation (the package already depends on libssl1.1 and >> the PAM module links against libcrypto.so.1). The hard way is finding >> the bug and fixing it for arbitrary endianness. I wonder which one the >> Release Team prefers... > > I'm sure the Release Team would prefer using a well known SHA > implementation rather than an internal one especially when the > internal one proved to be broken.
Actually the fix is already uploaded, though debci hasn't tested it yet. The internal implementation had the necessary conditional compilation directives, but the corresponding Autoconf test was missing. So a one-line patch (already merged upstream) sufficed. In the past I tried to persuade upstream into dropping the internal crypto routines, but the idea didn't get traction. -- Cheers, Feri
