Bug#984888: pam-mysql: Newly added test with 323 hashed passwords fail on s390x
Balint Reczey writes: > On Sun, Mar 14, 2021 at 3:49 PM wrote: > >> Debugging suggests that the internal SHA-1 implementation does not work >> on big-endian architectures. The easy way out is switching to the >> libcrypto implementation (the package already depends on libssl1.1 and >> the PAM module links against libcrypto.so.1). The hard way is finding >> the bug and fixing it for arbitrary endianness. I wonder which one the >> Release Team prefers... > > I'm sure the Release Team would prefer using a well known SHA > implementation rather than an internal one especially when the > internal one proved to be broken. Actually the fix is already uploaded, though debci hasn't tested it yet. The internal implementation had the necessary conditional compilation directives, but the corresponding Autoconf test was missing. So a one-line patch (already merged upstream) sufficed. In the past I tried to persuade upstream into dropping the internal crypto routines, but the idea didn't get traction. -- Cheers, Feri
Bug#984888: pam-mysql: Newly added test with 323 hashed passwords fail on s390x
Hi, On Sun, Mar 14, 2021 at 3:49 PM wrote: > > Balint Reczey writes: > > > Autopkgtests are failing in CI on s390x due to the following newly added > > tests: > > > > ... > > OK: Y_MD5: correct password accepted > > OK: Y_MD5: incorrect password refused > > FAIL: mysql: correct password refused > > OK: mysql: incorrect password refused > > ... > > (It isn't the 323 variant that fails, but anyway...) > > Debugging suggests that the internal SHA-1 implementation does not work > on big-endian architectures. The easy way out is switching to the > libcrypto implementation (the package already depends on libssl1.1 and > the PAM module links against libcrypto.so.1). The hard way is finding > the bug and fixing it for arbitrary endianness. I wonder which one the > Release Team prefers... I'm sure the Release Team would prefer using a well known SHA implementation rather than an internal one especially when the internal one proved to be broken. Cheers, Balint -- Balint Reczey Ubuntu & Debian Developer
Bug#984888: pam-mysql: Newly added test with 323 hashed passwords fail on s390x
Balint Reczey writes: > Autopkgtests are failing in CI on s390x due to the following newly added > tests: > > ... > OK: Y_MD5: correct password accepted > OK: Y_MD5: incorrect password refused > FAIL: mysql: correct password refused > OK: mysql: incorrect password refused > ... (It isn't the 323 variant that fails, but anyway...) Debugging suggests that the internal SHA-1 implementation does not work on big-endian architectures. The easy way out is switching to the libcrypto implementation (the package already depends on libssl1.1 and the PAM module links against libcrypto.so.1). The hard way is finding the bug and fixing it for arbitrary endianness. I wonder which one the Release Team prefers... -- Feri
Bug#984888: pam-mysql: Newly added test with 323 hashed passwords fail on s390x
Balint Reczey writes:
> Autopkgtests are failing in CI on s390x due to the following newly added
> tests:
>
> debian/tests/auth:
> ...
> 'mysql': { 'crypt': 2, '323': 'false', 'hash':
> '*1A8A8D8A90F03E8A15D4FFB3FC91A4693F077A84' }, # select
> PASSWORD('foopwd')
> ...
Szia Bálint,
Could you plese show me what SELECT PASSWORD('foopwd') returns on the
server fired up by the autopkgtest on s390x? I can't easily try this
myself, but I plan to add this to the test in the next upload.
--
Thanks,
Feri
Bug#984888: pam-mysql: Newly added test with 323 hashed passwords fail on s390x
Source: pam-mysql
Version: 0.8.1-4
Severity: normal
Dear Maintainer,
Autopkgtests are failing in CI on s390x due to the following newly added tests:
debian/tests/auth:
...
'mysql': { 'crypt': 2, '323': 'false', 'hash':
'*1A8A8D8A90F03E8A15D4FFB3FC91A4693F077A84' }, # select
PASSWORD('foopwd')
...
https://ci.debian.net/packages/p/pam-mysql/testing/s390x/
https://ci.debian.net/data/autopkgtest/testing/s390x/p/pam-mysql/10949034/log.gz
:
...
OK: Y_MD5: correct password accepted
OK: Y_MD5: incorrect password refused
FAIL: mysql: correct password refused
OK: mysql: incorrect password refused
...
Cheers,
Balint
--
Balint Reczey
Ubuntu & Debian Developer
