On Thu, Aug 26, 2021 at 01:33:21PM -0600, Sam Hartman wrote: > package: libxcrypt > version: 1:4.4.22-1 > severity: serious > justification: breaks login > > See bug #992848. > Because of the way libpam0g calls libxcrypt any existing sha256 hash > will be rejected at login as expired. > I'm going to fix this in pam using the linux-pam upstream fix, but > libxcrypt should not migrate to testing before the fixed pam is in > testing. > > This bug is intended to block that migration. > Feel free to do something else that blocks the migration. > If this bug is still open when libpam migrates, I'll close it.
Shouldn't this bug be closed with an upload that adds a Breaks/Conflicts against the non-updated libpam0g? Otherwise the same problem would be present for bullseye->bookworm upgrades. And other users in bullseye have to be checked as well for being affected by this breakage, baed on the autopkgtest at least dovecot looks like having the same problem. cu Adrian
