On Thu, Mar 14, 2024 at 09:11:08AM +0100, Karel Balej wrote: > Eric, > > Eric Biggers, 2024-03-13T16:32:27-07:00: > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because it > > broke iwd. iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell, > > and apparently it is relying on SHA-1 signature support. These UAPIs > > are fairly obscure, and their documentation does not mention which > > algorithms they support. iwd really should be using a properly > > supported userspace crypto library instead. Regardless, since something > > broke we have to revert the change. > > > > It may be possible that some parts of this commit can be reinstated > > without breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), but > > for now this just does a full revert to get things working again. > > > > Reported-by: Karel Balej <balejk@xxxxxxxxx> > > Closes: https://lore.kernel.org/r/CZSHRUIJ4RKL.34T4EASV5DNJM@xxxxxxxxx > > Cc: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx> > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > > thank you very much for the revert. I have compiled 6.8 with this patch > and attest that it solves my eduroam connection issue. > > Tested-by: Karel Balej <balejk@xxxxxxxxx> > > May I please ask, though, why you did not Cc stable (and add a Fixes > trailer for that matter)? It seems like something that would be nice to > see fixed in 6.7.y and 6.8.y too as soon as possible. I just forgot. Reverts usually get backported without asking anyway, but the following should be added to make it explicit: Fixes: 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") Cc: stable@xxxxxxxxxxxxxxx That should just be added when the patch is applied, unless I happen to need to send out a new version anyway. We need to decide who is actually going to apply this revert. Probably Herbert, since he took the commit that's being reverted? - Eric
