how strange. can you do an objdump on the different .so ?
@pnathan won't be able until next monday but that's totally in my list of next steps
@yuki_the_maven please let me know what you find. I'm curious.
@yuki_the_maven @RAOF Prelinking?
how would that change a file size? now I'm curious...
@yuki_the_maven if you're positive they're the same version, then I can't think of any reason
@yuki_the_maven The only thing that comes to mind is prelinking? That modifies the binaries in-place, so hash-based verification can fail.
@yuki_the_maven *Particularly* if you're using randomised prelink, which is almost certainly the default (if you've got it enabled) as it makes return-to-libc attacks harder.
@RAOF ooooooohhh I see! thanks for the pointer I had no idea this was a thing
@yuki_the_maven different versions.
0 length files due to weirdnesses
bad package.