This information is long overdue, but it is worth noting that the issue was
discovered to be attempting to link a static non-PIC libcrypt into a build
of a shared library.

This is apparently difficult to detect without actually attempting the
build.

So, not a bug after all.