Bug#495473: A GnuTLS problem?

Andreas Metzler ametzler at downhill.at.eu.org
Sat Jan 24 16:49:57 UTC 2009

reassign 495473 libgwenhywfar47
On 2008-11-26 Simon Josefsson <simon at josefsson.org> wrote:
> I don't think this is a GnuTLS problem, nothing in the bug logs indicate
> anything related to GnuTLS as far as I can tell?

> However, the problems do appear to be the same, and the problematic
> package is likely libgwenhywfar.  It could be a libgcrypt problem, but I
> suspect the bug is in how libgwenhywfar uses libgcrypt.

This code in libgwenhywfar 3.4.1 ./src/crypt3/cryptkey.c
is probably the culprit:

int GWEN_Crypt3_ModuleInit() {
  gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
  if (!gcry_check_version (GCRYPT_VERSION)) {
    DBG_ERROR(GWEN_LOGDOMAIN, "Libgcrypt version mismatch");

GCRYPT_VERSION is expanded at libgwenhywfar build time to the version
of gcrypt libgwenhywfar is built against. Afaiui this will cause a hard
failure whenever libgwenhywfar is run against a lower gcrypt version
than the one it was built against.

At least for Debian this is the wrong thing to do, package
dependencies and the shlibs system should prevent installation of
incompatible versions.

libgwenhywfar 3.6.0 is not a lot better, it just is a little bit more
verbose while still throwing an error:

  if (!gcry_check_version (GCRYPT_VERSION)) {
    const char *gcrypt_version = gcry_check_version(0);
    DBG_ERROR(GWEN_LOGDOMAIN, "Libgcrypt version mismatch: "
                              "Gwen built with GCrypt %s, but running with GCrypt %s",
                              GCRYPT_VERSION, gcrypt_version);

I am reassigning the gcrypt bug #495473 to libgwenhywfar47 and would
suggest to do the same for the gnucash one.
thanks, cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list