Bug#368297: About the libgcrypt and OpenLDAP issue
Werner Koch
wk at gnupg.org
Thu Apr 18 21:53:08 UTC 2013
On Thu, 18 Apr 2013 20:40, clopez at igalia.com said:
> I see two options to get this fixed for Wheezy:
>
> [Option 1] -- Do the same that Ubuntu did. That is:
>
> 1.a) Patch libgcrypt to revert commit
> d769529a71ccda4e833f919f3c5693d25b005ff0
Urgs. That is a short sighted fix.
> [Option 2] -- Patch OpenLDAP to set the flag GCRYCTL_DISABLE_SECMEM if
> GCRYCTL_INITIALIZATION_FINISHED is false. This is the patch I previously
> proposed at http://bugs.debian.org/368297#135
That is the most correct solution. Any application (not library) which
wants to use that mlock protected memory (aka secure memory) needs to
make sure that libgcrypt has been initialized correctly. Thus if the
application does not do that and a library wants to to its own thing,
that library should do it in the above way.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnutls-maint
mailing list