Bug#914009: libgcrypt20: not tight enough shlibs file

Samuel Thibault sthibault at debian.org
Sun Nov 18 12:48:43 GMT 2018

Source: libgcrypt20
Version: 1.8.4-3
Severity: important


debian/rules uses:

  dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)'

But that is not tight enough. Applications would typically call

  gcry_check_version (GCRYPT_VERSION)

which will check the version which was used at the compilation time of
the application, thus requiring whatever version of libgcrypt was
installed at the time. The shlibs mentioned above allows to install an
earlier version of the package, but then the application crashes with

  libgcrypt version mismatch

so the dependency is not tight enough, debian/rules should be using the
upstream version instead of hardcoding 1.8.0-0


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

I develop for Linux for a living, I used to develop for DOS.
Going from DOS to Linux is like trading a glider for an F117.
(By entropy at world.std.com, Lawrence Foard)

More information about the Pkg-gnutls-maint mailing list