Bug#914009: libgcrypt20: not tight enough shlibs file

Andreas Metzler ametzler at bebt.de
Sun Nov 18 13:21:48 GMT 2018

On 2018-11-18 Samuel Thibault <sthibault at debian.org> wrote:
> Source: libgcrypt20
> Version: 1.8.4-3
> Severity: important

> Hello,

> debian/rules uses:

>   dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)'

> But that is not tight enough. Applications would typically call

>   gcry_check_version (GCRYPT_VERSION)

> which will check the version which was used at the compilation time of
> the application, thus requiring whatever version of libgcrypt was
> installed at the time. The shlibs mentioned above allows to install an
> earlier version of the package, but then the application crashes with

>   libgcrypt version mismatch

> so the dependency is not tight enough, debian/rules should be using the
> upstream version instead of hardcoding 1.8.0-0


no, applications should specify the version of gcrypt they require to
compile succcessfully as argument to gcry_check_version instead of the
version they are building against.

cu Andreas

`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list