Bug#914009: libgcrypt20: not tight enough shlibs file
ametzler at bebt.de
Sun Nov 18 13:21:48 GMT 2018
On 2018-11-18 Samuel Thibault <sthibault at debian.org> wrote:
> Source: libgcrypt20
> Version: 1.8.4-3
> Severity: important
> debian/rules uses:
> dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)'
> But that is not tight enough. Applications would typically call
> gcry_check_version (GCRYPT_VERSION)
> which will check the version which was used at the compilation time of
> the application, thus requiring whatever version of libgcrypt was
> installed at the time. The shlibs mentioned above allows to install an
> earlier version of the package, but then the application crashes with
> libgcrypt version mismatch
> so the dependency is not tight enough, debian/rules should be using the
> upstream version instead of hardcoding 1.8.0-0
no, applications should specify the version of gcrypt they require to
compile succcessfully as argument to gcry_check_version instead of the
version they are building against.
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint