Bug#914009: libgcrypt20: not tight enough shlibs file
Andreas Metzler
ametzler at bebt.de
Sun Nov 18 14:04:12 GMT 2018
On 2018-11-18 Andreas Metzler <ametzler at bebt.de> wrote:
> On 2018-11-18 Samuel Thibault <sthibault at debian.org> wrote:
> > Source: libgcrypt20
> > Version: 1.8.4-3
> > Severity: important
>> debian/rules uses:
>> dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)'
>> But that is not tight enough. Applications would typically call
>> gcry_check_version (GCRYPT_VERSION)
>> which will check the version which was used at the compilation time of
>> the application, thus requiring whatever version of libgcrypt was
>> installed at the time. The shlibs mentioned above allows to install an
>> earlier version of the package, but then the application crashes with
>> libgcrypt version mismatch
>> so the dependency is not tight enough, debian/rules should be using the
>> upstream version instead of hardcoding 1.8.0-0
> Hello,
> no, applications should specify the version of gcrypt they require to
> compile succcessfully as argument to gcry_check_version instead of the
> version they are building against.
Hmm. Looking at codesearch.d.o and (with my angry eyes ;-) on gcrypt
documentation it might make sense to still change the dependency.
At least gpg gets it right.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list