Hi, Actually libtomcrypt 1.17 and libtommath 1.0 are both available in Debian, so I'm tempted to add --disable-bundled-libtom to CFLAGS and dynamically link against these libraries. Not doing so is in fact a violation of Debian policy §4.13:
“Some software packages include in their distribution convenience
copies of code from other software packages, generally so that users
compiling from source don't have to download multiple packages.
Debian packages should not make use of these convenience copies
unless the included package is explicitly intended to be used in
this way.”
— https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles
However, as of 2017.75 dropbear's libtom bundle consists of libtomcrypt
1.16 and libtommath 0.40. AFAICT dynamic linking against the latest
versions (1.17 + 1.0) works out of the box; Matt (X-Debbugs-Cc), are you
aware of any regressions when linking 2017.75 against the latest libtom?
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
