Source: libgcrypt20 Version: 1.8.4-3 Severity: important Hello,
debian/rules uses: dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)' But that is not tight enough. Applications would typically call gcry_check_version (GCRYPT_VERSION) which will check the version which was used at the compilation time of the application, thus requiring whatever version of libgcrypt was installed at the time. The shlibs mentioned above allows to install an earlier version of the package, but then the application crashes with libgcrypt version mismatch so the dependency is not tight enough, debian/rules should be using the upstream version instead of hardcoding 1.8.0-0 Samuel -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) -- Samuel I develop for Linux for a living, I used to develop for DOS. Going from DOS to Linux is like trading a glider for an F117. (By [email protected], Lawrence Foard)
