On 2018-11-18 Samuel Thibault <[email protected]> wrote: > Source: libgcrypt20 > Version: 1.8.4-3 > Severity: important
> Hello, > debian/rules uses: > dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)' > But that is not tight enough. Applications would typically call > gcry_check_version (GCRYPT_VERSION) > which will check the version which was used at the compilation time of > the application, thus requiring whatever version of libgcrypt was > installed at the time. The shlibs mentioned above allows to install an > earlier version of the package, but then the application crashes with > libgcrypt version mismatch > so the dependency is not tight enough, debian/rules should be using the > upstream version instead of hardcoding 1.8.0-0 Hello, no, applications should specify the version of gcrypt they require to compile succcessfully as argument to gcry_check_version instead of the version they are building against. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
