On 2018-11-18 Andreas Metzler <[email protected]> wrote: > On 2018-11-18 Samuel Thibault <[email protected]> wrote: > > Source: libgcrypt20 > > Version: 1.8.4-3 > > Severity: important
>> debian/rules uses: >> dh_makeshlibs -V 'libgcrypt20 (>=1.8.0-0)' >> But that is not tight enough. Applications would typically call >> gcry_check_version (GCRYPT_VERSION) >> which will check the version which was used at the compilation time of >> the application, thus requiring whatever version of libgcrypt was >> installed at the time. The shlibs mentioned above allows to install an >> earlier version of the package, but then the application crashes with >> libgcrypt version mismatch >> so the dependency is not tight enough, debian/rules should be using the >> upstream version instead of hardcoding 1.8.0-0 > Hello, > no, applications should specify the version of gcrypt they require to > compile succcessfully as argument to gcry_check_version instead of the > version they are building against. Hmm. Looking at codesearch.d.o and (with my angry eyes ;-) on gcrypt documentation it might make sense to still change the dependency. At least gpg gets it right. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
