Package: libcryptx-perl Version: 0.077-1+b1 libperl-cryptx contains and builds a copy of libtomcrypt and libtommath
(Samba is in a similar boat, for libtommath via Heimdal, also embedded). Sadly per https://groups.google.com/g/sci.crypt/c/Z7lVGM2wo2o/m/UfQpm0cdQRMJ from https://github.com/libtom/libtomcrypt/issues/616 libtommath is no longer being released, but it seems less than ideal to have two diverging copies of the libtomcrypt and libtommath libraries in Debian, and even more strange to have the perl bindings be ahead of the 'proper' library. The perl library has experimental support for building against the system package: # EXPERIMENTAL: use system libraries libtomcrypt + libtommath # e.g. # CRYPTX_LDFLAGS='-L/usr/local/lib -ltommath -ltomcrypt' CRYPTX_CFLAGS='-DLTM_DESC -I/usr/local/include' perl Makefile.PL I realise that this coordination may be a lot of work sadly, particularly as libcryptx-perl has the unreleased snapshots not in the last libtommath. However it also has fixes for fix for CVE-2019-17362. (I started on this because it was really hard to tell from a first glance that libcryptx-perl 0.77 was not vulnerable to CVE-2019-17362) Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
