Bug#495473: A GnuTLS problem?
Hi Werner, hi Andreas,
Werner Koch wrote:
On Sat, 24 Jan 2009 17:49, ametz...@downhill.at.eu.org said:
GCRYPT_VERSION is expanded at libgwenhywfar build time to the version
FWIW, I suggest [...]
Thank you very much for your suggestions. I've send the attached patch
to the upstream developer. I hope he will integrate it into the official
source of libgwenhywfar soon.
Regards
Micha
Index: src/crypt3/cryptkey.c
===
--- src/crypt3/cryptkey.c (Revision 1524)
+++ src/crypt3/cryptkey.c (Arbeitskopie)
@@ -33,11 +33,11 @@
int GWEN_Crypt3_ModuleInit() {
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- if (!gcry_check_version (GCRYPT_VERSION)) {
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) {
const char *gcrypt_version = gcry_check_version(0);
DBG_ERROR(GWEN_LOGDOMAIN, Libgcrypt version mismatch:
- Gwen built with GCrypt %s, but running with GCrypt %s,
- GCRYPT_VERSION, gcrypt_version);
+ Gwen needs GCrypt = %s, but is running with GCrypt %s,
+ NEED_LIBGCRYPT_VERSION, gcrypt_version);
return GWEN_ERROR_GENERIC;
}
/*gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);*/
Index: configure.ac
===
--- configure.ac (Revision 1524)
+++ configure.ac (Arbeitskopie)
@@ -561,6 +561,10 @@
#
# check for libgcrypt
#
+NEED_LIBGCRYPT_API=1
+NEED_LIBGCRYPT_VERSION=1.4.0
+AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, $NEED_LIBGCRYPT_VERSION,
+ [Required version of Libgcrypt])
case $OS_TYPE in
windows)
LIBGCRYPT_CFLAGS=
@@ -569,10 +573,12 @@
AC_SUBST(LIBGCRYPT_LIBS)
;;
*)
-AM_PATH_LIBGCRYPT([], [have_gcrypt=yes], [have_gcrypt=no])
+AM_PATH_LIBGCRYPT($NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION,
+ [have_gcrypt=yes], [have_gcrypt=no])
if test $have_gcrypt != yes; then
AC_MSG_ERROR([
- Libgcrypt is required for Gwenhywfar. Please install it (including devel packages)])
+ Libgcrypt is required for Gwenhywfar. Please install it (including devel packages)
+ (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)])
fi
;;
esac
signature.asc
Description: OpenPGP digital signature
Bug#495473: A GnuTLS problem?
On Sat, 24 Jan 2009 17:49, ametz...@downhill.at.eu.org said: GCRYPT_VERSION is expanded at libgwenhywfar build time to the version FWIW, I suggest to use this in configure.ac: NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.4.0 # other configure stuff AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, $NEED_LIBGCRYPT_VERSION, [Required version of Libgcrypt]) AM_PATH_LIBGCRYPT($NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION, have_libgcrypt=yes,have_libgcrypt=no) # close to the end use MSG_NOTICE or MSG_ERROR if test $have_libgcrypt = no; then die=yes AC_MSG_NOTICE([[ *** *** You need libgcrypt to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ *** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.) ***]]) fi In the code use: if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) OOPS(); Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#496793: Bug#495473: A GnuTLS problem?
reassign 495473 libgwenhywfar47
thanks
On 2008-11-26 Simon Josefsson si...@josefsson.org wrote:
I don't think this is a GnuTLS problem, nothing in the bug logs indicate
anything related to GnuTLS as far as I can tell?
However, the problems do appear to be the same, and the problematic
package is likely libgwenhywfar. It could be a libgcrypt problem, but I
suspect the bug is in how libgwenhywfar uses libgcrypt.
[...]
Hello,
This code in libgwenhywfar 3.4.1 ./src/crypt3/cryptkey.c
is probably the culprit:
---
int GWEN_Crypt3_ModuleInit() {
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
if (!gcry_check_version (GCRYPT_VERSION)) {
DBG_ERROR(GWEN_LOGDOMAIN, Libgcrypt version mismatch);
---
GCRYPT_VERSION is expanded at libgwenhywfar build time to the version
of gcrypt libgwenhywfar is built against. Afaiui this will cause a hard
failure whenever libgwenhywfar is run against a lower gcrypt version
than the one it was built against.
At least for Debian this is the wrong thing to do, package
dependencies and the shlibs system should prevent installation of
incompatible versions.
libgwenhywfar 3.6.0 is not a lot better, it just is a little bit more
verbose while still throwing an error:
---
if (!gcry_check_version (GCRYPT_VERSION)) {
const char *gcrypt_version = gcry_check_version(0);
DBG_ERROR(GWEN_LOGDOMAIN, Libgcrypt version mismatch:
Gwen built with GCrypt %s, but running with
GCrypt %s,
GCRYPT_VERSION, gcrypt_version);
return GWEN_ERROR_GENERIC;
---
I am reassigning the gcrypt bug #495473 to libgwenhywfar47 and would
suggest to do the same for the gnucash one.
thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#495473: A GnuTLS problem?
I wonder how bugs #495473 and #496793 are related to each other. Unfortunately I have no time to investigate this question right now. Regards Micha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495473: A GnuTLS problem?
I don't think this is a GnuTLS problem, nothing in the bug logs indicate anything related to GnuTLS as far as I can tell? However, the problems do appear to be the same, and the problematic package is likely libgwenhywfar. It could be a libgcrypt problem, but I suspect the bug is in how libgwenhywfar uses libgcrypt. Which version of libgwenhywfar47 do people use? I notice that the libgcrypt initialization code in libgwenhywfar has changed, so maybe trying the version in experimental solves the problem. That version provides better debugging information in any case, which should explain why the call to gcry_check_version fails. So please test it and report debug output for it. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
