Hi, Actually libtomcrypt 1.17 and libtommath 1.0 are both available in Debian, so I'm tempted to add --disable-bundled-libtom to CFLAGS and dynamically link against these libraries. Not doing so is in fact a violation of Debian policy §4.13:
“Some software packages include in their distribution convenience copies of code from other software packages, generally so that users compiling from source don't have to download multiple packages. Debian packages should not make use of these convenience copies unless the included package is explicitly intended to be used in this way.” — https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles However, as of 2017.75 dropbear's libtom bundle consists of libtomcrypt 1.16 and libtommath 0.40. AFAICT dynamic linking against the latest versions (1.17 + 1.0) works out of the box; Matt (X-Debbugs-Cc), are you aware of any regressions when linking 2017.75 against the latest libtom? Cheers, -- Guilhem.
signature.asc
Description: PGP signature