Re: the way to enigmail: gnupg 2.1 backport considerations

On Tue, 2018-11-13 at 12:31 -0500, Daniel Kahn Gillmor wrote: > On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote: > > > * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7) > > libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of > gcrypt for years. gcrypt is more properly "part

Re: the way to enigmail: gnupg 2.1 backport considerations

On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote: > * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7) libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of gcrypt for years. gcrypt is more properly "part of GnuPG" than anything else. basically, all of these libraries are gnupg

[SECURITY] [DLA 1578-1] spamassassin security update

Package: spamassassin Version: 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote

Accepted spamassassin 3.4.2-0+deb8u1 (source all amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Oct 2018 13:28:29 -0400 Source: spamassassin Binary: spamassassin spamc sa-compile Architecture: source all amd64 Version: 3.4.2-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Noah Meyerhans Changed-By:

Re: the way to enigmail: gnupg 2.1 backport considerations

On 2018-11-13 18:41:47, Emilio Pozuelo Monfort wrote: > I can think of two options: > > 1) Ship them in a private dir (e.g. /usr/lib/gnupg2/), and link them to those > libs. Then ld should add an RPATH, otherwise an LD_LIBRARY_PATH hack could be > used. > > 2) Statically link the libraries into

Re: the way to enigmail: gnupg 2.1 backport considerations

On 13/11/2018 17:43, Antoine Beaupré wrote: > On 2018-11-13 13:24:39, Ben Hutchings wrote: >> On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote: >>> Hi, >>> >>> So I've been looking at Enigmail again, after a long journey helping >>> people in stable getting that stuff fixed. It's pretty

Re: the way to enigmail: gnupg 2.1 backport considerations

On 2018-11-13 13:24:39, Ben Hutchings wrote: > On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote: >> Hi, >> >> So I've been looking at Enigmail again, after a long journey helping >> people in stable getting that stuff fixed. It's pretty obvious there's >> no way to upload that without

Re: the way to enigmail: gnupg 2.1 backport considerations

On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote: > Hi, > > So I've been looking at Enigmail again, after a long journey helping > people in stable getting that stuff fixed. It's pretty obvious there's > no way to upload that without first doing a GnuPG 2.1 backport into > jessie. > >