Page MenuHome GnuPG

Bump requisites on 2.2.x
Closed, ResolvedPublic

Description

The LTS branch 2.2 (2.2.42) claims to need libgpg-error 1.27 and libksba 1.3.5

However, the actual requisites turn out to be libgpg-error-1.38 (due to the use of gpgrt_reallocarray, there are also other usages requiring libgpg-error > 1.27 but less than 1.38) and libksba-1.4.0 (use of functions like ‘ksba_der_add_val’ on sm/sign.c: write_detached_signature)

While there may not be a 2.2.43, it would be nice to fix this if it actually happens.

Revisions and Commits

Event Timeline

Angel created this object in space S1 Public.

werner added a subscriber: werner.

There will be a 2.2.43 soonish. Thanks for the patch.

Actually we should raise the requirement for libksba to 1.6.3 due to a security fix but some distros just fix security bugs and keep the original version..

werner claimed this task.