Drift between libgmp and gpg's version
Jason Gunthorpe
jgg at ualberta.ca
Sun Oct 3 15:33:32 CEST 1999
On Sun, 3 Oct 1999, Werner Koch wrote:
> > It just came to my attention that GnuPG's modified version of gmp doesn't
> > include some of the patches to the assembly core that we at Debian use.
> I tried to figure out from where to get the latest GMP release but it
> seems, that 2.0.2 is still the latest avaible from the FSF.
The author hasn't done a new release in nearly 4 years, but if you visit
his web site you can find a bucket load of patches
http://www.matematik.su.se/~tege/gmp/
> I have not looked into the Debian sources (I gave my last CDs away to
> friend, who is working on a Logo and found no time to download them)
> and frankly, I need an FSF version.
Well, I can understand that but I'm not sure a new version is forthcoming,
it might be worthwhile to integrate some of the patches, at least the arch
specific ones..
You can peruse the dif if you are interested:
http://ftp.debian.org/debian/dists/unstable/main/source/libs/libgmp2_2.0.2-3.1 .diff.gz
> > Even better would be to just get the gmp upstream to integrate a means to
> > do secured allocations, lots of crypto stuff would benifit from that.
> I think it is mucht to complicate to audit a GMP with the needed
> enhancements for GnuPG.
Well that's unfortunate :<
Jason
More information about the Gnupg-devel
mailing list