Drift between libgmp and gpg's version

Jason Gunthorpe jgg at ualberta.ca
Sun Oct 3 15:33:32 CEST 1999


On Sun, 3 Oct 1999, Werner Koch wrote:

> > It just came to my attention that GnuPG's modified version of gmp doesn't
> > include some of the patches to the assembly core that we at Debian use.
 
> I tried to figure out from where to get the latest GMP release but it
> seems, that 2.0.2 is still the latest avaible from the FSF.

The author hasn't done a new release in nearly 4 years, but if you visit
his web site you can find a bucket load of patches
http://www.matematik.su.se/~tege/gmp/
 
> I have not looked into the Debian sources (I gave my last CDs away to
> friend, who is working on a Logo and found no time to download them)
> and frankly, I need an FSF version.

Well, I can understand that but I'm not sure a new version is forthcoming,
it might be worthwhile to integrate some of the patches, at least the arch
specific ones..

You can peruse the dif if you are interested:
http://ftp.debian.org/debian/dists/unstable/main/source/libs/libgmp2_2.0.2-3.1	.diff.gz

> > Even better would be to just get the gmp upstream to integrate a means to
> > do secured allocations, lots of crypto stuff would benifit from that.
 
> I think it is mucht to complicate to audit a GMP with the needed
> enhancements for GnuPG. 

Well that's unfortunate :<
 
Jason



More information about the Gnupg-devel mailing list