Fixing "lucky 13" CVE-2013-0169 in gnutls28
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Feb 23 18:33:14 UTC 2013
On 2013-02-23 Julien Cristau <jcristau at debian.org> wrote:
> The plan seems ok to me in general.
> On Sat, Feb 23, 2013 at 18:37:12 +0100, Andreas Metzler wrote:
>> +# workaround for guile testsuite failure.
>> +ifneq (,$(filter $(DEB_BUILD_ARCH),armel armhf mipsel))
>> + DEB_CONFIGURE_EXTRA_FLAGS += --disable-largefile
>> +endif
>> +
> Disabling lfs because of guile sounds fairly bad though, assuming this
> is what this does...
Hello,
it does set _FILE_OFFSET_BITS=32, to make sure that guile and gnutls-guile
have the same structure size. See
<http://news.gmane.org/find-root.php?message_id=%3c878vntszm6.fsf%40gnu.org%3e>
for a little bit of backstory.
This sounds worse than it is, LFS is not really relevant for gnutls
itself, the files it accesses are generally < 1 MB. (See [1].) Also
gnutls used to be built with _FILE_OFFSET_BITS=32 automatically until
addition of some gnulib modules involuntarily enabled
_FILE_OFFSET_BITS=64.
Judging from the fact that 2.12.20 tarball does not include
largefile.m4 I guess the configure option is not necessary in 2.12.20.
- If you prefer to I can try without.
cu andreas
[1] http://lists.gnu.org/archive/html/bug-gnulib/2011-11/msg00084.html
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list