Fixing "lucky 13" CVE-2013-0169 in gnutls28
Ludovic Courtès
ludo at gnu.org
Sat Mar 2 21:23:56 UTC 2013
Hi,
Andreas Metzler <ametzler at downhill.at.eu.org> skribis:
> @*Ludovic*: To give you some context, we are planning to pull
> gnutls28 from wheezy. If we also stopped shipping guile-gnutls instead
> of proving it from gnutls 2.x again we could a) get rid of a package
> without reverse dependencies and b) do without building gnutls with
> --disable-largefile on armel, armhf and mipsel. Do you have any idea
> how popular guile-gnutls is?
Well, among Guile users it’s somewhat popular and definitely useful (I
and others use it on top of Guile 2’s HTTP client for HTTPS, and I heard
of an IRC bot that uses it.)
You build with --disable-largefile because Guile is built without
large-file support, and thus you’d get incorrect off_t, size_t, & co,
right?
AFAIK there’s no such problem with Guile 2.0, because its public
interfaces use scm_t_off instead of off_t, etc.
> However generally speaking I don't think pulling guile-gnutls just to
> get rid of --disable-largefile on armel, armhf and mipsel is necessary,
Yeah, that would sound like radical fix. ;-)
Ludo’.
More information about the Pkg-gnutls-maint
mailing list