Fixing "lucky 13" CVE-2013-0169 in gnutls28

Andreas Metzler ametzler at downhill.at.eu.org
Tue Mar 19 19:06:38 UTC 2013


On 2013-03-18 Julien Cristau <jcristau at debian.org> wrote:
> On Sun, Mar 17, 2013 at 19:26:10 +0100, Andreas Metzler wrote:
>> On 2013-03-17 Julien Cristau <jcristau at debian.org> wrote:
>>> On Sun, Mar 17, 2013 at 16:00:29 +0100, Andreas Metzler wrote:
>> [...]
>>>> 2. If armel armhf mipsel break due to --disable-largefile stop using
>>>> --disable-largefile there and stop providing guile-gnutls on these
>>>> archs.
 
>>> OK I think I'm confused.  How would you detect breakage due to
>>> disable-largefile?
 
>> bug-report

> There's no time for that, I would expect any breakage to only be
> uncovered post release, ie too late.

Hello,
In that case we could simply decide to not ship guile-gnutls on these
three archs.

Find attached a proposed patch. Its rather obvious downside is that it
will break on ports, due to using a negative list ("all except") where
possible and a positive list else:
--------
Build-Depends and debian/rules: [!armel !armhf !mipsel]

Package: guile-gnutls
Architecture: amd64 hurd-i386 i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips powerpc s390 s390x sparc
--------

I can use a positive list in all instances instead if you prefer.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Pkg-gnutls-maint mailing list