On Wed, Mar 05, 2014 at 11:03:15PM +0000, Ken Moffat wrote: > > Those who are able to read https://lwn.net/Articles/589291/ (might > be subscriber-only for the next 2 weeks, I'm not sure) will see from > nix's comment that there is already a second "fix" version of gnutls > (perhaps the first will be fine for BLFS), and _apparently_ it needs > a new version of p11-kit. > > My gut feeling is that we should get the current book out the door, > but continue to recommend that people use the development version of > the book.
For anyone who wasn't aware of this vulnerability (I suspect that in this case I'm behind the curve, and you've probably all already fixed your own affected systems), 3.2.12.1 builds with the current instructions, and links to the book's current version of p11-kit. The timings for make check and for rebuilding the docs are, however, quite different on my machine. I'll put it in the book when svn is open, and then do a chroot gnome build to try to spot anything which fails to build. What I can't do at the moment is confirm what uses this. I suspect that it is dynamically loaded when https:// has to be negotiated. Can somebody remind me, please, of the package which identifies dynamically loaded libraries ? I think Igor mentioned it a while back, and I'm fairly sure that Fernando showed some output from it, but I can't find it in my notes. Thanks. ĸen -- das eine Mal als Tragödie, dieses Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
