On 03/06/2014 02:49 AM, Ken Moffat wrote: > On Wed, Mar 05, 2014 at 11:03:15PM +0000, Ken Moffat wrote: >> >> Those who are able to read https://lwn.net/Articles/589291/ (might >> be subscriber-only for the next 2 weeks, I'm not sure) will see from >> nix's comment that there is already a second "fix" version of gnutls >> (perhaps the first will be fine for BLFS), and _apparently_ it needs >> a new version of p11-kit. >> >> My gut feeling is that we should get the current book out the door, >> but continue to recommend that people use the development version of >> the book. > > For anyone who wasn't aware of this vulnerability (I suspect that > in this case I'm behind the curve, and you've probably all already > fixed your own affected systems), 3.2.12.1 builds with the current > instructions, and links to the book's current version of p11-kit. > The timings for make check and for rebuilding the docs are, however, > quite different on my machine. I'll put it in the book when svn is > open, and then do a chroot gnome build to try to spot anything which > fails to build. > > What I can't do at the moment is confirm what uses this. I suspect > that it is dynamically loaded when https:// has to be negotiated. > Can somebody remind me, please, of the package which identifies > dynamically loaded libraries ? I think Igor mentioned it a while > back, and I'm fairly sure that Fernando showed some output from it, > but I can't find it in my notes. Thanks. > > ĸen >
For your information, this is list of executables and libraries that's linked to libgnutls.so.28 on my system: /usr/bin/gnutls-serv /usr/bin/gvnccapture /usr/bin/gnutls-cli-debug /usr/bin/p11tool /usr/bin/crywrap /usr/bin/certtool /usr/bin/ocsptool /usr/bin/danetool /usr/bin/srptool /usr/bin/psktool /usr/bin/gnutls-cli /usr/lib/libgvnc-1.0.so.0.0.1 /usr/lib/libgtk-vnc-2.0.so.0.0.2 /usr/lib/libavformat.so.55.19.104 /usr/lib/samba/libauthkrb5.so /usr/lib/gstreamer-1.0/libgstfragmented.so /usr/lib/gio/modules/libgiognutls.so /usr/lib/libgnutls-openssl.so.27.0.2 /usr/lib/libgnutls-xssl.so.0.0.0 /usr/lib/vlc/plugins/misc/libgnutls_plugin.so /usr/lib/libgvncpulse-1.0.so.0.0.1 /usr/lib/libgnutlsxx.so.28.1.0 /usr/lib32/libgnutls-openssl.so.27.0.2 /usr/lib32/libgnutls-xssl.so.0.0.0 /usr/lib32/libgnutlsxx.so.28.1.0 Most of these are actually executables and libraries installed by gnutls package itself. Others include glib-networking, which is glib's tls implementation and any GTK+/GLib app that uses TLS is actually using GnuTLS (including epiphany), gtk-vnc, ffmpeg, samba, vlc, gstreamer-plugins-notsure-1.0. -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
