How to patch libgnutls26?

For discussions about security.
Post Reply
Message
Author
Graf_Koks
Posts: 34
Joined: Tue 21 Jan 2014, 19:32

How to patch libgnutls26?

#1 Post by Graf_Koks »

Hi,

Anyone any idea how to patch libgnutls26 using the following source:

http://www.ubuntu.com/usn/usn-2127-1/

Regards,
GK
http://www.zeit.de/digital/datenschutz/ ... eitsluecke

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#2 Post by Semme »

As Mick's the dev, we'll limit any confusion to a single response.
Last edited by Semme on Fri 07 Mar 2014, 02:45, edited 1 time in total.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#3 Post by 01micko »

In slacko the update manager *should* work. But the version is patched from upstream so shows as the same version but a different build number.

To get the patched version:

1. Run updates manager form setup menu
2. go tp PPM and use the configuration utility to enable the Patches repo
3. Restart PPM
4, In the search box type gnutls
5. select the version from Patches repo and install
6. Restart your computer
Puppy Linux Blog - contact me for access

User avatar
Terryphi
Posts: 761
Joined: Wed 02 Jul 2008, 09:32
Location: West Wales, Britain.

#4 Post by Terryphi »

Has anyone tried to patch Racy/Wary?

LATER: Racy and Wary do not include gnutls so no fix required. :)
[b]Classic Opera 12.16 browser SFS package[/b] for Precise, Slacko, Racy, Wary, Lucid, etc available[url=http://terryphillips.org.uk/operasfs.htm]here[/url] :)

User avatar
Karl Godt
Posts: 4199
Joined: Sun 20 Jun 2010, 13:52
Location: Kiel,Germany

#5 Post by Karl Godt »

If a remote attacker were able to
perform a man-in-the-middle attack,
this flaw could be exploited with
specially crafted certificates to view sensitive information.
So it affects mainly WIFI wireless connections to a router .?

The Zeit newspaper article mentiones only two lines .
But might be more .
I don't know if programs would need to be recompiled that use gnuTLS shared libraries .
Static compiles at least would need .

Graf_Koks
Posts: 34
Joined: Tue 21 Jan 2014, 19:32

Seems to be patched

#6 Post by Graf_Koks »

So what I did two weeks ago was downloading

https://launchpad.net/ubuntu/+archive/p ... 7_i386.deb

from

https://launchpad.net/ubuntu/+source/gnutls26

(click the triangle at "The Precise Pangolin" -> "2.12.14-5ubuntu3.7 updates, security (main)" and select the correct OS)

Then I extracted the deb-file and copied the libraries by hand to the corresponding locations.

The old file libgnutls.so.26.21.8 was of size 79xxxx byte (cannot remember, and are using another OS in the moment), the new file is of size 801644 byte so the two files differ at last.

Due to a reinstallation of puppy precise, I realized that reinstalling libgnutls using the package manager, i.e. simply clicking on the libgnutls item in ppm even though it is already installed, resulted in the same libgnutls.so.26.21.8 801644 byte file (I did no diff). So it seems the patched version is already in the repositories.

Regards,
GK

Post Reply