Author |
Message |
Graf_Koks
Joined: 21 Jan 2014 Posts: 35
|
Posted: Thu 06 Mar 2014, 02:39 Post subject:
How to patch libgnutls26? Subject description: Ubuntu fraudulent security certificates patch |
|
Hi,
Anyone any idea how to patch libgnutls26 using the following source:
http://www.ubuntu.com/usn/usn-2127-1/
Regards,
GK
http://www.zeit.de/digital/datenschutz/2014-03/gnutls-linux-sicherheitsluecke
|
Back to top
|
|
 |
Semme

Joined: 07 Aug 2011 Posts: 7827 Location: World_Hub
|
Posted: Thu 06 Mar 2014, 21:00 Post subject:
|
|
As Mick's the dev, we'll limit any confusion to a single response.
Last edited by Semme on Thu 06 Mar 2014, 22:45; edited 1 time in total
|
Back to top
|
|
 |
01micko

Joined: 11 Oct 2008 Posts: 8670 Location: qld
|
Posted: Thu 06 Mar 2014, 22:30 Post subject:
|
|
In slacko the update manager *should* work. But the version is patched from upstream so shows as the same version but a different build number.
To get the patched version:
1. Run updates manager form setup menu
2. go tp PPM and use the configuration utility to enable the Patches repo
3. Restart PPM
4, In the search box type gnutls
5. select the version from Patches repo and install
6. Restart your computer
_________________ Puppy Linux Blog - contact me for access
|
Back to top
|
|
 |
Terryphi

Joined: 02 Jul 2008 Posts: 768 Location: West Wales, Britain.
|
Posted: Sat 08 Mar 2014, 03:15 Post subject:
|
|
Has anyone tried to patch Racy/Wary?
LATER: Racy and Wary do not include gnutls so no fix required.
_________________ Classic Opera 12.16 browser SFS package for Precise, Slacko, Racy, Wary, Lucid, etc available here 
|
Back to top
|
|
 |
Karl Godt

Joined: 20 Jun 2010 Posts: 4208 Location: Kiel,Germany
|
Posted: Sat 08 Mar 2014, 14:32 Post subject:
|
|
Quote: | If a remote attacker were able to
perform a man-in-the-middle attack,
this flaw could be exploited with
specially crafted certificates to view sensitive information. |
So it affects mainly WIFI wireless connections to a router .?
The Zeit newspaper article mentiones only two lines .
But might be more .
I don't know if programs would need to be recompiled that use gnuTLS shared libraries .
Static compiles at least would need .
|
Back to top
|
|
 |
Graf_Koks
Joined: 21 Jan 2014 Posts: 35
|
Posted: Sun 23 Mar 2014, 06:04 Post subject:
Seems to be patched |
|
So what I did two weeks ago was downloading
https://launchpad.net/ubuntu/+archive/primary/+files/libgnutls26-dbg_2.12.14-5ubuntu3.7_i386.deb
from
https://launchpad.net/ubuntu/+source/gnutls26
(click the triangle at "The Precise Pangolin" -> "2.12.14-5ubuntu3.7 updates, security (main)" and select the correct OS)
Then I extracted the deb-file and copied the libraries by hand to the corresponding locations.
The old file libgnutls.so.26.21.8 was of size 79xxxx byte (cannot remember, and are using another OS in the moment), the new file is of size 801644 byte so the two files differ at last.
Due to a reinstallation of puppy precise, I realized that reinstalling libgnutls using the package manager, i.e. simply clicking on the libgnutls item in ppm even though it is already installed, resulted in the same libgnutls.so.26.21.8 801644 byte file (I did no diff). So it seems the patched version is already in the repositories.
Regards,
GK
|
Back to top
|
|
 |
|