On Mar 23, 2014, at 10:40 PM, Daniel E. Macks <dma...@netspace.org> wrote:
> Kurt Schwehr <kurtschw...@yahoo.com> said: >> >> Dave, >> >> Are you aware of this? >> http://www.gnutls.org/security.html#GNUTLS-SA-2014-2 >> http://lwn.net/Articles/589205/ >> >> I added a one line warning to the gnutls28.info file, but we >> definitely need to get a new version of gnutls into fink. From the >> summary: >> >> How to mitigate the attack? >> >> * Upgrade to the latest GnuTLS version (3.2.12 or 3.1.22), or apply >> the patch for=A0GnuTLS 2.12.x. > > We also currently have three different gnutls* library sets as of > 10.8ish: > > gnutls-2.12 (2.12.20-2) > gnutls26 (2.10.2-5) > gnutls28 (3.0.22-2) > > Should we push hard to migrate from gnutls26 to...gnutls28 if possible > but at least gnutls-2.12, and from gnutls-2.12 to gnutls28 if > possible? Really good to get security patches in wherever possible, > but also really good to minimize the number of old security-related > packages at all. > > dan > > -- > Daniel Macks > dma...@netspace.org That sounds like the right plan to me. There is a patch available, I think, for the 2.x series. My experimental does have an attempt at getting gnutls28 to the latest, but I can't keep it from finding the wrong libintl. There are also new .infos for nettle and libtasn, but those should be proofread for policy cluelessness on my part. -- Dave Reiser dbrei...@icloud.com ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
