How to build latest n greatest Apache,PHP, OpenSSL rpms?

Alexander Dalloz ad+lists at uni-x.org
Mon Apr 11 17:53:07 UTC 2005 

Am Mo, den 11.04.2005 schrieb Loki Choggio um 19:11:

> > http://www.gurulabs.com/goodies/guru+guides.php
> I was not looking at how to build an rpm in general
> but the specific Apache 2.0.53, php 4.3.11 and openssl
> 0.9.7f rpms. Having built firefox & ttfonts rpms for
> example i know the process but need the spec files. 

You could take it from the SRPM of the current Fedora package. I don't
see why you want to rpmbuild those packages yourself, which means often
enough a lot of work. You are running an RPM based distribution and
distribution here means, that the distributor will care for the
necessary bug fixing updates. This does not necessarily mean to get the
latest and greates version number of an application available.  But see
notes below.

> > Security fixes are backported. Maybe you should read
> the RPMs changelogs.
> 
> I have indeed read the changelogs
> (http://www.apache.org/dist/httpd/CHANGES_2.0.53 ) and
> note with concern that Apache 2.0.52 from fedora does
> not cover those issues.
> httpd-2.0.52-3.1.i386.rpm (latest update) was released
>   12-Nov-2004 at 15:57  and does not include the
> Apache 2.0.53 fixes.
> 
> Neither would php-4.3.10-3.2.i386.rpm released on
> 21-Dec-2004 at 13:54  contain the 31st March 2005
> updates rated as critical. 

So you miss specific security updates for CAN reported bugs? Did you
check bugzilla for the official notes about bugs and how they are
supposed to be fixed?

> Perhaps you would like to elaborate further on your
> "backporting claim". 

Well, in general software packages are not updated to the current
version, i.e. OpenSSH or OpenSSL version. But the fixes newer versions
include for critical bugs are applied to the older version. This is
called backporting. So having openssl-0.9.7a on FC3 doesn't mean OpenSSL
on FC3 misses all the critical fixes OpenSSL 0.9.7f from upstream has.
The "40" in the RPM name openssl-0.9.7a-40 indicates a patch level.
Be aware that there are dependencies between applications and if you
change for instance the OpenSSL package you may run into severe
problems.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.771_FC2smp 
Serendipity 19:42:08 up 12 days, 17:08, load average: 0.17, 0.28, 0.30 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050411/66b31df8/attachment-0001.sig>

More information about the fedora-list mailing list