[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to build latest n greatest Apache,PHP, OpenSSL rpms?



On Mon, 2005-04-11 at 18:11 +0100, Loki Choggio wrote:
> --- Alexander Dalloz <ad+lists uni-x org> wrote: 
> 
> > http://www.gurulabs.com/goodies/guru+guides.php 
> I was not looking at how to build an rpm in general
> but the specific Apache 2.0.53, php 4.3.11 and openssl
> 0.9.7f rpms. Having built firefox & ttfonts rpms for
> example i know the process but need the spec files. 
> 
> > > For example while Apache 2.0.53 was released
> > Fedora
> > > didn't bother updating so the present 2.0.52 is
> > > theoretically exploitable. For example php 4.3.11
> > came
> > > out on March 31st but no updates are around the
> > corner
> > > Fedorawise. We know what happened with the holes
> > in
> > > php 4.3.9 and the exploits in existence.
> > 
> > Security fixes are backported. Maybe you should read
> the RPMs changelogs.
> 
> I have indeed read the changelogs
> (http://www.apache.org/dist/httpd/CHANGES_2.0.53 ) and
> note with concern that Apache 2.0.52 from fedora does
> not cover those issues.
> httpd-2.0.52-3.1.i386.rpm (latest update) was released
>   12-Nov-2004 at 15:57  and does not include the
> Apache 2.0.53 fixes.
----
seemed to me that they do - which one specifically (ICANN #) are you
concerned with?
----
> 
> Neither would php-4.3.10-3.2.i386.rpm released on
> 21-Dec-2004 at 13:54  contain the 31st March 2005
> updates rated as critical. 
----
I am looking at...
http://www.php.net/ChangeLog-4.php

Which is the 'critical update' that you feel you are missing?
----
> Perhaps you would like to elaborate further on your
> "backporting claim". 
----
There is a Red Hat policy of back porting which I presume Fedora is
following but I don't know of the URL of any official policy for Fedora.

Craig


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]