Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Re: SuSE Security Announcement: xf86 (SuSE-SA:2002:032)
On Wed, 18 Sep 2002, Sven Koch wrote:

> > Package: xf86
> > Announcement-ID: SuSE-SA:2002:032
> > Affecte products: SuSE Linux 8.0
>
> Would it be possible to provide rebuild packages for the older
> distributions under
> ftp.suse.com/pub/suse/i386/supplementary/X/XFree86/XFree86-4.2.0-SuSE/
> too?
>
> (Yes, I know that they are not officialy supported, and thus low prio)
>
> Or is it possible to compile the suse8-src-rpm under suse 7.2?

imho this would be clumsy, as 8.0 has a different directory structure.

What I have found easier in the past (I did not try it yet with xf86
so take this for what its worth)
is
1. get the old 4.2.0 source rpm for your 7.x distro (from the supplementary ftp
directory you mention)
2. patch it with the new patch (either from xfree96.org or extract
it from the source rpm of the 8.0 update)
3. rebuild the rpm with rpm -ba
4. install the rpm you built.

(if you want an rpm to distribute to several machines then you need to
be a bit more careful, probably modify the spec file to add the patch,
and test it per the rpm howto.)

... although I am tempted to skip the hassle, pre-order 8.1 to get
the 4.2.0 new drivers, and continue with 4.1.0 for now.

By the way, the limited impact is not explained in the xfree86
security page, but the full text of the announcement is in the mailing
list archives at

http://www.xfree86.org/pipermail/xpert/2002-September/020437.html

I quote "The main security problem that prompted this release is a
vulnerability in the Xlib modular i18n support that was added in
XFree86 4.2.0."

.. thanks Olaf for your diligence in monitoring this (it doesn't show up
in bugtraq.)

dproc


< Previous Next >
References