On Wed, 18 Sep 2002, Sven Koch wrote:
Package: xf86 Announcement-ID: SuSE-SA:2002:032 Affecte products: SuSE Linux 8.0
Would it be possible to provide rebuild packages for the older distributions under ftp.suse.com/pub/suse/i386/supplementary/X/XFree86/XFree86-4.2.0-SuSE/ too?
(Yes, I know that they are not officialy supported, and thus low prio)
Or is it possible to compile the suse8-src-rpm under suse 7.2?
imho this would be clumsy, as 8.0 has a different directory structure. What I have found easier in the past (I did not try it yet with xf86 so take this for what its worth) is 1. get the old 4.2.0 source rpm for your 7.x distro (from the supplementary ftp directory you mention) 2. patch it with the new patch (either from xfree96.org or extract it from the source rpm of the 8.0 update) 3. rebuild the rpm with rpm -ba 4. install the rpm you built. (if you want an rpm to distribute to several machines then you need to be a bit more careful, probably modify the spec file to add the patch, and test it per the rpm howto.) ... although I am tempted to skip the hassle, pre-order 8.1 to get the 4.2.0 new drivers, and continue with 4.1.0 for now. By the way, the limited impact is not explained in the xfree86 security page, but the full text of the announcement is in the mailing list archives at http://www.xfree86.org/pipermail/xpert/2002-September/020437.html I quote "The main security problem that prompted this release is a vulnerability in the Xlib modular i18n support that was added in XFree86 4.2.0." .. thanks Olaf for your diligence in monitoring this (it doesn't show up in bugtraq.) dproc