From owner-freebsd-ports@FreeBSD.ORG Fri Feb 18 11:43:05 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B63A1065670 for ; Fri, 18 Feb 2011 11:43:05 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 3BF498FC12 for ; Fri, 18 Feb 2011 11:43:05 +0000 (UTC) Received: from outgoing.leidinger.net (p5B32E28D.dip.t-dialin.net [91.50.226.141]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 3C826844168; Fri, 18 Feb 2011 12:18:05 +0100 (CET) Received: from webmail.leidinger.net (unknown [IPv6:fd73:10c7:2053:1::2:102]) by outgoing.leidinger.net (Postfix) with ESMTP id 9D75126BB; Fri, 18 Feb 2011 12:18:01 +0100 (CET) Received: (from www@localhost) by webmail.leidinger.net (8.14.4/8.13.8/Submit) id p1IBHF4C049828; Fri, 18 Feb 2011 12:17:15 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Fri, 18 Feb 2011 12:17:15 +0100 Message-ID: <20110218121715.11893hzn937sgksg@webmail.leidinger.net> Date: Fri, 18 Feb 2011 12:17:15 +0100 From: Alexander Leidinger To: Jan Henrik Sylvester References: <4D5852F7.2010106@uffner.com> <4D5880EF.4020002@gmx.de> <4D58F749.1000106@janh.de> In-Reply-To: <4D58F749.1000106@janh.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 3C826844168.A6471 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=1.274, required 6, autolearn=disabled, RDNS_NONE 1.27) X-EBL-MailScanner-SpamScore: s X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1298632685.61973@JayFXFdcOg0zn+0fbRFDiw X-EBL-Spam-Status: No Cc: ports-list freebsd , Matthias Andree , Tony Sim , Tom Uffner Subject: Re: fixing the vulnerability in linux-f10-pango-1.22.3_1 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2011 11:43:05 -0000 Quoting Jan Henrik Sylvester (from Mon, 14 Feb 2011 10:35:05 +0100): > There is one more problem to solve: > http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html > > That mail go unanswered (at least as far as the mailing list archive > goes). Probably, the procedure above would have to be put into a > shell script for a willing commiter to repeat. Every time this > vulnerability comes up at ports@ or emulation@, some commitor ask > for a (trusted) rpm to fix it. Thus, there might be one. There was another person doing something similar too. I got a little step-by-step guide how he did it. Currently (after two months without time to have a look at it) I am downloading an F10 install image which I want to feed to virtualbox to compile a fixed pango version. If nothing urgent interferes, you can expect a commit in the not so distant future (maybe not today, maybe not tomorrow, but maybe next week). > For me, the real question is: Considering the age of Fedora 10 and > the time it has not been supported anymore, it is likely that there > are more vulnerabilities in our Linux-f10 framework that are not > documented in our vulnerability database. Does fixing the pango > vulnerability really make the Linux emulation save? (Is it worse the > it?) Good question. Feel free to have a look at the RPMs from linux_base-f10 and find out if there are unfixed vulnerabilities. Bye, Alexander. -- Make it right before you make it faster. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137