Date: Mon, 14 Feb 2011 11:45:46 -0500 From: Tom Uffner <tom@uffner.com> To: freebsd-ports@freebsd.org Cc: Jan Henrik Sylvester <me@janh.de> Subject: Re: fixing the vulnerability in linux-f10-pango-1.22.3_1 Message-ID: <4D595C3A.3060808@uffner.com> In-Reply-To: <4D58F749.1000106@janh.de> References: <4D5852F7.2010106@uffner.com> <4D5880EF.4020002@gmx.de> <4D58F749.1000106@janh.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Henrik Sylvester wrote: > The easiest way would probably be: > > - Take the src-rpm of the pango version in RHEL 5. > - Extract the patch from it: pango-glyphstring.patch-1.14.9-5.el5_3 > - Extract the src-rpm of pango-1.22.3 from Fedora 10. > - Apply the RHEL 5 patch with --ignore-whitespace. > - Diff for creating a patch that applies without --ignore-whitespace. > - Bump version number and repackge a src-rpm for Fedora 10 with the new > patch. > - Build it on a clean Fedora 10 system. > > There is one more problem to solve: > http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html > > That mail go unanswered (at least as far as the mailing list archive > goes). Probably, the procedure above would have to be put into a shell > script for a willing commiter to repeat. Every time this vulnerability > comes up at ports@ or emulation@, some commitor ask for a (trusted) rpm > to fix it. Thus, there might be one. Peter Littmann's RPMs probably won't work for me since i'm looking for 9-current amd64. would a src-rpm verifiably generated from the Fedora 10 src-rpm (or the pango project tarball) and the RHEL 5 patch solve this? I may not have a "Reputation", but I've been around since 4.1BSD and a search of the tree and the PRs will turn up a few bugfixes that I've submitted. tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D595C3A.3060808>