From owner-freebsd-ports@FreeBSD.ORG Mon Feb 14 16:46:38 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D0101065670 for ; Mon, 14 Feb 2011 16:46:38 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (uffner.com [66.208.243.25]) by mx1.freebsd.org (Postfix) with ESMTP id 003BA8FC12 for ; Mon, 14 Feb 2011 16:46:37 +0000 (UTC) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id p1EGjk09022793 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=FAIL); Mon, 14 Feb 2011 11:45:58 -0500 (EST) (envelope-from tom@uffner.com) Message-ID: <4D595C3A.3060808@uffner.com> Date: Mon, 14 Feb 2011 11:45:46 -0500 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.15) Gecko/20101106 Lightning/1.0b1 SeaMonkey/2.0.10 MIME-Version: 1.0 To: freebsd-ports@freebsd.org References: <4D5852F7.2010106@uffner.com> <4D5880EF.4020002@gmx.de> <4D58F749.1000106@janh.de> In-Reply-To: <4D58F749.1000106@janh.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Jan Henrik Sylvester Subject: Re: fixing the vulnerability in linux-f10-pango-1.22.3_1 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2011 16:46:38 -0000 Jan Henrik Sylvester wrote: > The easiest way would probably be: > > - Take the src-rpm of the pango version in RHEL 5. > - Extract the patch from it: pango-glyphstring.patch-1.14.9-5.el5_3 > - Extract the src-rpm of pango-1.22.3 from Fedora 10. > - Apply the RHEL 5 patch with --ignore-whitespace. > - Diff for creating a patch that applies without --ignore-whitespace. > - Bump version number and repackge a src-rpm for Fedora 10 with the new > patch. > - Build it on a clean Fedora 10 system. > > There is one more problem to solve: > http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html > > That mail go unanswered (at least as far as the mailing list archive > goes). Probably, the procedure above would have to be put into a shell > script for a willing commiter to repeat. Every time this vulnerability > comes up at ports@ or emulation@, some commitor ask for a (trusted) rpm > to fix it. Thus, there might be one. Peter Littmann's RPMs probably won't work for me since i'm looking for 9-current amd64. would a src-rpm verifiably generated from the Fedora 10 src-rpm (or the pango project tarball) and the RHEL 5 patch solve this? I may not have a "Reputation", but I've been around since 4.1BSD and a search of the tree and the PRs will turn up a few bugfixes that I've submitted. tom