--- Alexander Dalloz <ad+lists@xxxxxxxxx> wrote: > http://www.gurulabs.com/goodies/guru+guides.php I was not looking at how to build an rpm in general but the specific Apache 2.0.53, php 4.3.11 and openssl 0.9.7f rpms. Having built firefox & ttfonts rpms for example i know the process but need the spec files. > > For example while Apache 2.0.53 was released > Fedora > > didn't bother updating so the present 2.0.52 is > > theoretically exploitable. For example php 4.3.11 > came > > out on March 31st but no updates are around the > corner > > Fedorawise. We know what happened with the holes > in > > php 4.3.9 and the exploits in existence. > > Security fixes are backported. Maybe you should read the RPMs changelogs. I have indeed read the changelogs (http://www.apache.org/dist/httpd/CHANGES_2.0.53 ) and note with concern that Apache 2.0.52 from fedora does not cover those issues. httpd-2.0.52-3.1.i386.rpm (latest update) was released 12-Nov-2004 at 15:57 and does not include the Apache 2.0.53 fixes. Neither would php-4.3.10-3.2.i386.rpm released on 21-Dec-2004 at 13:54 contain the 31st March 2005 updates rated as critical. Perhaps you would like to elaborate further on your "backporting claim". Send instant messages to your online friends http://uk.messenger.yahoo.com