Am Mo, den 11.04.2005 schrieb Loki Choggio um 19:11: > > http://www.gurulabs.com/goodies/guru+guides.php > I was not looking at how to build an rpm in general > but the specific Apache 2.0.53, php 4.3.11 and openssl > 0.9.7f rpms. Having built firefox & ttfonts rpms for > example i know the process but need the spec files. You could take it from the SRPM of the current Fedora package. I don't see why you want to rpmbuild those packages yourself, which means often enough a lot of work. You are running an RPM based distribution and distribution here means, that the distributor will care for the necessary bug fixing updates. This does not necessarily mean to get the latest and greates version number of an application available. But see notes below. > > Security fixes are backported. Maybe you should read > the RPMs changelogs. > > I have indeed read the changelogs > (http://www.apache.org/dist/httpd/CHANGES_2.0.53 ) and > note with concern that Apache 2.0.52 from fedora does > not cover those issues. > httpd-2.0.52-3.1.i386.rpm (latest update) was released > 12-Nov-2004 at 15:57 and does not include the > Apache 2.0.53 fixes. > > Neither would php-4.3.10-3.2.i386.rpm released on > 21-Dec-2004 at 13:54 contain the 31st March 2005 > updates rated as critical. So you miss specific security updates for CAN reported bugs? Did you check bugzilla for the official notes about bugs and how they are supposed to be fixed? > Perhaps you would like to elaborate further on your > "backporting claim". Well, in general software packages are not updated to the current version, i.e. OpenSSH or OpenSSL version. But the fixes newer versions include for critical bugs are applied to the older version. This is called backporting. So having openssl-0.9.7a on FC3 doesn't mean OpenSSL on FC3 misses all the critical fixes OpenSSL 0.9.7f from upstream has. The "40" in the RPM name openssl-0.9.7a-40 indicates a patch level. Be aware that there are dependencies between applications and if you change for instance the OpenSSL package you may run into severe problems. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.771_FC2smp Serendipity 19:42:08 up 12 days, 17:08, load average: 0.17, 0.28, 0.30
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil