On Wed, Oct 05, 2016 at 07:48:35PM +0100, Ken Moffat wrote: > I've now finished my desktop rebuilds (back to 7.6). For _my_ > BLFS-7.8 and 7.9 the versions of all the affected libs had the same > major and minor, so I just dropped those in and restarted X. > > For everything else I did a more-or-less full rebuild (including > freetype, fontconfig, llvm, mesa) without fonts. Took me a while to > rework my 'upgrade' script last used for the 2013 vulnerabilities, > and at first I missed that mtdev had come in as a dep for evdev. > > The older systems were mostly running gcc-4.9, which I already know > to be problematic. I had some issues, including : > > elfutils - BPF variables not defined, probably because the system > used 3.19 kernel headers. >
Forgot to be clear - elfutils was already installed, so I didn't try to (re)build it after discovering the current version would not build on the old systems. And "I already know to be problematic" means "cannot build recent firefox" (I moved to seamonkey on those). But any hope of keeping a desktop usable for 3 years with only vulnerability fixes has long since gone (glibc vulnerabilities took out a few). For the future, I'll probably keep old systems on my i3 for as long as they are maintainable, but on the other desktops anything older than our last release will probably not be maintained unless it is the newest or next-to-newest system on that machine. In theory, it is probably possible to *mostly* rebuild those old Xorg systems with the original versions, but that is an untried path - updating the whole stack to what was in 7.10 plus the fixed versions is likely to be easier and quicker, despite the issues I encountered. Isn't it fun maintaining your own systems when there is a new vulnerability ? ĸen -- `I shall take my mountains', said Lu-Tze. `The climate will be good for them.' -- Small Gods -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
