On Sat, Sep 12, 2009 at 10:24:21PM -0600, Chad Perrin wrote:
> On Sat, Sep 12, 2009 at 02:19:22PM +0400, Boris Samorodov wrote:
> > On Fri, 11 Sep 2009 23:01:23 -0600 Chad Perrin wrote:
> > 
> > > How long has this been broken for 7.2?  Considering all the stuff that
> > > depends on linux-pango, I'm surprised it hasn't been fixed.
> > 
> > It will be broken until someone provide an URL to non-vulnerable
> > RPM package.
> 
> Daniel Bye's comments seem to indicate that FreeBSD 8.x doesn't have this
> problem.  Did I misunderstand?

FreeBSD 8 uses linux-f10 as its default linuxulator, and in that, pango
has been updated to 1.22.3, which doesn't seem to suffer from the same
vulnerabilities. Or at least, they haven't yet been exposed! ;-)

You may be able to use f10 on 7.2 - set compat.linux.osrelease=2.6.16 in
/etc/sysctl.conf, and 

OVERRIDE_LINUX_BASE_PORT=f10
OVERRIDE_LINUX_NONBASE_PORTS=f10

in /etc/make.conf, then reinstall all your linux stuff. I did this before
moving on to 8BETA1 and it worked OK. I think I ended up deleting all the
old stuff, before installing afresh. As all the packages are already 
compiled, it shouldn't take long.

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

Attachment: pgpBBmbqIrFzL.pgp
Description: PGP signature

Reply via email to