oss-sec mailing list archives
Re: code review CVS
From: Mark J Cox <mjc () redhat com>
Date: Thu, 21 Feb 2008 08:49:52 +0000 (GMT)
hahah... as Mark can attest, you're not the only one. I've had to email him a few times looking for some obscure src.rpm.
We give the full path in our emailed advisories (except for the cases where we are shipping something not open source like java/acroread) but the paths are not in the web based versions. So http://www.redhat.com/archives/rhsa-announce/ since Nov 2007, or for older stuff http://www.redhat.com/archives/enterprise-watch-list/
Once you get a rpm then unpacking it without installing it is easy: rpm2cpio fn.rpm | cpio --make-directories --extractAnd we nearly always ship the pristine upstream tarball along with each patch separately (exception being things like OpenSSL).
This is definately material for a 'how to find out how the vendor fixed this' page.
Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
Current thread:
- code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Kees Cook (Feb 20)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Pierre-Yves Rofes (Feb 21)
- Re: code review CVS Mark J Cox (Feb 21)
- Re: code review CVS Kees Cook (Feb 21)
- Re: code review CVS Tomas Hoger (Feb 22)
- Re: code review CVS Kees Cook (Feb 22)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 21)
- Re: extracting patches from SRPMs (Was: code review CVS) (GalaxyMaster) (Feb 21)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Vincent Danen (Feb 24)