oss-sec mailing list archives
Re: code review CVS
From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 21 Feb 2008 11:43:17 -0700
* [2008-02-21 08:49:52 +0000] Mark J Cox wrote:
hahah... as Mark can attest, you're not the only one. I've had to email him a few times looking for some obscure src.rpm.We give the full path in our emailed advisories (except for the cases where we are shipping something not open source like java/acroread) but the paths are not in the web based versions. So http://www.redhat.com/archives/rhsa-announce/ since Nov 2007, or for older stuff http://www.redhat.com/archives/enterprise-watch-list/Once you get a rpm then unpacking it without installing it is easy: rpm2cpio fn.rpm | cpio --make-directories --extractAnd we nearly always ship the pristine upstream tarball along with each patch separately (exception being things like OpenSSL).This is definately material for a 'how to find out how the vendor fixed this' page.
Looks like Kees beat me to it: http://oss-security.openwall.org/wiki/distro-patches I've added Red Hat to this list based on the above info. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- Re: code review CVS, (continued)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Kees Cook (Feb 20)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Pierre-Yves Rofes (Feb 21)
- Re: code review CVS Mark J Cox (Feb 21)
- Re: code review CVS Kees Cook (Feb 21)
- Re: code review CVS Tomas Hoger (Feb 22)
- Re: code review CVS Kees Cook (Feb 22)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 21)
- Re: extracting patches from SRPMs (Was: code review CVS) (GalaxyMaster) (Feb 21)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Vincent Danen (Feb 24)