Why do you want to build such packages for EOLed distro?
On Fri, Feb 19, 2016, 3:36 AM Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
Hi,
I have built an updated glibc package for Fedora 21, with (alleged) fixes
for the following security issues:
* CVE-2015-7547 (CRITICAL)
* CVE-2015-1781
* CVE-2015-8777
* glibc PR17269
* glibc PR18032
backported from Fedora 22 or forward-ported from CentOS 7. (To the best of
my knowledge, the patches I backported do indeed address the above issues,
but I cannot provide any kind of guarantees for that.)
You can find it in the following repository:
https://repos.fedorapeople.org/kkofler/f21-security/
(I had to use the old repos.fedorapeople.org infrastructure because the Copr
maintainers "helpfully" deleted the Fedora 21 buildroots, making Copr
entirely useless for the purpose of building security updates for
distributions Fedora no longer provides them for. I consider this a very bad
idea and an absolutely counterproductive practice.)
As specified in the .repo file, the packages are signed with my CalcForge
GPG key, available over HTTPS (with a valid certificate from Let's Encrypt):
https://www.calcforge.org/RPM-GPG-KEY-calcforge
This repository is provided "AS IS", in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. In particular, NO warrants of any kind
are made for completeness of security fix coverage.
Currently, glibc is the ONLY package that has an update available in the
above repository.
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
--
-Igor Gnatenko
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
