On Fri, Nov 19, 2004 at 10:11:33AM -0500, jayjwa wrote: >When can we expect the next upgrade to XFree86? Currently, 4.4.0 seems to >be the last binary package put out. However, there have been some recent >security issues, namely with libXpm.so and a few others. Normally, in >this situation I'd compile my own, using the latest available sources >(even if they were devel/unstable, as its better than chancing a security >breach). Only problem is, I don't have the room on my one and only hard >disk to do a full build from source of XFree86; that's megabytes beyond >what I have available. > >The system is a linux x86 glibc (current) based system, and not a stock >distribution any more. It was began as a Slackware install, but I made the >decision to stand with XFree86 when they moved to X.org's build. There's >also a some other major differences, but everything's current and >up-to-date. > >I'd like to continue to use XFree86, but not having a current, >non-vulnerable binary release is tough. Or have the binary builds for >4.4.0 been fixed as per the recent issues with libXpm? I looked thru the >website for Xfree86, and in the security section, but this seems to >indicate that it's compile-your-own from a snapshot or keep the old, >vulnerable version... The libXpm security issues, as well as some others, are indeed handled in the current CVS, and the best thing to do is to build your own binaries from that. Unfortunately we don't have the resources available to update the 20+ binary distributions between releases. David _______________________________________________ XFree86 mailing list XFree86@xxxxxxxxxxx http://XFree86.Org/mailman/listinfo/xfree86
