Re: How to build latest n greatest Apache,PHP, OpenSSL rpms?

From: Alexander Dalloz (
Date: 04/11/05

  • Next message: "Re: My /dev/pilot goes away every time I reboot."
    To: For users of Fedora Core releases <>
    Date: Mon, 11 Apr 2005 19:53:07 +0200

    Am Mo, den 11.04.2005 schrieb Loki Choggio um 19:11:

    > >
    > I was not looking at how to build an rpm in general
    > but the specific Apache 2.0.53, php 4.3.11 and openssl
    > 0.9.7f rpms. Having built firefox & ttfonts rpms for
    > example i know the process but need the spec files.

    You could take it from the SRPM of the current Fedora package. I don't
    see why you want to rpmbuild those packages yourself, which means often
    enough a lot of work. You are running an RPM based distribution and
    distribution here means, that the distributor will care for the
    necessary bug fixing updates. This does not necessarily mean to get the
    latest and greates version number of an application available. But see
    notes below.

    > > Security fixes are backported. Maybe you should read
    > the RPMs changelogs.
    > I have indeed read the changelogs
    > ( ) and
    > note with concern that Apache 2.0.52 from fedora does
    > not cover those issues.
    > httpd-2.0.52-3.1.i386.rpm (latest update) was released
    > 12-Nov-2004 at 15:57 and does not include the
    > Apache 2.0.53 fixes.
    > Neither would php-4.3.10-3.2.i386.rpm released on
    > 21-Dec-2004 at 13:54 contain the 31st March 2005
    > updates rated as critical.

    So you miss specific security updates for CAN reported bugs? Did you
    check bugzilla for the official notes about bugs and how they are
    supposed to be fixed?

    > Perhaps you would like to elaborate further on your
    > "backporting claim".

    Well, in general software packages are not updated to the current
    version, i.e. OpenSSH or OpenSSL version. But the fixes newer versions
    include for critical bugs are applied to the older version. This is
    called backporting. So having openssl-0.9.7a on FC3 doesn't mean OpenSSL
    on FC3 misses all the critical fixes OpenSSL 0.9.7f from upstream has.
    The "40" in the RPM name openssl-0.9.7a-40 indicates a patch level.
    Be aware that there are dependencies between applications and if you
    change for instance the OpenSSL package you may run into severe


    Alexander Dalloz | Enger, Germany | GPG 0xB366A773
    legal statement:
    Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.771_FC2smp 
    Serendipity 19:42:08 up 12 days, 17:08, load average: 0.17, 0.28, 0.30 


    fedora-list mailing list
    To unsubscribe:

  • Next message: "Re: My /dev/pilot goes away every time I reboot."

    Relevant Pages

    • Re: How to upgrade openssl to 0.96e??
      ... On Tue, 17 Sep 2002, Kevin wrote: ... >>> package ... > to upgrade openssl to 0.9.6e, but I only find openssl 0.96b rpm at ... RedHat put out an rpm which included an earlier version of OpenSSL ...
    • Re: Cannot use neither rpm nor yum. Error message
      ... I did the following before make install: ... rpm -e --nodeps openssl ... when I use rpm I get the following error message: ... The good news is that you did not just scribble over your existing files, you blew away the entire openssl package. ...
    • Re: How to upgrade openssl to 0.96e??
      ... >> My system is Redhat 7.3 and installed old version openssl with rpm, ... > package you can install as usual. ...
    • [PATCH 1/2] kbuil: add deb-pkg target
      ... # To prepare kbuild for more kernel packaging formats move all packaging ... # In top-level Makefile introduce generic support for all package ... Included the old rpm target for backward ... # and builddeb scripts. ...
    • Re: Conventions for NFS sharing of binaries
      ... Do you have distro & local packages with same name? ... mount it r/w on your "master installation machine" (with RPM management). ... If you replace a package with a different one with the same name, hmm, you ...