On Mon, Feb 20, 2017 at 02:52:35PM -0800, Paul Rogers wrote: > I'm prepping to upgrade to 7.10. (Hey, that's uncommonly recent for > me!) I get the files from OSUOSL because it's "close" and fast. I'm > reconciling the packages with the 413 I already have in my 7.7, and got > tripped up because the MD5SUMS file has firefox-2.0.0.15, though the > tarball is version 48.0.2. It raises a question of the integrity of the > whole file. Can someone fix it, and point me to a good one in the > meantime? TIA
Hi Paul, since you mentioned firefox I'll just mention (to everybody else, I suspect you don't care ;) that 48.0.2 almost certainly has vulnerabilities. At the moment ff45 apparently has ESR releases - until ff-52 is out. But that still means rebuilding on every point releasse. But I'm glad you are updating. I was going to suggest that you read the errata, but in fact those for sysv probably don't specifically mention anything you build - in practice, the versions in svn for the xorg packages (not libXfont-2), openssl, openssh, gnutls, gdk-pixbuf [ that is probably a newer minor version ], ImageMagick (-6, in your case) and probably some others are vulnerability fixes. ĸen -- `I shall take my mountains', said Lu-Tze. `The climate will be good for them.' -- Small Gods -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page