I'm using Informix IDS 7.30UC7 and 4GL. The 4GL packages require compat-{binutils,egcs,glibc,libs}-5.2. I had to get these packages from my RedHat 6.2 disk but rpm seems to want to nuke compat-*-6.2 in order to load them. To me, it looks like the two compat package contents won't actually step on each other, it's just that they are unfortunately named (so that there can only be ONE compat series installed at a time). Or is there a work around?
Just to clarify: compat-egcs-6.2 is *not* an update to compat-egcs-5.2. They are separate and distinct compatibility packages: thus "rpm -i" and "rpm -U" do the "wrong thing". The packages should properly be called compat-egcs52 and compat-egcs62 so that they can co-exist and rpm will do the "right thing" with them and their ilk. Also, it would be wise to apply the recent security fixes to compat-glibc-5.2.
You can rpm2cpio compat-*-5.2 | cpio -id into the system. We'll consider putting the version into the compat names for future distributions. As for security fixes to compat-glibc-5.2, all of the security issues were related to setuid/setgid programs. But running dynamicaly linked setuid/setgid program using /usr/*-glibc20-linux/lib/ld-linux.so.2 does not honour those setuid/setgid bits (because you get rights of ld-linux.so.2, not the actual program you're running) and thus in order to exploit the bug you'd either have to explicitely put the /usr/*-glibc20-linux/lib/ld-linux.so.2 interpreter into the binary (but why would anyone do that) or link statically (again, I see no reason compiling setuid/setgid statically linked programs against compatibility libraries).
I was referring to the glibc locale and internationalization security checks errata. In the words of the errata, "It is highly probable that some of these bugs can be used for local root exploits." If you do change your mind and issue an errata for the compat-*-5.2 packages (hopefully changing the names to compat-*52), then please consider adding the fix for bug #19289.
All the bugs fixed by that security errata were only relevant to setuid/setgid programs, see above why I don't think this matters in the compat library.