r6281 - in trunk/BOOK: . introduction/welcome x/installing

Wed, 09 Aug 2006 07:20:50 -0700 

Author: dnicholson
Date: 2006-08-09 08:20:38 -0600 (Wed, 09 Aug 2006)
New Revision: 6281

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/x/installing/x7app.xml
   trunk/BOOK/x/installing/x7lib.xml
   trunk/BOOK/x/installing/x7server.xml
Log:
Patches security vulnerabilities in Xorg-7.1. Closes ticket #2100.


Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent      2006-08-07 21:02:28 UTC (rev 6280)
+++ trunk/BOOK/general.ent      2006-08-09 14:20:38 UTC (rev 6281)
@@ -1,4 +1,4 @@
-<!ENTITY day          "07">                   <!-- Always 2 digits -->
+<!ENTITY day          "09">                   <!-- Always 2 digits -->
 <!ENTITY month        "08">                   <!-- Always 2 digits -->
 <!ENTITY year         "2006">
 <!ENTITY version      "svn-&year;&month;&day;">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml       2006-08-07 21:02:28 UTC 
(rev 6280)
+++ trunk/BOOK/introduction/welcome/changelog.xml       2006-08-09 14:20:38 UTC 
(rev 6281)
@@ -42,6 +42,16 @@
 -->
 
     <listitem>
+      <para>August 9th, 2006</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dnicholson] - Added patches to fix security
+          vulnerabilities in Xorg-7.1. Closes ticket #2100.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>August 7th, 2006</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/x/installing/x7app.xml
===================================================================
--- trunk/BOOK/x/installing/x7app.xml   2006-08-07 21:02:28 UTC (rev 6280)
+++ trunk/BOOK/x/installing/x7app.xml   2006-08-09 14:20:38 UTC (rev 6281)
@@ -53,6 +53,28 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following four patches are security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xdm-1.0.4-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xf86dga-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xinit-1.0.2-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xload-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Applications Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -81,6 +103,29 @@
   <sect2 role="installation">
     <title>Installation of Xorg Applications</title>
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the xdm, xf86dga, xinit
+    and xload packages. Before building these packages with the commands
+    shown below, be sure to apply the supplied patches. For xdm, this can be
+    accomplished with with the following command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xdm-1.0.4-setuid-1.patch</userinput></screen>
+
+    <para>For xf86dga, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xf86dga-1.0.1-setuid-1.patch</userinput></screen>
+
+    <para>For xinit, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xinit-1.0.2-setuid-1.patch</userinput></screen>
+
+    <para>For xload, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xload-1.0.1-setuid-1.patch</userinput></screen>
+
     <para>Install the applications by running the following commands for each
     chosen package:</para>
 

Modified: trunk/BOOK/x/installing/x7lib.xml
===================================================================
--- trunk/BOOK/x/installing/x7lib.xml   2006-08-07 21:02:28 UTC (rev 6280)
+++ trunk/BOOK/x/installing/x7lib.xml   2006-08-09 14:20:38 UTC (rev 6281)
@@ -52,6 +52,20 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following two patches are security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/libX11-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xtrans-1.0.0-setuid-1.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Libraries Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -82,6 +96,19 @@
   <sect2 role="installation">
     <title>Installation of Xorg Libraries</title>
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the libX11 and xtrans
+    packages. Before building these packages with the commands shown below,
+    be sure to apply the supplied patches. For libX11, this can be
+    accomplished with with the following command:</para>
+
+<screen><userinput>patch -Np1 -i 
../libX11-1.0.1-setuid-1.patch</userinput></screen>
+
+    <para>For xtrans, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xtrans-1.0.0-setuid-1.patch</userinput></screen>
+
     <para>Install the libraries by running the following commands for each
     of the chosen packages:</para>
 

Modified: trunk/BOOK/x/installing/x7server.xml
===================================================================
--- trunk/BOOK/x/installing/x7server.xml        2006-08-07 21:02:28 UTC (rev 
6280)
+++ trunk/BOOK/x/installing/x7server.xml        2006-08-09 14:20:38 UTC (rev 
6281)
@@ -52,6 +52,16 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following patch is security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xorg-server-1.1.0-setuid-2.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Server Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -90,6 +100,13 @@
         hw/xfree86/os-support/linux/lnx_agp.c</userinput></screen>
  End remove -->
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the xorg-server
+    packages. Apply a patch to fix this vulnerability with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i 
../xorg-server-1.1.0-setuid-2.patch</userinput></screen>
+
     <para>Install the server by running the following commands:</para>
 
 <screen><userinput>sed -i \

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to