Author: renodr Date: Thu Jul 4 19:48:25 2019 New Revision: 21800 Log: Add a security patch for mozjs.
Modified: trunk/BOOK/general/genlib/js60.xml trunk/BOOK/introduction/welcome/changelog.xml Modified: trunk/BOOK/general/genlib/js60.xml ============================================================================== --- trunk/BOOK/general/genlib/js60.xml Thu Jul 4 17:04:56 2019 (r21799) +++ trunk/BOOK/general/genlib/js60.xml Thu Jul 4 19:48:25 2019 (r21800) @@ -70,6 +70,16 @@ </listitem> </itemizedlist> + <bridgehead renderas="sect3">Additional Downloads</bridgehead> + <itemizedlist spacing="compact"> + <listitem> + <para> + Required patch: + <ulink url="&patch-root;/js60-&JS60-version;-security_fix-1.patch"/> + </para> + </listitem> + </itemizedlist> + <bridgehead renderas="sect3">JS60 Dependencies</bridgehead> <bridgehead renderas="sect4">Required</bridgehead> @@ -96,6 +106,20 @@ <sect2 role="installation"> <title>Installation of JS</title> + <caution> + <para>If you are reinstalling JS60 with the security patch listed in this + page, save all work and exit your GNOME Session if you have one running. + Replacing the JS60 binary will cause the GNOME Shell to crash and return + you to your display manager or TTY. After installing the patch, + reinstall <xref linkend="gjs"/>. Polkit is unaffected.</para> + </caution> + + <para> + First, apply a security patch: + </para> + +<screen><userinput remap="pre">patch -Np1 -i ../js60-&JS60-version;-security_fix-1.patch</userinput></screen> + <para> Install <application>JS</application> by running the following commands: Modified: trunk/BOOK/introduction/welcome/changelog.xml ============================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml Thu Jul 4 17:04:56 2019 (r21799) +++ trunk/BOOK/introduction/welcome/changelog.xml Thu Jul 4 19:48:25 2019 (r21800) @@ -43,9 +43,16 @@ --> <listitem> - <para>July 3rd, 2019</para> + <para>July 4th, 2019</para> <itemizedlist> <listitem> + <para>[renodr] - Add a security patch to fix CVE-2019-11707 in JS60. + When applying this patch and rebuilding JS60, please exit any GNOME + session that you might have open, or it will crash (SIGSEGV) when the + js60 interpreter is replaced. Fixes + <ulink url="&blfs-ticket-root;12198">#12198</ulink>.</para> + </listitem> + <listitem> <para>[bdubbs] - Update to mariadb-10.3.16. Fixes <ulink url="&blfs-ticket-root;12166">#12166</ulink>.</para> </listitem> -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page