r7284 - in trunk/BOOK: . chapter01 chapter06

Fri, 20 Jan 2006 06:50:16 -0800 

Author: jhuntwork
Date: 2006-01-20 07:22:56 -0700 (Fri, 20 Jan 2006)
New Revision: 7284

Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter06/perl.xml
   trunk/BOOK/general.ent
   trunk/BOOK/patches.ent
Log:
Added a patch to fix the sprintf security vulnerability in Perl.
Thanks to Tim van der Molen for pointing it out.


Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml  2006-01-18 03:24:03 UTC (rev 7283)
+++ trunk/BOOK/chapter01/changelog.xml  2006-01-20 14:22:56 UTC (rev 7284)
@@ -35,7 +35,18 @@
       </itemizedlist>
     </listitem>
 -->
+
     <listitem>
+      <para>January 20, 2006</para>
+      <itemizedlist>
+        <listitem>
+          <para>[jhuntwork] - Added a patch to fix the sprintf security
+         vulnerability in Perl. Thanks to Tim van der Molen for pointing it 
out.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>January 17, 2006</para>
       <itemizedlist>
         <listitem>
@@ -45,7 +56,6 @@
       </itemizedlist>
     </listitem>
 
-
     <listitem>
       <para>January 10, 2006</para>
       <itemizedlist>

Modified: trunk/BOOK/chapter06/perl.xml
===================================================================
--- trunk/BOOK/chapter06/perl.xml       2006-01-18 03:24:03 UTC (rev 7283)
+++ trunk/BOOK/chapter06/perl.xml       2006-01-20 14:22:56 UTC (rev 7284)
@@ -28,6 +28,11 @@
 <sect2 role="installation">
 <title>Installation of Perl</title>
 
+<para>A security vulnerability exists in Perl's sprintf function. Apply the
+following patch to fix it.</para>
+
+<screen><userinput>patch -Np1 -i ../&perl-sprintf-patch;</userinput></screen>
+
 <para>First create a basic <filename>/etc/hosts</filename> file which will be
 referenced in one of Perl's configuration files as well as being used used by
 the testsuite if you run that.</para>

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent      2006-01-18 03:24:03 UTC (rev 7283)
+++ trunk/BOOK/general.ent      2006-01-20 14:22:56 UTC (rev 7284)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<!ENTITY version "SVN-20060117">
-<!ENTITY releasedate "January 17, 2006">
+<!ENTITY version "SVN-20060120">
+<!ENTITY releasedate "January 20, 2006">
 <!ENTITY milestone "6.2">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or 
"x.y[-pre{x}]" -->
 

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent      2006-01-18 03:24:03 UTC (rev 7283)
+++ trunk/BOOK/patches.ent      2006-01-20 14:22:56 UTC (rev 7284)
@@ -38,6 +38,7 @@
 <!-- <!ENTITY ncurses-rollup-patch 
"ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> -->
 
 <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch">
+<!ENTITY perl-sprintf-patch 
"perl-&perl-version;-sprintf_vulnerability-1.patch">
 
 <!ENTITY shadow-configure-patch 
"shadow-&shadow-version;-configure_fix-1.patch">
 

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Reply via email to