Home Explore Help
Sign In
lfs
/
lfs-book
2
0
Fork 0
Files Issues Pull Requests 0 Wiki
Browse Source

Added a patch to fix the sprintf security vulnerability in Perl.
Thanks to Tim van der Molen for pointing it out.


git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@7284 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

Jeremy Huntwork 19 years ago
parent
d93d1c90ae
commit
11cbbb0452
4 changed files with 19 additions and 3 deletions
Split View Show Diff Stats
  1. 11 1
      chapter01/changelog.xml
  2. 5 0
      chapter06/perl.xml
  3. 2 2
      general.ent
  4. 1 0
      patches.ent

+ 11 - 1
chapter01/changelog.xml
View File 

@@ -35,6 +35,17 @@
 
       </itemizedlist>
 
     </listitem>
 
 -->
 
+
 
+    <listitem>
 
+      <para>January 20, 2006</para>
 
+      <itemizedlist>
 
+        <listitem>
 
+          <para>[jhuntwork] - Added a patch to fix the sprintf security
 
+	  vulnerability in Perl. Thanks to Tim van der Molen for pointing it out.</para>
 
+        </listitem>
 
+      </itemizedlist>
 
+    </listitem>
 
+
 
     <listitem>
 
       <para>January 17, 2006</para>
 
       <itemizedlist>
 
@@ -45,7 +56,6 @@
 
       </itemizedlist>
 
     </listitem>
 
 
-
 
     <listitem>
 
       <para>January 10, 2006</para>
 
       <itemizedlist>

+ 5 - 0
chapter06/perl.xml
View File 

@@ -28,6 +28,11 @@ Gawk, GCC, Glibc, Grep, Make, and Sed</seg></seglistitem>
 
 <sect2 role="installation">
 
 <title>Installation of Perl</title>
 
 
+<para>A security vulnerability exists in Perl's sprintf function. Apply the
 
+following patch to fix it.</para>
 
+
 
+<screen><userinput>patch -Np1 -i ../&perl-sprintf-patch;</userinput></screen>
 
+
 
 <para>First create a basic <filename>/etc/hosts</filename> file which will be
 
 referenced in one of Perl's configuration files as well as being used used by
 
 the testsuite if you run that.</para>

+ 2 - 2
general.ent
View File 

@@ -1,6 +1,6 @@
 
 <?xml version="1.0" encoding="ISO-8859-1"?>
 
-<!ENTITY version "SVN-20060117">
 
-<!ENTITY releasedate "January 17, 2006">
 
+<!ENTITY version "SVN-20060120">
 
+<!ENTITY releasedate "January 20, 2006">
 
 <!ENTITY milestone "6.2">
 
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->

+ 1 - 0
patches.ent
View File 

@@ -38,6 +38,7 @@
 
 <!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> -->
 
 
 <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch">
 
+<!ENTITY perl-sprintf-patch "perl-&perl-version;-sprintf_vulnerability-1.patch">
 
 
 <!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch">