Added perl patch to fix CVE-2014-4330.

Update to grub-2.02~beta2.  It's been in beta for over 9 months 
and a 'stable' does not seem to be forthcoming.  

Document glibc tests known to sometimes fail.



git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@10769 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

chapter01/changelog.xml

@@ -35,11 +35,31 @@
       </itemizedlist>
     </listitem>
 -->
+    <listitem>
+      <para>2014-10-02</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Added perl patch to fix CVE-2014-4330.
+          to prevent infinite recursion in Data::Dumper.  Fixes
+          <ulink url="&lfs-ticket-root;3681">#3681</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Update to grub-2.02~beta2.  It's been
+          in beta for over 9 months and a 'stable' does not seem
+          to be forthcoming.  Fixes 
+          <ulink url="&lfs-ticket-root;3450">#3450</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Update glibc tests known to sometimes fail.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2014-09-29</para>
       <itemizedlist>
         <listitem>
-          <para>[bdubbs] - Updated bash upstream patches and added fixes for
+          <para>[bdubbs] - Update bash upstream patches and added fixes for
           CVE-2014-6271, CVE-2014-7169, and CVE-2014-7187 (through upstream
           patch bash43-027).</para>
         </listitem>

chapter01/whatsnew.xml

@@ -106,9 +106,9 @@
     <!--<listitem>
       <para>Groff &groff-version;</para>
     </listitem>-->
-    <!--<listitem>
+    <listitem>
       <para>GRUB &grub-version;</para>
-    </listitem>-->
+    </listitem>
     <!--<listitem>
       <para>Gzip &gzip-version;</para>
     </listitem>-->
@@ -241,58 +241,13 @@
     <title>Added:</title>
     <listitem><para></para></listitem>  <!-- satisfy build -->
 
-<!--
-    <listitem>
-      <para>acl-&acl-version;</para>
-    </listitem>
-    <listitem>
-      <para>attr-&attr-version;</para>
-    </listitem>
--->
     <listitem>
       <para>&bash-fixes-patch;</para>
     </listitem>
-<!--
-    <listitem>
-      <para>&bc-memory-leak-patch;</para>
-    </listitem>
-    <listitem>
-      <para>&binutils-lto-patch;</para>
-    </listitem>
-    <listitem>
-      <para>&binutils-lto-testsuite-patch;</para>
-    </listitem>
-    <listitem>
-      <para>eudev-&eudev-version;</para>
-    </listitem>
-    <listitem>
-      <para>expat-&expat-version;</para>
-    </listitem>
-    <listitem>
-      <para>&gcc-upstream-patch;</para>
-    </listitem>
-    <listitem>
-      <para>&glibc-fhs-patch;</para>
-    </listitem>
-    <listitem>
-      <para>gperf-&gperf-version;</para>
-    </listitem>
-    <listitem>
-      <para>intltool-&intltool-version;</para>
-    </listitem>
-    <listitem>
-      <para>libcap-&libcap-version;</para>
-    </listitem>
-    <listitem>
-      <para>&mpfr-fixes-patch;</para>
-    </listitem>
-    <listitem>
-      <para>&readline-fixes-patch;</para>
-    </listitem>
+
     <listitem>
-      <para>XML::Parser-&xml-parser-version;</para>
+      <para>&perl-fix-patch;</para>
     </listitem>
--->
   </itemizedlist>
 
   <itemizedlist>
@@ -302,31 +257,7 @@
     <listitem>
       <para>bash-4.3-upstream_fixes-3.patch</para>
     </listitem>
-<!--
-    <listitem>
-      <para>glibc-2.19-fhs-1.patch</para>
-    </listitem>
-
-    <listitem>
-      <para>mpfr-3.1.2-upstream_fixes-1.patch</para>
-    </listitem>
-
-    <listitem>
-      <para>perl-5.18.2-libc-1.patch</para>
-    </listitem>
-
-    <listitem>
-      <para>readline-6.2-fixes-2.patch</para>
-    </listitem>
-
-    <listitem>
-      <para>tar-1.27.1-manpage-1.patch</para>
-    </listitem>
 
-    <listitem>
-      <para>udev 208</para>
-    </listitem>
--->
   </itemizedlist>
 
 </sect1>

chapter03/patches.xml

@@ -116,6 +116,14 @@
       </listitem>
     </varlistentry>
 
+    <varlistentry>
+      <term>Perl Data::Dumper Patch - <token>&perl-fix-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&perl-fix-patch;"/></para>
+        <para>MD5 sum: <literal>&perl-fix-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
     <varlistentry>
       <term>Readline Upstream Fixes Patch - <token>&readline-fixes-patch-size;</token>:</term>
       <listitem>

chapter06/glibc.xml

@@ -115,15 +115,11 @@ cd ../glibc-build</userinput></screen>
     issues seen for this version of LFS:</para>
 
     <itemizedlist>
-<!--
+
       <listitem>
-        <para>The <emphasis>nptl/tst-clock2</emphasis>,
-        <emphasis>nptl/tst-attr3</emphasis>,
-        <emphasis>tst/tst-cputimer1</emphasis>, and
-        <emphasis>rt/tst-cpuclock2</emphasis>
-        tests have been known to fail.  The
-        reason is not completely understood, but indications are that minor
-        timing issues can trigger these failures.</para>
+        <para>The <emphasis>tst/tst-cputimer1</emphasis> test has been known to
+        fail.  The reason is not completely understood, but indications are
+        that minor timing issues can trigger this failure.</para>
       </listitem>
 
       <listitem>
@@ -131,7 +127,7 @@ cd ../glibc-build</userinput></screen>
         systems where the CPU is not a relatively new genuine Intel or
         authentic AMD processor.</para>
       </listitem>
-
+<!--
       <listitem>
         <para>When running on older and slower hardware or on systems under
         load, some tests can fail because of test timeouts being exceeded.
@@ -149,13 +145,12 @@ cd ../glibc-build</userinput></screen>
         <para>libio/tst-ftell-partial-wide.out fails because it needs a locale
         that has not yet been generated.</para>
       </listitem>
-
+-->
       <listitem>
-        <para>Other tests known to fail on some architectures are posix/bug-regex32,
-        misc/tst-writev, elf/check-textrel, nptl/tst-getpid2, nptl/tst-robust8,
-        and stdio-common/bug22.</para>
+        <para>Other tests known to fail on some architectures are
+        malloc/tst-malloc-usable and  nptl/tst-cleanupx4. </para>
       </listitem>
--->
+
     </itemizedlist>
 
     <para>Though it is a harmless message, the install stage of Glibc will

chapter06/grub.xml

@@ -40,10 +40,6 @@
   <sect2 role="installation">
     <title>Installation of GRUB</title>
 
-    <para>Fix an incompatibility between this package and Glibc-&glibc-version;:</para>
-
-<screen><userinput remap="pre">sed -i -e '/gets is a/d' grub-core/gnulib/stdio.in.h</userinput></screen>
-
     <para>Prepare GRUB for compilation:</para>
 
 <screen><userinput remap="configure">./configure --prefix=/usr          \

chapter06/perl.xml

@@ -56,6 +56,10 @@
 <screen><userinput remap="pre">export BUILD_ZLIB=False
 export BUILD_BZIP2=0</userinput></screen>
 
+    <para>Fix a potential security problem:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&perl-fix-patch;</userinput></screen>
+
     <para>To have full control over the way Perl is set up, you can remove the
     <quote>-des</quote> options from the following command and hand-pick the way
     this package is built. Alternatively, use the command exactly as below to

packages.ent

@@ -278,10 +278,10 @@
 <!ENTITY groff-ch6-du "83 MB">
 <!ENTITY groff-ch6-sbu "0.6 SBU">
 
-<!ENTITY grub-version "2.00">
-<!ENTITY grub-size "5,016 KB">
-<!ENTITY grub-url "&gnu;grub/grub-&grub-version;.tar.xz">
-<!ENTITY grub-md5 "a1043102fbc7bcedbf53e7ee3d17ab91">
+<!ENTITY grub-version "2.02~beta2">
+<!ENTITY grub-size "5,663 KB">
+<!ENTITY grub-url "http://alpha.gnu.org/gnu/grub/grub-&grub-version;.tar.xz">
+<!ENTITY grub-md5 "be62932eade308a364ea4bbc91295930">
 <!ENTITY grub-home "&gnu-software;grub/">
 <!ENTITY grub-ch6-du "110 MB">
 <!ENTITY grub-ch6-sbu "0.8 SBU">

patches.ent

@@ -53,6 +53,10 @@
 <!ENTITY mpfr-fixes-patch-md5 "2b2aa4371a4e848411639356fd82becf">
 <!ENTITY mpfr-fixes-patch-size "40 KB">
 
+<!ENTITY perl-fix-patch "perl-&perl-version;-infinite_recurse_fix-1.patch">
+<!ENTITY perl-fix-patch-md5 "579dfed34e97e0a2fe21b74aa53946ac">
+<!ENTITY perl-fix-patch-size "11 KB">
+
 <!ENTITY readline-fixes-patch "readline-6.3-upstream_fixes-2.patch">
 <!ENTITY readline-fixes-patch-md5 "97f74f1c3c83008f268b32d36e9fd376">
 <!ENTITY readline-fixes-patch-size "4 KB">