Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
xry111
/
lfs-book-zh_CN
1
0
Салаа 0
Файлууд
Эх сурвалжийг харах

Added a patch to fix the sprintf security vulnerability in Perl.
Thanks to Tim van der Molen for pointing it out.


git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@7284 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

Jeremy Huntwork 19 жил өмнө
parent
d93d1c90ae
commit
11cbbb0452
4 өөрчлөгдсөн 19 нэмэгдсэн , 3 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 11 1
      chapter01/changelog.xml
  2. 5 0
      chapter06/perl.xml
  3. 2 2
      general.ent
  4. 1 0
      patches.ent

+ 11 - 1
chapter01/changelog.xml
Файл харах 

@@ -35,6 +35,17 @@
 
       </itemizedlist>
 
       </itemizedlist>
 
     </listitem>
 
     </listitem>
 
 -->
 
 -->
 
+
 
+    <listitem>
 
+      <para>January 20, 2006</para>
 
+      <itemizedlist>
 
+        <listitem>
 
+          <para>[jhuntwork] - Added a patch to fix the sprintf security
 
+	  vulnerability in Perl. Thanks to Tim van der Molen for pointing it out.</para>
 
+        </listitem>
 
+      </itemizedlist>
 
+    </listitem>
 
+
 
     <listitem>
 
     <listitem>
 
       <para>January 17, 2006</para>
 
       <para>January 17, 2006</para>
 
       <itemizedlist>
 
       <itemizedlist>
 
@@ -45,7 +56,6 @@
 
       </itemizedlist>
 
       </itemizedlist>
 
     </listitem>
 
     </listitem>
 
 
 
-
 
     <listitem>
 
     <listitem>
 
       <para>January 10, 2006</para>
 
       <para>January 10, 2006</para>
 
       <itemizedlist>
 
       <itemizedlist>

+ 5 - 0
chapter06/perl.xml
Файл харах 

@@ -28,6 +28,11 @@ Gawk, GCC, Glibc, Grep, Make, and Sed</seg></seglistitem>
 
 <sect2 role="installation">
 
 <sect2 role="installation">
 
 <title>Installation of Perl</title>
 
 <title>Installation of Perl</title>
 
 
 
+<para>A security vulnerability exists in Perl's sprintf function. Apply the
 
+following patch to fix it.</para>
 
+
 
+<screen><userinput>patch -Np1 -i ../&perl-sprintf-patch;</userinput></screen>
 
+
 
 <para>First create a basic <filename>/etc/hosts</filename> file which will be
 
 <para>First create a basic <filename>/etc/hosts</filename> file which will be
 
 referenced in one of Perl's configuration files as well as being used used by
 
 referenced in one of Perl's configuration files as well as being used used by
 
 the testsuite if you run that.</para>
 
 the testsuite if you run that.</para>

+ 2 - 2
general.ent
Файл харах 

@@ -1,6 +1,6 @@
 
 <?xml version="1.0" encoding="ISO-8859-1"?>
 
 <?xml version="1.0" encoding="ISO-8859-1"?>
 
-<!ENTITY version "SVN-20060117">
 
-<!ENTITY releasedate "January 17, 2006">
 
+<!ENTITY version "SVN-20060120">
 
+<!ENTITY releasedate "January 20, 2006">
 
 <!ENTITY milestone "6.2">
 
 <!ENTITY milestone "6.2">
 
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->
 
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->

+ 1 - 0
patches.ent
Файл харах 

@@ -38,6 +38,7 @@
 
 <!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> -->
 
 <!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> -->
 
 
 
 <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch">
 
 <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch">
 
+<!ENTITY perl-sprintf-patch "perl-&perl-version;-sprintf_vulnerability-1.patch">
 
 
 
 <!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch">
 
 <!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch">