r6700 - in trunk/BOOK: . chapter01 chapter03 chapter06

ken at linuxfromscratch.org ken at linuxfromscratch.org
Thu Aug 18 08:35:10 PDT 2005


Author: ken
Date: 2005-08-18 09:35:07 -0600 (Thu, 18 Aug 2005)
New Revision: 6700

Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter03/patches.xml
   trunk/BOOK/chapter06/bzip2.xml
   trunk/BOOK/general.ent
   trunk/BOOK/patches.ent
Log:
Added bzgrep security patch

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2005-08-17 19:40:45 UTC (rev 6699)
+++ trunk/BOOK/chapter01/changelog.xml	2005-08-18 15:35:07 UTC (rev 6700)
@@ -87,6 +87,7 @@
 
 <listitem><para>Added:</para>
 <itemizedlist>
+<listitem><para>&bzip2-bzgrep-patch;</para></listitem>
 <listitem><para>&bzip2-docs-patch;</para></listitem>
 <listitem><para>&gcc-linkonce-patch;</para></listitem>
 <listitem><para>&gcc-no_fixincludes-patch;</para></listitem>
@@ -113,6 +114,9 @@
 </itemizedlist>
 </listitem>
 
+<listitem><para>August 18th, 2005 [ken]: Add a patch to sanitise bzgrep's
+handling of filenames.</para></listitem>
+
 <listitem><para>August 16th, 2005 [matt]: Install sed's man page to
 /usr/share/doc/sed-4.1.4 instead of /usr/share/doc (fixes bug 1600).</para>
 </listitem>

Modified: trunk/BOOK/chapter03/patches.xml
===================================================================
--- trunk/BOOK/chapter03/patches.xml	2005-08-17 19:40:45 UTC (rev 6699)
+++ trunk/BOOK/chapter03/patches.xml	2005-08-18 15:35:07 UTC (rev 6700)
@@ -37,8 +37,15 @@
 <para><ulink url="&patches-root;&bzip2-docs-patch;"/></para>
 </listitem>
 </varlistentry>
+
 <varlistentry>
+<term>Bzip2 Bzgrep Security Fixes Patch - 1 KB:</term>
+<listitem>
+<para><ulink url="&patches-root;&bzip2-bzgrep-patch;"/></para>
+</listitem>
+</varlistentry>
 
+<varlistentry>
 <term>Coreutils Suppress Uptime, Kill, Su Patch - 15 KB:</term>
 <listitem>
 <para><ulink url="&patches-root;&coreutils-suppress-patch;"/></para>

Modified: trunk/BOOK/chapter06/bzip2.xml
===================================================================
--- trunk/BOOK/chapter06/bzip2.xml	2005-08-17 19:40:45 UTC (rev 6699)
+++ trunk/BOOK/chapter06/bzip2.xml	2005-08-18 15:35:07 UTC (rev 6700)
@@ -36,6 +36,11 @@
 
 <screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen>
 
+<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed
+to it. Apply the following to address this:</para>
+
+<screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen>
+
 <para>Prepare Bzip2 for compilation with:</para>
 
 <screen><userinput>make -f Makefile-libbz2_so

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-08-17 19:40:45 UTC (rev 6699)
+++ trunk/BOOK/general.ent	2005-08-18 15:35:07 UTC (rev 6700)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<!ENTITY version "SVN-20050816">
-<!ENTITY releasedate "August 16, 2005">
+<!ENTITY version "SVN-20050818">
+<!ENTITY releasedate "August 18, 2005">
 <!ENTITY milestone "6.2">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->
 

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent	2005-08-17 19:40:45 UTC (rev 6699)
+++ trunk/BOOK/patches.ent	2005-08-18 15:35:07 UTC (rev 6700)
@@ -5,6 +5,7 @@
 <!ENTITY bash-avoid_WCONTINUED-patch "bash-&bash-version;-avoid_WCONTINUED-1.patch">
 
 <!ENTITY bzip2-docs-patch "bzip2-&bzip2-version;-install_docs-1.patch">
+<!ENTITY bzip2-bzgrep-patch "bzip2-&bzip2-version;-bzgrep_security-1.patch">
 
 <!ENTITY coreutils-suppress-patch "coreutils-&coreutils-version;-suppress_uptime_kill_su-1.patch">
 <!ENTITY coreutils-uname-patch "coreutils-&coreutils-version;-uname-2.patch">




More information about the lfs-book mailing list