gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-01-31 11:21:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added a patch to fix the sprintf security vulnerability in Perl.

Browse Source 
Thanks to Tim van der Molen for pointing it out.


git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@7284 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Jeremy Huntwork 2006-01-20 14:22:56 +00:00
parent d93d1c90ae
commit 11cbbb0452
4 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
chapter01/changelog.xml
View File

@ -35,6 +35,17 @@
</itemizedlist> </itemizedlist>
</listitem> </listitem>
--> -->
<listitem>
<para>January 20, 2006</para>
<itemizedlist>
<listitem>
<para>[jhuntwork] - Added a patch to fix the sprintf security
vulnerability in Perl. Thanks to Tim van der Molen for pointing it out.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem> <listitem>
<para>January 17, 2006</para> <para>January 17, 2006</para>
<itemizedlist> <itemizedlist>
@ -45,7 +56,6 @@
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<para>January 10, 2006</para> <para>January 10, 2006</para>
<itemizedlist> <itemizedlist>

5
chapter06/perl.xml
View File

@ -28,6 +28,11 @@ Gawk, GCC, Glibc, Grep, Make, and Sed</seg></seglistitem>
<sect2 role="installation"> <sect2 role="installation">
<title>Installation of Perl</title> <title>Installation of Perl</title>
<para>A security vulnerability exists in Perl's sprintf function. Apply the
following patch to fix it.</para>
<screen><userinput>patch -Np1 -i ../&perl-sprintf-patch;</userinput></screen>
<para>First create a basic <filename>/etc/hosts</filename> file which will be <para>First create a basic <filename>/etc/hosts</filename> file which will be
referenced in one of Perl's configuration files as well as being used used by referenced in one of Perl's configuration files as well as being used used by
the testsuite if you run that.</para> the testsuite if you run that.</para>

4
general.ent
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?> <?xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY version "SVN-20060117"> <!ENTITY version "SVN-20060120">
<!ENTITY releasedate "January 17, 2006"> <!ENTITY releasedate "January 20, 2006">
<!ENTITY milestone "6.2"> <!ENTITY milestone "6.2">
<!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" --> <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->

1
patches.ent
View File

@ -38,6 +38,7 @@
<!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> --> <!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> -->
<!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch"> <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch">
<!ENTITY perl-sprintf-patch "perl-&perl-version;-sprintf_vulnerability-1.patch">
<!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch"> <!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch">