gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-03-05 22:04:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added patch to fix vulnerable tempfile creation texinfo.

Browse Source 
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@6983 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Archaic 2005-10-08 18:33:50 +00:00
parent e193a75683
commit 50993e3328
4 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
chapter01/changelog.xml
View File

@ -103,6 +103,7 @@ First a summary, then a detailed log.</para>
<listitem><para>&mktemp-tempfile-patch;</para></listitem>
<listitem><para>&perl-libc-patch;</para></listitem>
<listitem><para>&tar-gcc4_fix-patch;</para></listitem>
<listitem><para>&texinfo-tempfile_fix-patch;</para></listitem>
<listitem><para>&vim-security_fix-patch;</para></listitem>
</itemizedlist>
</listitem>
@ -122,6 +123,9 @@ First a summary, then a detailed log.</para>
</itemizedlist>
</listitem>
<listitem><para>October 8, 2005 [archaic]: Added patch to fix poor tempfile
creation in Texinfo-4.8 that can lead to a symlink attack.</para></listitem>
<listitem><para>October 8, 2005 [matt]: Upgrade to iproute2-051007.</para>
</listitem>

7
chapter03/patches.xml
View File

@ -205,6 +205,13 @@ needed to build an LFS system:</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Texinfo Tempfile Fix Patch - 2 KB:</term>
<listitem>
<para><ulink url="&patches-root;&texinfo-tempfile_fix-patch;"/></para>
</listitem>
</varlistentry>
<varlistentry>
<term>Util-linux Cramfs Patch - 3 KB:</term> <listitem>
<para><ulink url="&patches-root;&util-linux-cramfs-patch;"/></para>

5
chapter06/texinfo.xml
View File

@ -31,6 +31,11 @@ Diffutils, GCC, Gettext, Glibc, Grep, Make, Ncurses, and Sed</seg></seglistitem>
<sect2 role="installation">
<title>Installation of Texinfo</title>
<para>Texinfo allows local users to overwrite arbitrary files via a symlink
attack on temporary files. Apply the following patch to fix this:</para>
<screen><userinput>patch -Np1 -i ../&texinfo-tempfile_fix-patch;</userinput></screen>
<para>Prepare Texinfo for compilation:</para>
<screen><userinput>./configure --prefix=/usr</userinput></screen>

2
patches.ent
View File

@ -44,6 +44,8 @@
<!ENTITY tar-sparse_fix-patch "tar-&tar-version;-sparse_fix-1.patch">
<!ENTITY tar-gcc4_fix-patch "tar-&tar-version;-gcc4_fix_tests-1.patch">
<!ENTITY texinfo-tempfile_fix-patch "texinfo-&texinfo-version;-tempfile_fix-1.patch">
<!ENTITY util-linux-cramfs-patch "util-linux-&util-linux-version;-cramfs-1.patch">
<!ENTITY vim-security_fix-patch "vim-&vim-version;-security_fix-2.patch">