From 50993e3328b6805cf541d612bac341220b460457 Mon Sep 17 00:00:00 2001 From: Archaic Date: Sat, 8 Oct 2005 18:33:50 +0000 Subject: [PATCH] Added patch to fix vulnerable tempfile creation texinfo. git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@6983 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689 --- chapter01/changelog.xml | 4 ++++ chapter03/patches.xml | 7 +++++++ chapter06/texinfo.xml | 5 +++++ patches.ent | 2 ++ 4 files changed, 18 insertions(+) diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 4f2f42ac3..1e0ccb9cc 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -103,6 +103,7 @@ First a summary, then a detailed log. &mktemp-tempfile-patch; &perl-libc-patch; &tar-gcc4_fix-patch; +&texinfo-tempfile_fix-patch; &vim-security_fix-patch; @@ -122,6 +123,9 @@ First a summary, then a detailed log. +October 8, 2005 [archaic]: Added patch to fix poor tempfile +creation in Texinfo-4.8 that can lead to a symlink attack. + October 8, 2005 [matt]: Upgrade to iproute2-051007. diff --git a/chapter03/patches.xml b/chapter03/patches.xml index f92e6dc5c..ab61519f0 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -205,6 +205,13 @@ needed to build an LFS system: + +Texinfo Tempfile Fix Patch - 2 KB: + + + + + Util-linux Cramfs Patch - 3 KB: diff --git a/chapter06/texinfo.xml b/chapter06/texinfo.xml index 0cab8d0ae..292963d7e 100644 --- a/chapter06/texinfo.xml +++ b/chapter06/texinfo.xml @@ -31,6 +31,11 @@ Diffutils, GCC, Gettext, Glibc, Grep, Make, Ncurses, and Sed Installation of Texinfo +Texinfo allows local users to overwrite arbitrary files via a symlink +attack on temporary files. Apply the following patch to fix this: + +patch -Np1 -i ../&texinfo-tempfile_fix-patch; + Prepare Texinfo for compilation: ./configure --prefix=/usr diff --git a/patches.ent b/patches.ent index c357807d0..55dbd793e 100644 --- a/patches.ent +++ b/patches.ent @@ -44,6 +44,8 @@ + +