Added security patch for zlib. (merged from trunk r6414)

git-svn-id: http://svn.linuxfromscratch.org/LFS/branches/6.1/BOOK@6416 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

chapter01/changelog.xml

@@ -70,6 +70,7 @@ First a summary, then a detailed log.</para>
 <listitem><para>tar-1.15.1-sparse_fix-1.patch</para></listitem>
 <listitem><para>util-linux-2.12p-cramfs-1.patch</para></listitem>
 <listitem><para>vim-6.0-security_fix-1.patch</para></listitem>
+<listitem><para>zlib-1.2.2-security_fix-1.patch;</para></listitem>
 </itemizedlist>
 </listitem>
 
@@ -87,6 +88,9 @@ First a summary, then a detailed log.</para>
 </itemizedlist>
 </listitem>
 
+<listitem><para>July  6th, 2005 [archaic]: Added security patch for zlib.
+</para></listitem>
+
 <listitem><para>July  6th, 2005 [matt]: Several typo corrections, as suggested
 by Bernard Leak.</para></listitem>
 

chapter03/patches.xml

@@ -159,6 +159,12 @@ needed to build an LFS system:</para>
 </listitem>
 </varlistentry>
 
+<varlistentry>
+<term>Zlib Security Patch - 1KB:</term><listitem>
+<para><ulink url="&patches-root;zlib-&zlib-version;-security_fix-1.patch"/></para>
+</listitem>
+</varlistentry>
+
 </variablelist>
 
 <para>In addition to the above required patches, there exist a number of

chapter06/zlib.xml

@@ -28,6 +28,11 @@ some programs.</para>
 <sect2 role="installation">
 <title>Installation of Zlib</title>
 
+<para>Zlib has a buffer overflow vulnerability that can lead to a Denial of
+Service attack. The following patch fixes the problem:</para>
+
+<screen><userinput>patch -Np1 -i ../zlib-&zlib-version;-security_fix-1.patch</userinput></screen>
+
 <note><para>Zlib is known to build its shared library incorrectly if
 <envar>CFLAGS</envar> is specified in the environment. If using a 
 specified <envar>CFLAGS</envar>