diff options
| author | Douglas R. Reno <renodr@linuxfromscratch.org> | 2019-01-11 16:49:55 +0000 |
|---|---|---|
| committer | Douglas R. Reno <renodr@linuxfromscratch.org> | 2019-01-11 16:49:55 +0000 |
| commit | 855ab9a532c94850e4af34798d810cf53db4bc59 (patch) | |
| tree | 996a3ed95c4baefb90fab1b3c21003bf53294f95 | |
| parent | 16dc51dbe9a50e866d635cbaf53600b0082af68f (diff) | |
Add systemd security patch. Please update as soon as you can.
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@11500 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
| -rw-r--r-- | chapter01/changelog.xml | 14 | ||||
| -rw-r--r-- | chapter03/patches.xml | 19 | ||||
| -rw-r--r-- | chapter06/systemd.xml | 4 | ||||
| -rw-r--r-- | general.ent | 6 | ||||
| -rw-r--r-- | patches.ent | 17 |
5 files changed, 24 insertions, 36 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 51f0e65e1..c176d6a52 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -42,6 +42,20 @@ <listitem revision="sysv"> or <listitem revision="systemd"> as appropriate for the entry or if needed the entire day's listitem. --> + + <listitem revision="systemd"> + <para>2019-01-11</para> + <itemizedlist> + <listitem> + <para>[renodr] - Add a security patch for systemd-240. This fixes + CVE-2018-16865 and CVE-2018-16864 (memory corruption in journald + leading to stack overflows / arbitrary code execution). + Apply this as soon as you can. Fixes + <ulink url="&lfs-ticket-root;4408">#4408</ulink>.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> <para>2019-01-10</para> <itemizedlist> diff --git a/chapter03/patches.xml b/chapter03/patches.xml index 54be207e3..516d96191 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -116,7 +116,6 @@ </listitem> </varlistentry> -<!-- <varlistentry revision="systemd"> <term>Systemd security patch - <token>&systemd-security-patch-size;</token>:</term> <listitem> @@ -124,24 +123,6 @@ <para>MD5 sum: <literal>&systemd-security-patch-md5;</literal></para> </listitem> </varlistentry> ---> -<!-- - <varlistentry revision="systemd"> - <term>systemd glibc patch - <token>&systemd-glibc-patch-size;</token>:</term> - <listitem> - <para>Download: <ulink url="&patches-root;&systemd-glibc-patch;"/></para> - <para>MD5 sum: <literal>&systemd-glibc-patch-md5;</literal></para> - </listitem> - </varlistentry> - - <varlistentry revision="systemd"> - <term>systemd meson fixes patch - <token>&systemd-meson-patch-size;</token>:</term> - <listitem> - <para>Download: <ulink url="&patches-root;&systemd-meson-patch;"/></para> - <para>MD5 sum: <literal>&systemd-meson-patch-md5;</literal></para> - </listitem> - </varlistentry> - --> </variablelist> diff --git a/chapter06/systemd.xml b/chapter06/systemd.xml index 53b7a9199..3ff77dc02 100644 --- a/chapter06/systemd.xml +++ b/chapter06/systemd.xml @@ -40,6 +40,10 @@ <sect2 role="installation"> <title>Installation of systemd</title> + <para>Apply a patch to fix two critical security vulnerabilities:</para> + +<screen><userinput remap="pre">patch -Np1 -i ../systemd-240-security_fixes-1.patch</userinput></screen> + <para>Create a symlink to work around missing xsltproc:</para> <screen><userinput remap="pre">ln -sf /tools/bin/true /usr/bin/xsltproc</userinput></screen> diff --git a/general.ent b/general.ent index f6b5f6e2d..3f2cfc457 100644 --- a/general.ent +++ b/general.ent @@ -1,13 +1,13 @@ -<!ENTITY version "SVN-20190109"> +<!ENTITY version "SVN-20190111"> <!ENTITY short-version "svn"> <!-- Used below in &blfs-book; Change to x.y for release but not -rc releases --> <!ENTITY generic-version "development"> <!-- Use "development" or "x.y[-pre{x}]" --> -<!ENTITY versiond "20190101-systemd"> +<!ENTITY versiond "20190111-systemd"> <!ENTITY short-versiond "systemd"> <!ENTITY generic-versiond "systemd"> -<!ENTITY releasedate "January 9, 2019"> +<!ENTITY releasedate "January 11, 2019"> <!ENTITY copyrightdate "1999-2019"><!-- jhalfs needs a literal dash, not – --> <!ENTITY milestone "8.4"> diff --git a/patches.ent b/patches.ent index 5a0b20a39..6c2c7e7df 100644 --- a/patches.ent +++ b/patches.ent @@ -57,17 +57,6 @@ <!ENTITY sysvinit-consolidated-patch-md5 "aaa84675e717504d7d3da452c8c2eaf1"> <!ENTITY sysvinit-consolidated-patch-size "2.6 KB"> -<!-- -<!ENTITY systemd-security-patch "systemd-&systemd-version;-security_fix-1.patch"> -<!ENTITY systemd-security-patch-md5 "aa9d81fec9a3875a54e63af86904513a"> -<!ENTITY systemd-security-patch-size "4 KB"> ---> -<!-- -<!ENTITY systemd-glibc-patch "systemd-&systemd-version;-glibc_statx_fix-1.patch"> -<!ENTITY systemd-glibc-patch-md5 "a44057d6a6ca69760bafc126458d89e5"> -<!ENTITY systemd-glibc-patch-size "4 KB"> - -<!ENTITY systemd-meson-patch "systemd-&systemd-version;-meson-0.48.0_fixes-1.patch"> -<!ENTITY systemd-meson-patch-md5 "0e12e0722bd6bb84e8a4ec4de8979722"> -<!ENTITY systemd-meson-patch-size "4 KB"> ---> +<!ENTITY systemd-security-patch "systemd-&systemd-version;-security_fixes-1.patch"> +<!ENTITY systemd-security-patch-md5 "e0e27d1e5eb527f0ce2ac55b808cb7b2"> +<!ENTITY systemd-security-patch-size "12 KB"> |