diff options
| -rw-r--r-- | chapter01/changelog.xml | 4 | ||||
| -rw-r--r-- | chapter03/patches.xml | 7 | ||||
| -rw-r--r-- | chapter06/bzip2.xml | 5 | ||||
| -rw-r--r-- | general.ent | 4 | ||||
| -rw-r--r-- | patches.ent | 1 |
5 files changed, 19 insertions, 2 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 81e033eb3..43af25426 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -87,6 +87,7 @@ First a summary, then a detailed log.</para> <listitem><para>Added:</para> <itemizedlist> +<listitem><para>&bzip2-bzgrep-patch;</para></listitem> <listitem><para>&bzip2-docs-patch;</para></listitem> <listitem><para>&gcc-linkonce-patch;</para></listitem> <listitem><para>&gcc-no_fixincludes-patch;</para></listitem> @@ -113,6 +114,9 @@ First a summary, then a detailed log.</para> </itemizedlist> </listitem> +<listitem><para>August 18th, 2005 [ken]: Add a patch to sanitise bzgrep's +handling of filenames.</para></listitem> + <listitem><para>August 16th, 2005 [matt]: Install sed's man page to /usr/share/doc/sed-4.1.4 instead of /usr/share/doc (fixes bug 1600).</para> </listitem> diff --git a/chapter03/patches.xml b/chapter03/patches.xml index 579741012..a12cedfe6 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -37,8 +37,15 @@ needed to build an LFS system:</para> <para><ulink url="&patches-root;&bzip2-docs-patch;"/></para> </listitem> </varlistentry> + <varlistentry> +<term>Bzip2 Bzgrep Security Fixes Patch - 1 KB:</term> +<listitem> +<para><ulink url="&patches-root;&bzip2-bzgrep-patch;"/></para> +</listitem> +</varlistentry> +<varlistentry> <term>Coreutils Suppress Uptime, Kill, Su Patch - 15 KB:</term> <listitem> <para><ulink url="&patches-root;&coreutils-suppress-patch;"/></para> diff --git a/chapter06/bzip2.xml b/chapter06/bzip2.xml index 641fb5a25..6b401650f 100644 --- a/chapter06/bzip2.xml +++ b/chapter06/bzip2.xml @@ -36,6 +36,11 @@ GCC, Glibc, and Make</seg></seglistitem> <screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen> +<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed +to it. Apply the following to address this:</para> + +<screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen> + <para>Prepare Bzip2 for compilation with:</para> <screen><userinput>make -f Makefile-libbz2_so diff --git a/general.ent b/general.ent index c9c8ca3de..d5081267e 100644 --- a/general.ent +++ b/general.ent @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="ISO-8859-1"?> -<!ENTITY version "SVN-20050816"> -<!ENTITY releasedate "August 16, 2005"> +<!ENTITY version "SVN-20050818"> +<!ENTITY releasedate "August 18, 2005"> <!ENTITY milestone "6.2"> <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" --> diff --git a/patches.ent b/patches.ent index 1bdda5328..4f344f3e1 100644 --- a/patches.ent +++ b/patches.ent @@ -5,6 +5,7 @@ <!ENTITY bash-avoid_WCONTINUED-patch "bash-&bash-version;-avoid_WCONTINUED-1.patch"> <!ENTITY bzip2-docs-patch "bzip2-&bzip2-version;-install_docs-1.patch"> +<!ENTITY bzip2-bzgrep-patch "bzip2-&bzip2-version;-bzgrep_security-1.patch"> <!ENTITY coreutils-suppress-patch "coreutils-&coreutils-version;-suppress_uptime_kill_su-1.patch"> <!ENTITY coreutils-uname-patch "coreutils-&coreutils-version;-uname-2.patch"> |