diff options
| -rw-r--r-- | chapter01/changelog.xml | 12 | ||||
| -rw-r--r-- | chapter06/perl.xml | 5 | ||||
| -rw-r--r-- | general.ent | 4 | ||||
| -rw-r--r-- | patches.ent | 1 |
4 files changed, 19 insertions, 3 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 9854ad602..3c7f6bffd 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -35,6 +35,17 @@ </itemizedlist> </listitem> --> + + <listitem> + <para>January 20, 2006</para> + <itemizedlist> + <listitem> + <para>[jhuntwork] - Added a patch to fix the sprintf security + vulnerability in Perl. Thanks to Tim van der Molen for pointing it out.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> <para>January 17, 2006</para> <itemizedlist> @@ -45,7 +56,6 @@ </itemizedlist> </listitem> - <listitem> <para>January 10, 2006</para> <itemizedlist> diff --git a/chapter06/perl.xml b/chapter06/perl.xml index 1ce3a7e05..33ec77102 100644 --- a/chapter06/perl.xml +++ b/chapter06/perl.xml @@ -28,6 +28,11 @@ Gawk, GCC, Glibc, Grep, Make, and Sed</seg></seglistitem> <sect2 role="installation"> <title>Installation of Perl</title> +<para>A security vulnerability exists in Perl's sprintf function. Apply the +following patch to fix it.</para> + +<screen><userinput>patch -Np1 -i ../&perl-sprintf-patch;</userinput></screen> + <para>First create a basic <filename>/etc/hosts</filename> file which will be referenced in one of Perl's configuration files as well as being used used by the testsuite if you run that.</para> diff --git a/general.ent b/general.ent index 3b98acc74..977fa251f 100644 --- a/general.ent +++ b/general.ent @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="ISO-8859-1"?> -<!ENTITY version "SVN-20060117"> -<!ENTITY releasedate "January 17, 2006"> +<!ENTITY version "SVN-20060120"> +<!ENTITY releasedate "January 20, 2006"> <!ENTITY milestone "6.2"> <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" --> diff --git a/patches.ent b/patches.ent index fff66b690..fe91241be 100644 --- a/patches.ent +++ b/patches.ent @@ -38,6 +38,7 @@ <!-- <!ENTITY ncurses-rollup-patch "ncurses-&ncurses-version;-&ncurses-date;-patch.sh.bz2"> --> <!ENTITY perl-libc-patch "perl-&perl-version;-libc-1.patch"> +<!ENTITY perl-sprintf-patch "perl-&perl-version;-sprintf_vulnerability-1.patch"> <!ENTITY shadow-configure-patch "shadow-&shadow-version;-configure_fix-1.patch"> |