diff options
| -rw-r--r-- | chapter01/changelog.xml | 4 | ||||
| -rw-r--r-- | chapter03/patches.xml | 7 | ||||
| -rw-r--r-- | chapter06/texinfo.xml | 5 | ||||
| -rw-r--r-- | patches.ent | 2 |
4 files changed, 18 insertions, 0 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 4f2f42ac3..1e0ccb9cc 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -103,6 +103,7 @@ First a summary, then a detailed log.</para> <listitem><para>&mktemp-tempfile-patch;</para></listitem> <listitem><para>&perl-libc-patch;</para></listitem> <listitem><para>&tar-gcc4_fix-patch;</para></listitem> +<listitem><para>&texinfo-tempfile_fix-patch;</para></listitem> <listitem><para>&vim-security_fix-patch;</para></listitem> </itemizedlist> </listitem> @@ -122,6 +123,9 @@ First a summary, then a detailed log.</para> </itemizedlist> </listitem> +<listitem><para>October 8, 2005 [archaic]: Added patch to fix poor tempfile +creation in Texinfo-4.8 that can lead to a symlink attack.</para></listitem> + <listitem><para>October 8, 2005 [matt]: Upgrade to iproute2-051007.</para> </listitem> diff --git a/chapter03/patches.xml b/chapter03/patches.xml index f92e6dc5c..ab61519f0 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -206,6 +206,13 @@ needed to build an LFS system:</para> </varlistentry> <varlistentry> +<term>Texinfo Tempfile Fix Patch - 2 KB:</term> +<listitem> +<para><ulink url="&patches-root;&texinfo-tempfile_fix-patch;"/></para> +</listitem> +</varlistentry> + +<varlistentry> <term>Util-linux Cramfs Patch - 3 KB:</term> <listitem> <para><ulink url="&patches-root;&util-linux-cramfs-patch;"/></para> </listitem> diff --git a/chapter06/texinfo.xml b/chapter06/texinfo.xml index 0cab8d0ae..292963d7e 100644 --- a/chapter06/texinfo.xml +++ b/chapter06/texinfo.xml @@ -31,6 +31,11 @@ Diffutils, GCC, Gettext, Glibc, Grep, Make, Ncurses, and Sed</seg></seglistitem> <sect2 role="installation"> <title>Installation of Texinfo</title> +<para>Texinfo allows local users to overwrite arbitrary files via a symlink +attack on temporary files. Apply the following patch to fix this:</para> + +<screen><userinput>patch -Np1 -i ../&texinfo-tempfile_fix-patch;</userinput></screen> + <para>Prepare Texinfo for compilation:</para> <screen><userinput>./configure --prefix=/usr</userinput></screen> diff --git a/patches.ent b/patches.ent index c357807d0..55dbd793e 100644 --- a/patches.ent +++ b/patches.ent @@ -44,6 +44,8 @@ <!ENTITY tar-sparse_fix-patch "tar-&tar-version;-sparse_fix-1.patch"> <!ENTITY tar-gcc4_fix-patch "tar-&tar-version;-gcc4_fix_tests-1.patch"> +<!ENTITY texinfo-tempfile_fix-patch "texinfo-&texinfo-version;-tempfile_fix-1.patch"> + <!ENTITY util-linux-cramfs-patch "util-linux-&util-linux-version;-cramfs-1.patch"> <!ENTITY vim-security_fix-patch "vim-&vim-version;-security_fix-2.patch"> |