r7520 - in trunk/BOOK: . chapter01 chapter03 chapter06

Fri, 14 Apr 2006 12:23:40 -0700 

Author: ken
Date: 2006-04-14 13:23:22 -0600 (Fri, 14 Apr 2006)
New Revision: 7520

Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter03/patches.xml
   trunk/BOOK/chapter06/tar.xml
   trunk/BOOK/patches.ent
Log:
Add patch for tar re CVE-2006-0300, to fix ticket #1767.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml  2006-04-14 18:06:33 UTC (rev 7519)
+++ trunk/BOOK/chapter01/changelog.xml  2006-04-14 19:23:22 UTC (rev 7520)
@@ -39,6 +39,9 @@
     <listitem>
       <para>April 14, 2006</para>
       <itemizedlist>
+       <listitem>
+         <para>[ken] - Add security patch for tar to address 
CVE-2006-0300.</para>
+       </listitem>
         <listitem>
           <para>[archaic] - Upgraded to man-pages-2.29 and linux-2.6.16.5. No
           command changes.</para>

Modified: trunk/BOOK/chapter03/patches.xml
===================================================================
--- trunk/BOOK/chapter03/patches.xml    2006-04-14 18:06:33 UTC (rev 7519)
+++ trunk/BOOK/chapter03/patches.xml    2006-04-14 19:23:22 UTC (rev 7520)
@@ -201,6 +201,13 @@
     </varlistentry>
 
     <varlistentry>
+      <term>Tar Security Fixes Patch - 4 KB:</term>
+      <listitem>
+        <para><ulink url="&patches-root;&tar-security_fixes-patch;"/></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
       <term>Texinfo Multibyte Fixes Patch - 1 KB:</term>
       <listitem>
         <para><ulink url="&patches-root;&texinfo-multibyte-patch;"/></para>

Modified: trunk/BOOK/chapter06/tar.xml
===================================================================
--- trunk/BOOK/chapter06/tar.xml        2006-04-14 18:06:33 UTC (rev 7519)
+++ trunk/BOOK/chapter06/tar.xml        2006-04-14 19:23:22 UTC (rev 7520)
@@ -54,6 +54,11 @@
 
 <screen><userinput>patch -Np1 -i ../&tar-sparse_fix-patch;</userinput></screen>
 
+    <para>Recent versions of tar are vulnerable to a buffer overflow from
+    specially crafted archives. The following patch addresses this:</para>
+
+<screen><userinput>patch -Np1 -i 
../&tar-security_fixes-patch;</userinput></screen>
+
     <para>Prepare Tar for compilation:</para>
 
 <screen><userinput>./configure --prefix=/usr --bindir=/bin 
--libexecdir=/usr/sbin</userinput></screen>

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent      2006-04-14 18:06:33 UTC (rev 7519)
+++ trunk/BOOK/patches.ent      2006-04-14 19:23:22 UTC (rev 7520)
@@ -46,6 +46,7 @@
 
 <!ENTITY tar-gcc4_fix-patch "tar-&tar-version;-gcc4_fix_tests-1.patch">
 <!ENTITY tar-sparse_fix-patch "tar-&tar-version;-sparse_fix-1.patch">
+<!ENTITY tar-security_fixes-patch "tar-&tar-version;-security_fixes-1.patch">
 
 <!ENTITY texinfo-multibyte-patch "texinfo-&texinfo-version;-multibyte-1.patch">
 <!ENTITY texinfo-tempfile_fix-patch 
"texinfo-&texinfo-version;-tempfile_fix-2.patch">

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Reply via email to