r1997 - in profiles/BLFS/trunk: . chapter04 chapter08 chapter09 chapter10 chapter11 chapter12 chapter16 config_standard/etc/rc.d config_standard/etc/rc.d/init.d config_standard/packages wget

thomasp at linuxfromscratch.org thomasp at linuxfromscratch.org
Mon Sep 12 12:01:31 PDT 2005


Author: thomasp
Date: 2005-09-12 13:01:24 -0600 (Mon, 12 Sep 2005)
New Revision: 1997

Added:
   profiles/BLFS/trunk/config_standard/etc/rc.d/rc.iptables
Removed:
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop
Modified:
   profiles/BLFS/trunk/BLFS.xml
   profiles/BLFS/trunk/chapter04/heimdal.xml
   profiles/BLFS/trunk/chapter04/iptables.xml
   profiles/BLFS/trunk/chapter04/mitkrb.xml
   profiles/BLFS/trunk/chapter08/lzo.xml
   profiles/BLFS/trunk/chapter09/imlib2.xml
   profiles/BLFS/trunk/chapter10/tidy.xml
   profiles/BLFS/trunk/chapter11/cpio.xml
   profiles/BLFS/trunk/chapter11/pkgconfig.xml
   profiles/BLFS/trunk/chapter12/nasm.xml
   profiles/BLFS/trunk/chapter12/ruby.xml
   profiles/BLFS/trunk/chapter16/libpcap.xml
   profiles/BLFS/trunk/config_standard/packages/ch11.ent
   profiles/BLFS/trunk/config_standard/packages/ch12.ent
   profiles/BLFS/trunk/config_standard/packages/ch16.ent
   profiles/BLFS/trunk/wget/chapter11.urls
   profiles/BLFS/trunk/wget/chapter12.urls
   profiles/BLFS/trunk/wget/chapter16.urls
Log:
* Fixed several validation errors
* Correctly commented out mit krb section
* Removed a few unecessary and invalid <permissions> elements
* Added security fix patches to cpio, nasm and ruby
* Updated setup for firewall configuration in iptables
* Package upgrades:
 - libpcap-0.9.3
 - fcron-2.9.7
 - pkg-config-0.19 (also includes name change)
 - mc-4.6.1



Modified: profiles/BLFS/trunk/BLFS.xml
===================================================================
--- profiles/BLFS/trunk/BLFS.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/BLFS.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -58,7 +58,9 @@
       <xi:include href="chapter04/gnupg.xml" />
       <xi:include href="chapter04/tripwire.xml" />
       <xi:include href="chapter04/heimdal.xml" />
-      <xi:include href="chapter04/mitkrb.xml" />
+      <!-- MIT kerberos is more or less deprecated in BLFS 6.1 -->
+      <!-- If you wish to build MIT krb uncomment the following xinclude -->
+      <!-- <xi:include href="chapter04/mitkrb.xml" /> -->
       <xi:include href="chapter04/cyrus-sasl.xml"/>
       <xi:include href="chapter04/stunnel.xml" />
     </stage>

Modified: profiles/BLFS/trunk/chapter04/heimdal.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/heimdal.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter04/heimdal.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -85,18 +85,18 @@
       <param>install</param>
     </make>
     <mkdir>
-      <name>/usr/share/doc/heimdal-&heimdal-version;/standardisation</make>
-      <permissions>755</permissions>
+      <option>parents</option>
+      <name>/usr/share/doc/heimdal-&heimdal-version;/standardisation</name>
     </mkdir>
-    <move>
+    <copy>
       <source>doc/init-creds</source>
       <source>doc/layman.asc</source>
       <destination>/usr/share/doc/heimdal-&heimdal-version;</destination>
-    </move>
-    <move>
+    </copy>
+    <copy>
       <source>doc/standardisation/*</source>
       <destination>/usr/share/doc/heimdal-&heimdal-version;/standardisation</destination>
-    </move>
+    </copy>
     <move base="/bin">
       <source>login</source>
       <destination>login.shadow</destination>
@@ -116,33 +116,36 @@
       <name>/usr/bin</name>
     </link>
     <move base="/usr/lib">
-      <source>libotp.so.0*</source>
-      <source>libkafs.so.0*</source>
-      <source>libkrb5.so.17*</source>
-      <source>libasn1.so.6*</source>
-      <source>libroken.so.16*</source>
-      <source>libcrypto.so.0*</source>
+      <source>libotp.so.*</source>
+      <source>libkafs.so.*</source>
+      <source>libkrb5.so.*</source>
+      <source>libasn1.so.*</source>
+      <source>libroken.so.*</source>
+      <source>libcrypto.so.*</source>
       <source>libdb-4.3.so</source>
       <destination>/lib</destination>
     </move>
     <link>
       <option>force</option>
-      <target>../../lib/libotp.so.0</target>
-      <target>../../lib/libotp.so.0.1.4</target>
-      <target>../../lib/libkafs.so.0</target>
-      <target>../../lib/libkafs.so.0.4.0</target>
-      <target>../../lib/libkrb5.so.17</target>
-      <target>../../lib/libkrb5.so.17.3.0</target>
-      <target>../../lib/libasn1.so.6</target>
-      <target>../../lib/libasn1.so.6.0.2</target>
-      <target>../../lib/libroken.so.16</target>
-      <target>../../lib/libroken.so.16.0.3</target>
-      <target>../../lib/libcrypto.so.0</target>
-      <target>../../lib/libcrypto.so.0.9.7</target>
       <target>../../lib/libdb-4.3.so</target>
+      <name>/usr/lib/libdb.so</name>
+    </link>
+    <link>
+      <option>force</option>
+      <target>../../lib/libdb-4.3.so</target>
+      <name>/usr/lib/libdb-4.so</name>
+    </link>
+    <link>
+      <option>force</option>
+      <target>../../lib/libotp.so</target>
+      <target>../../lib/libkafs.so</target>
+      <target>../../lib/libkrb5.so</target>
+      <target>../../lib/libasn1.so</target>
+      <target>../../lib/libroken.so</target>
+      <target>../../lib/libcrypto.so</target>
+      <target>../../lib/libdb-4.3.so</target>
       <name>/usr/lib</name>
     </link>
-    <execute command="for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7 do ln -v -sf ../../lib/lib$SYMLINK /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so done"/>
     &ldconfig;
   </stage>
   <stage name="Installing bootscript and configuration">

Modified: profiles/BLFS/trunk/chapter04/iptables.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/iptables.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter04/iptables.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -11,6 +11,8 @@
 %config_entities;
 %files;
 
+<!ENTITY bootscripts-get SYSTEM "../config/bootscripts_get.ent">
+<!ENTITY bootscripts-clean SYSTEM "../config/bootscripts_clean.ent">
 ]>
 <alfs>
   <package name="iptables" version="&iptables-version;">
@@ -45,6 +47,10 @@
       <make>
         <param>install-iptables</param>
       </make>
+      <copy base="&blfs-config;/etc/rc.d">
+	<source>rc.iptables</source>
+	<destination>/etc/rc.d</destination>
+      </copy>
     </stage>
     &bootscripts-clean;
     <stage name="Cleanup">

Modified: profiles/BLFS/trunk/chapter04/mitkrb.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/mitkrb.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter04/mitkrb.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -28,8 +28,7 @@
       <name>openldap</name>
     </utilizes>
   </packageinfo>
-<!-- MIT kerberos is more or less deprecated in BLFS 6.1 -->
-<!--  <stage name="Unpacking.">
+  <stage name="Unpacking.">
     <unpack>
       <digest>&mitkrb-md5;</digest>
       <archive>&packages_dir;/&mitkrb-package;</archive>
@@ -111,6 +110,6 @@
   &bootscripts-clean;
   <stage name="Cleanup.">
     <remove>&build_dir;/&mitkrb-directory;</remove>
-  </stage> -->
+  </stage>
 </package>
 </alfs>

Modified: profiles/BLFS/trunk/chapter08/lzo.xml
===================================================================
--- profiles/BLFS/trunk/chapter08/lzo.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter08/lzo.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -41,7 +41,6 @@
       </make>
       <mkdir>
         <option>parents</option>
-        <permissions>755</permissions>
         <name>/usr/share/doc/lzo-&lzo-version;</name>
       </mkdir>
       <copy>

Modified: profiles/BLFS/trunk/chapter09/imlib2.xml
===================================================================
--- profiles/BLFS/trunk/chapter09/imlib2.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter09/imlib2.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -52,7 +52,6 @@
       </make>
       <mkdir>
         <option>parents</option>
-        <permissions>755</permissions>
         <name>/usr/share/doc/imlib2-&imlib2-version;</name>
       </mkdir>
       <copy>

Modified: profiles/BLFS/trunk/chapter10/tidy.xml
===================================================================
--- profiles/BLFS/trunk/chapter10/tidy.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter10/tidy.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -60,7 +60,6 @@
       </copy>
       <mkdir>
         <option>parents</option>
-        <permissions>755</permissions>
         <name>/usr/share/doc/tidy</name>
       </mkdir>
       <copy>

Modified: profiles/BLFS/trunk/chapter11/cpio.xml
===================================================================
--- profiles/BLFS/trunk/chapter11/cpio.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter11/cpio.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -19,15 +19,25 @@
         <destination>&build_dir;</destination>
       </unpack>
     </stage>
-    <stage name="Installing">
+    <stage name="Patching">
       <stageinfo>
-        <base>&build_dir;/&cpio-directory;</base>
+	<base>&build_dir;/&cpio-directory;</base>
       </stageinfo>
       <search_replace>
       	<file>src/mt.c</file>
 	<find>invalid_arg</find>
 	<replace>argmatch_invalid</replace>
       </search_replace>
+      <patch>
+	<param>-N</param>
+	<param>-p1</param>
+	<param>-i &packages_dir;/&cpio-security-fixes-patch;</param>
+      </patch>
+    </stage>
+    <stage name="Installing">
+      <stageinfo>
+        <base>&build_dir;/&cpio-directory;</base>
+      </stageinfo>
       <configure>
 	<param>CPIO_MT_PROG=mt</param>
         <param>--prefix=/usr</param>
@@ -38,7 +48,8 @@
       <textdump mode="append">
       	<file>config.h</file>
 	<content>
-	  =#define HAVE_SETLOCALE 1"
+	  =#define HAVE_SETLOCALE 1
+	  =#define HAVE_LSTAT 1
 	</content>
       </textdump>
       <make />

Modified: profiles/BLFS/trunk/chapter11/pkgconfig.xml
===================================================================
--- profiles/BLFS/trunk/chapter11/pkgconfig.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter11/pkgconfig.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -11,23 +11,18 @@
 
 ]>
 <alfs>
-  <package name="pkgconfig" version="&pkgconfig-version;">
+  <package name="pkg-config" version="&pkg-config-version;">
     <stage name="Unpacking">
       <unpack>
-        <digest>&pkgconfig-md5;</digest>
-	<archive>&packages_dir;/&pkgconfig-package;</archive>
+        <digest>&pkg-config-md5;</digest>
+	<archive>&packages_dir;/&pkg-config-package;</archive>
         <destination>&build_dir;</destination>
       </unpack>
     </stage>
     <stage name="Installing">
       <stageinfo>
-        <base>&build_dir;/&pkgconfig-directory;</base>
+        <base>&build_dir;/&pkg-config-directory;</base>
       </stageinfo>
-      <execute command="sed">
-	<param>-i</param>
-	<param>'s:pkg_failed=yes]):&\nelse:'</param>
-	<param>pkg.m4</param>
-      </execute>
       <configure>
         <param>--prefix=/usr</param>
       </configure>
@@ -37,7 +32,7 @@
       </make>
     </stage>
     <stage name="Cleanup">
-      <remove>&build_dir;/&pkgconfig-directory;</remove>
+      <remove>&build_dir;/&pkg-config-directory;</remove>
     </stage>
   </package>
 </alfs>

Modified: profiles/BLFS/trunk/chapter12/nasm.xml
===================================================================
--- profiles/BLFS/trunk/chapter12/nasm.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter12/nasm.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -12,6 +12,14 @@
 ]>
 <alfs>
   <package name="nasm" version="&nasm-version;">
+    <packageinfo>
+      <utilizes>
+	<name>tex</name>
+      </utilizes>
+      <utilizes>
+	<name>&ghostscript-impl;</name>
+      </utilizes>
+    </packageinfo>
     <stage name="Unpacking">
       <unpack>
         <digest>&nasm-md5;</digest>
@@ -19,6 +27,16 @@
         <destination>&build_dir;</destination>
       </unpack>
     </stage>
+    <stage name="Patching">
+      <stageinfo>
+	<base>&build_dir;/&nasm-directory;</base>
+      </stageinfo>
+      <patch>
+	<param>-N</param>
+	<param>-p1</param>
+	<param>-i &packages_dir;/&nasm-security-fix-patch;</param>
+      </patch>
+    </stage>
     <stage name="Installing">
       <stageinfo>
         <base>&build_dir;/&nasm-directory;</base>
@@ -28,8 +46,59 @@
       </configure>
       <make />
       <make>
+	<param>-C rdoff/doc</param>
+      </make>
+      <make>
+	<param>-C rdoff/doc html</param>
+      </make>
+      <!-- To build the following documentation you should have Tex and Ghostscript installed -->
+      <!--
+      <make>
+	<param>doc</param>
+      </make>
+      <execute command="sed">
+	<param>-i</param>
+	<param>-e "s/dvips \$</& -o rdoff.ps/"</param>
+	<param>rdoff/doc/Makefile</param>
+      </execute>
+      <make>
+	<param>-C rdoff/doc ps</param>
+      </make>
+      -->
+      <make>
         <param>install</param>
       </make>
+      <make>
+	<param>install_rdf</param>
+      </make>
+      <copy>
+	<source>rdoff/doc/rdoff.info</source>
+	<destination>/usr/share/info</destination>
+      </copy>
+      <mkdir>
+	<option>parents</option>
+	<name>/usr/share/doc/nasm/html</name>
+      </mkdir>
+      <copy>
+	<source>rdoff/doc/v1-v2.txt</source>
+	<destination>/usr/share/doc/nasm</destination>
+      </copy>
+      <copy>
+	<option>recursive</option>
+	<source>rdoff/doc/rdoff</source>
+	<destination>/usr/share/doc/nasm/html</destination>
+      </copy>
+      <!-- Install optional documentation above -->
+      <!--
+      <make>
+	<param>install_doc</param>
+      </make>
+      <copy>
+	<source>rdoff/doc/rdoff.pdf</source>
+	<source>rdoff/doc/rdoff.ps</source>
+	<destination>/usr/share/doc/nasm</destination>
+      </copy>
+    -->
     </stage>
     <stage name="Cleanup">
       <remove>&build_dir;/&nasm-directory;</remove>

Modified: profiles/BLFS/trunk/chapter12/ruby.xml
===================================================================
--- profiles/BLFS/trunk/chapter12/ruby.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter12/ruby.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -33,6 +33,16 @@
         <destination>&build_dir;</destination>
       </unpack>
     </stage>
+    <stage name="Patching">
+      <stageinfo>
+	<base>&build_dir;/&ruby-directory;</base>
+      </stageinfo>
+      <patch>
+	<param>-N</param>
+	<param>-p1</param>
+	<param>-i &packages_dir;/&ruby-xmlrpc-fix-patch;</param>
+      </patch>
+    </stage>
     <stage name="Installing">
       <stageinfo>
         <base>&build_dir;/&ruby-directory;</base>
@@ -41,6 +51,7 @@
         <param>--prefix=/usr</param>
         <param>--enable-shared</param>
         <param>--enable-pthread</param>
+	<param>--enable-install-doc</param>
       </configure>
       <make />
       <make>

Modified: profiles/BLFS/trunk/chapter16/libpcap.xml
===================================================================
--- profiles/BLFS/trunk/chapter16/libpcap.xml	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/chapter16/libpcap.xml	2005-09-12 19:01:24 UTC (rev 1997)
@@ -2,7 +2,7 @@
 <!DOCTYPE alfs SYSTEM "../DTD/ALFS.dtd"
 [
 <!ENTITY % general_entities SYSTEM "../config/general.ent">
-<!ENTITY % package_entities SYSTEM "../config/packages/ch08.ent">
+<!ENTITY % package_entities SYSTEM "../config/packages/ch16.ent">
 <!ENTITY % config_entities SYSTEM  "../config/config.ent">
 
 %general_entities;

Deleted: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall	2005-09-12 19:01:24 UTC (rev 1997)
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# Begin $rc_base/init.d/firewall
-
-# Insert connection-tracking modules (not needed if built into the kernel).
-modprobe ip_tables
-modprobe iptable_filter
-modprobe ip_conntrack
-modprobe ip_conntrack_ftp
-modprobe ipt_state
-modprobe ipt_LOG
-
-# allow local-only connections
-iptables -A INPUT  -i lo -j ACCEPT
-# free output on any interface to any ip for any service (equal to -P ACCEPT)
-iptables -A OUTPUT -j ACCEPT
-
-# permit answers on already established connections
-# and permit new connections related to established ones (eg active-ftp)
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# Log everything else:  What's Windows' latest exploitable vulnerability?
-iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
-
-# set a sane policy:    everything not accepted > /dev/null
-iptables -P INPUT    DROP
-iptables -P FORWARD  DROP
-iptables -P OUTPUT   DROP
-
-# be verbose on dynamic ip-addresses     (not needed in case of static IP)
-echo 2 > /proc/sys/net/ipv4/ip_dynaddr
-
-# disable ExplicitCongestionNotification - too many routers are still ignorant
-echo 0 > /proc/sys/net/ipv4/tcp_ecn
-
-# End $rc_base/init.d/firewall

Deleted: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status	2005-09-12 19:01:24 UTC (rev 1997)
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-# Begin $rc_base/init.d/firewall.status
-
-echo "iptables.mangling:"
-iptables -t mangle  -v -L -n --line-numbers
-
-echo
-echo "iptables.nat:"
-iptables -t nat     -v -L -n --line-numbers
-
-echo
-echo "iptables.filter:"
-iptables            -v -L -n --line-numbers
-
-# End $rc_base/init.d/firewall.status

Deleted: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop	2005-09-12 19:01:24 UTC (rev 1997)
@@ -1,20 +0,0 @@
-#!/bin/sh
-
-# Begin $rc_base/init.d/firewall.stop
-
-# deactivate IP-Forwarding 
-echo 0 > /proc/sys/net/ipv4/ip_forward
-
-iptables -Z
-iptables -F
-iptables -t nat         -F PREROUTING
-iptables -t nat         -F OUTPUT
-iptables -t nat         -F POSTROUTING
-iptables -t mangle      -F PREROUTING
-iptables -t mangle      -F OUTPUT
-iptables -X
-iptables -P INPUT       ACCEPT
-iptables -P FORWARD     ACCEPT
-iptables -P OUTPUT      ACCEPT
-
-# End $rc_base/init.d/firewall.stop

Added: profiles/BLFS/trunk/config_standard/etc/rc.d/rc.iptables
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/rc.iptables	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/rc.iptables	2005-09-12 19:01:24 UTC (rev 1997)
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+# Begin $rc_base/rc.iptables
+
+# Insert connection-tracking modules
+# (not needed if built into the kernel)
+modprobe ip_tables
+modprobe iptable_filter
+modprobe ip_conntrack
+modprobe ip_conntrack_ftp
+modprobe ipt_state
+modprobe ipt_LOG
+
+# Enable broadcast echo Protection
+echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+
+# Disable Source Routed Packets
+echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
+
+# Enable TCP SYN Cookie Protection
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+
+# Disable ICMP Redirect Acceptance
+echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
+
+# Don¹t send Redirect Messages
+echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
+
+# Drop Spoofed Packets coming in on an interface, where responses
+# would result in the reply going out a different interface.
+echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
+
+# Log packets with impossible addresses.
+echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
+
+# be verbose on dynamic ip-addresses  (not needed in case of static IP)
+echo 2 > /proc/sys/net/ipv4/ip_dynaddr
+
+# disable Explicit Congestion Notification
+# too many routers are still ignorant
+echo 0 > /proc/sys/net/ipv4/tcp_ecn
+
+# Set a known state
+iptables -P INPUT   DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT  DROP
+
+# These lines are here in case rules are already in place and the
+# script is ever rerun on the fly. We want to remove all rules and
+# pre-existing user defined chains before we implement new rules.
+iptables -F
+iptables -X
+iptables -Z
+
+iptables -t nat -F
+
+# Allow local-only connections
+iptables -A INPUT  -i lo -j ACCEPT
+
+# Free output on any interface to any ip for any service
+# (equal to -P ACCEPT)
+iptables -A OUTPUT -j ACCEPT
+
+# Permit answers on already established connections
+# and permit new connections related to established ones
+# (e.g. port mode ftp)
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Log everything else. What's Windows' latest exploitable vulnerability?
+iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
+
+# End $rc_base/rc.iptables

Modified: profiles/BLFS/trunk/config_standard/packages/ch11.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/packages/ch11.ent	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/packages/ch11.ent	2005-09-12 19:01:24 UTC (rev 1997)
@@ -11,9 +11,9 @@
 <!ENTITY gpm-silent-patch     "gpm-&gpm-version;-silent-1.patch">
 <!ENTITY gpm-silent-patch-md5 "c61004de4a3c68dfbe3c963f0e00f647">
 
-<!ENTITY fcron-version   "2.9.6">
+<!ENTITY fcron-version   "2.9.7">
 <!ENTITY fcron-package   "fcron-&fcron-version;.src.tar.bz2">
-<!ENTITY fcron-md5       "a978d506591c7ea0248a0638a13ce066">
+<!ENTITY fcron-md5       "d69899cf69bd3be69274f4b9196b5bae">
 <!ENTITY fcron-directory "fcron-&fcron-version;">
 
 <!ENTITY hdparm-version   "6.1">
@@ -45,19 +45,22 @@
 <!ENTITY pciutils-md5       "2b3b2147b7bc91f362be55cb49fa1c4e">
 <!ENTITY pciutils-directory "pciutils-&pciutils-version;">
 
-<!ENTITY pkgconfig-version   "0.18">
-<!ENTITY pkgconfig-package   "pkgconfig-&pkgconfig-version;.tar.bz2">
-<!ENTITY pkgconfig-md5       "cae72bbadff5cd9fe1d085cf8b7c3e6e">
-<!ENTITY pkgconfig-directory "pkgconfig-&pkgconfig-version;">
+<!ENTITY pkg-config-version   "0.19">
+<!ENTITY pkg-config-package   "pkg-config-&pkg-config-version;.tar.bz2">
+<!ENTITY pkg-config-md5       "9c07b9b9a0775dbf2fb999748cfc0793">
+<!ENTITY pkg-config-directory "pkg-config-&pkg-config-version;">
 
 <!ENTITY cpio-version   "2.6">
 <!ENTITY cpio-package   "cpio-&cpio-version;.tar.bz2">
 <!ENTITY cpio-md5       "25e0e8725bc60ed3460c9cde92752674">
 <!ENTITY cpio-directory "cpio-&cpio-version;">
 
-<!ENTITY mc-version   "4.6.0">
+<!ENTITY cpio-security-fixes-patch "cpio-&cpio-version;-security_fixes-1.patch">
+<!ENTITY cpio-security-fixes-patch-md5 "6197bfacc0e89b278fb796efcb297be7">
+
+<!ENTITY mc-version   "4.6.1">
 <!ENTITY mc-package   "mc-&mc-version;.tar.bz2">
-<!ENTITY mc-md5       "15160c5464c752dfe0c906b877e1cc6f">
+<!ENTITY mc-md5       "3dcd33aab0d29d22d7ed7a79dd5ee9b8">
 <!ENTITY mc-directory "mc-&mc-version;">
 
 <!ENTITY sysstat-version   "6.0.0">

Modified: profiles/BLFS/trunk/config_standard/packages/ch12.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/packages/ch12.ent	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/packages/ch12.ent	2005-09-12 19:01:24 UTC (rev 1997)
@@ -247,6 +247,9 @@
 <!ENTITY ruby-md5       "0ff532e9214aee516e54712fe3406372">
 <!ENTITY ruby-directory "ruby-&ruby-version;">
 
+<!ENTITY ruby-xmlrpc-fix-patch "ruby-&ruby-version;-xmlrpc-ipimethods-fix.diff">
+<!ENTITY ruby-xmlrpc-fix-patch-md5 "d1fd7f979894cfe7da89ec38992788eb">
+
 <!ENTITY tcl-major-minor "8.4">
 <!ENTITY tcl-version     "&tcl-major-minor;.11">
 <!ENTITY tcl-package     "tcl&tcl-version;-src.tar.bz2">
@@ -298,6 +301,9 @@
 <!ENTITY nasm-md5       "2032ad44c7359f7a9a166a40a633e772">
 <!ENTITY nasm-directory "nasm-&nasm-version;">
 
+<!ENTITY nasm-security-fix-patch "nasm-&nasm-version;-security_fix-1.patch">
+<!ENTITY nasm-security-fix-md5 "3aec1fe44a15c0fa0f238ebacfd6b7a9">
+
 <!ENTITY doxygen-version   "1.4.3">
 <!ENTITY doxygen-package   "doxygen-&doxygen-version;.src.tar.bz2">
 <!ENTITY doxygen-md5       "">

Modified: profiles/BLFS/trunk/config_standard/packages/ch16.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/packages/ch16.ent	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/config_standard/packages/ch16.ent	2005-09-12 19:01:24 UTC (rev 1997)
@@ -23,7 +23,7 @@
 <!ENTITY libsoup-md5       "2591f32e036a5869f7e2bd0d95e6f14b">
 <!ENTITY libsoup-directory "libsoup-&libsoup-version;">
 
-<!ENTITY libpcap-version   "0.9.1">
+<!ENTITY libpcap-version   "0.9.3">
 <!ENTITY libpcap-package   "libpcap-&libpcap-version;.tar.bz2">
-<!ENTITY libpcap-md5       "33a41a132497e8b1481568e3e92a765c">
+<!ENTITY libpcap-md5       "">
 <!ENTITY libpcap-directory "libpcap-&libpcap-version;">

Modified: profiles/BLFS/trunk/wget/chapter11.urls
===================================================================
--- profiles/BLFS/trunk/wget/chapter11.urls	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/wget/chapter11.urls	2005-09-12 19:01:24 UTC (rev 1997)
@@ -2,7 +2,7 @@
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/F-H/gpm-1.20.1-segfault-1.patch
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/F-H/gpm-1.20.1-silent-1.patch
 
-ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/F-H/fcron-2.9.6.src.tar.bz2
+ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/F-H/fcron-2.9.7.src.tar.bz2
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/F-H/hdparm-6.1.tar.bz2
 
@@ -17,11 +17,12 @@
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/pciutils-2.1.11.tar.bz2
 
-ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/pkgconfig-0.17.2.tar.bz2
+ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/pkg-config-0.19.tar.bz2
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/A-C/cpio-2.6.tar.bz2
+http://www.linuxfromscratch.org/blfs/downloads/6.1/cpio-2.6-security_fixes-1.patch
 
-ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/mc-4.6.0.tar.bz2
+ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/mc-4.6.1.tar.bz2
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/Q-S/sysstat-6.0.0.tar.bz2
 

Modified: profiles/BLFS/trunk/wget/chapter12.urls
===================================================================
--- profiles/BLFS/trunk/wget/chapter12.urls	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/wget/chapter12.urls	2005-09-12 19:01:24 UTC (rev 1997)
@@ -27,6 +27,7 @@
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/L/librep-0.17.tar.bz2
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/nasm-0.98.39.tar.bz2
+http://www.linuxfromscratch.org/blfs/downloads/6.1/nasm-0.98.39-security_fix-1.patch
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/Perl_Modules/Archive-Tar-1.24.tar.bz2
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/Perl_Modules/Business-ISBN-1.80.tar.bz2
@@ -77,6 +78,7 @@
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/M-P/Python-2.4.1-gdbm-1.patch
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/Q-S/ruby-1.8.2.tar.bz2
+http://www.ruby-lang.org/patches/ruby-1.8.2-xmlrpc-ipimethods-fix.diff
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/T-V/tcl8.4.11-src.tar.bz2
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/T-V/tk8.4.11-src.tar.bz2

Modified: profiles/BLFS/trunk/wget/chapter16.urls
===================================================================
--- profiles/BLFS/trunk/wget/chapter16.urls	2005-09-12 18:23:41 UTC (rev 1996)
+++ profiles/BLFS/trunk/wget/chapter16.urls	2005-09-12 19:01:24 UTC (rev 1997)
@@ -7,4 +7,4 @@
 
 ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/L/libsoup-2.2.3.tar.bz2
 
-ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/L/libpcap-0.9.1.tar.bz2
+ftp://ftp.lfs-matrix.net/pub/BLFS/SVN/L/libpcap-0.9.3.tar.bz2




More information about the alfs-log mailing list