r2778 - in trunk: BOOK/basicnet/netprogs BOOK/introduction/welcome patches

igor at linuxfromscratch.org igor at linuxfromscratch.org
Thu Oct 7 12:56:24 PDT 2004


Author: igor
Date: 2004-10-07 13:56:23 -0600 (Thu, 07 Oct 2004)
New Revision: 2778

Added:
   trunk/patches/cvs-1.11.17-zlib-1.patch
Modified:
   trunk/BOOK/basicnet/netprogs/cvs.xml
   trunk/BOOK/introduction/welcome/changelog.xml
Log:
Added a patch which links CVS against system zlib library.

Modified: trunk/BOOK/basicnet/netprogs/cvs.xml
===================================================================
--- trunk/BOOK/basicnet/netprogs/cvs.xml	2004-10-07 19:25:23 UTC (rev 2777)
+++ trunk/BOOK/basicnet/netprogs/cvs.xml	2004-10-07 19:56:23 UTC (rev 2778)
@@ -38,6 +38,13 @@
 <listitem><para>Estimated build time: &cvs-time;</para></listitem></itemizedlist>
 </sect3>
 
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Recommended patch: <ulink
+url="&patch-root;/cvs-&cvs-version;-zlib-1.patch"/>
+</para></listitem>
+</itemizedlist></sect3>
+
 <sect3><title><application>CVS</application> dependencies</title>
 <sect4><title>Optional</title>
 <para>
@@ -55,6 +62,14 @@
 <sect2>
 <title>Installation of <application><acronym>CVS</acronym></application></title>
 
+<para>By default <application><acronym>CVS</acronym></application>
+is statically linked against the zlib library included in its source
+tree. This makes it exposed to possible security vulnerabilities in that
+library. If you want to modify CVS to use the newest system shared zlib
+library apply the following patch:</para>
+
+<screen><userinput><command>patch -Np1 -i ../cvs-&cvs-version;-zlib-1.patch</command></userinput></screen>
+
 <para>Install <application><acronym>cvs</acronym></application> by running the following commands:</para>
 
 <screen><userinput><command>./configure --prefix=/usr &&

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2004-10-07 19:25:23 UTC (rev 2777)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2004-10-07 19:56:23 UTC (rev 2778)
@@ -22,6 +22,9 @@
 
 <itemizedlist>
 
+<listitem><para>October 7th, 2004 [igor]: Added a patch which links
+CVS against system zlib library.</para></listitem>
+
 <listitem><para>October 7th, 2004 [randy]: Updated Zip and Unzip HTTP
 download URL's as suggested by Stefan Morrell.</para></listitem>
 

Added: trunk/patches/cvs-1.11.17-zlib-1.patch
===================================================================
--- trunk/patches/cvs-1.11.17-zlib-1.patch	2004-10-07 19:25:23 UTC (rev 2777)
+++ trunk/patches/cvs-1.11.17-zlib-1.patch	2004-10-07 19:56:23 UTC (rev 2778)
@@ -0,0 +1,53 @@
+Submitted By:            BLFS Book <blfs-book at linuxfromscratch.org>
+Date:                    2003-10-04
+Initial Package Version: 1.11.2
+Upstream Status:         Not submitted
+Origin:                  BLFS Dev Post
+Description:             Links against system zlib instead of the
+                         internal zlib.
+
+$LastChangedBy:  $
+$Date:  $
+
+diff -Naur cvs-1.11.17-orig/src/Makefile.in cvs-1.11.17/src/Makefile.in
+--- cvs-1.11.17-orig/src/Makefile.in	2004-06-09 14:46:19.000000000 +0000
++++ cvs-1.11.17/src/Makefile.in	2004-10-07 19:25:52.804524123 +0000
+@@ -146,7 +146,7 @@
+ # some namespace hackery going on that maybe shouldn't be.  Long term fix is to
+ # try and remove naming ocnflicts and fix Automake to allow particular includes
+ # to be attached only to particular object files.  Short term fix is either or.
+-INCLUDES = -I$(top_srcdir)/lib -I$(top_srcdir)/diff -I$(top_srcdir)/zlib $(includeopt)
++INCLUDES = -I$(top_srcdir)/lib -I$(top_srcdir)/diff $(includeopt)
+ 
+ bin_PROGRAMS = cvs
+ bin_SCRIPTS = cvsbug
+@@ -228,7 +228,7 @@
+ cvs_LDADD = \
+ 	../diff/libdiff.a \
+ 	../lib/libcvs.a \
+-	../zlib/libz.a
++	-lz
+ 
+ 
+ # extra clean targets
+@@ -272,7 +272,7 @@
+ 	vers_ts.$(OBJEXT) watch.$(OBJEXT) wrapper.$(OBJEXT) \
+ 	zlib.$(OBJEXT)
+ cvs_OBJECTS = $(am_cvs_OBJECTS)
+-cvs_DEPENDENCIES = ../diff/libdiff.a ../lib/libcvs.a ../zlib/libz.a
++cvs_DEPENDENCIES = ../diff/libdiff.a ../lib/libcvs.a
+ cvs_LDFLAGS =
+ SCRIPTS = $(bin_SCRIPTS)
+ 
+diff -Naur cvs-1.11.17-orig/src/zlib.c cvs-1.11.17/src/zlib.c
+--- cvs-1.11.17-orig/src/zlib.c	2004-03-19 19:18:57.000000000 +0000
++++ cvs-1.11.17/src/zlib.c	2004-10-07 19:25:52.806523816 +0000
+@@ -22,7 +22,7 @@
+ 
+ #if defined (SERVER_SUPPORT) || defined (CLIENT_SUPPORT)
+ 
+-#include "zlib.h"
++#include <zlib.h>
+ 
+ /* OS/2 doesn't have EIO.  FIXME: this whole notion of turning
+    a different error into EIO strikes me as pretty dubious.  */




More information about the blfs-book mailing list