r4905 - in branches/6.1: BOOK BOOK/general/genlib BOOK/general/graphlib BOOK/general/prog BOOK/introduction/welcome BOOK/postlfs/config BOOK/postlfs/security patches

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Tue Aug 9 18:50:07 PDT 2005


Author: bdubbs
Date: 2005-08-09 19:50:01 -0600 (Tue, 09 Aug 2005)
New Revision: 4905

Added:
   branches/6.1/patches/nasm-0.98.39-security_fix-1.patch
Modified:
   branches/6.1/BOOK/general.ent
   branches/6.1/BOOK/general/genlib/gmp.xml
   branches/6.1/BOOK/general/graphlib/fontconfig.xml
   branches/6.1/BOOK/general/prog/dejagnu.xml
   branches/6.1/BOOK/general/prog/nasm.xml
   branches/6.1/BOOK/general/prog/ruby.xml
   branches/6.1/BOOK/introduction/welcome/changelog.xml
   branches/6.1/BOOK/postlfs/config/autofs.xml
   branches/6.1/BOOK/postlfs/security/shadow.xml
Log:
Merge changes into 6.1-pre2

Modified: branches/6.1/BOOK/general/genlib/gmp.xml
===================================================================
--- branches/6.1/BOOK/general/genlib/gmp.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general/genlib/gmp.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -63,14 +63,14 @@
     <para>Install <application>GMP</application> by running
     the following commands:</para>
 
-<screen><userinput>./configure --prefix=/usr --enable-cxx \
-    --enable-mpbsd --enable-mpfr &&
+<screen><userinput>./configure --prefix=/usr --enable-cxx --enable-mpbsd &&
 make</userinput></screen>
 
     <para>To test the results, issue: <command>make check</command>.
-	Owing to various reports of mis-compilations,
-	the maintainer strongly recommends running the test-suite and
-	report any failures.</para>
+    Owing to various reports of mis-compilations, the maintainer strongly
+    recommends running the test-suite and report any failures. The libraries
+    should not be used in a production environment if there are problems 
+    running <command>make check</command>.</para>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
@@ -89,10 +89,6 @@
     enables building the Berkeley MP compatibility
     (<filename class="libraryfile">libmp</filename>) libraries.</para>
 
-    <para><parameter>--enable-mpfr</parameter>: This parameter
-    enables building the Multiple Precision Floating-Point Reliable
-    (<filename class="libraryfile">libmpfr.a</filename>) library.</para>
-
   </sect2>
 
   <sect2 role="content">
@@ -105,7 +101,7 @@
 
       <seglistitem>
         <seg>None</seg>
-        <seg>libgmp.[so,a], libgmpxx.[so,a], libmp.[so,a], and libmpfr.a</seg>
+        <seg>libgmp.[so,a], libgmpxx.[so,a] and libmp.[so,a]</seg>
         <seg>None</seg>
       </seglistitem>
     </segmentedlist>
@@ -131,4 +127,3 @@
   </sect2>
 
 </sect1>
-

Modified: branches/6.1/BOOK/general/graphlib/fontconfig.xml
===================================================================
--- branches/6.1/BOOK/general/graphlib/fontconfig.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general/graphlib/fontconfig.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -9,7 +9,7 @@
   <!ENTITY fontconfig-download-ftp " ">
   <!ENTITY fontconfig-md5sum "7354f9f125ea78a8f2851cb9c31d4866">
   <!ENTITY fontconfig-size "942 KB">
-  <!ENTITY fontconfig-buildsize "10.5 MB">
+  <!ENTITY fontconfig-buildsize "13.0 MB">
   <!ENTITY fontconfig-time "0.2 SBU">
 ]>
 
@@ -71,9 +71,11 @@
     <para><xref linkend="docbook-utils"/></para>
 
     <note>
-      <para>If you have <application>DocBook-utils</application> installed,
-      you must also have <xref linkend="perl-sgmlspm"/> installed also, or the
-      <application>Fontconfig</application> build will fail.</para>
+      <para>If you have <application>DocBook-utils</application> installed
+      and you remove the <parameter>--disable-docs</parameter> parameter from
+      the <command>configure</command> command below, you must have
+      <xref linkend="perl-sgmlspm"/> and <xref linkend="jadetex"/> installed
+      also, or the <application>Fontconfig</application> build will fail.</para>
     </note>
 
   </sect2>
@@ -84,8 +86,7 @@
     <para>Install <application>Fontconfig</application> by running the following
     commands:</para>
 
-<screen><userinput>./configure --prefix=/usr \
-    --sysconfdir=/etc --disable-docs &&
+<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc --disable-docs &&
 make</userinput></screen>
 
     <para>To test the results, issue: <command>make check</command>.</para>
@@ -93,17 +94,23 @@
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &&
-make -C doc install &&
-install -v -m 644 doc/*.3 /usr/share/man/man3/</userinput></screen>
+install -v -m755 -d /usr/share/doc/fontconfig/fontconfig-devel &&
+install -v -m644 doc/*.3 /usr/share/man/man3 &&
+install -v -m644 doc/*.5 /usr/share/man/man5 &&
+install -v -m644 doc/*.{html,pdf,txt} /usr/share/doc/fontconfig &&
+install -v -m644 doc/fontconfig-devel/* \
+    /usr/share/doc/fontconfig/fontconfig-devel</userinput></screen>
 
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--disable-docs</parameter>: This switch avoids building the
-    documentation (the release tarball includes pre-generated documentation).
-    If you wish to build the documentation using
+    <para><parameter>--disable-docs</parameter>: This switch avoids building
+    the documentation (the release tarball includes pre-generated
+    documentation).</para>
+
+    <!-- If you wish to build the documentation using
     <application>DocBook-utils</application>, you may need to remove the
     <application>OpenSP</application> catalog definitions from the system
     SGML catalogs. Use the following command before building
@@ -112,7 +119,7 @@
 <screen role="root"><userinput>sed -i.orig \
     -e "\%CATALOG /etc/sgml/OpenSP-1.5.1.cat%d" \
     /etc/sgml/catalog \
-    /etc/sgml/sgml-docbook.cat</userinput></screen>
+    /etc/sgml/sgml-docbook.cat</userinput></screen> -->
 
   </sect2>
 

Modified: branches/6.1/BOOK/general/prog/dejagnu.xml
===================================================================
--- branches/6.1/BOOK/general/prog/dejagnu.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general/prog/dejagnu.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -29,9 +29,9 @@
   <sect2 role="package">
     <title>Introduction to DejaGnu</title>
 
-    <para><application>DejaGnu</application> is a framework for running test suites
-    on GNU tools. It is written in <command>expect</command>,
-    which uses <application>Tcl</application> (Tool command language).</para>
+    <para><application>DejaGnu</application> is a framework for running test
+    suites on GNU tools. It is written in <command>expect</command>, which
+    uses <application>Tcl</application> (Tool command language).</para>
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -79,6 +79,9 @@
 <screen role="root"><userinput>make install &&
 make install-doc</userinput></screen>
 
+    <para>To test the installation, issue <command>make check</command> as
+    an unprivileged user.</para>
+
   </sect2>
 
   <sect2 role="content">
@@ -120,4 +123,3 @@
   </sect2>
 
 </sect1>
-

Modified: branches/6.1/BOOK/general/prog/nasm.xml
===================================================================
--- branches/6.1/BOOK/general/prog/nasm.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general/prog/nasm.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -9,7 +9,7 @@
   <!ENTITY NASM-md5sum "2032ad44c7359f7a9a166a40a633e772">
   <!ENTITY NASM-size "543 KB">
   <!ENTITY NASM-buildsize "17.3 MB (includes building and installing all docs)">
-  <!ENTITY NASM-time "0.20 SBU">
+  <!ENTITY NASM-time "0.2 SBU">
 ]>
 
 <sect1 id="NASM" xreflabel="NASM-&NASM-version;">
@@ -55,6 +55,14 @@
       </listitem>
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem> 
+        <para>Required patch to fix a buffer overrun vulnerability: <ulink
+        url="&patch-root;/nasm-&NASM-version;-security_fix-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">NASM Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional (for Building Documentation)</bridgehead>
@@ -69,7 +77,8 @@
     <para>Install <application>NASM</application> by running
     the following commands:</para>
 
-<screen><userinput>./configure --prefix=/usr &&
+<screen><userinput>patch -Np1 -i ../nasm-&NASM-version;-security_fix-1.patch &&
+./configure --prefix=/usr &&
 make &&
 make -C rdoff/doc &&
 make -C rdoff/doc html</userinput></screen>

Modified: branches/6.1/BOOK/general/prog/ruby.xml
===================================================================
--- branches/6.1/BOOK/general/prog/ruby.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general/prog/ruby.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -4,12 +4,12 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!ENTITY ruby-download-http " ">
+  <!ENTITY ruby-download-http "http://www.ibiblio.org/pub/languages/ruby/ruby/ruby-&ruby-version;.tar.gz">
   <!ENTITY ruby-download-ftp "ftp://ftp.ruby-lang.org/pub/ruby/ruby-&ruby-version;.tar.gz">
   <!ENTITY ruby-md5sum "8ffc79d96f336b80f2690a17601dea9b">
   <!ENTITY ruby-size "3.5 MB">
   <!ENTITY ruby-buildsize "55.2 MB">
-  <!ENTITY ruby-time "0.93 SBU">
+  <!ENTITY ruby-time "0.9 SBU">
 ]>
 
 <sect1 id="ruby" xreflabel="Ruby-&ruby-version;">
@@ -55,6 +55,15 @@
       </listitem>
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Required patch to fix a vulnerability which allows remote
+        attackers to execute arbitrary commands: <ulink
+        url="http://www.ruby-lang.org/patches/ruby-&ruby-version;-xmlrpc-ipimethods-fix.diff"/></para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">Ruby Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
@@ -71,7 +80,8 @@
     <para>Install <application>Ruby</application> by running the following
     commands:</para>
 
-<screen><userinput>./configure --prefix=/usr --enable-shared \
+<screen><userinput>patch -Np1 -i ../ruby-&ruby-version;-xmlrpc-ipimethods-fix.diff &&
+./configure --prefix=/usr --enable-shared \
     --enable-pthread --enable-install-doc &&
 make</userinput></screen>
 

Modified: branches/6.1/BOOK/general.ent
===================================================================
--- branches/6.1/BOOK/general.ent	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/general.ent	2005-08-10 01:50:01 UTC (rev 4905)
@@ -1,10 +1,10 @@
-<!ENTITY day          "1">
+<!ENTITY day          "9">
 <!ENTITY month        "08">
 <!ENTITY year         "2005">
-<!ENTITY version      "6.1-pre1">
+<!ENTITY version      "6.1-pre2">
 <!ENTITY releasedate  "August &day;st, &year;">
 <!ENTITY pubdate      "&year;-&month;-0&day;"> <!-- metadata req. by TLDP -->
-<!ENTITY blfs-version "6.1-pre1">                  <!-- svn|[release #] -->
+<!ENTITY blfs-version "6.1-pre2">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "stable">          <!-- version|stable|testing|unstable|development] -->
 <!ENTITY last-commit  "$Date: 2005-07-28 13:03:39 +0100 (Thu, 28 Jul 2005) $"> <!-- Automatic update -->
 
@@ -21,7 +21,7 @@
 <!ENTITY publisher      "Unknown">
 
 
-<!ENTITY blfs-bootscripts-version     "20050731">
+<!ENTITY blfs-bootscripts-version     "6.1-pre2">
 <!ENTITY blfs-bootscripts-download    "&downloads-root;/blfs-bootscripts-&blfs-bootscripts-version;.tar.bz2">
 
 <!-- Part II -->

Modified: branches/6.1/BOOK/introduction/welcome/changelog.xml
===================================================================
--- branches/6.1/BOOK/introduction/welcome/changelog.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/introduction/welcome/changelog.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -23,8 +23,38 @@
   <para>&version; – &releasedate;</para>
 
   <itemizedlist>
+    <listitem>
+      <para>August 9th, 2005 [bdubbs]: BLFS-6.1-pre2 release.</para>
+    </listitem>
+
+    <listitem>
+      <para>August 9th, 2005 [dj]: Added default PATH for pam_env and 
+      a note about the lack of ENV_SUPATH.</para>
+    </listitem>
+
+    <listitem>
+      <para>August 8th, 2005 [randy]: Added instructions to install patches
+      to Ruby and NASM that fix security vulnerabilities discovered in both
+      packages, thanks to Ken Moffat for the suggestions.</para>
+    </listitem>
+
+    <listitem>
+      <para>August 8th, 2005 [randy]: Modified documentation installation in
+      the Fontconfig instructions.</para>
+    </listitem>
+
+    <listitem>
+      <para>August 8th, 2005 [randy]: Modified the Shadow instructions so
+      that builders will not receive configuration errors during the testing
+      recommended by the warning note.</para>
+    </listitem>
     
     <listitem>
+      <para>August 7th, 2005 [randy]: Removed building the MPFR library
+      from the GMP instructions.</para>
+    </listitem>
+    
+    <listitem>
       <para>July 31st, 2005 [randy]: Updated to libpcap-0.9.3 and moved the
       instructions from Chapter 8 "General Libraries" to Chapter 16 "Networking
       libraries"; updated to HTML Tidy-050722 and Ethereal-0.10.12.</para>

Modified: branches/6.1/BOOK/postlfs/config/autofs.xml
===================================================================
--- branches/6.1/BOOK/postlfs/config/autofs.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/postlfs/config/autofs.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -107,6 +107,7 @@
 <screen><userinput>patch -Np1 -i ../autofs-&autofs-version;-misc-fixes.patch &&
 patch -Np1 -i ../autofs-&autofs-version;-multi-parse-fix.patch &&
 patch -Np1 -i ../autofs-&autofs-version;-non-replicated-ping.patch &&
+./configure --prefix=/ --mandir=/usr/share/man &&
 make</userinput></screen>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>

Modified: branches/6.1/BOOK/postlfs/security/shadow.xml
===================================================================
--- branches/6.1/BOOK/postlfs/security/shadow.xml	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/BOOK/postlfs/security/shadow.xml	2005-08-10 01:50:01 UTC (rev 4905)
@@ -117,8 +117,9 @@
     <sect3 id="pam.d">
       <title>Config Files</title>
 
-      <para><filename>/etc/pam.d/*</filename>, or alternatively,
-      <filename>/etc/pam.conf</filename></para>
+      <para><filename>/etc/pam.d/*</filename> or alternatively
+      <filename>/etc/pam.conf, /etc/login.defs and
+      /etc/security/*</filename></para>
 
       <indexterm zone="shadow pam.d">
         <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
@@ -128,17 +129,69 @@
         <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
       </indexterm>
 
+      <indexterm zone="shadow pam.d">
+        <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
+      </indexterm>
+
+      <indexterm zone="shadow pam.d">
+        <primary sortas="e-etc-security">/etc/security/*</primary>
+      </indexterm>
+
     </sect3>
 
     <sect3>
       <title>Configuration Information</title>
 
-      <para>Add the following <application>Linux-PAM</application> configuration
-      files to <filename class="directory">/etc/pam.d/</filename> (or add them
-      to <filename>/etc/pam.conf</filename> with the additional field for
-      the program).</para>
+      <sect4 id="pam-login-defs">
+        <title>Configuring /etc/login.defs</title>
 
+        <para>The <command>login</command> program currently performs many
+        functions which <application>Linux-PAM</application> modules should
+        now handle. The following <command>sed</command> command will comment
+        out the appropriate lines in <filename>/etc/login.defs</filename>, and
+        stop <command>login</command> from performing these functions (a backup
+        file named <filename>/etc/login.defs.orig</filename> is also created
+        to preserve the original file's contents):</para>
+
+        <indexterm zone="shadow pam-login-defs">
+          <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
+        </indexterm>
+
+<screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig &&
+for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \
+                PORTTIME_CHECKS_ENAB CONSOLE \
+                MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \
+                SU_WHEEL_ONLY MD5_CRYPT_ENAB \
+                CONSOLE_GROUPS ENVIRON_FILE \
+                ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
+                ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
+                CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE
+do
+    sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
+done</userinput></screen>
+
+        <para>If you have <application>CrackLib</application> installed,
+        also comment out four more lines using the following command:</para>
+
+<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
+                PASS_CHANGE_TRIES PASS_ALWAYS_WARN
+do
+    sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
+done</userinput></screen>
+
+      </sect4>
+
       <sect4>
+        <title>Configuring the /etc/pam.d/ Files</title>
+
+        <para>Add the following <application>Linux-PAM</application> configuration
+        files to <filename class="directory">/etc/pam.d/</filename> (or add them
+        to <filename>/etc/pam.conf</filename> with the additional field for
+        the program).</para>
+
+      </sect4>
+
+      <sect4>
         <title>'login' (with CrackLib)</title>
 
 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF"
@@ -146,10 +199,10 @@
 
 auth        requisite      pam_securetty.so
 auth        requisite      pam_nologin.so
-auth        required       pam_env.so
 auth        required       pam_unix.so
 account     required       pam_access.so
 account     required       pam_unix.so
+session     required       pam_env.so
 session     required       pam_motd.so
 session     required       pam_limits.so
 session     optional       pam_mail.so      dir=/var/mail standard
@@ -228,6 +281,7 @@
 auth        required        pam_unix.so
 account     required        pam_unix.so
 session     optional        pam_mail.so     dir=/var/mail standard
+session     required        pam_env.so
 session     required        pam_unix.so
 
 # End /etc/pam.d/su</literal>
@@ -266,14 +320,16 @@
         <warning>
           <para>At this point, you should do a simple test to see if
           <application>Shadow</application> is working as expected. Open
-          another term and log in as a user, then <command>su</command> to
+          another terminal and log in as a user, then <command>su</command> to
           <systemitem class="username">root</systemitem>. If you do not see any
           errors, then all is well and you should proceed with the rest of the
           configuration. If you did receive errors, stop now and double check
           the above configuration files manually.  If you cannot find and
           fix the error, you should recompile <application>Shadow</application>
           replacing <option>--with-libpam</option> with
-          <option>--without-libpam</option> in the above instructions. If you
+          <option>--without-libpam</option> in the above instructions (also move
+          the <filename>/etc/login.defs.orig</filename> backup file to
+          <filename>/etc/login.defs</filename>). If you
           fail to do this and the errors remain, you will be unable to log into
           your system.</para>
         </warning>
@@ -347,40 +403,28 @@
 
       </sect4>
 
-      <sect4 id="pam-login-defs">
-        <title>Configuring /etc/login.defs</title>
 
-        <para>The <command>login</command> program currently performs many
-        functions which <application>Linux-PAM</application> modules should
-        now handle. The following command will comment out the appropriate
-        lines in <filename>/etc/login.defs</filename>, and stop
-        <command>login</command> from performing these functions:</para>
+      <sect4 id="pam-env">
+        <title>Configuring Default Environment</title>
 
-        <indexterm zone="shadow pam-login-defs">
-          <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
-        </indexterm>
+          <para>During previous configuration, several items were removed from 
+          <filename>/etc/login.defs</filename>.  Some of these items are now
+          controlled by the <filename class='libraryfile'>pam_env.so</filename> 
+          module and the <filename>/etc/security/pam_env.conf</filename> 
+          configuration file.  In particular, the default path has been 
+          changed.  To recover your default path, execute the following 
+          commands:</para>
 
-<screen role="root"><userinput>for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \
-                PORTTIME_CHECKS_ENAB CONSOLE \
-                MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \
-                SU_WHEEL_ONLY MD5_CRYPT_ENAB \
-                CONSOLE_GROUPS ENVIRON_FILE \
-                ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
-                ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
-                CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE
-do
-    sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
-done</userinput></screen>
+<screen><userinput><command>ENV_PATH=`grep '^ENV_PATH' /etc/login.defs.orig | \
+    awk '{ print $2 }' | sed 's/PATH=//'` &&
+echo 'PATH        DEFAULT='`echo "${ENV_PATH}"`'        OVERRIDE=${PATH}' \
+    >> /etc/security/pam_env.conf &&
+unset ENV_PATH</command></userinput></screen>
 
-        <para>If you have <application>CrackLib</application> installed,
-        also comment out four more lines using the following command:</para>
+          <note><para>ENV_SUPATH is no longer supported.  You must create 
+          a valid <filename>/root/.bashrc</filename> file to provide a 
+          modified path for the super user.</para></note>
 
-<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
-                PASS_CHANGE_TRIES PASS_ALWAYS_WARN
-do
-    sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
-done</userinput></screen>
-
       </sect4>
 
     </sect3>

Added: branches/6.1/patches/nasm-0.98.39-security_fix-1.patch
===================================================================
--- branches/6.1/patches/nasm-0.98.39-security_fix-1.patch	2005-08-10 00:33:22 UTC (rev 4904)
+++ branches/6.1/patches/nasm-0.98.39-security_fix-1.patch	2005-08-10 01:50:01 UTC (rev 4905)
@@ -0,0 +1,25 @@
+Submitted By: Ken Moffat <ken at kenmoffat.uklinux.net>
+Date: 2005-08-08
+Initial Package Version: 0.98.39
+Upstream Status: From upstream cvs
+Origin: Extracted by Ken Moffat
+Description:  This is Jindrich Novy's patch to fix another buffer overrun
+in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a
+malicious source file can have arbitrary code executed via a buffer
+overflow).
+
+
+$LastChangedBy: randy $
+$Date: 2005-08-08 17:44:12 -0500 (Mon, 08 Aug 2005) $
+
+--- nasm-0.98.39/output/outieee.c.orig	2005-01-15 22:16:08.000000000 +0000
++++ nasm-0.98.39/output/outieee.c	2005-08-08 22:12:46.000000000 +0100
+@@ -1120,7 +1120,7 @@
+     va_list ap;
+ 
+     va_start(ap, format);
+-    vsprintf(buffer, format, ap);
++    vsnprintf(buffer, sizeof(buffer), format, ap);
+     l = strlen(buffer);
+     for (i = 0; i < l; i++)
+         if ((buffer[i] & 0xff) > 31)




More information about the blfs-book mailing list