r5315 - in trunk/BOOK: basicnet/textweb introduction/welcome

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sat Nov 26 11:02:39 PST 2005


Author: randy
Date: 2005-11-26 12:02:38 -0700 (Sat, 26 Nov 2005)
New Revision: 5315

Modified:
   trunk/BOOK/basicnet/textweb/lynx.xml
   trunk/BOOK/introduction/welcome/changelog.xml
Log:
Added a note to the Lynx instructions that identifies, and shows how to avoid, a security vulnerability

Modified: trunk/BOOK/basicnet/textweb/lynx.xml
===================================================================
--- trunk/BOOK/basicnet/textweb/lynx.xml	2005-11-26 15:53:58 UTC (rev 5314)
+++ trunk/BOOK/basicnet/textweb/lynx.xml	2005-11-26 19:02:38 UTC (rev 5315)
@@ -63,9 +63,10 @@
     then <ulink url="ftp://ftp.gnupg.org/gcrypt/libgcrypt/">libgcrypt</ulink>),
     <ulink url="../server/mail.html">MTA</ulink>,
     <xref linkend="zip"/>, <xref linkend="unzip"/>,
-    <xref linkend="slang"/>, <ulink
+    <xref linkend="slang"/> and
+    <!-- <ulink
     url="http://ftp.ibiblio.org/pub/linux/utils/compress/ncompress-4.2.4.tar.Z">
-    ncompress</ulink> and
+    ncompress</ulink> and -->
     <ulink url="http://www.gnu.org/software/sharutils/">sharutils</ulink></para>
 
   </sect2>
@@ -98,10 +99,10 @@
 
     <para><parameter>--libdir=/etc</parameter>: For some reason, the
     <command>configure</command> and <command>make</command> routine for
-    <application>Lynx</application> uses <option>libdir</option> as the prefix for the
-    configuration file. This is set to <filename class="directory">/etc</filename>
-    so that the system wide configuration file is
-    <filename>/etc/lynx.cfg</filename>.</para>
+    <application>Lynx</application> uses <option>libdir</option> as the prefix
+    for the configuration file. This is set to
+    <filename class="directory">/etc</filename> so that the system wide
+    configuration file is <filename>/etc/lynx.cfg</filename>.</para>
 
     <para><parameter>--with-zlib</parameter>: This enables support for
     linking <filename class="libraryfile">libz</filename> into
@@ -112,8 +113,8 @@
     <application>Lynx</application>.</para>
 
     <para><parameter>docdir=... helpdir=...</parameter>: These
-    variables are set to avoid getting the help and documentation files installed
-    under <filename class="directory">/etc</filename>.</para>
+    variables are set to avoid getting the help and documentation files
+    installed under <filename class="directory">/etc</filename>.</para>
 
     <para><option>--with-ssl</option>: This enables support for
     linking SSL into <application>Lynx</application>.</para>
@@ -124,10 +125,19 @@
 
     <para><command>chgrp -v -R root
     /usr/share/doc/lynx-&lynx-version;/doc</command>:
-    This command corrects the improper group ownership of installed documentation
-    files caused if <application>Lynx</application> is built by any user other
-    than <systemitem class="username">root</systemitem>.</para>
+    This command corrects the improper group ownership of installed
+    documentation files caused if <application>Lynx</application> is built
+    by any user other than
+    <systemitem class="username">root</systemitem>.</para>
 
+    <note>
+      <para>There has been a security vulnerability identified if you enable
+      support for CGI links by passing the <option>--enable-cgi-links</option>
+      parameter to <command>configure</command>. See <ulink
+      url="http://seclists.org/lists/vulnwatch/2005/Oct-Dec/0041.html"/> for
+      details.</para>
+    </note>
+   
   </sect2>
 
   <sect2 role="configuration">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-11-26 15:53:58 UTC (rev 5314)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-11-26 19:02:38 UTC (rev 5315)
@@ -45,9 +45,13 @@
       <para>November 26th, 2005</para>
       <itemizedlist>
         <listitem>
-          <para>[randy] - Updated to S-Lang-2.0.5</para>
+          <para>[randy] - Added a note to the Lynx instructions that
+          identifies, and shows how to avoid, a security vulnerability.</para>
         </listitem>
         <listitem>
+          <para>[randy] - Updated to S-Lang-2.0.5.</para>
+        </listitem>
+        <listitem>
           <para>[randy] - Updated the text in the Net-tools instructions
           to reflect the updated version of Coreutils.</para>
         </listitem>




More information about the blfs-book mailing list