Fix CVE-2024-0684 (#5417)

2024-10-18 11:50:21 +03:00 · 2024-01-31 20:29:37 +05:00 · 2024-01-31 20:29:37 +05:00 · 91199867f8
commit 91199867f8
parent b0260cae16
2 changed files with 27 additions and 6 deletions
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@ -39,6 +39,28 @@
    appropriate for the entry or if needed the entire day's listitem.
    -->

+    <listitem>
+      <para>2024-01-21</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2024-0684 for coreutils-9.4.  Fixes
+          <ulink url="&lfs-ticket-root;5417">#5417</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
+      <para>2024-01-18</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Edit a ncurses header to always use the
+          wide-character ABI compatible with libncursesw.so because we
+          are faking the 8-bit libncurses.so with it.  Fixes
+          <ulink url="&lfs-ticket-root;5415">#5415</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
    <listitem>
      <para>2024-01-09</para>
      <itemizedlist>
--- a/chapter08/coreutils.xml
+++ b/chapter08/coreutils.xml
@ -51,13 +51,12 @@
 	  Coreutils, сначала проверьте, воспроизводятся ли эти ошибки без этого исправления.</para>
    </note>

-   <!-- https://bugs.gnu.org/62403 -->
-<!--
-    <para>Fix a bug in checksum utilities causing failed checks not
-    reported correctly:</para>
+    <!-- https://seclists.org/oss-sec/2024/q1/30 -->
+    <para>Исправьте уязвимость в утилите <command>split</command>:</para>
+
+<screen><userinput remap="pre">sed -e '/n_out += n_hold/,+4 s|.*bufsize.*|//&amp;|' \
+    -i src/split.c</userinput></screen>

-<screen><userinput remap="pre">sed '/if ( ! match/s/ed_checksums//' -i src/digest.c</userinput></screen>
-->
    <para>Теперь подготовьте Coreutils к компиляции:</para>

 <screen><userinput remap="configure">autoreconf -fiv