Changeset 67ca8f6 for basicnet

Timestamp:

11/26/2005 07:02:38 PM (18 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

9d3c5f1

Parents:

8f38c8e7

Message:

Added a note to the Lynx instructions that identifies, and shows how to avoid, a security vulnerability

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5315 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• basicnet/textweb/lynx.xml (modified) (4 diffs)

basicnet/textweb/lynx.xml

@@ -64 +64 @@
     <ulink url="../server/mail.html">MTA</ulink>,
     <xref linkend="zip"/>, <xref linkend="unzip"/>,
-    <xref linkend="slang"/>, <ulink
+    <xref linkend="slang"/> and
+    <!-- <ulink
     url="http://ftp.ibiblio.org/pub/linux/utils/compress/ncompress-4.2.4.tar.Z">
-    ncompress</ulink> and
+    ncompress</ulink> and -->
     <ulink url="http://www.gnu.org/software/sharutils/">sharutils</ulink></para>
 
@@ -99 +100 @@
     <para><parameter>--libdir=/etc</parameter>: For some reason, the
     <command>configure</command> and <command>make</command> routine for
-    <application>Lynx</application> uses <option>libdir</option> as the prefix for the
-    configuration file. This is set to <filename class="directory">/etc</filename>
-    so that the system wide configuration file is
-    <filename>/etc/lynx.cfg</filename>.</para>
+    <application>Lynx</application> uses <option>libdir</option> as the prefix
+    for the configuration file. This is set to
+    <filename class="directory">/etc</filename> so that the system wide
+    configuration file is <filename>/etc/lynx.cfg</filename>.</para>
 
     <para><parameter>--with-zlib</parameter>: This enables support for
@@ -113 +114 @@
 
     <para><parameter>docdir=... helpdir=...</parameter>: These
-    variables are set to avoid getting the help and documentation files installed
-    under <filename class="directory">/etc</filename>.</para>
+    variables are set to avoid getting the help and documentation files
+    installed under <filename class="directory">/etc</filename>.</para>
 
     <para><option>--with-ssl</option>: This enables support for
@@ -125 +126 @@
     <para><command>chgrp -v -R root
     /usr/share/doc/lynx-&lynx-version;/doc</command>:
-    This command corrects the improper group ownership of installed documentation
-    files caused if <application>Lynx</application> is built by any user other
-    than <systemitem class="username">root</systemitem>.</para>
-
+    This command corrects the improper group ownership of installed
+    documentation files caused if <application>Lynx</application> is built
+    by any user other than
+    <systemitem class="username">root</systemitem>.</para>
+
+    <note>
+      <para>There has been a security vulnerability identified if you enable
+      support for CGI links by passing the <option>--enable-cgi-links</option>
+      parameter to <command>configure</command>. See <ulink
+      url="http://seclists.org/lists/vulnwatch/2005/Oct-Dec/0041.html"/> for
+      details.</para>
+    </note>
+   
   </sect2>