Changeset dea551da

Timestamp:

08/08/2005 09:21:19 PM (19 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

60791bf

Parents:

575b4a3f

Message:

Added a patch to the Ruby instructions which fixes a security vulnerability

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4895 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general/prog/ruby.xml (modified) (3 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)

general/prog/ruby.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!ENTITY ruby-download-http " ">
+  <!ENTITY ruby-download-http "http://www.ibiblio.org/pub/languages/ruby/ruby/ruby-&ruby-version;.tar.gz">
   <!ENTITY ruby-download-ftp "ftp://ftp.ruby-lang.org/pub/ruby/ruby-&ruby-version;.tar.gz">
   <!ENTITY ruby-md5sum "8ffc79d96f336b80f2690a17601dea9b">
   <!ENTITY ruby-size "3.5 MB">
   <!ENTITY ruby-buildsize "55.2 MB">
-  <!ENTITY ruby-time "0.93 SBU">
+  <!ENTITY ruby-time "0.9 SBU">
 ]>
 
@@ -56 +56 @@
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Required patch to fix a vulnerability which allows remote
+        attackers to execute arbitrary commands: <ulink
+        url="http://www.ruby-lang.org/patches/ruby-&ruby-version;-xmlrpc-ipimethods-fix.diff"/></para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">Ruby Dependencies</bridgehead>
 
@@ -72 +81 @@
     commands:</para>
 
-<screen><userinput>./configure --prefix=/usr --enable-shared \
+<screen><userinput>patch -Np1 -i ../ruby-&ruby-version;-xmlrpc-ipimethods-fix.diff &amp;&amp;
+./configure --prefix=/usr --enable-shared \
     --enable-pthread --enable-install-doc &amp;&amp;
 make</userinput></screen>

introduction/welcome/changelog.xml

@@ -24 +24 @@
 
   <itemizedlist>
+
+    <listitem>
+      <para>August 8th, 2005 [randy]: Added instructions to install a patch
+      to the Ruby package which fixes a security vulnerability, thanks to
+      Ken Moffat for the suggestion.</para>
+    </listitem>
 
     <listitem>