diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index d16a6181b..fa7fc12c4 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -40,11 +40,29 @@
appropriate for the entry or if needed the entire day's listitem.
-->
+
+ 2024-02-02
+
+
+ [xry111] - Update to tzdata-2024a. Fixes
+ #5428.
+
+
+ [xry111] - Update to glibc-2.39 (security fix). Fixes
+ #5426.
+
+
+ [xry111] - Update to linux-6.7.3. Fixes
+ #5427.
+
+
+
+
2024-02-01
- [bdubbs] - Update to openssl-3.2.1. Fixes
+ [bdubbs] - Update to openssl-3.2.1 (security fix). Fixes
#5425.
diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml
index 96d38eab5..f84de485d 100644
--- a/chapter01/whatsnew.xml
+++ b/chapter01/whatsnew.xml
@@ -101,9 +101,9 @@
Gettext-&gettext-version;
-
+
@@ -298,10 +298,6 @@
setuptools-&setuptools-version;
-
- &glibc-upstream-fixes-patch;
-
-
&pkgconf-upstream-fix-patch;
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index 106527518..f05fbd604 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -76,7 +76,7 @@
MD5 sum: &gcc-upstream-fixes-patch-md5;
--->
+
Glibc Upstream Fixes Patch - &glibc-upstream-fixes-patch-size;:
@@ -84,7 +84,7 @@
MD5 sum: &glibc-upstream-fixes-patch-md5;
-
+-->
Glibc FHS Patch - &glibc-fhs-patch-size;:
diff --git a/chapter08/bash.xml b/chapter08/bash.xml
index 4e7a418f5..4b5b47e62 100644
--- a/chapter08/bash.xml
+++ b/chapter08/bash.xml
@@ -75,7 +75,7 @@
To prepare the tests, ensure that the tester user can write to the sources tree:
-chown -Rv tester .
+chown -R tester .
The test suite of this package is designed to be run as a non-&root;
user who owns the terminal connected to standard input. To satisfy the
diff --git a/chapter08/coreutils.xml b/chapter08/coreutils.xml
index 96c46996d..655e0dd66 100644
--- a/chapter08/coreutils.xml
+++ b/chapter08/coreutils.xml
@@ -121,7 +121,7 @@ FORCE_UNSAFE_CONFIGURE=1 ./configure \
Fix some of the permissions so that the non-&root; user can
compile and run the tests:
-chown -Rv tester .
+chown -R tester .
Now run the tests:
diff --git a/chapter08/findutils.xml b/chapter08/findutils.xml
index 7012c221a..5671f6183 100644
--- a/chapter08/findutils.xml
+++ b/chapter08/findutils.xml
@@ -82,7 +82,7 @@ esac
To test the results, issue:
-chown -Rv tester .
+chown -R tester .
su tester -c "PATH=$PATH make check"
Install the package:
diff --git a/chapter08/gawk.xml b/chapter08/gawk.xml
index a7f74eb92..bc19acaaf 100644
--- a/chapter08/gawk.xml
+++ b/chapter08/gawk.xml
@@ -54,7 +54,7 @@
To test the results, issue:
-chown -Rv tester .
+chown -R tester .
su tester -c "PATH=$PATH make check"
Install the package:
diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index 72e59707b..7f60d3cd5 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -154,7 +154,7 @@ cd build
Test the results as a non-privileged user, but do not stop at errors:
-chown -Rv tester .
+chown -R tester .
su tester -c "PATH=$PATH make -k check"
To extract a summary of the test suite results, run:
diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index ae4856581..e09fe4900 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -49,12 +49,12 @@
store their runtime data in the FHS-compliant locations:
patch -Np1 -i ../&glibc-fhs-patch;
-
+
The Glibc documentation recommends building Glibc
in a dedicated build directory:
@@ -201,6 +201,121 @@ esac
sed '/test-installation/s@$(PERL)@echo not running@' -i ../Makefile
+
+
+ If upgrading Glibc to a new minor version (for example, from
+ Glibc-2.36 to Glibc-&glibc-version;) on a running LFS system, you
+ need to take some extra precautions to avoid breaking the system:
+
+
+
+
+
+
+ Upgrading Glibc on a LFS system prior to 11.0 (exclusive) is
+ not supported. Rebuild LFS if you are running such an old LFS
+ system but you need a newer Glibc.
+
+
+
+
+
+
+ If upgrading on a LFS system prior to 12.0 (exclusive), install
+ Libxcrypt following
+ In addition to
+ a normal Libxcrypt installation,
+ you MUST follow the note in Libxcrypt
+ section to install
+ libcrypt.so.1*
+ (overwritting
+ libcrypt.so.1 from the
+ prior Glibc installation).
+
+
+
+
+
+
+ If upgrading on a LFS system prior to 12.1 (exclusive),
+ remove the nscd program:
+
+
+ rm -f /usr/sbin/nscd
+
+
+ If this system (prior to LFS 12.1, exclusive) is based on
+ Systemd, it's also needed to disable and stop the
+ nscd service now:
+
+
+ systemctl disable --now nscd
+
+
+
+
+ Upgrade the kernel and reboot if it's older than &min-kernel;
+ (check the current version with uname -r)
+ or if you want to upgrade it anyway, following
+
+
+
+
+
+
+ Upgrade the kernel API headers if it's older than &min-kernel;
+ (check the current version with
+ cat /usr/include/linux/version.h)
+ or if you want to upgrade it anyway, following
+ (but removing
+ $LFS from the cp command).
+
+
+
+
+
+
+ Perform a DESTDIR installation and upgrade
+ the Glibc shared libraries on the system using one single
+ install command:
+
+
+ make DESTDIR=$PWD/dest install
+install -vm755 dest/usr/lib/*.so.* /usr/lib
+
+
+
+
+ It's imperative to strictly follow these steps above unless you
+ completely understand what you are doing.
+ Any unexpected deviation may render the
+ system completely unusable. YOU ARE WARNED.
+
+
+
+ Then continue to run the make install command
+ and the sed command against
+ /usr/bin/ldd. Once they are finished, reboot
+ the system immediately.
+
+
+
Install the package:
make install
diff --git a/chapter08/make.xml b/chapter08/make.xml
index 186698a58..41a77c649 100644
--- a/chapter08/make.xml
+++ b/chapter08/make.xml
@@ -53,7 +53,7 @@
https://savannah.gnu.org/bugs/?63852 -->
To test the results, issue:
-chown -Rv tester .
+chown -R tester .
su tester -c "PATH=$PATH make check"
Install the package:
diff --git a/chapter08/pkgmgt.xml b/chapter08/pkgmgt.xml
index 4c7bb6dd7..10ec5d199 100644
--- a/chapter08/pkgmgt.xml
+++ b/chapter08/pkgmgt.xml
@@ -63,21 +63,9 @@
If Glibc needs to be upgraded to a newer
- version, (e.g., from Glibc-2.31 to Glibc-2.32), it is safer to
- rebuild LFS. Though you may be able to rebuild
- all the packages in their dependency order, we do not recommend
- it.
-
-
-
- Reinstalling the same version of Glibc (&glibc-version; for
- this release of LFS) with patches should be safe when these patches
- do not change ABI and API. When a security vulnerability is found
- in Glibc, we often need to apply such a patch to fix the
- vulnerability and reinstall Glibc. Consult
- LFS security
- advisories if you are alerted for a published Glibc security
- vulnerability but unsure about the action to take.
+ version, (e.g., from Glibc-2.36 to Glibc-&glibc-version;),
+ some extra steps are needed to avoid breaking the system.
+ Read for details.
If a package containing a shared library is updated, and
diff --git a/chapter08/sed.xml b/chapter08/sed.xml
index 4a524c751..75d015600 100644
--- a/chapter08/sed.xml
+++ b/chapter08/sed.xml
@@ -51,7 +51,7 @@ make html
To test the results, issue:
-chown -Rv tester .
+chown -R tester .
su tester -c "PATH=$PATH make check"
Install the package and its documentation:
diff --git a/chapter08/util-linux.xml b/chapter08/util-linux.xml
index 496a0cfed..ff24c6b85 100644
--- a/chapter08/util-linux.xml
+++ b/chapter08/util-linux.xml
@@ -103,7 +103,7 @@
bash tests/run.sh --srcdir=$PWD --builddir=$PWD
-chown -Rv tester .
+chown -R tester .
su tester -c "make -k check"
The hardlink tests will fail if the host's kernel
diff --git a/chapter08/vim.xml b/chapter08/vim.xml
index 9dd3b4b74..030c50442 100644
--- a/chapter08/vim.xml
+++ b/chapter08/vim.xml
@@ -66,7 +66,7 @@
tester can write
to the source tree:
-chown -Rv tester .
+chown -R tester .
Now run the tests as user tester:
diff --git a/packages.ent b/packages.ent
index 22e143878..6d319968a 100644
--- a/packages.ent
+++ b/packages.ent
@@ -255,10 +255,10 @@
-
-
+
+
-
+
@@ -431,12 +431,12 @@
-
+
-
+
-
+