From c5d10b5afb9d13a3120106bb2b1aa495d15069d1 Mon Sep 17 00:00:00 2001 From: Bruce Dubbs Date: Mon, 17 Oct 2022 14:12:15 -0500 Subject: [PATCH 1/6] Update to linux-6.0.2 (Security update). --- chapter01/changelog.xml | 10 ++++++++++ packages.ent | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 1619b169d..6ff784e08 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -39,6 +39,16 @@ or as appropriate for the entry or if needed the entire day's listitem. --> + + 2022-10-17 + + + [bdubbs] - Update to linux-6.0.2 (Security update). Fixes + #5138. + + + + 2022-10-15 diff --git a/packages.ent b/packages.ent index 056a20f45..96d1e3ae9 100644 --- a/packages.ent +++ b/packages.ent @@ -424,12 +424,12 @@ - + - + - + a LiveCD from a commercial distribution. of this book describes how - to create a new Linux native partition and file system. This is the place + to create a new Linux native partition and file system, where the new LFS system will be compiled and installed. explains which packages and - patches need to be downloaded to build an LFS system and how to store + patches must be downloaded to build an LFS system, and how to store them on the new file system. discusses the setup of an appropriate working environment. Please read carefully as it explains several - important issues you need be aware of before beginning to + important issues you should be aware of before you begin to work your way through and beyond. explains the installation of - the initial tool chain, (binutils, gcc, and glibc) using cross compilation + the initial tool chain, (binutils, gcc, and glibc) using cross-compilation techniques to isolate the new tools from the host system. shows you how to cross-compile basic utilities using the just built cross-toolchain. then enters a - "chroot" environment and uses the previously built tools to build - the additional tools needed to build and test the final system. + "chroot" environment, which uses the new tools to build all + the rest of the tools needed to create the LFS system. This effort to isolate the new system from the host distribution may seem excessive. A full technical explanation as to why this is done is provided in . In the - full LFS system is built. Another advantage provided by the chroot + full-blown LFS system is built. Another advantage provided by the chroot environment is that it allows you to continue using the host system while LFS is being built. While waiting for package compilations to - complete, you can continue using your computer as normal. + complete, you can continue using your computer as usual. To finish the installation, the basic system configuration is set up in - , and the kernel and boot loader are set - up in . + , and the kernel and boot loader are created + in . contains information on continuing the LFS experience beyond this book. - After the steps in this book have been implemented, the computer will be - ready to reboot into the new LFS system. + After the steps in this chapter have been implemented, the computer is + ready to boot into the new LFS system. This is the process in a nutshell. Detailed information on each - step is discussed in the following chapters and package descriptions. - Items that may seem complicated will be clarified, and everything will - fall into place as you embark on the LFS adventure. + step is presented in the following chapters. + Items that seem complicated now will be clarified, and everything will + fall into place as you commence your LFS adventure. From ee0959b64ab47abdb01991ea9cc8f2a4bace77d6 Mon Sep 17 00:00:00 2001 From: David Bryant Date: Mon, 17 Oct 2022 15:19:01 -0500 Subject: [PATCH 3/6] Corrected grammar and idiom, clarified a couple of things. --- chapter01/whatsnew.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml index 752a2bd84..b36765261 100644 --- a/chapter01/whatsnew.xml +++ b/chapter01/whatsnew.xml @@ -11,16 +11,16 @@ What's new since the last release - In 11.3 release, --enable-default-pie + In the 11.3 release, --enable-default-pie and --enable-default-ssp are enabled for GCC. - They can mitigate some type of malicious attacks but they cannot provide - a full protection. In case if you are reading a programming textbook, - you may need to disable PIE and SSP with GCC options - -fno-pie -no-pie -fno-stack-protection - because some textbooks assume they were disabled by default. + These techniques can mitigate some malicious attacks, but they do not provide + perfect security. If you are reading LFS and a programming textbook, + you may need to disable PIE and SSP with the GCC options + -fno-pie -no-pie -fno-stack-protection, + because some textbooks assume these options are disabled by default. - Below is a list of package updates made since the previous - release of the book. + Here is a list of the packages updated since the previous + release of LFS. To see whether your host system has all the appropriate versions, and - the ability to compile programs, run the following: + the ability to compile programs, run the following commands: cat > version-check.sh << "EOF" #!/bin/bash From 294ea05cd1764b2808eb7a581427b25135ab407e Mon Sep 17 00:00:00 2001 From: David Bryant Date: Mon, 17 Oct 2022 16:12:16 -0500 Subject: [PATCH 6/6] Clarified verbiage here and there. Used the present perfect tense instead of the simple present to make the order of events clearer. --- chapter02/stages.xml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/chapter02/stages.xml b/chapter02/stages.xml index 036cd34cc..04f6373c9 100644 --- a/chapter02/stages.xml +++ b/chapter02/stages.xml @@ -12,22 +12,22 @@ LFS is designed to be built in one session. That is, the instructions assume that the system will not be shut down - during the process. That does not mean that the system has to - be done in one sitting. The issue is that certain procedures - have to be re-accomplished after a reboot if resuming LFS at + during the process. This does not mean that the system has to + be built in one sitting. The issue is that certain procedures + must be repeated after a reboot when resuming LFS at different points. Chapters 1–4 - These chapters are accomplished on the host system. When - restarting, be careful of the following: + These chapters run commands on the host system. When + restarting, be certain of one thing: - Procedures done as the + Procedures performed as the root user after Section - 2.4 need to have the LFS environment variable set + 2.4 must have the LFS environment variable set FOR THE ROOT USER. @@ -44,7 +44,7 @@ These two chapters must be done as user lfs. - A su - lfs command must be issued before any task in these + A su - lfs command must be issued before performing any task in these chapters. If you don't do that, you are at risk of installing packages to the host, and potentially rendering it unusable. @@ -52,8 +52,8 @@ The procedures in are critical. If there is any - doubt about installing a package, ensure any previously expanded - tarballs are removed, then re-extract the package files, and complete all + doubt a package has been installed correctly, ensure the previously expanded + tarball has been removed, then re-extract the package, and complete all the instructions in that section. @@ -77,7 +77,7 @@ When entering chroot, the LFS environment variable must be set for root. The LFS - variable is not used after entering the chroot environment. + variable is not used after the chroot environment has been entered.