From f70694dce2e14eb997ff9d63969a67bf61f72a7e Mon Sep 17 00:00:00 2001
From: Bruce Dubbs <bdubbs@linuxfromscratch.org>
Date: Tue, 30 Apr 2024 12:42:03 -0500
Subject: [PATCH 1/8] PAckage updates and a security fix.

Add security fix to glibc.
Update to linux-6.8.8.
Update to ncurses-6.5.

(cherry picked from commit d0ca5ead4668649d96eb6a9ed9e0269c15dfbe01)

Reapply this change which is mistakenly reverted in
340e17adc67a1d7dc050fed51e384122f425e458.
---
 chapter01/changelog.xml | 18 ++++++++++++++++++
 chapter01/whatsnew.xml  |  7 +++++--
 chapter03/patches.xml   | 10 +++++-----
 chapter08/glibc.xml     |  9 ++++-----
 packages.ent            | 11 ++++-------
 patches.ent             | 10 +++++-----
 6 files changed, 41 insertions(+), 24 deletions(-)

diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index 3ca65e9f2..440ecac5f 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -70,6 +70,24 @@
       </itemizedlist>
     </listitem>
 
+    <listitem>
+      <para>2024-05-01</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Add security fix to glibc. Fixes
+          <ulink url='&lfs-ticket-root;5481'>#5481</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Update to linux-6.8.8. Fixes
+          <ulink url='&lfs-ticket-root;5480'>#5480</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Update to ncurses-6.5. Fixes
+          <ulink url='&lfs-ticket-root;5483'>#5483</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2024-04-16</para>
       <itemizedlist>
diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml
index 8bd40c0c1..2bd18a3e4 100644
--- a/chapter01/whatsnew.xml
+++ b/chapter01/whatsnew.xml
@@ -194,9 +194,9 @@
     <!--<listitem>
       <para>MPFR-&mpfr-version;</para>
     </listitem>-->
-    <!--<listitem>
+    <listitem>
       <para>Ncurses-&ncurses-version;</para>
-    </listitem>-->
+    </listitem>
     <listitem>
       <para>Ninja-&ninja-version;</para>
     </listitem>
@@ -294,6 +294,9 @@
     <listitem>
       <para>Lz4-&lz4-version;</para>
     </listitem>
+    <listitem>
+      <para>glibc-2.39-upstream_fix-1.patch</para>
+    </listitem>
   </itemizedlist>
 
   <itemizedlist>
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index 19402ac9e..87645f532 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -76,15 +76,15 @@
         <para>MD5 sum: <literal>&gcc-upstream-fixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
-
+-->
     <varlistentry>
-      <term>Glibc Upstream Fixes Patch - <token>&glibc-upstream-fixes-patch-size;</token>:</term>
+      <term>Glibc Upstream Fix Patch - <token>&glibc-upstream-patch-size;</token>:</term>
       <listitem>
-        <para>Download: <ulink url="&patches-root;&glibc-upstream-fixes-patch;"/></para>
-        <para>MD5 sum: <literal>&glibc-upstream-fixes-patch-md5;</literal></para>
+        <para>Download: <ulink url="&patches-root;&glibc-upstream-patch;"/></para>
+        <para>MD5 sum: <literal>&glibc-upstream-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
--->
+
     <varlistentry>
       <term>Glibc FHS Patch - <token>&glibc-fhs-patch-size;</token>:</term>
       <listitem>
diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index 6d1be66ae..1984a4444 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -49,12 +49,11 @@
     store their runtime data in the FHS-compliant locations:</para>
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen>
-<!--
-    <para>Now fix two security vulnerabilities and a regression causing the
-    posix_memalign() function very slow in some conditions:</para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen>
--->
+    <para>Now fix a security vulnerability:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-patch;</userinput></screen>
+
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
 
diff --git a/packages.ent b/packages.ent
index aea4ef2b0..1645b5e4e 100644
--- a/packages.ent
+++ b/packages.ent
@@ -526,15 +526,12 @@
 <!ENTITY mpfr-fin-du "44 MB">
 <!ENTITY mpfr-fin-sbu "0.3 SBU">
 
-<!ENTITY ncurses-release "6.4">
-<!ENTITY ncurses-version "&ncurses-release;-20230520">
+<!ENTITY ncurses-version "6.5">
 <!ENTITY ncurses-size "2,156 KB">
-<!-- switch back to invisible-mirror.net for 6.5 -->
-<!--ENTITY ncurses-url "https://invisible-mirror.net/archives/ncurses/ncurses-&ncurses-version;.tar.gz"-->
-<!ENTITY ncurses-url "&anduin-sources;/ncurses-&ncurses-version;.tar.xz">
-<!ENTITY ncurses-md5 "c5367e829b6d9f3f97b280bb3e6bfbc3">
+<!ENTITY ncurses-url "https://invisible-mirror.net/archives/ncurses/ncurses-&ncurses-version;.tar.gz">
+<!ENTITY ncurses-md5 "ac2d2629296f04c8537ca706b6977687">
 <!ENTITY ncurses-home "&gnu-software;ncurses/">
-<!ENTITY ncurses-tmp-du "51 MB">
+<!ENTITY ncurses-tmp-du "3,603 KB">
 <!ENTITY ncurses-tmp-sbu "0.3 SBU">
 <!ENTITY ncurses-fin-du "45 MB">
 <!ENTITY ncurses-fin-sbu "0.2 SBU">
diff --git a/patches.ent b/patches.ent
index 7bf0177a2..ae0f5d3c2 100644
--- a/patches.ent
+++ b/patches.ent
@@ -21,11 +21,11 @@
 <!ENTITY glibc-fhs-patch "glibc-&glibc-version;-fhs-1.patch">
 <!ENTITY glibc-fhs-patch-md5 "9a5997c3452909b1769918c759eff8a2">
 <!ENTITY glibc-fhs-patch-size "2.8 KB">
-<!--
-<!ENTITY glibc-upstream-fixes-patch "glibc-&glibc-version;-upstream_fixes-4.patch">
-<!ENTITY glibc-upstream-fixes-patch-md5 "66e843b00688c641c9bdda684db45b43">
-<!ENTITY glibc-upstream-fixes-patch-size "36 KB">
--->
+
+<!ENTITY glibc-upstream-patch "glibc-&glibc-version;-upstream_fix-1.patch">
+<!ENTITY glibc-upstream-patch-md5 "49fb369a89bdbf52c71f0a084e97ad68">
+<!ENTITY glibc-upstream-patch-size "8.0 KB">
+
 <!ENTITY kbd-backspace-patch "kbd-&kbd-version;-backspace-1.patch">
 <!ENTITY kbd-backspace-patch-md5 "f75cca16a38da6caa7d52151f7136895">
 <!ENTITY kbd-backspace-patch-size "12 KB">

From 99056a6d6942818e03805beb8dbecd1809814a65 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Thu, 2 May 2024 18:38:35 +0800
Subject: [PATCH 2/8] glibc: Revise glibc-2.39 upstream fix patch

The glibc-2.39-upstream_fix-1.patch file contains a broken
tst-iconv-iso-2022-cn-ext.c file.  It causes:

    FAIL: iconvdata/tst-iconv-iso-2022-cn-ext

Revise the patch to fix it.

(cherry picked from commit 9b39be4268ba3a6b9e1015766767c02d74858f8a)

Reapply this change which is mistakenly reverted in
340e17adc67a1d7dc050fed51e384122f425e458.
---
 patches.ent | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patches.ent b/patches.ent
index ae0f5d3c2..447287ec7 100644
--- a/patches.ent
+++ b/patches.ent
@@ -22,8 +22,8 @@
 <!ENTITY glibc-fhs-patch-md5 "9a5997c3452909b1769918c759eff8a2">
 <!ENTITY glibc-fhs-patch-size "2.8 KB">
 
-<!ENTITY glibc-upstream-patch "glibc-&glibc-version;-upstream_fix-1.patch">
-<!ENTITY glibc-upstream-patch-md5 "49fb369a89bdbf52c71f0a084e97ad68">
+<!ENTITY glibc-upstream-patch "glibc-&glibc-version;-upstream_fix-2.patch">
+<!ENTITY glibc-upstream-patch-md5 "e9f8f23746755bf880772cfa59c1896c">
 <!ENTITY glibc-upstream-patch-size "8.0 KB">
 
 <!ENTITY kbd-backspace-patch "kbd-&kbd-version;-backspace-1.patch">

From 74dfcff3747d842940fdc2d77bfd78159caf9793 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Mon, 13 May 2024 13:28:11 +0800
Subject: [PATCH 3/8] Revert "e anduin for vim."

This reverts commit 760d28c80946f1688cb50afea55a0bef7fc4b4e7.

As we've discussed in #5490:

LFS 9.0 (released 2019) downloads vim-8.1.1846 from GitHub directly, and
the URL still works today and results a tarball with the same md5 as LFS
9.0 documents.  Thus GitHub download seems stable enough from vim.

Also note that "vim-9.1.0405.tar.gz" on anduin is actually a
vim-9.1.0330 release tarball.
---
 packages.ent | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages.ent b/packages.ent
index 1645b5e4e..82b643511 100644
--- a/packages.ent
+++ b/packages.ent
@@ -747,8 +747,8 @@
 <!-- <!ENTITY vim-majmin "90"> -->
 <!ENTITY vim-docdir "vim/vim91">
 <!ENTITY vim-size "17,428 KB">
-<!--<!ENTITY vim-url "https://github.com/vim/vim/archive/v&vim-version;/vim-&vim-version;.tar.gz">-->
-<!ENTITY vim-url "&anduin-sources;/vim-&vim-version;.tar.gz">
+<!ENTITY vim-url "https://github.com/vim/vim/archive/v&vim-version;/vim-&vim-version;.tar.gz">
+<!--<!ENTITY vim-url "&anduin-sources;/vim-&vim-version;.tar.gz">-->
 <!ENTITY vim-md5 "88d5656c21668ae98a0cd1a13abb3d12">
 <!ENTITY vim-home "https://www.vim.org">
 <!ENTITY vim-fin-du "236 MB">

From 6a97bf00d7ef9831e9d1648ddf66509c6ce2140e Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Mon, 13 May 2024 13:30:51 +0800
Subject: [PATCH 4/8] Revert "Make vim md5sum consistent with the version on
 anduin."

This reverts commit 46e985d8af9a9c065fbab74f97d76d60f648f8d6.
---
 packages.ent | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages.ent b/packages.ent
index 82b643511..2af5b17ae 100644
--- a/packages.ent
+++ b/packages.ent
@@ -749,7 +749,7 @@
 <!ENTITY vim-size "17,428 KB">
 <!ENTITY vim-url "https://github.com/vim/vim/archive/v&vim-version;/vim-&vim-version;.tar.gz">
 <!--<!ENTITY vim-url "&anduin-sources;/vim-&vim-version;.tar.gz">-->
-<!ENTITY vim-md5 "88d5656c21668ae98a0cd1a13abb3d12">
+<!ENTITY vim-md5 "5379f5542310ee7ffbd6aea312407042">
 <!ENTITY vim-home "https://www.vim.org">
 <!ENTITY vim-fin-du "236 MB">
 <!ENTITY vim-fin-sbu "2.5 SBU">

From 31c839da2d25117c86aa03b8a399859520ce7e07 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Mon, 13 May 2024 13:35:48 +0800
Subject: [PATCH 5/8] packages: Document why not to use anduin for vim

---
 packages.ent | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/packages.ent b/packages.ent
index 2af5b17ae..e78e6387c 100644
--- a/packages.ent
+++ b/packages.ent
@@ -748,6 +748,17 @@
 <!ENTITY vim-docdir "vim/vim91">
 <!ENTITY vim-size "17,428 KB">
 <!ENTITY vim-url "https://github.com/vim/vim/archive/v&vim-version;/vim-&vim-version;.tar.gz">
+<!-- N.B. LFS 9.0 uses
+     https://github.com/vim/vim/archive/v8.1.1846/vim-8.1.1846.tar.gz
+     and it still works after years, the md5sum of the resulted tarball
+     is unchanged as well.  Thus GitHub download seems stable enough for
+     vim and there's no need to use anduin.
+
+     BTW if we click the "Next" button enough times on
+     https://github.com/vim/vim/tags, we can eventually see the old
+     release.  The "Next" button just sets "after=" in the URL.  For
+     example, https://github.com/vim/vim/tags?after=v8.1.1847 will show
+     us v8.1.1846. -->
 <!--<!ENTITY vim-url "&anduin-sources;/vim-&vim-version;.tar.gz">-->
 <!ENTITY vim-md5 "5379f5542310ee7ffbd6aea312407042">
 <!ENTITY vim-home "https://www.vim.org">

From 5ff2f2e47227e0997bc81e2505bcc52a7b8ede3b Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Mon, 13 May 2024 20:16:54 +0800
Subject: [PATCH 6/8] creatingfilesystem: Remove reference to ReiserFS

It's deprecated by the kernel developers and we've archived the tools
for it in BLFS as well.
---
 chapter02/creatingfilesystem.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chapter02/creatingfilesystem.xml b/chapter02/creatingfilesystem.xml
index 9b1a08b2a..74970e226 100644
--- a/chapter02/creatingfilesystem.xml
+++ b/chapter02/creatingfilesystem.xml
@@ -50,7 +50,7 @@
     </varlistentry>
   </variablelist>
 
-  <para>Other file systems, including FAT32, NTFS, ReiserFS, JFS, and XFS are
+  <para>Other file systems, including FAT32, NTFS, JFS, and XFS are
   useful for specialized purposes. More information about these file systems, 
   and many others, can be found at <ulink
   url="https://en.wikipedia.org/wiki/Comparison_of_file_systems"/>.</para>

From 923fb4854866215850c4f222f36d7fbcf2b298c0 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Tue, 14 May 2024 03:41:34 +0800
Subject: [PATCH 7/8] coreutils: Revise i18n patch

---
 chapter01/changelog.xml | 12 ++++++++++++
 patches.ent             |  6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index 440ecac5f..fd5645dc5 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -40,6 +40,18 @@
     appropriate for the entry or if needed the entire day's listitem.
     -->
 
+    <listitem>
+      <para>2024-05-13</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Synchronize coreutils i18n patch from Fedora
+          to fix a build failure on 32-bit x86 and an alarming compiler
+          warning on both 32-bit x86 and x86_64 with GCC 14.1 or
+          later.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2024-05-11</para>
       <itemizedlist>
diff --git a/patches.ent b/patches.ent
index 447287ec7..426cc36df 100644
--- a/patches.ent
+++ b/patches.ent
@@ -10,9 +10,9 @@
 <!ENTITY bzip2-docs-patch-md5 "6a5ac7e89b791aae556de0f745916f7f">
 <!ENTITY bzip2-docs-patch-size "1.6 KB">
 
-<!ENTITY coreutils-i18n-patch "coreutils-&coreutils-version;-i18n-1.patch">
-<!ENTITY coreutils-i18n-patch-md5 "ce7529b74564aac887c3f48582a5e6cf">
-<!ENTITY coreutils-i18n-patch-size "159 KB">
+<!ENTITY coreutils-i18n-patch "coreutils-&coreutils-version;-i18n-2.patch">
+<!ENTITY coreutils-i18n-patch-md5 "58961caf5bbdb02462591fa506c73b6d">
+<!ENTITY coreutils-i18n-patch-size "164 KB">
 
 <!ENTITY expect-gcc14-patch "expect-&expect-version;-gcc14-1.patch">
 <!ENTITY expect-gcc14-patch-md5 "0b8b5ac411d011263ad40b0664c669f0">

From 87e5e08d3490a74a6d123ba1a498fea44278e23b Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Wed, 15 May 2024 19:46:46 +0800
Subject: [PATCH 8/8] gcc pass2: --disable-libsanitizer is no longer strictly
 needed

GCC 14 libsanitizer no longer depends on crypt.h.  But let's keep this
option for reducing build time, just update the explanation.

Also remove libxcrypt from GCC depedency list.
---
 appendices/dependencies.xml |  4 ++--
 chapter06/gcc-pass2.xml     | 10 ++++------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/appendices/dependencies.xml b/appendices/dependencies.xml
index 46bdfac0a..c48238a8b 100644
--- a/appendices/dependencies.xml
+++ b/appendices/dependencies.xml
@@ -935,7 +935,7 @@
         <segtitle>&dependencies;</segtitle>
         <seglistitem>
           <seg>Bash, Binutils, Coreutils, Diffutils, Findutils, Gawk, GCC,
-          Gettext, Glibc, GMP, Grep, Libxcrypt, M4, Make, MPC, MPFR, Patch,
+          Gettext, Glibc, GMP, Grep, M4, Make, MPC, MPFR, Patch,
           Perl, Sed, Tar, Texinfo, and Zstd</seg>
         </seglistitem>
       </segmentedlist>
@@ -1887,7 +1887,7 @@
       <segmentedlist id="libxcrypt-before">
         <segtitle>&before;</segtitle>
         <seglistitem>
-          <seg>GCC, Perl, Python, Shadow, and &systemd-udev;</seg>
+          <seg>Perl, Python, Shadow, and &systemd-udev;</seg>
         </seglistitem>
       </segmentedlist>
 
diff --git a/chapter06/gcc-pass2.xml b/chapter06/gcc-pass2.xml
index 98b28150d..529f3ab65 100644
--- a/chapter06/gcc-pass2.xml
+++ b/chapter06/gcc-pass2.xml
@@ -149,12 +149,10 @@ cd       build</userinput></screen>
         <term><parameter>--disable-libsanitizer</parameter></term>
         <listitem>
           <para>Disable GCC sanitizer runtime libraries.  They are not
-          needed for the temporary installation.  This switch is necessary
-          to build GCC without
-          <systemitem class='library'>libcrypt</systemitem> installed for
-          the target.  In <xref linkend='ch-tools-gcc-pass1'/> it was
-          implied by <parameter>--disable-libstdcxx</parameter>, but now we
-          have to explicitly pass it.</para>
+          needed for the temporary installation.  In
+          <xref linkend='ch-tools-gcc-pass1'/> it was implied by
+          <parameter>--disable-libstdcxx</parameter>, and now we can
+          explicitly pass it.</para>
         </listitem>
       </varlistentry>