diff --git a/appendices/dependencies.xml b/appendices/dependencies.xml
index 30f2b05a6..3cbfe7b8b 100644
--- a/appendices/dependencies.xml
+++ b/appendices/dependencies.xml
@@ -2935,6 +2935,7 @@
make-ca,
p11-kit,
PCRE2,
+ pefile,
Polkit,
pyelftools,
qemu,
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index 11df22160..de94d85d9 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -40,6 +40,102 @@
appropriate for the entry or if needed the entire day's listitem.
-->
+
+ 2023-12-31
+
+
+ [xry111] - Add --enable-default-hash-style=gnu configuring
+ binutils. Fixes
+ #5401.
+
+
+ [xry111] - Fix CVE-2023-7008 for systemd-255. Fixes
+ #5405.
+
+
+ [xry111] - Update to iana-etc-20231205. Addresses
+ #5006.
+
+
+ [xry111] - Update to tzdata-2023d. Fixes
+ #5399.
+
+
+ [xry111] - Update to linux-6.6.8. Fixes
+ #5397.
+
+
+ [xry111] - Update to meson-1.3.1. Fixes
+ #5402.
+
+
+ [xry111] - Update to grub-2.12. Fixes
+ #5396.
+
+
+ [xry111] - Update to inetutils-2.5. Fixes
+ #5404.
+
+
+ [xry111] - Update to setuptools-69.0.3. Fixes
+ #5400.
+
+
+ [xry111] - Update to xml-parser-2.47. Fixes
+ #5403.
+
+
+ [xry111] - Update to vim-9.0.2189. Addresses
+ #4500.
+
+
+ [xry111] - Update to autoconf-2.72. Fixes
+ #5398.
+
+
+
+
+
+ 2023-12-16
+
+
+ [xry111] - Update to udev
+ from systemd-255. Fixes
+ #5390.
+
+
+
+
+
+ 2023-12-14
+
+
+ [bdubbs] - Update to util-linux v2.39.3. Fixes
+ #5388.
+
+
+ [bdubbs] - Update to python3-3.12.1. Fixes
+ #5392.
+
+
+ [bdubbs] - Update to linux-6.6.7. Fixes
+ #5387.
+
+
+ [bdubbs] - Update to kbd-2.6.4. Fixes
+ #5393.
+
+
+ [bdubbs] - Update to bc-6.7.4. Fixes
+ #5389.
+
+
+ [bdubbs] - Reformat util-linux configure parameters. Fixes
+ #5395.
+
+
+
+
2023-12-04
diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml
index 50d8a6061..4222d3f4f 100644
--- a/chapter01/whatsnew.xml
+++ b/chapter01/whatsnew.xml
@@ -32,9 +32,9 @@
-
+
@@ -116,18 +116,18 @@
-
+
Gzip-&gzip-version;
Iana-Etc-&iana-etc-version;
-
+
@@ -248,9 +248,9 @@
Texinfo-&texinfo-version;
-
+
@@ -263,9 +263,9 @@
Wheel-&wheel-version;
-
+
Xz-&xz-version;
@@ -316,6 +316,10 @@
glibc-2.38-memalign_fix-1.patch
+
+ grub-2.06-upstream_fixes-1.patch
+
+
readline-8.2-upstream_fix-1.patch
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index fd348a1e4..2073638fc 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -92,15 +92,7 @@
MD5 sum: &glibc-fhs-patch-md5;
-
+
Kbd Backspace/Delete Fix Patch - &kbd-backspace-patch-size;:
diff --git a/chapter05/binutils-pass1.xml b/chapter05/binutils-pass1.xml
index 65e8dd2ae..c3bf1f117 100644
--- a/chapter05/binutils-pass1.xml
+++ b/chapter05/binutils-pass1.xml
@@ -75,7 +75,8 @@ cd build
--target=$LFS_TGT \
--disable-nls \
--enable-gprofng=no \
- --disable-werror
+ --disable-werror \
+ --enable-default-hash-style=gnu
The meaning of the configure options:
@@ -132,6 +133,22 @@ cd build
+
+ --enable-default-hash-style=gnu
+
+ By default, the linker would generate both the GNU-style
+ hash table and the classic ELF hash table for shared libraries and
+ dynamically linked executables. The hash tables are only intended
+ for a dynamic linker to perform symbol lookup. On LFS the dynamic
+ linker (provided by the Glibc package) will always use the
+ GNU-style hash table which is faster to query. So the classic
+ ELF hash table is completely useless. This makes the the linker
+ only generate the GNU-style hash table by default, so we can avoid
+ wasting time to generate the classic ELF hash table when we build
+ the packages, or wasting disk space to store it.
+
+
+
Continue with compiling the package:
diff --git a/chapter06/binutils-pass2.xml b/chapter06/binutils-pass2.xml
index 983aaee2f..15582f937 100644
--- a/chapter06/binutils-pass2.xml
+++ b/chapter06/binutils-pass2.xml
@@ -72,7 +72,8 @@ cd build
--enable-shared \
--enable-gprofng=no \
--disable-werror \
- --enable-64-bit-bfd
+ --enable-64-bit-bfd \
+ --enable-default-hash-style=gnu
The meaning of the new configure options:
diff --git a/chapter07/util-linux.xml b/chapter07/util-linux.xml
index 2f88e7d5f..b5aca7e7b 100644
--- a/chapter07/util-linux.xml
+++ b/chapter07/util-linux.xml
@@ -51,10 +51,8 @@
Prepare Util-linux for compilation:
-./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
- --libdir=/usr/lib \
+./configure --libdir=/usr/lib \
--runstatedir=/run \
- --docdir=/usr/share/doc/util-linux-&util-linux-version; \
--disable-chfn-chsh \
--disable-login \
--disable-nologin \
@@ -63,7 +61,9 @@
--disable-runuser \
--disable-pylibmount \
--disable-static \
- --without-python
+ --without-python \
+ ADJTIME_PATH=/var/lib/hwclock/adjtime \
+ --docdir=/usr/share/doc/util-linux-&util-linux-version;
The meaning of the configure options:
diff --git a/chapter08/autoconf.xml b/chapter08/autoconf.xml
index 38375665f..120f31632 100644
--- a/chapter08/autoconf.xml
+++ b/chapter08/autoconf.xml
@@ -41,12 +41,6 @@
Installation of Autoconf
- First, fix several problems with the tests caused by bash-5.2 and later:
-
- sed -e 's/SECONDS|/&SHLVL|/' \
- -e '/BASH_ARGV=/a\ /^SHLVL=/ d' \
- -i.orig tests/local.at
-
Prepare Autoconf for compilation:
./configure --prefix=/usr
@@ -61,17 +55,6 @@
To run the tests anyway, issue:
-->
make check
-
- The test time for autoconf can be reduced significantly on a
- system with multiple cores. To do this, append
- TESTSUITEFLAGS=-j<N> to the line above. For
- instance, using -j4 can reduce the test time by over 60
- percent.
Install the package:
diff --git a/chapter08/binutils.xml b/chapter08/binutils.xml
index e2650218a..681c3cdc8 100644
--- a/chapter08/binutils.xml
+++ b/chapter08/binutils.xml
@@ -56,9 +56,11 @@ cd build
--enable-shared \
--disable-werror \
--enable-64-bit-bfd \
- --with-system-zlib
+ --with-system-zlib \
+ --enable-default-hash-style=gnu
+
- The meaning of the configure parameters:
+ The meaning of the new configure parameters:
--enable-ld=default
@@ -75,14 +77,6 @@ cd build
-
- --enable-64-bit-bfd
-
- Enables 64-bit support (on hosts with narrower word sizes).
- May not be needed on 64-bit systems, but does no harm.
-
-
-
--with-system-zlib
diff --git a/chapter08/grub.xml b/chapter08/grub.xml
index 63a4e13c0..800a9c568 100644
--- a/chapter08/grub.xml
+++ b/chapter08/grub.xml
@@ -72,6 +72,12 @@
aggressive optimization.
+
+ Add a file missing from the release tarball:
+
+
+echo depends bli part_gpt > grub-core/extra_deps.lst
+
Prepare GRUB for compilation:
./configure --prefix=/usr \
diff --git a/chapter08/libtool.xml b/chapter08/libtool.xml
index d21d0b751..d73bd6efb 100644
--- a/chapter08/libtool.xml
+++ b/chapter08/libtool.xml
@@ -54,12 +54,6 @@
make -k check
- The test time for Libtool can be reduced significantly on a
- system with multiple cores. To do this, append
- TESTSUITEFLAGS=-j<N> to the line above. For
- instance, using -j4 can reduce the test time by over 60
- percent.
-
Five tests are known to fail in the LFS build environment due
to a circular dependency, but these tests pass if rechecked after
automake has been installed. Additionally, with grep-3.8, two tests will
diff --git a/chapter08/systemd.xml b/chapter08/systemd.xml
index f14bc6c72..8af4c2c86 100644
--- a/chapter08/systemd.xml
+++ b/chapter08/systemd.xml
@@ -48,6 +48,13 @@
sed -i -e 's/GROUP="render"/GROUP="video"/' \
-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in
+
+ Now fix a security vulnerability in the DNSSEC verification of
+ systemd-resolved:
+
+sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+ -i src/resolve/resolved-dns-transaction.c
+
Prepare systemd for compilation:
mkdir -p build
@@ -63,13 +70,15 @@ meson setup \
-Dldconfig=false \
-Dsysusers=false \
-Drpmmacrosdir=no \
- -Dhomed=false \
+ -Dhomed=disabled \
-Duserdb=false \
-Dman=false \
-Dmode=release \
-Dpamconfdir=no \
-Ddev-kvm-mode=0660 \
-Dnobody-group=nogroup \
+ -Dsysupdate=disabled \
+ -Dukify=disabled \
-Ddocdir=/usr/share/doc/systemd-&systemd-version; \
..
@@ -140,7 +149,8 @@ meson setup \
- -D{userdb,homed}=false
+ -Dhomed=disabled and
+ -Duserdb=false
Remove two daemons with dependencies that do not fit
within the scope of LFS.
@@ -188,6 +198,28 @@ meson setup \
nogroup.
+
+
+ -Dsysupdate=disabled
+
+ Do not install the systemd-sysupdate
+ tool. It's designed for automatically upgrading binary distros,
+ so it's useless for a basic Linux system built from source.
+ And it will report errors on boot if it's enabled but not properly
+ configured.
+
+
+
+
+ -Dukify=disabled
+
+ Do not install the systemd-ukify script.
+ At runtime this script requires the
+ pefile Python module that neither LFS
+ nor BLFS provides.
+
+
+
Compile the package:
@@ -215,12 +247,6 @@ meson setup \
systemctl preset-all
- Disable two services for upgrading binary distros. They are useless for
- a basic Linux system built from source, and each one will report an error if
- it's enabled but not configured:
-
-systemctl disable systemd-sysupdate{,-reboot}
-
- The test time for Tar can be reduced significantly on a
- system with multiple cores. To do this, append
- TESTSUITEFLAGS=-j<N> to the line above. For
- instance, using -j4 can reduce the test time by over 70
- percent.
-
One test, capabilities: binary store/restore, is known to fail if it is
run because LFS lacks selinux, but will be skipped if the host kernel does
not support extended attributes or security labels on the filesystem
diff --git a/chapter08/udev.xml b/chapter08/udev.xml
index 580c78203..6ec0ed458 100644
--- a/chapter08/udev.xml
+++ b/chapter08/udev.xml
@@ -126,11 +126,18 @@ meson setup \
+ Get the list of the shipped udev helpers and save it into an
+ environment variable:
+
+ udev_helpers=$(grep "'name' :" ../src/udev/meson.build | \
+ awk '{print $3}' | tr -d ",'" | grep -v 'udevadm')
+
Only build the components needed for udev:
ninja udevadm systemd-hwdb \
$(ninja -n | grep -Eo '(src/(lib)?udev|rules.d|hwdb.d)/[^ ]*') \
- $(realpath libudev.so --relative-to .)
+ $(realpath libudev.so --relative-to .) \
+ $udev_helpers udevadm
Install the package:
@@ -148,8 +155,7 @@ install -vm644 rules.d/* ../rules.d/README /usr/lib/udev/rules.d/
install -vm644 $(find ../rules.d/*.rules \
-not -name '*power-switch*') /usr/lib/udev/rules.d/
install -vm644 hwdb.d/* ../hwdb.d/{*.hwdb,README} /usr/lib/udev/hwdb.d/
-install -vm755 $(find src/udev \
- -type f -not -name '*.*') /usr/lib/udev
+install -vm755 $udev_helpers /usr/lib/udev
install -vm644 ../network/99-default.link /usr/lib/udev/network
Install some custom rules and support files useful in an LFS
diff --git a/chapter08/util-linux.xml b/chapter08/util-linux.xml
index 49e195b3f..bb24f1e59 100644
--- a/chapter08/util-linux.xml
+++ b/chapter08/util-linux.xml
@@ -48,8 +48,7 @@
Prepare Util-linux for compilation:
-./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
- --bindir=/usr/bin \
+./configure --bindir=/usr/bin \
--libdir=/usr/lib \
--runstatedir=/run \
--sbindir=/usr/sbin \
@@ -63,11 +62,11 @@
--disable-static \
--without-python \
--without-systemd \
- --without-systemdsystemunitdir \
+ --without-systemdsystemunitdir \
+ ADJTIME_PATH=/var/lib/hwclock/adjtime \
--docdir=/usr/share/doc/util-linux-&util-linux-version;
-./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
- --bindir=/usr/bin \
+./configure --bindir=/usr/bin \
--libdir=/usr/lib \
--runstatedir=/run \
--sbindir=/usr/sbin \
@@ -80,6 +79,7 @@
--disable-pylibmount \
--disable-static \
--without-python \
+ ADJTIME_PATH=/var/lib/hwclock/adjtime \
--docdir=/usr/share/doc/util-linux-&util-linux-version;
The --disable and --without options prevent warnings about
diff --git a/chapter09/symlinks.xml b/chapter09/symlinks.xml
index 86528ba69..b2479f053 100644
--- a/chapter09/symlinks.xml
+++ b/chapter09/symlinks.xml
@@ -112,6 +112,19 @@
proceeding, and be sure to use that NAME value when
creating your network configuration files.
+ Even if the custom udev rule file is created, udev may still
+ assign one or more alternative names for a NIC based on physical
+ characteristics. If a custom udev rule would rename some NIC using
+ a name already assigned as an alternative name of another NIC, this
+ udev rule will fail. If this issue happens, you may create the
+ /etc/udev/network/99-default.link configuration
+ file with an empty alternative assignment policy, overriding the
+ default configuration file
+ /usr/lib/udev/network/99-default.link:
+
+sed -e '/^AlternativeNamesPolicy/s/=.*$/=/' \
+ -i /usr/lib/udev/network/99-default.link \
+ > /etc/udev/network/99-default.link
diff --git a/gen-changelog.py b/gen-changelog.py
index e7ee1d7e7..3bf6bc064 100755
--- a/gen-changelog.py
+++ b/gen-changelog.py
@@ -76,6 +76,8 @@ for i in tsv:
security.add(pkg)
ticket[pkg] = tic
+hold_ticket = {'vim': '4500', 'iana-etc': '5006'}
+
print("Plain Text:")
for (s, act) in [(upd, "Update to "), (add, "Add ")]:
for i in s:
@@ -83,6 +85,8 @@ for (s, act) in [(upd, "Update to "), (add, "Add ")]:
out = act + pkgver
if pkgver in ticket:
out += ' (#' + ticket[pkgver] + ')'
+ elif i in hold_ticket:
+ out += ' (#' + hold_ticket[i] + ')'
print("-", out)
for i in rem:
print("-", "Remove", i)
@@ -99,10 +103,18 @@ for (s, act) in [(upd, "Update to "), (add, "Add ")]:
if pkgver in security:
out += " (security fix)"
out += "."
+
+ pkg_ticket = None
if pkgver in ticket:
out += " Fixes\n "
- out += "#"
- out += ticket[pkgver] + "."
+ pkg_ticket = ticket[pkgver]
+ elif i in hold_ticket:
+ out += " Addresses\n "
+ pkg_ticket = hold_ticket[i]
+
+ if pkg_ticket:
+ out += "#"
+ out += pkg_ticket + "."
out += ""
print(out)
print(' ')
diff --git a/packages.ent b/packages.ent
index 33cbe9f39..2caa1f663 100644
--- a/packages.ent
+++ b/packages.ent
@@ -29,10 +29,10 @@
-
-
+
+
-
+
@@ -57,10 +57,10 @@
-
+
-
+
@@ -299,10 +299,10 @@
-
-
-
-
+
+
+
+
@@ -317,18 +317,18 @@
-
-
+
+
-
+
-
-
+
+
-
+
@@ -357,10 +357,10 @@
-
-
+
+
-
+
@@ -431,12 +431,12 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
-
+
+
@@ -628,10 +628,10 @@
-
+
-
+
@@ -652,20 +652,20 @@
-
+
-
+
-
+
-
-
+
+
-
+
@@ -709,10 +709,10 @@
-
-
+
+
-
+
@@ -725,23 +725,23 @@
-
-
+
+
-
+
-
+
-
+
-
+
@@ -754,10 +754,10 @@
-
-
+
+
-
+
diff --git a/patches.ent b/patches.ent
index 13f291e0f..6c03b9728 100644
--- a/patches.ent
+++ b/patches.ent
@@ -18,10 +18,6 @@
-
-
-
-