Automatic merge of trunk into multilib

chapter01/changelog.xml

@@ -40,6 +40,26 @@
     appropriate for the entry or if needed the entire day's listitem.
     -->
 
+    <listitem>
+      <para>2023-09-13</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-4806 for Glibc-2.38.  Fixes
+          <ulink url='&lfs-ticket-root;5347'>#5347</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
+      <para>2023-09-12</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-4527 for Glibc-2.38.  Fixes
+          <ulink url='&lfs-ticket-root;5346'>#5346</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2023-09-07</para>
       <itemizedlist>

chapter01/whatsnew.xml

@@ -287,35 +287,20 @@
     <title>Added:</title>
     <listitem><para></para></listitem>  <!-- satisfy build -->
 
-    <!--<listitem>
-      <para>&grub-upstream-fixes-patch;</para>
-    </listitem>-->
+    <listitem>
+      <para>&glibc-upstream-fixes-patch;</para>
+    </listitem>
 
-    <!--<listitem>
-      <para>&readline-fixes-patch;</para>
-    </listitem>-->
-
-    <!--<listitem revision="systemd">
-      <para>&systemd-upstream-patch;</para>
-    </listitem>-->
   </itemizedlist>
 
   <itemizedlist>
     <title>Removed:</title>
     <listitem><para></para></listitem>  <!-- satisfy build -->
-<!--
-    <listitem revision='sysv'>
-      <para>eudev-3.2.12</para>
-    </listitem>
 
     <listitem>
-      <para>Pkg-config-0.29.2</para>
+      <para>glibc-2.38-memalign_fix-1.patch</para>
     </listitem>
 
-    <listitem revision='systemd'>
-      <para>systemd-252-security_fix-1.patch</para>
-    </listitem>
--->
   </itemizedlist>
 
 </sect1>

chapter03/patches.xml

@@ -78,10 +78,10 @@
     </varlistentry>
 -->
     <varlistentry>
-      <term>Glibc Memalign Patch - <token>&glibc-memalign-patch-size;</token>:</term>
+      <term>Glibc Upstream Fixes Patch - <token>&glibc-upstream-fixes-patch-size;</token>:</term>
       <listitem>
-        <para>Download: <ulink url="&patches-root;&glibc-memalign-patch;"/></para>
-        <para>MD5 sum: <literal>&glibc-memalign-patch-md5;</literal></para>
+        <para>Download: <ulink url="&patches-root;&glibc-upstream-fixes-patch;"/></para>
+        <para>MD5 sum: <literal>&glibc-upstream-fixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
 

chapter08/glibc.xml

@@ -50,22 +50,10 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen>
 
-    <para>Now fix a regression causing the posix_memalign() function 
-    to be very slow in some conditions:</para>
+    <para>Now fix two security vulnerabilities and a regression causing the
+    posix_memalign() function very slow in some conditions:</para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen>
-
-    <!-- CVE-2023-4527
-         https://sourceware.org/bugzilla/show_bug.cgi?id=30842
-         https://sourceware.org/ml/libc-alpha/2023-September/151522.html -->
-    <para>Then fix a security vulnerability exploitable when the
-    <option>no-aaaa</option> option is used in
-    <filename>/etc/resolv.conf</filename>:</para>
-
-<screen><userinput remap="pre">sed \
-  -E "/__res_context_search/\
-      {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&amp;alt_dns_packet_buffer/}" \
-  -i resolv/nss_dns/dns-host.c</userinput></screen>
+<screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen>
 
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
@@ -339,7 +327,7 @@ localedef -i ja_JP -f SHIFT_JIS ja_JP.SJIS 2> /dev/null || true</userinput></scr
     <para>Create a new file <filename>/etc/nsswitch.conf</filename> by running the
     following:</para>
 
-<screen><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
+<screen revision='sysv'><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
 <literal># Begin /etc/nsswitch.conf
 
 passwd: files
@@ -354,6 +342,24 @@ services: files
 ethers: files
 rpc: files
 
+# End /etc/nsswitch.conf</literal>
+EOF</userinput></screen>
+
+<screen revision='systemd'><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
+<literal># Begin /etc/nsswitch.conf
+
+passwd: files systemd
+group: files systemd
+shadow: files systemd
+
+hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
+networks: files
+
+protocols: files
+services: files
+ethers: files
+rpc: files
+
 # End /etc/nsswitch.conf</literal>
 EOF</userinput></screen>
 

chapter09/network.xml

@@ -178,9 +178,10 @@ EOF</userinput></screen>
        <secondary>/etc/hosts</secondary>
      </indexterm>
 
-     <para>Decide on the IP address, fully-qualified domain name (FQDN), and
-     possible aliases for use in the <filename>/etc/hosts</filename> file. The
-     syntax is:</para>
+     <para>Decide on a fully-qualified domain name (FQDN), and possible aliases
+     for use in the <filename>/etc/hosts</filename> file. If using static IP
+     addresses, you'll also need to decide on an IP address. The syntax
+     for a hosts file entry is:</para>
 
 <screen><literal>IP_address myhost.example.org aliases</literal></screen>
 
@@ -197,11 +198,18 @@ EOF</userinput></screen>
      <para>x can be any number in the range 16-31. y can be any number in the
      range 0-255.</para>
 
-     <para>A valid private IP address could be 192.168.1.1. A valid FQDN for
-     this IP could be lfs.example.org.</para>
+     <para>A valid private IP address could be 192.168.1.1.</para>
 
-     <para>Even if not using a network card, a valid FQDN is still required.
-     This is necessary for certain programs to operate correctly.</para>
+     <para>If the computer is to be visible to the Internet, a valid FQDN
+     can be the domain name itself, or a string resulted by concatenating a
+     prefix (often the hostname) and the domain name with a <quote>.</quote>
+     character.  And, you need to contact the domain provider to resolve the
+     FQDN to your public IP address.</para>
+
+     <para>Even if the computer is not visible to the Internet, a FQDN is
+     still needed for certain programs, such as MTAs, to operate properly.
+     A special FQDN, <literal>localhost.localdomain</literal>, can be used
+     for this purpose.</para>
 
      <para>Create the  <filename>/etc/hosts</filename> file by running:</para>
 

chapter09/networkd.xml

@@ -316,27 +316,18 @@ EOF</userinput></screen>
      <para>x can be any number in the range 16-31. y can be any number in the
      range 0-255.</para>
 
-     <para>A valid private IP address could be 192.168.1.1. A valid FQDN for
-     this IP could be lfs.example.org.</para>
+     <para>A valid private IP address could be 192.168.1.1.</para>
 
-     <para>Even if not using a network card, a valid FQDN is still required.
-     This is necessary for certain programs, such as MTAs, to operate properly.</para>
+     <para>If the computer is to be visible to the Internet, a valid FQDN
+     can be the domain name itself, or a string resulted by concatenating a
+     prefix (often the hostname) and the domain name with a <quote>.</quote>
+     character.  And, you need to contact the domain provider to resolve the
+     FQDN to your public IP address.</para>
 
-<!--
-     <para>Create the /etc/hosts file using the following command:</para>
-
-<screen role="nodump"><userinput>cat &gt; /etc/hosts &lt;&lt; "EOF"
-<literal># Begin /etc/hosts
-
-127.0.0.1 localhost.localdomain localhost
-127.0.1.1 <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable>
-::1       localhost ip6-localhost ip6-loopback
-ff02::1   ip6-allnodes
-ff02::2   ip6-allrouters
-
-# End /etc/hosts</literal>
-EOF</userinput></screen>
--->
+     <para>Even if the computer is not visible to the Internet, a FQDN is
+     still needed for certain programs, such as MTAs, to operate properly.
+     A special FQDN, <literal>localhost.localdomain</literal>, can be used
+     for this purpose.</para>
 
      <para>Create the <filename>/etc/hosts</filename> file using the following
      command:</para>
@@ -344,28 +335,32 @@ EOF</userinput></screen>
 <screen><userinput>cat &gt; /etc/hosts &lt;&lt; "EOF"
 <literal># Begin /etc/hosts
 
-127.0.0.1 localhost.localdomain localhost
-127.0.1.1 <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable>
-<replaceable>&lt;192.168.0.2&gt;</replaceable> <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable> <replaceable>[alias1] [alias2] ...</replaceable>
-::1       localhost ip6-localhost ip6-loopback
+<replaceable>&lt;192.168.0.2&gt;</replaceable> <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>[alias1] [alias2] ...</replaceable>
+::1       ip6-localhost ip6-loopback
 ff02::1   ip6-allnodes
 ff02::2   ip6-allrouters
 
 # End /etc/hosts</literal>
 EOF</userinput></screen>
 
-     <para>The <replaceable>&lt;192.168.0.2&gt;</replaceable>,
-     <replaceable>&lt;FQDN&gt;</replaceable>, and
-     <replaceable>&lt;HOSTNAME&gt;</replaceable> values need to be
+     <para>The <replaceable>&lt;192.168.0.2&gt;</replaceable> and
+     <replaceable>&lt;FQDN&gt;</replaceable> values need to be
      changed for specific uses or requirements (if assigned an IP address by a
      network/system administrator and the machine will be connected to an
      existing network). The optional alias name(s) can be omitted, and the
      <replaceable>&lt;192.168.0.2&gt;</replaceable> line can be omitted if you
-     are using a connection configured with DHCP or IPv6 Autoconfiguration.</para>
+     are using a connection configured with DHCP or IPv6 Autoconfiguration,
+     or using <literal>localhost.localdomain</literal> as the FQDN.</para>
+
+     <para>The <filename>/etc/hostname</filename> does not contain entries
+     for <literal>localhost</literal>,
+     <literal>localhost.localdomain</literal>, or the hostname (without a
+     domain) because they are handled by the
+     <systemitem class='library'>myhostname</systemitem> NSS module, read
+     the man page <filename>nss-myhostname(8)</filename> for details.</para>
 
      <para>The ::1 entry is the IPv6 counterpart of 127.0.0.1 and represents
-     the IPv6 loopback interface. 127.0.1.1 is a loopback entry reserved
-     specifically for the FQDN.</para>
+     the IPv6 loopback interface.</para>
 
    </sect2>
 

patches.ent

@@ -14,9 +14,9 @@
 <!ENTITY glibc-fhs-patch-md5 "9a5997c3452909b1769918c759eff8a2">
 <!ENTITY glibc-fhs-patch-size "2.8 KB">
 
-<!ENTITY glibc-memalign-patch "glibc-&glibc-version;-memalign_fix-1.patch">
-<!ENTITY glibc-memalign-patch-md5 "2c3552bded42a83ad6a7087c5fbf3857">
-<!ENTITY glibc-memalign-patch-size "20 KB">
+<!ENTITY glibc-upstream-fixes-patch "glibc-&glibc-version;-upstream_fixes-1.patch">
+<!ENTITY glibc-upstream-fixes-patch-md5 "2e347e291804b62a18a43a8cdc79e01e">
+<!ENTITY glibc-upstream-fixes-patch-size "24 KB">
 
 <!ENTITY grub-upstream-fixes-patch "grub-&grub-version;-upstream_fixes-1.patch">
 <!ENTITY grub-upstream-fixes-patch-md5 "da388905710bb4cbfbc7bd7346ff9174">