Automatic merge of trunk into multilib

.gitignore

@@ -1,4 +1,5 @@
 lfs-bootscripts-*.tar.xz
+lfs-*.tar.xz
 conditional.ent
 version.ent
 appendices/*.script

Makefile

@@ -224,5 +224,14 @@ dump-commands: validate
 
 all: book nochunks pdf dump-commands
 
-.PHONY : all book dump-commands nochunks pdf profile-html tmpdir validate md5sums wget-list version
+dist:
+	$(Q)DIST=/tmp/LFS-RELEASE ./git-version.sh $(REV)
+	$(Q)rm -f lfs-$$(</tmp/LFS-RELEASE).tar.xz
+	$(Q)tar cJf lfs-$$(</tmp/LFS-RELEASE).tar.xz \
+		$(shell git ls-tree HEAD . --name-only) version.ent \
+		-C /tmp LFS-RELEASE \
+		--transform "s,^,lfs-$$(</tmp/LFS-RELEASE)/,"
+	$(Q)echo "Generated XML tarball lfs-$$(</tmp/LFS-RELEASE).tar.xz"
+
+.PHONY : all book dump-commands nochunks pdf profile-html tmpdir validate md5sums wget-list version dist
 

chapter08/glibc.xml

@@ -55,6 +55,18 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen>
 
+    <!-- CVE-2023-4527
+         https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+         https://sourceware.org/ml/libc-alpha/2023-September/151522.html -->
+    <para>Then fix a security vulnerability exploitable when the
+    <option>no-aaaa</option> option is used in
+    <filename>/etc/resolv.conf</filename>:</para>
+
+<screen><userinput remap="pre">sed \
+  -E "/__res_context_search/\
+      {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&amp;alt_dns_packet_buffer/}" \
+  -i resolv/nss_dns/dns-host.c</userinput></screen>
+
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
 

chapter08/stripping.xml

@@ -29,9 +29,12 @@
   needed by the linker (for static libraries) or dynamic linker (for
   dynamically linked binaries and shared libraries).</para>
 
-  <para>The debugging symbols from selected libraries are preserved
-  in separate files.  That debugging information is needed to run
-  regression tests with <ulink
+  <!-- TODO: Zstd is better than Zlib for both speed and size.
+             Unfortunately Valgrind does not support Zstd-compressed debug
+             info yet: https://bugs.kde.org/show_bug.cgi?id=469782 -->
+  <para>The debugging symbols from selected libraries are compressed with
+  <application>Zlib</application> and preserved in separate files.  That
+  debugging information is needed to run regression tests with <ulink
   url='&blfs-book;/general/valgrind.html'>valgrind</ulink> or <ulink
   url='&blfs-book;/general/gdb.html'>gdb</ulink> later, in BLFS.
   </para>
@@ -77,7 +80,7 @@
 
 cd /usr/lib
 for LIB in $save_usrlib; do
-    objcopy --only-keep-debug $LIB $LIB.dbg
+    objcopy --only-keep-debug --compress-debug-sections=zlib $LIB $LIB.dbg
     cp $LIB /tmp/$LIB
     strip --strip-unneeded /tmp/$LIB
     objcopy --add-gnu-debuglink=$LIB.dbg /tmp/$LIB

git-version.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 if [ "$1" = sysv ]; then
     SYSV="INCLUDE"
@@ -14,6 +14,10 @@ fi
 echo "<!ENTITY % sysv    \"$SYSV\">"     >  conditional.ent
 echo "<!ENTITY % systemd \"$SYSTEMD\">"  >> conditional.ent
 
+if [ -e LFS-RELEASE ]; then
+	exit 0
+fi
+
 if ! git status > /dev/null; then
     # Either it's not a git repository, or git is unavaliable.
     # Just workaround.
@@ -65,3 +69,5 @@ echo "<!ENTITY version          \"$versiond\">"            >> version.ent
 echo "]]>"                                                 >> version.ent
 echo "<!ENTITY releasedate       \"$full_date\">"          >> version.ent
 echo "<!ENTITY copyrightdate     \"1999-$year\">"          >> version.ent
+
+[ -z "$DIST" ] || echo $version > "$DIST"