Presently we let the build system generate static C++ bindings, and
then we remove them. Note that we could also prevent generating
any C++ binding, since nothing in LFS/BLFS use them, but it seems to
me that generating the shared ones is closer to what is done for
other packages.
The c_rehash script, shipped by OpenSSL versions in current LFS trunk
and all previous LFS releases, is vulnerable to CVE-2022-2068. It's
fixed in 3.0.4, but OpenSSL 3.0.4 is completely broken on CPU models with
AVX-512 extension [1]. So we'd like to defer OpenSSL update and wait for
upstream consensus about "would 3.0.5 be released in urgency".
But, the upstream has announced that use of c_rehash is obsolete now [2].
So we can tell people not to use it.
[1]: https://github.com/openssl/openssl/issues/18625
[2]: https://www.openssl.org/news/secadv/20220621.txt
Using readline can improve line editing feature of bc, but it's not
enabled by default.
As readline is already installed before bc, let's pick up this
improvement with no cost.
I've observed some failures building LFS on my old i3-3217U (at 1.8 GHz
with -j4), but forgot to update the book. Just got reminded by a
lfs-support post.
BLFS no longer contains ConsoleKit, and ConsoleKit can be considered
dead now (the ConsoleKit2 fork has no action in the recent year).
In BLFS systemd (with PAM) or elogind provide a similar functionality.
I can see no reason to mention ConsoleKit in the book now.
With the construct used in save_usrlib, if ld-linux-...dbg already
exists, it is stripped again and a file ld-linux-...dbg.dbg is
created. Prevent this by not listing files ending in "g".
Change nobody/nogroup uid/git to 65534.
Update to meson-0.62.1.
Update to libpipeline-1.5.6.
Update to elfutils-0.187.
Update to Jinja2-3.1.2.
Update to vim-8.2.4814.
Update to sysvinit-3.03.
Update to linux-5.17.5.
Update to gcc-11.3.0.
Update to coreutils-9.1.
Update to bc-5.2.4.
In serveral places we use the pip3 command to install Python 3 programs
and modules for all users as root. This conflicts with the Python
developers' recommendation to build packages in a virtual environment as
a regular user. To this end, a multi-line warning is written when using
pip3 as the root user.
This change shows users how to avoid this warning.
Update to sysvinit-3.02.
Update to zlib-1.2.12.
Update to expat-2.4.8.
Update to Jinja2-3.1.1.
Update to Python-3.10.4.
Update to procps-ng-4.0.0.
Update to iproute2-5.17.0.
Update to meson-0.62.0.
Update to linux-5.17.1.
Update to util-linux-2.38.
Telling the user to override CFLAGS and CXXFLAGS may cause two problems:
1. We've added --with-gcc-arch=native, so the configure script will add
"-march=native" into CFLAGS. Then we've not really verified which
-march= value is the last one in the GCC command line and being really
used.
2. User may just export CFLAGS="-march=x86_64", without "-O2". This
will produce unoptimized binaries.
