Disable building nscd in glibc.
Update to iana-etc-20230929.
Update to vim-9.0.1968.
Update to openssl-3.1.3.
Update to meson-1.2.2.
Update to man-db-2.12.0.
Update to linux-6.5.5.
Update to kmod-31.
Update to kbd-2.6.3.
Update to gettext-0.22.2.
Update to bc-6.7.0.
I've not bothered to write an explanation for --disable-crypt because it
will likely be the default of Glibc-2.38, then we may drop it from the
command lines.
Update the rationale for min-kernel in hostreqs. Add a note in
general.ent about the EOL of current min-kernel. Realign the
backslashes in glibc instructions.
"The command below shows an example of nested command substitution
using two methods: backquotes and a $() construct. It could be
rewritten using the same method for both substitutions, but is
shown this way to demonstrate how they can be mixed. Generally
the $() method is preferred."
We need to enable decimal float here or MPFR will be built w/o decimal
float support. Then 2 of 183 tests will be skipped, and this will also
cause an ICA issue.
Q: Why we need decimal float in pass 1?
A: We need pass-1 GCC with decimal float support to build decimal float
routines in pass-2 libgcc.
We only need a one-line change in upstream fix (because we don't use
"make --shuffle"). Add it as a sed for both Chapter 5 and Chapter 8.
Note that the "minimal" sed would be '/MAEKFLAGS :=/s/r/ -r/'. I
included an additional ')' so it won't modify "-r" again to "- -r".
Tested "make" and "make check" on a x86_64 with -j8 and an arm64 with
-j24.
Link: https://sourceware.org/git/?p=glibc.git;a=commit;h=2d7ed98add14
When I changed the sanity check to remove the "dummy.c" file, I
inadvertently used "gcc" instead of "$LFS_TGT-gcc". Which of course
finds the host gcc...
Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
It seems glibc creates dummy.c for its own use. This leaves some
dummy.xxx files in the directory, that may lead some users to think that
the directory is not properly cleaned up after the test (I did :)
So use a pipe so that only a.out is created
They are really harmful. In Binutils pass 2, libstdc++.la caused the
building system to use host /usr/lib/libstdc++.so for gprofng. We now
has disabled gprofng for pass 2, but the similar issue also exists in
GCC pass 2. In a normal LFS build, the building system silently uses
/usr/lib/libstdc++.so (I guess it does not blow up simply because some
blind luck); in a real cross build (x86 -> ARM for example) the build
will fail.
Remove the .la files to fix this issue. Instead of only modifying
clfs-ng, it makes more sense to apply the change for trunk: though
the build does not fail, using host library is still a contamination.
