The default /dev/kvm mode is 0666 and we consider it "not so safe".
Like Tim said: "I'm also authenticating to my system all the time and
don't do a chmod -R 777 / after every boot."
With this option, the /dev/kvm mode is set to 0660 and it's tagged
"uaccess" so systemd-logind will add an ACL entry for users logged-in
locally.
The thread functions are in POSIX.1c, not POSIX.1b.
Both POSIX.1b and POSIX.1c are named "extensions" (plural form). And
POSIX.1b is titled "Real-time" instead of "Realtime".
Update to linux-6.2.8 (#5230)
Update to xz-5.4.2 (#5233)
Update to coreutils-9.2 (#5232)
Update to libcap-2.68 (#5236)
Update to bc-6.5.0 (#5228)
Update to openssl-3.1.0 (#5227)
Update to texinfo-7.0.3 (#5235)
Update to grep-3.10 (#5234)
Update to tzdata-2023c (#5237)
Update to wheel-0.40.0 (#5229)
Add flit-core-3.8.0
1. Declare UNIX98 PTY requirement in host system requirements and check
it in the script. All desktop or server distros should have it now,
but let's stop anyone from building on a embedded distro w/o UNIX98
PTY early...
2. Use Expect test suite as a guard against mishandled $LFS/dev/pts.
3. No need to test the basic function of Expect in Binutils anymore
because if ($LFS)/dev/pts is not good, the Expect test suite would
have failed.
- Update to systemd-253
- Update to bc-6.3.1
- Update to linux-6.2.2
- Update to procps-ng-4.0.3
- Update to iproute2-6.2.0
- Update to meson-1.0.1
- Update to make-4.4.1
- Update to elfutils-0.189
This update changes the default number of cores used to build
packages to 4. A section is also added to host requirements
to recommend a minumum number of cores and memory size.
Update to iana-etc-20230202.
Update to zstd-1.5.4.
Update to Python3-3.11.2.
Update to e2fsprogs-1.47.0.
Update to dbus-1.14.6.
Update to linux-6.1.11.
Update to libcap-2.67.
Update to bc-6.2.4.
Update to iana-etc-20230109.
Update to binutils-2.40.
Update to bc-6.2.2.
Update to linux-6.1.6.
Update to man-db-2.11.2.
Update to mpfr-4.2.0.
Update to ncurses-6.4.
Update to xz-5.4.1.
"ext{234}" file systems. Clean up English idiom here and there.
Standardize the spelling of "file system"; unless it's part of a
command or something like that, it should be written as two words.
of installed programs. Added (link to setarch) to the five items that
link to setarch. Corrected erroneous description of swapoff. Clarified
some of the "short descriptions". Changed the imperative mood to the
indicative mood, and added an "s" to a couple of possessive nouns.
Ensure a gawk hard link is updated in Chapter 8.
Update to iana-etc-20221209.
Update to vim-9.0.1060.
Update to iproute2-6.1.0.
Update to xz-5.4.0.
Update to bash-5.2.15.
Update to psmisc-23.6.
Update to mpc-1.3.0.
Update to python3-3.11.1.
Update to procps-ng-4.0.2.
help screen doesn't match the man page. Also, there's an action
("tc chain") in the synopsis section that is not further explained
in the body of man tc. Documentation may be inaccurate.
end" -- it's twp words, not one. Changed square brackets to parentheses;
square brackets should only be used to delimit editorial remarks. Removed
one definite article referring to the plural; "the" implies a single
object. Changed "amount" to "number". In English, an amount refers to
a continuous quantity, while a number refers to discrete objects (like
networking packetts). Added a qualifier in the description of "ip":
the list of commands is not exhaustive. Modified a few program
descriptons to improve consistency of style. Changed QOS and COS
to QoS and CoS after researching these abbreviations on the internet.
"Quality of Service" and "Class of Service" appear, to me, to be the
most common way of writing these phrases.
idiomatic. Clarified meaning of configure options. Made several minor
revisions in program descriptions to improve readability. Added a
little explanatory material. Changed imperative mood to indicative
mood where that was appropriate.
text and images. Patched English idiom. Added a little information
about Pinyin (Chinese spelled like English) and grap (an old Unix
command for creating graphs).
We are already using "MAJOR" and "MINOR" in OpenSSL, do the same here.
The semantic versioning documentation (https://semver.org/) always use
"patch level", not "Patch level". But let's explain it a little to
prevent puzzling people.
On wikipedia, "dlopen" redirects to "dynamic loading" and there is a
specific warning:
"Dynamically loaded library" redirects here. Not to be confused with
dynamically linked library.
pip3 -- the pip program processes both commands (e.g., install) and
options (e.g., --no-index). Expressed option / command descriptions
in the iindicative mood. The imperative mood should only be used to
tell the reader what to do, not in explanatory verbiage. Inserted
the definite article here and there. Corrected a misspelled instance
of the indefinite article: we don't say "an utility" because the
initial phoneme in "utility" is pronounced as YOO.
Inserted the definite article where idiom requires it. Added more
detail to an option description. Broke an extremely long paragraph
into three pieces; cleaned up English idiom and punctuation all the
way through this section. In "Short Descriptions", inserted periods
where appropriate, and clarified the description of python3, which
is a program, not a language.
appears once. Improved idiom ("as shown below"). "command line" is
two words; "front end" is two words. "Swiss Army" is a trademark;
it should be caputalized.
perfect tense when appropriate. Replace "dlopening" with "opening
dynamically linked libraries" ... "dlopen" may be a Linux command,
but that doesn't make it a verb in English.
Update to iana-etc-20221122.
Update to xz-5.2.9.
Update to tzdata-2022g.
Update to texinfo-7.0.1.
Update to tcl-8.6.13.
Update to meson-0.64.1.
Update to linux-6.0.10.
Update to gawk-5.2.1.
Otherwise, As Xi has noticed, the password set for root at the end
of lfs may use the value 5000 for rounds, and not be changed, even
if later the number of rounds is increased.
names of packages. Clarified verbiage in re PIE & ASLR. Improved the
description of SSP, and tightened it up. Clarified the instructions
for running tests concurrently. Modified descriptions of tests that
fail. Patched up punctuation. Spelled "set up" correctly: "setup" is
a noun. The phrasal verb used here is spelled as two words. Use the
word "directives" to describe "#include" and similar preprocessor
instructions. Add periods to some otherwise complete sentences.
I was using the transitive verb "process" here, not the noun. Use
another word to avoid the ambiguity. Also add "and groups" because
there is also subgid alongside subuid.
sort-NaN-infloop no longer fails now, it seems covered up by PIE or SSP.
test-getlogin keeps failing in Bruce's build. Not sure how to reproduce
the failure deterministically.
verbiage. Used the subjunctive mood once. "Test suite" is two words, not
one. Patched some unidiomatic English. Used the plural "headers" when
discussing ELF objects. Used singular verbs to describe "gprofng", for
consistency with other items.
modifies the plural noun "libraries"; it must use a plural verb.
Clarified how many "configure" options Readline uses. Tightened the
prose, and used the definite article in lieu of the indefinite article,
because only one readline.pc file can possibly be the "correct" one.
We don't recommend customizing optimizations, but we use optimizations
provided by package default or release build mode.
Reword the paragraph so the people won't be puzzled once they see
"--enable-optimizations" in Python, or "--buildtype=release" (to prevent
unoptimized build) in BLFS meson commands.
Please try not to use the "replace" feature of the text editor blindly.
Appendix C of the GNU C Library Reference Manual clearly says:
'--disable-werror'
By default, the GNU C Library is built with '-Werror'. If you wish
to build without this option (for example, if building with a newer
version of GCC than this version of the GNU C Library was tested
with, so new warnings cause the build with '-Werror' to fail), you
can configure with '--disable-werror'.
Fix make-4.4 bug.
Update to wheel-0.38.4 (Python Module).
Update to texinfo-7.0.
Update to sysvinit-3.05.
Update to shadow-4.13.
Update to sed-4.9.
Update to meson-0.64.0.
Update to linux-6.0.7.
Update to elfutils-0.188.
Update to bc-6.1.1.
We only need a one-line change in upstream fix (because we don't use
"make --shuffle"). Add it as a sed for both Chapter 5 and Chapter 8.
Note that the "minimal" sed would be '/MAEKFLAGS :=/s/r/ -r/'. I
included an additional ')' so it won't modify "-r" again to "- -r".
Tested "make" and "make check" on a x86_64 with -j8 and an arm64 with
-j24.
Link: https://sourceware.org/git/?p=glibc.git;a=commit;h=2d7ed98add14
Update to iana-etc-20221025.
Update to tzdata-2022f.
Update to Python3-3.11.0.
Update to procps-ng-4.0.1.
Update to man-pages-6.01.
Update to man-db-2.11.0.
Update to make-4.4.
Update to linux-6.0.6.
Update to libffi-3.4.4.
Update to inetutils-2.4.
Update to expat-2.5.0.
Note: I had to run glibc in Chapter 8 at -j1 to avoid an apparant race
condition. With a little more investigation I may be able to find a
better solution.
Update to iana-etc-20221007.
Update to vim-9.0.0739.
Add upstream patches to readline and bash.
Update to zlib-1.2.13.
Update to man-pages-6.00.
Update to gettext-0.21.1.
Update to iproute2-6.0.0.
Update to meson-0.63.3.
Update to Python-3.10.8.
Update to xz-5.2.7.
Update to tzdata-2022e.
Update to linux-6.0.1.
Update to dbus-1.14.4.
I have:
2 FAIL
5092 PASS
67 UNSUPPORTED
16 XFAIL
4 XPASS
Let's not be too precise (or we'll need to explain the meaning of
"UNSUPPORTED"). IMO "over 5000" is fine (until we get 5500 tests).
Update to iana-etc-20220922.
Update to tzdata-2022d.
Update to readline-8.2.
Update to linux-5.19.11.
Update to libffi-3.4.3.
Update to libcap-2.66.
Update to dbus-1.14.2.
Update to bc-6.0.3.
Update to bash-5.2.
Don't emphasis "static library" at all, to prevent anyone from thinking
"I need to use static libraries so I'll keep these .la files". And warn
that .la files are known to break BLFS packages.
This reverts commit 395eb462ba.
Not needed as grep is "patched".
Note that I'm still against "patching" grep. All the complains for the
warnings are from only several people and IMO the complains are not
valid. But as bdubbs has made the decision let's keep it for now and
review after some time...
Update to file-5.43.
Update to linux-5.19.8.
Update to gawk-5.2.0.
Update to meson-0.63.2.
Update to ninja-1.11.1.
Update to bc-6.0.2.
Fix the location of udev rules in eudev.
Remove a warning for egrep and fgrep that
Delete an empty binutils man page.
Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
Text change only.
Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib,
/lib won't be searched by default anymore (if someone mess up the system
by removing /lib symlink and create an real directory there, for example
the initramfs before r10.1-439).
Text change only.
Add tst-arc4random-thread failure recently reported to upstream, remove
namespace related failures as they are UNSUPPORTED now in 2.36.
