names of packages. Clarified verbiage in re PIE & ASLR. Improved the
description of SSP, and tightened it up. Clarified the instructions
for running tests concurrently. Modified descriptions of tests that
fail. Patched up punctuation. Spelled "set up" correctly: "setup" is
a noun. The phrasal verb used here is spelled as two words. Use the
word "directives" to describe "#include" and similar preprocessor
instructions. Add periods to some otherwise complete sentences.
Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
Change nobody/nogroup uid/git to 65534.
Update to meson-0.62.1.
Update to libpipeline-1.5.6.
Update to elfutils-0.187.
Update to Jinja2-3.1.2.
Update to vim-8.2.4814.
Update to sysvinit-3.03.
Update to linux-5.17.5.
Update to gcc-11.3.0.
Update to coreutils-9.1.
Update to bc-5.2.4.
Now adjusting.xml only serves as a historical reference, and a "snip
library" for gcc.xml. Put all relevant content into gcc.xml directly
and remove adjusting.xml. If someone needs a historical reference, he
can always get adjusting.xml in Git history.
Update to gawk-5.1.1.
Update to meson-0.60.0.
Update to libcap-2.60.
Update to gdbm-1.22.
Update to file-5.41.
Update to linux-5.14.15.
Update to iana-etc-20211025.
Update to tzdata-2021e.
Change /bin to /usr/bin in passwd, and revisedchroot.
Fix systemd for new meson.
Update to GCC-11.2.0 (#4883)
Update to inetutils-2.1 (#4892)
Update to automake-1.16.4 (#4894)
SHA256 checksum entities for the three packages are added. I think we
can start a transition to SHA256 now.
