Update to iana-etc-20221122.
Update to xz-5.2.9.
Update to tzdata-2022g.
Update to texinfo-7.0.1.
Update to tcl-8.6.13.
Update to meson-0.64.1.
Update to linux-6.0.10.
Update to gawk-5.2.1.
Otherwise, As Xi has noticed, the password set for root at the end
of lfs may use the value 5000 for rounds, and not be changed, even
if later the number of rounds is increased.
names of packages. Clarified verbiage in re PIE & ASLR. Improved the
description of SSP, and tightened it up. Clarified the instructions
for running tests concurrently. Modified descriptions of tests that
fail. Patched up punctuation. Spelled "set up" correctly: "setup" is
a noun. The phrasal verb used here is spelled as two words. Use the
word "directives" to describe "#include" and similar preprocessor
instructions. Add periods to some otherwise complete sentences.
I was using the transitive verb "process" here, not the noun. Use
another word to avoid the ambiguity. Also add "and groups" because
there is also subgid alongside subuid.
sort-NaN-infloop no longer fails now, it seems covered up by PIE or SSP.
test-getlogin keeps failing in Bruce's build. Not sure how to reproduce
the failure deterministically.
verbiage. Used the subjunctive mood once. "Test suite" is two words, not
one. Patched some unidiomatic English. Used the plural "headers" when
discussing ELF objects. Used singular verbs to describe "gprofng", for
consistency with other items.
modifies the plural noun "libraries"; it must use a plural verb.
Clarified how many "configure" options Readline uses. Tightened the
prose, and used the definite article in lieu of the indefinite article,
because only one readline.pc file can possibly be the "correct" one.
We don't recommend customizing optimizations, but we use optimizations
provided by package default or release build mode.
Reword the paragraph so the people won't be puzzled once they see
"--enable-optimizations" in Python, or "--buildtype=release" (to prevent
unoptimized build) in BLFS meson commands.
Please try not to use the "replace" feature of the text editor blindly.
Appendix C of the GNU C Library Reference Manual clearly says:
'--disable-werror'
By default, the GNU C Library is built with '-Werror'. If you wish
to build without this option (for example, if building with a newer
version of GCC than this version of the GNU C Library was tested
with, so new warnings cause the build with '-Werror' to fail), you
can configure with '--disable-werror'.
Fix make-4.4 bug.
Update to wheel-0.38.4 (Python Module).
Update to texinfo-7.0.
Update to sysvinit-3.05.
Update to shadow-4.13.
Update to sed-4.9.
Update to meson-0.64.0.
Update to linux-6.0.7.
Update to elfutils-0.188.
Update to bc-6.1.1.
We only need a one-line change in upstream fix (because we don't use
"make --shuffle"). Add it as a sed for both Chapter 5 and Chapter 8.
Note that the "minimal" sed would be '/MAEKFLAGS :=/s/r/ -r/'. I
included an additional ')' so it won't modify "-r" again to "- -r".
Tested "make" and "make check" on a x86_64 with -j8 and an arm64 with
-j24.
Link: https://sourceware.org/git/?p=glibc.git;a=commit;h=2d7ed98add14
Update to iana-etc-20221025.
Update to tzdata-2022f.
Update to Python3-3.11.0.
Update to procps-ng-4.0.1.
Update to man-pages-6.01.
Update to man-db-2.11.0.
Update to make-4.4.
Update to linux-6.0.6.
Update to libffi-3.4.4.
Update to inetutils-2.4.
Update to expat-2.5.0.
Note: I had to run glibc in Chapter 8 at -j1 to avoid an apparant race
condition. With a little more investigation I may be able to find a
better solution.
Update to iana-etc-20221007.
Update to vim-9.0.0739.
Add upstream patches to readline and bash.
Update to zlib-1.2.13.
Update to man-pages-6.00.
Update to gettext-0.21.1.
Update to iproute2-6.0.0.
Update to meson-0.63.3.
Update to Python-3.10.8.
Update to xz-5.2.7.
Update to tzdata-2022e.
Update to linux-6.0.1.
Update to dbus-1.14.4.
I have:
2 FAIL
5092 PASS
67 UNSUPPORTED
16 XFAIL
4 XPASS
Let's not be too precise (or we'll need to explain the meaning of
"UNSUPPORTED"). IMO "over 5000" is fine (until we get 5500 tests).
Update to iana-etc-20220922.
Update to tzdata-2022d.
Update to readline-8.2.
Update to linux-5.19.11.
Update to libffi-3.4.3.
Update to libcap-2.66.
Update to dbus-1.14.2.
Update to bc-6.0.3.
Update to bash-5.2.
Don't emphasis "static library" at all, to prevent anyone from thinking
"I need to use static libraries so I'll keep these .la files". And warn
that .la files are known to break BLFS packages.
This reverts commit 395eb462ba.
Not needed as grep is "patched".
Note that I'm still against "patching" grep. All the complains for the
warnings are from only several people and IMO the complains are not
valid. But as bdubbs has made the decision let's keep it for now and
review after some time...
Update to file-5.43.
Update to linux-5.19.8.
Update to gawk-5.2.0.
Update to meson-0.63.2.
Update to ninja-1.11.1.
Update to bc-6.0.2.
Fix the location of udev rules in eudev.
Remove a warning for egrep and fgrep that
Delete an empty binutils man page.
Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
Text change only.
Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib,
/lib won't be searched by default anymore (if someone mess up the system
by removing /lib symlink and create an real directory there, for example
the initramfs before r10.1-439).
Text change only.
Add tst-arc4random-thread failure recently reported to upstream, remove
namespace related failures as they are UNSUPPORTED now in 2.36.
It works out of box with glibc-2.35. I think this issue is already
fixed at glibc side, by the commit:
commit 0b5ca7c3e551e5502f3be3b06453324fe8604e82
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue Sep 21 07:47:45 2021 -0700
regex: copy back from Gnulib
Copy regex-related files back from Gnulib, to fix a problem with
static checking of regex calls noted by Martin Sebor. This merges the
following changes:
* New macro __attribute_nonnull__ in misc/sys/cdefs.h, for use later
when copying other files back from Gnulib.
... ... (unrelated things trimmed)
Presently we let the build system generate static C++ bindings, and
then we remove them. Note that we could also prevent generating
any C++ binding, since nothing in LFS/BLFS use them, but it seems to
me that generating the shared ones is closer to what is done for
other packages.
The c_rehash script, shipped by OpenSSL versions in current LFS trunk
and all previous LFS releases, is vulnerable to CVE-2022-2068. It's
fixed in 3.0.4, but OpenSSL 3.0.4 is completely broken on CPU models with
AVX-512 extension [1]. So we'd like to defer OpenSSL update and wait for
upstream consensus about "would 3.0.5 be released in urgency".
But, the upstream has announced that use of c_rehash is obsolete now [2].
So we can tell people not to use it.
[1]: https://github.com/openssl/openssl/issues/18625
[2]: https://www.openssl.org/news/secadv/20220621.txt
Using readline can improve line editing feature of bc, but it's not
enabled by default.
As readline is already installed before bc, let's pick up this
improvement with no cost.
I've observed some failures building LFS on my old i3-3217U (at 1.8 GHz
with -j4), but forgot to update the book. Just got reminded by a
lfs-support post.
BLFS no longer contains ConsoleKit, and ConsoleKit can be considered
dead now (the ConsoleKit2 fork has no action in the recent year).
In BLFS systemd (with PAM) or elogind provide a similar functionality.
I can see no reason to mention ConsoleKit in the book now.
