diff options
| author | Bruce Dubbs <bdubbs@linuxfromscratch.org> | 2015-04-24 03:19:38 +0000 |
|---|---|---|
| committer | Bruce Dubbs <bdubbs@linuxfromscratch.org> | 2015-04-24 03:19:38 +0000 |
| commit | bb189b08be8e84e1f7cccb1b47371b5ca5acb94c (patch) | |
| tree | 9f8ed69172c230699bbd6c714eba549f4a07fb64 /chapter06 | |
| parent | 4172728913ba9c6c0a43282abded047190b50367 (diff) | |
Added a fix for security issue in Glibc (CVE-2015-1781).
Thanks to Ken Moffat for identifying the proplem and the fix.
Fixed Ncurses and Perl build with GCC 5. Thanks to Ken Moffat and
Douglas R. Reno for providing the patches.
Updated to GCC-5.1.0. Imported changes from systemd version.
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@10903 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Diffstat (limited to 'chapter06')
| -rw-r--r-- | chapter06/glibc.xml | 24 | ||||
| -rw-r--r-- | chapter06/ncurses.xml | 5 | ||||
| -rw-r--r-- | chapter06/perl.xml | 9 |
3 files changed, 20 insertions, 18 deletions
diff --git a/chapter06/glibc.xml b/chapter06/glibc.xml index c9cfa5aaf..9c53628f9 100644 --- a/chapter06/glibc.xml +++ b/chapter06/glibc.xml @@ -74,6 +74,16 @@ -e '/SSE2/s/^1://' \ -i sysdeps/i386/i686/multiarch/mempcpy_chk.S</userinput></screen> + <para>Fix a potential security issue identified upstream:</para> + +<screen><userinput remap="pre">sed -i '/glibc.*pad/{i\ buflen = buflen > pad ? buflen - pad : 0; + s/ + pad//}' resolv/nss_dns/dns-host.c</userinput></screen> + + <para>Fix a test case that fails when built using GCC 5:</para> + +<screen><userinput remap="pre">sed -e '/tst-audit2-ENV/i CFLAGS-tst-audit2.c += -fno-builtin' \ + -i elf/Makefile</userinput></screen> + <para>The Glibc documentation recommends building Glibc outside of the source directory in a dedicated build directory:</para> @@ -88,20 +98,6 @@ cd ../glibc-build</userinput></screen> --enable-kernel=&min-kernel; \ --enable-obsolete-rpc</userinput></screen> - <variablelist> - <title>The meaning of the new configure options:</title> - - <varlistentry> - <term><parameter>--enable-obsolete-rpc</parameter></term> - <listitem> - <para>Installs NIS and RPC related headers that are not installed by - default; these are required to rebuild Glibc and by several BLFS - packages.</para> - </listitem> - </varlistentry> - - </variablelist> - <para>Compile the package:</para> <screen><userinput remap="make">make</userinput></screen> diff --git a/chapter06/ncurses.xml b/chapter06/ncurses.xml index 70aca29fe..c82bfa5e0 100644 --- a/chapter06/ncurses.xml +++ b/chapter06/ncurses.xml @@ -41,6 +41,11 @@ <sect2 role="installation"> <title>Installation of Ncurses</title> + <para>First, apply a patch to prevent a build failure + when building with GCC 5:</para> + +<screen><userinput remap="pre">patch -Np1 -i ../&ncurses-gcc5-buildfixes-patch;</userinput></screen> + <para>Don't install a static library that is not handled by configure:</para> <screen><userinput remap="pre">sed -i '/LIBTOOL_INSTALL/d' c++/Makefile.in</userinput></screen> diff --git a/chapter06/perl.xml b/chapter06/perl.xml index 35de645ba..6ace9d861 100644 --- a/chapter06/perl.xml +++ b/chapter06/perl.xml @@ -55,11 +55,12 @@ <screen><userinput remap="pre">export BUILD_ZLIB=False export BUILD_BZIP2=0</userinput></screen> -<!-- - <para>Fix a potential security problem:</para> -<screen><userinput remap="pre">patch -Np1 -i ../&perl-fix-patch;</userinput></screen> ---> + <para>Apply a patch to allow the Errno.pm module and the h2ph + program to build correctly when building with GCC 5:</para> + +<screen><userinput remap="pre">patch -Np1 -i ../&perl-gcc5-fixes-patch;</userinput></screen> + <para>To have full control over the way Perl is set up, you can remove the <quote>-des</quote> options from the following command and hand-pick the way this package is built. Alternatively, use the command exactly as below to |