Merge branch 'trunk' of git.linuxfromscratch.org:lfs into trunk

2 files changed, 40 insertions, 37 deletions

diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index a36720374..4b5c2dd61 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -80,8 +80,8 @@ cd       build</userinput></screen>
              --disable-bootstrap      \
              --with-system-zlib</userinput></screen>
 
-    <para>Note that for other programming languages there are some prerequisites that
-    are not yet available. See the
+    <para>GCC supports seven different computer languages, but the
+    prerequisites for most of them have not yet been installed. See the
     <ulink url="&blfs-book;general/gcc.html">BLFS Book GCC page</ulink>
     for instructions on how to build all of GCC's supported languages.</para>
 
@@ -91,8 +91,8 @@ cd       build</userinput></screen>
       <varlistentry>
         <term><parameter>LD=ld</parameter></term>
         <listitem>
-          <para>This parameter makes the configure script use the ld installed
-          by the binutils built earlier in this chapter, rather than
+          <para>This parameter makes the configure script use the ld program installed
+          by the Binutils package built earlier in this chapter, rather than
           the cross-built version which would otherwise be used.</para>
         </listitem>
       </varlistentry>
@@ -101,7 +101,7 @@ cd       build</userinput></screen>
         <term><parameter>--with-system-zlib</parameter></term>
         <listitem>
           <para>This switch tells GCC to link to the system installed copy of
-          the zlib library, rather than its own internal copy.</para>
+          the Zlib library, rather than its own internal copy.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -109,21 +109,21 @@ cd       build</userinput></screen>
     <note>
       <anchor id="pie-ssp-info" xreflabel="note on PIE and SSP"/>
       <para>
-        PIE (position-independent executable) is a technique to produce
+        PIE (position-independent executables) are
         binary programs that can be loaded anywhere in memory.  Without PIE,
         the security feature named ASLR (Address Space Layout Randomization)
-        can be applied for the shared libraries, but not the executable
-        itself.  Enabling PIE allows ASLR for the executables in addition to
+        can be applied for the shared libraries, but not for the executables
+        themselves.  Enabling PIE allows ASLR for the executables in addition to
         the shared libraries, and mitigates some attacks based on fixed
         addresses of sensitive code or data in the executables.
       </para>
       <para>
         SSP (Stack Smashing Protection) is a technique to ensure
-        that the parameter stack is not corrupted. Stack corruption can
-        for example alter the return address of a subroutine,
-        which would allow transferring control to some dangerous code
+        that the parameter stack is not corrupted. Stack corruption can,
+        for example, alter the return address of a subroutine,
+        thus transferring control to some dangerous code
         (existing in the program or shared libraries, or injected by the
-        attacker somehow) instead of the original one.
+        attacker somehow).
       </para>
     </note>
 
@@ -133,10 +133,10 @@ cd       build</userinput></screen>
 
     <important>
       <para>In this section, the test suite for GCC is considered
-      important, but it takes a long time. First time builders are
-      encouraged to not skip it.  The time to run the tests can be
-      reduced significantly by adding -jx to the make command below
-      where x is the number of cores on your system.</para>
+      important, but it takes a long time. First-time builders are
+      encouraged to run the test suite.  The time to run the tests can be
+      reduced significantly by adding -jx to the <command>make -k check</command> command below,
+      where x is the number of CPU cores on your system.</para>
     </important>
 
    <para>One set of tests in the GCC test suite is known to exhaust the default
@@ -149,23 +149,23 @@ cd       build</userinput></screen>
 <screen><userinput remap="test">chown -Rv tester .
 su tester -c "PATH=$PATH make -k check"</userinput></screen>
 
-    <para>To receive a summary of the test suite results, run:</para>
+    <para>To extract a summary of the test suite results, run:</para>
 
 <screen><userinput remap="test">../contrib/test_summary</userinput></screen>
 
-    <para>For only the summaries, pipe the output through
+    <para>To filter out only the summaries, pipe the output through
     <userinput>grep -A7 Summ</userinput>.</para>
 
     <para>Results can be compared with those located at <ulink
     url="&test-results;"/> and
     <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
 
-    <para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
+    <para>Eleven tests in the i386 test suite for the gcc compiler are known to FAIL.
     It's because the test files do not account for the
     <parameter>--enable-default-pie</parameter> option.</para>
 
-    <para>In g++, four tests related to PR100400 are known to be reported
-    as both XPASS and FAIL.  It's because the test file for this known issue
+    <para>Four tests related to PR100400 may be reported
+    as both XPASS and FAIL when testing the g++ compiler; the test file
     is not well written.</para>
 
     <para>A few unexpected failures cannot always be avoided. The GCC developers
@@ -187,8 +187,8 @@ su tester -c "PATH=$PATH make -k check"</userinput></screen>
 <screen><userinput remap="install">make install</userinput></screen>
 
     <para>The GCC build directory is owned by <systemitem class="username">
-    tester</systemitem> now and the ownership of the installed header
-    directory (and its content) will be incorrect.  Change the ownership to
+    tester</systemitem> now, and the ownership of the installed header
+    directory (and its content) is incorrect.  Change the ownership to the
     <systemitem class="username">root</systemitem> user and group:</para>
 
 <screen><userinput remap="install">chown -v -R root:root \
@@ -225,7 +225,7 @@ readelf -l a.out | grep ': /lib'</userinput></screen>
 
 <screen><computeroutput>[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]</computeroutput></screen>
 
-  <para>Now make sure that we're setup to use the correct start files:</para>
+  <para>Now make sure that we're set up to use the correct start files:</para>
 
 <screen><userinput>grep -E -o '/usr/lib.*/S?crt[1in].*succeeded' dummy.log</userinput></screen>
 
@@ -274,7 +274,7 @@ SEARCH_DIR("/usr/local/lib")
 SEARCH_DIR("/lib")
 SEARCH_DIR("/usr/lib");</computeroutput></screen>
 
-   <para>A 32-bit system may see a few different directories. For example, here
+   <para>A 32-bit system may use a few other directories. For example, here
    is the output from an i686 machine:</para>
 
 <screen><computeroutput>SEARCH_DIR("/usr/i686-pc-linux-gnu/lib32")
@@ -307,7 +307,7 @@ SEARCH_DIR("/usr/lib");</computeroutput></screen>
   at all, then something is seriously wrong. Investigate and retrace the
   steps to find out where the problem is and correct it. <!--The most likely
   reason is that something went wrong with the specs file adjustment.--> Any
-  issues will need to be resolved before continuing with the process.</para>
+  issues should be resolved before continuing with the process.</para>
 
   <para>Once everything is working correctly, clean up the test files:</para>
 
@@ -374,7 +374,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
         <term><command>cpp</command></term>
         <listitem>
           <para>The C preprocessor; it is used by the compiler to expand the
-          #include, #define, and similar statements in the source files</para>
+          #include, #define, and similar directives in the source files</para>
           <indexterm zone="ch-system-gcc cpp">
             <primary sortas="b-cpp">cpp</primary>
           </indexterm>
@@ -407,7 +407,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
           <para>A wrapper around <command>ar</command> that adds a
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-ar">
             <primary sortas="b-gcc-ar">gc-ar</primary>
           </indexterm>
@@ -420,7 +420,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
           <para>A wrapper around <command>nm</command> that adds a
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-nm">
             <primary sortas="b-gcc-nm">gc-nm</primary>
           </indexterm>
@@ -433,7 +433,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
           <para>A wrapper around <command>ranlib</command> that adds a
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-ranlib">
             <primary sortas="b-gcc-ranlib">gc-ranlib</primary>
           </indexterm>
@@ -444,7 +444,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
         <term><command>gcov</command></term>
         <listitem>
           <para>A coverage testing tool; it is used to analyze programs to
-          determine where optimizations will have the most effect</para>
+          determine where optimizations will have the greatest effect</para>
           <indexterm zone="ch-system-gcc gcov">
             <primary sortas="b-gcov">gcov</primary>
           </indexterm>
@@ -525,7 +525,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
       <varlistentry id="libgcov">
         <term><filename class="libraryfile">libgcov</filename></term>
         <listitem>
-          <para>This library is linked in to a program when GCC is instructed
+          <para>This library is linked into a program when GCC is instructed
           to enable profiling</para>
           <indexterm zone="ch-system-gcc libgcov">
             <primary sortas="c-libgcov">libgcov</primary>
@@ -567,7 +567,7 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
       <varlistentry id="liblto_plugin">
         <term><filename class="libraryfile">liblto_plugin</filename></term>
         <listitem>
-          <para>GCC's LTO plugin allows binutils to process object files
+          <para>GCC's LTO plugin allows Binutils to process object files
           produced by GCC with LTO enabled</para>
           <indexterm zone="ch-system-gcc liblto_plugin">
             <primary sortas="c-liblto_plugin">liblto_plugin</primary>
@@ -589,8 +589,8 @@ mv -v /usr/lib/*gdb.py /usr/share/gdb/auto-load/usr/lib</userinput></screen>
         <term><filename class="libraryfile">libssp</filename></term>
         <listitem>
           <para>Contains routines supporting GCC's stack-smashing protection
-          functionality.  Normally it's unused because glibc also provides
-          those routines</para>
+          functionality.  Normally it is not used, because Glibc also provides
+          those routines.</para>
           <indexterm zone="ch-system-gcc libssp">
             <primary sortas="c-libssp">libssp</primary>
           </indexterm>
diff --git a/chapter08/shadow.xml b/chapter08/shadow.xml
index c12826f9f..93d1f3f7e 100644
--- a/chapter08/shadow.xml
+++ b/chapter08/shadow.xml
@@ -62,7 +62,9 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
     <para id="shadow-login_defs">Instead of using the default
     <emphasis>crypt</emphasis> method, use the more secure
     <emphasis>SHA-512</emphasis> method of password encryption, which also
-    allows passwords longer than 8 characters. It is also necessary to change
+    allows passwords longer than 8 characters. In addition, set the number of
+    rounds to 500,000 instead of the default 5000, which is much too low to
+    prevent brute force password attacks. It is also necessary to change
     the obsolete <filename class="directory">/var/spool/mail</filename> location
     for user mailboxes that Shadow uses by default to the <filename
     class="directory">/var/mail</filename> location used currently. And,
@@ -80,6 +82,7 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
     </note>
 
 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
+    -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@'       \
     -e 's:/var/spool/mail:/var/mail:'                 \
     -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                \
     -i etc/login.defs</userinput></screen>
@@ -203,7 +206,7 @@ useradd -D --gid 999</userinput></screen>
           next available number. Note also that if you don't have a group with
           an ID equal to this number on your system, then the first time you use
           <command>useradd</command> without the <parameter>-g</parameter>
-          parameter, an error message will be generated &mdash; <computeroutput>useradd:
+          parameter, an error message will be generated&mdash;<computeroutput>useradd:
           unknown GID 999</computeroutput>,
           even though the account has been created correctly. That is why we
           created the group <systemitem class="groupname">users</systemitem>