| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This reverts commit 098f4de3369ae0fc7d50fc6060b059eb5627de4e.
CVE-2022-2590 is fixed in Linux >= 5.19.6.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
|
| |
|
|
|
|
| |
Also document test failures in gcc chapter 8
|
|
|
|
|
|
|
|
| |
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
|
|
|
|
|
|
|
|
| |
Update to shadow-4.12.3.
Update to Python3-3.10.7.
Update to linux-5.19.7.
Update to less-608.
Update to grep-3.8.
|
|
|
|
|
|
|
|
| |
Bugtraq is dead since 2021, use oss-sec instead.
For CERT, cert.org redirects to CMU and us-cert.gov redirects to US
CISA (https://www.cisa.gov/uscert/). I'm not familiar with those so
left those for a US citizen to add :).
|
| |
|
|
|
|
|
|
| |
Forgot to remove this one when I removed it in pass 1...
Reference: https://gcc.gnu.org/r12-1328
|
| |
|
|
|
|
|
| |
Report by Joe Locash that a perl script was left in /usr/include
with our current instructions
|
| |
|
|
|
|
| |
Text only change. Simply refer to BLFS.
|
|
|
|
|
|
| |
available" warnings
The non-text change during freeze is approved by bdubbs.
|
|
|
|
| |
Text only change.
|
|
|
|
|
|
| |
Text only change.
I've forgotten this several times for AMDGPU...
|
|
|
|
|
|
|
| |
Text only change.
Found out this utility also exists on ARM, so copied "grub-glue-efi
--help" here, which does not mention "ia32" or "amd64".
|
|
|
|
|
|
|
|
| |
It seems glibc creates dummy.c for its own use. This leaves some
dummy.xxx files in the directory, that may lead some users to think that
the directory is not properly cleaned up after the test (I did :)
So use a pipe so that only a.out is created
|
| |
|
|
|
|
|
|
|
|
|
| |
Text change only.
Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib,
/lib won't be searched by default anymore (if someone mess up the system
by removing /lib symlink and create an real directory there, for example
the initramfs before r10.1-439).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has
enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot.
If x2APIC is disabled or not available, the kernel with
CONFIG_X86_X2APIC=y can still boot normally.
No need to tag anything again because interrupt handling cannot affect
userspace.
|
|
|
|
|
|
|
| |
Text change only.
Add tst-arc4random-thread failure recently reported to upstream, remove
namespace related failures as they are UNSUPPORTED now in 2.36.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They are really harmful. In Binutils pass 2, libstdc++.la caused the
building system to use host /usr/lib/libstdc++.so for gprofng. We now
has disabled gprofng for pass 2, but the similar issue also exists in
GCC pass 2. In a normal LFS build, the building system silently uses
/usr/lib/libstdc++.so (I guess it does not blow up simply because some
blind luck); in a real cross build (x86 -> ARM for example) the build
will fail.
Remove the .la files to fix this issue. Instead of only modifying
clfs-ng, it makes more sense to apply the change for trunk: though
the build does not fail, using host library is still a contamination.
|
|
|
|
|
|
| |
Remove old commented instructions
Remove a sed and a test failure explanation: both have been fixed
in binutils-2.39
|
| |
|
|
|
|
|
|
|
|
|
| |
Update to vim-9.0.0192.
Update to iana-etc-20220803.
Update to tzdata-2022b.
Update to iproute2-5.19.0.
Update to linux-5.19.1.
Update to bc-6.0.1.
|
| |
|
|\ |
|
| | |
|
|/ |
|
|\ |
|
| |
| |
| |
| | |
Now perl-5.36 ships zlib-1.2.12, which is same as the book providing.
|
|/ |
|
|\ |
|
| | |
|
|/
|
|
|
|
|
| |
Update to binutils-2.38.
Update to util-linux-2.38.1.
Update to Python3-3.10.6.
Update to glibc-2.36.
|
|
|
|
| |
Security Advisory to follow.
|
|
|
|
|
| |
Update to linux-5.18.14.
Update to libcap-2.65.
|
| |
|
| |
|
| |
|