aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update changelog for PIE/SSP in GCCPierre Labastie2022-09-111-10/+22
|
* Comment on binutils test failures with pie/sspPierre Labastie2022-09-111-0/+4
|
* gcc: fix link to PIE & SSP noteXi Ruoyao2022-09-111-1/+2
| | | | | DocBook does not handle xref to note properly (#pie-ssp-info not generated).
* kernel: enable ASLR and SSPXi Ruoyao2022-09-111-2/+31
| | | | | It does not make too much sense to protect the userspace with PIE+ASLR and SSP but leave the kernel alone...
* Revert "linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now"Xi Ruoyao2022-09-111-12/+0
| | | | | | This reverts commit 098f4de3369ae0fc7d50fc6060b059eb5627de4e. CVE-2022-2590 is fixed in Linux >= 5.19.6.
* gcc: some reword of PIE/SSP/ASLR noteXi Ruoyao2022-09-112-12/+15
| | | | | | | | | | | | | | Expand tabs to 8 spaces like everywhere else in the book. Explain that shared libraries are already covered by ASLR, PIE expands the ASLR to cover the exetutables. In 2022, stack smashing attackings are mostly constructing a sequence of faked returning addresses to exectute a series of function already existing in the programs or libraries itself (ret2lib). Returning into the code injected by the attacker is almost impossible because on i686 (with a PAE/NX enabled kernel) or x86_64, running injected code needs W/X mappings and those are very rare these days.
* gcc-pass1: fix bold "and" in command explanationPierre Labastie2022-09-101-2/+2
|
* Document the --enable-default-pie/ssp optionsPierre Labastie2022-09-102-0/+35
| | | | Also document test failures in gcc chapter 8
* Use default-pie and default-ssp flags in gccPierre Labastie2022-09-093-0/+6
| | | | | | | | Committing only the commands for now, so that others can test the build. TODO: - add command explanations - add changelog - comment on failing tests in binutils and gcc
* Package Updates.Bruce Dubbs2022-09-073-110/+122
| | | | | | | | Update to shadow-4.12.3. Update to Python3-3.10.7. Update to linux-5.19.7. Update to less-608. Update to grep-3.8.
* whatnow: update online resources list for maintainanceXi Ruoyao2022-09-051-12/+7
| | | | | | | | Bugtraq is dead since 2021, use oss-sec instead. For CERT, cert.org redirects to CMU and us-cert.gov redirects to US CISA (https://www.cisa.gov/uscert/). I'm not familiar with those so left those for a US citizen to add :).
* some http -> https changesXi Ruoyao2022-09-0513-22/+22
|
* gcc-pass2: remove unnecessary --enable-initfini-array optionXi Ruoyao2022-09-011-10/+0
| | | | | | Forgot to remove this one when I removed it in pass 1... Reference: https://gcc.gnu.org/r12-1328
* groff: remove -j1Xi Ruoyao2022-09-011-3/+1
|
* Remove all non header files in linux headersPierre Labastie2022-08-311-2/+1
| | | | | Report by Joe Locash that a perl script was left in /usr/include with our current instructions
* Clean up after 11.2Bruce Dubbs2022-08-311-532/+2
|
* parition: mention EFI system partitionr11.2Xi Ruoyao2022-08-281-0/+5
| | | | Text only change. Simply refer to BLFS.
* python: supress "failed to check new pip version" or "a new pip version is ↵Xi Ruoyao2022-08-261-2/+14
| | | | | | available" warnings The non-text change during freeze is approved by bdubbs.
* grub: add a note about filesystem UUID and partition UUID usageXi Ruoyao2022-08-261-0/+32
| | | | Text only change.
* reboot: mention firmwaresXi Ruoyao2022-08-261-0/+5
| | | | | | Text only change. I've forgotten this several times for AMDGPU...
* grub: update description for grub-glue-efiXi Ruoyao2022-08-261-2/+1
| | | | | | | Text only change. Found out this utility also exists on ARM, so copied "grub-glue-efi --help" here, which does not mention "ia32" or "amd64".
* Don't use dummy.c for glibc sanity check in chap 5Pierre Labastie2022-08-251-5/+4
| | | | | | | | It seems glibc creates dummy.c for its own use. This leaves some dummy.xxx files in the directory, that may lead some users to think that the directory is not properly cleaned up after the test (I did :) So use a pipe so that only a.out is created
* linux kernel: reword description for CONFIG_X86_X2APICXi Ruoyao2022-08-251-4/+6
|
* glibc: don't mention "/lib" as ld.so search path anymoreXi Ruoyao2022-08-241-4/+3
| | | | | | | | | Text change only. Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib, /lib won't be searched by default anymore (if someone mess up the system by removing /lib symlink and create an real directory there, for example the initramfs before r10.1-439).
* linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for nowXi Ruoyao2022-08-241-0/+12
|
* linux kernel: enable CONFIG_X86_X2APICXi Ruoyao2022-08-241-0/+25
| | | | | | | | | | | It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot. If x2APIC is disabled or not available, the kernel with CONFIG_X86_X2APIC=y can still boot normally. No need to tag anything again because interrupt handling cannot affect userspace.
* glibc: update test statusXi Ruoyao2022-08-231-10/+6
| | | | | | | Text change only. Add tst-arc4random-thread failure recently reported to upstream, remove namespace related failures as they are UNSUPPORTED now in 2.36.
* mark linux-5.19.2 and shadow-4.12.2 as security fixXi Ruoyao2022-08-221-2/+2
|
* Update SBU times and disk usage for all packagesBruce Dubbs2022-08-211-96/+91
|
* Minor updatesBruce Dubbs2022-08-213-17/+17
|
* Update stats for systemd packages in preparation of 11.2-rc1Douglas R. Reno2022-08-211-6/+6
|
* stripping: also mention symbol table bisides debug symbolsXi Ruoyao2022-08-211-3/+9
|
* shadow: fix download URLXi Ruoyao2022-08-211-1/+1
|
* add changelog entries for last package updateXi Ruoyao2022-08-211-0/+38
|
* Intermediate update prior to lfs-11.2-rc1Bruce Dubbs2022-08-207-41/+47
|
* Remove libtool archive (.la) files in Chapter 5 and 6Xi Ruoyao2022-08-195-0/+30
| | | | | | | | | | | | | | They are really harmful. In Binutils pass 2, libstdc++.la caused the building system to use host /usr/lib/libstdc++.so for gprofng. We now has disabled gprofng for pass 2, but the similar issue also exists in GCC pass 2. In a normal LFS build, the building system silently uses /usr/lib/libstdc++.so (I guess it does not blow up simply because some blind luck); in a real cross build (x86 -> ARM for example) the build will fail. Remove the .la files to fix this issue. Instead of only modifying clfs-ng, it makes more sense to apply the change for trunk: though the build does not fail, using host library is still a contamination.
* Clean chapter 8 binutils xml and textPierre Labastie2022-08-141-20/+5
| | | | | | Remove old commented instructions Remove a sed and a test failure explanation: both have been fixed in binutils-2.39
* Typo fix in changelogDouglas R. Reno2022-08-111-1/+1
|
* Package updates.Bruce Dubbs2022-08-112-19/+49
| | | | | | | | | Update to vim-9.0.0192. Update to iana-etc-20220803. Update to tzdata-2022b. Update to iproute2-5.19.0. Update to linux-5.19.1. Update to bc-6.0.1.
* typography: add a note about "Il1" or "O0" issueXi Ruoyao2022-08-111-0/+6
|
* Merge branch 'trunk' of git.linuxfromscratch.org:lfs into trunkBruce Dubbs2022-08-091-1/+11
|\
| * binutils: add desc for gprofngXi Ruoyao2022-08-091-1/+11
| |
* | Tweak pip3 instructionsBruce Dubbs2022-08-094-6/+15
|/
* Merge branch 'trunk' of git.linuxfromscratch.org:lfs into trunkBruce Dubbs2022-08-071-4/+0
|\
| * perl: remove outdated note regarding zlib versionXi Ruoyao2022-08-071-4/+0
| | | | | | | | Now perl-5.36 ships zlib-1.2.12, which is same as the book providing.
* | TypoBruce Dubbs2022-08-071-1/+1
|/
* Merge branch 'trunk' of git.linuxfromscratch.org:lfs into trunkBruce Dubbs2022-08-061-1/+1
|\
| * Update boostcript version to 2022072311.1-finalThomas Trepl (Moody)2022-08-071-1/+1
| |
* | Package updates.Bruce Dubbs2022-08-0611-32/+89
|/ | | | | | | Update to binutils-2.38. Update to util-linux-2.38.1. Update to Python3-3.10.6. Update to glibc-2.36.
* Note that linux-5.18.14 has fixes for RETBleed.Ken Moffat2022-07-241-1/+2
| | | | Security Advisory to follow.