aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Package updates and corrections.Bruce Dubbs2022-09-147-38/+88
| | | | | | | | | | | | Update to file-5.43. Update to linux-5.19.8. Update to gawk-5.2.0. Update to meson-0.63.2. Update to ninja-1.11.1. Update to bc-6.0.2. Fix the location of udev rules in eudev. Remove a warning for egrep and fgrep that Delete an empty binutils man page.
* groff: add back "build the package"Xi Ruoyao2022-09-141-0/+2
| | | | It was removed unintentionally during the removal of -j1...
* add <literal> to make commands for temp /etc/hosts and final /etc/pip3.conf ↵Xi Ruoyao2022-09-142-5/+5
| | | | looking better
* Minor wording change.Bruce Dubbs2022-09-131-1/+1
|
* bash: document egrep warnings in testsXi Ruoyao2022-09-141-0/+4
| | | | | The test suite says "Any output from any test, unless otherwise noted, indicates a possible anomaly". So we should note those warnings.
* libtool: document test failures related to grep-3.8Xi Ruoyao2022-09-141-3/+4
|
* ncurses: mention libncurses++w in contentsXi Ruoyao2022-09-141-0/+11
|
* ncurses: remove an outdated sentence about libncurses++w.aXi Ruoyao2022-09-141-2/+1
| | | | We now build the C++ binding as shared library.
* gcc: update sanity check command and output for default PIEXi Ruoyao2022-09-141-2/+2
| | | | Scrt1.o is used for PIE, instead of crt1.o.
* gcc: document that libssp is normally unusedXi Ruoyao2022-09-131-1/+2
| | | | | We are enabling default SSP now, so if someone runs "ldd /usr/bin/true" and see libssp is not used he/she may be puzzled.
* Restore gawk to working versionPierre Labastie2022-09-131-3/+3
| | | | Revert an inadvertent commit, sorry
* vim: no need to download spell filesXi Ruoyao2022-09-121-7/+8
| | | | They are already in the tarball, so just install them if needed.
* Typo in a commentPierre Labastie2022-09-111-1/+1
|
* Remove trailing spacesPierre Labastie2022-09-118-149/+149
|
* Replace tabs with spacesPierre Labastie2022-09-1113-229/+230
|
* Update changelog for PIE/SSP in GCCPierre Labastie2022-09-111-10/+22
|
* Comment on binutils test failures with pie/sspPierre Labastie2022-09-111-0/+4
|
* gcc: fix link to PIE & SSP noteXi Ruoyao2022-09-111-1/+2
| | | | | DocBook does not handle xref to note properly (#pie-ssp-info not generated).
* kernel: enable ASLR and SSPXi Ruoyao2022-09-111-2/+31
| | | | | It does not make too much sense to protect the userspace with PIE+ASLR and SSP but leave the kernel alone...
* Revert "linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now"Xi Ruoyao2022-09-111-12/+0
| | | | | | This reverts commit 098f4de3369ae0fc7d50fc6060b059eb5627de4e. CVE-2022-2590 is fixed in Linux >= 5.19.6.
* gcc: some reword of PIE/SSP/ASLR noteXi Ruoyao2022-09-112-12/+15
| | | | | | | | | | | | | | Expand tabs to 8 spaces like everywhere else in the book. Explain that shared libraries are already covered by ASLR, PIE expands the ASLR to cover the exetutables. In 2022, stack smashing attackings are mostly constructing a sequence of faked returning addresses to exectute a series of function already existing in the programs or libraries itself (ret2lib). Returning into the code injected by the attacker is almost impossible because on i686 (with a PAE/NX enabled kernel) or x86_64, running injected code needs W/X mappings and those are very rare these days.
* gcc-pass1: fix bold "and" in command explanationPierre Labastie2022-09-101-2/+2
|
* Document the --enable-default-pie/ssp optionsPierre Labastie2022-09-102-0/+35
| | | | Also document test failures in gcc chapter 8
* Use default-pie and default-ssp flags in gccPierre Labastie2022-09-093-0/+6
| | | | | | | | Committing only the commands for now, so that others can test the build. TODO: - add command explanations - add changelog - comment on failing tests in binutils and gcc
* Package Updates.Bruce Dubbs2022-09-073-110/+122
| | | | | | | | Update to shadow-4.12.3. Update to Python3-3.10.7. Update to linux-5.19.7. Update to less-608. Update to grep-3.8.
* whatnow: update online resources list for maintainanceXi Ruoyao2022-09-051-12/+7
| | | | | | | | Bugtraq is dead since 2021, use oss-sec instead. For CERT, cert.org redirects to CMU and us-cert.gov redirects to US CISA (https://www.cisa.gov/uscert/). I'm not familiar with those so left those for a US citizen to add :).
* some http -> https changesXi Ruoyao2022-09-0513-22/+22
|
* gcc-pass2: remove unnecessary --enable-initfini-array optionXi Ruoyao2022-09-011-10/+0
| | | | | | Forgot to remove this one when I removed it in pass 1... Reference: https://gcc.gnu.org/r12-1328
* groff: remove -j1Xi Ruoyao2022-09-011-3/+1
|
* Remove all non header files in linux headersPierre Labastie2022-08-311-2/+1
| | | | | Report by Joe Locash that a perl script was left in /usr/include with our current instructions
* Clean up after 11.2Bruce Dubbs2022-08-311-532/+2
|
* parition: mention EFI system partitionr11.2Xi Ruoyao2022-08-281-0/+5
| | | | Text only change. Simply refer to BLFS.
* python: supress "failed to check new pip version" or "a new pip version is ↵Xi Ruoyao2022-08-261-2/+14
| | | | | | available" warnings The non-text change during freeze is approved by bdubbs.
* grub: add a note about filesystem UUID and partition UUID usageXi Ruoyao2022-08-261-0/+32
| | | | Text only change.
* reboot: mention firmwaresXi Ruoyao2022-08-261-0/+5
| | | | | | Text only change. I've forgotten this several times for AMDGPU...
* grub: update description for grub-glue-efiXi Ruoyao2022-08-261-2/+1
| | | | | | | Text only change. Found out this utility also exists on ARM, so copied "grub-glue-efi --help" here, which does not mention "ia32" or "amd64".
* Don't use dummy.c for glibc sanity check in chap 5Pierre Labastie2022-08-251-5/+4
| | | | | | | | It seems glibc creates dummy.c for its own use. This leaves some dummy.xxx files in the directory, that may lead some users to think that the directory is not properly cleaned up after the test (I did :) So use a pipe so that only a.out is created
* linux kernel: reword description for CONFIG_X86_X2APICXi Ruoyao2022-08-251-4/+6
|
* glibc: don't mention "/lib" as ld.so search path anymoreXi Ruoyao2022-08-241-4/+3
| | | | | | | | | Text change only. Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib, /lib won't be searched by default anymore (if someone mess up the system by removing /lib symlink and create an real directory there, for example the initramfs before r10.1-439).
* linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for nowXi Ruoyao2022-08-241-0/+12
|
* linux kernel: enable CONFIG_X86_X2APICXi Ruoyao2022-08-241-0/+25
| | | | | | | | | | | It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot. If x2APIC is disabled or not available, the kernel with CONFIG_X86_X2APIC=y can still boot normally. No need to tag anything again because interrupt handling cannot affect userspace.
* glibc: update test statusXi Ruoyao2022-08-231-10/+6
| | | | | | | Text change only. Add tst-arc4random-thread failure recently reported to upstream, remove namespace related failures as they are UNSUPPORTED now in 2.36.
* mark linux-5.19.2 and shadow-4.12.2 as security fixXi Ruoyao2022-08-221-2/+2
|
* Update SBU times and disk usage for all packagesBruce Dubbs2022-08-211-96/+91
|
* Minor updatesBruce Dubbs2022-08-213-17/+17
|
* Update stats for systemd packages in preparation of 11.2-rc1Douglas R. Reno2022-08-211-6/+6
|
* stripping: also mention symbol table bisides debug symbolsXi Ruoyao2022-08-211-3/+9
|
* shadow: fix download URLXi Ruoyao2022-08-211-1/+1
|
* add changelog entries for last package updateXi Ruoyao2022-08-211-0/+38
|
* Intermediate update prior to lfs-11.2-rc1Bruce Dubbs2022-08-207-41/+47
|
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-05 21:48:31 +0000