From bb189b08be8e84e1f7cccb1b47371b5ca5acb94c Mon Sep 17 00:00:00 2001
From: Bruce Dubbs <bdubbs@linuxfromscratch.org>
Date: Fri, 24 Apr 2015 03:19:38 +0000
Subject: Added a fix for security issue in Glibc (CVE-2015-1781). Thanks to
 Ken Moffat for identifying the proplem and the fix.

Fixed Ncurses and Perl build with GCC 5. Thanks to Ken Moffat and
Douglas R. Reno for providing the patches.

Updated to GCC-5.1.0.  Imported changes from systemd version.


git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@10903 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
---
 chapter01/changelog.xml | 20 ++++++++++++++++++++
 chapter01/whatsnew.xml  | 12 ++++++++++--
 chapter03/patches.xml   | 18 +++++++++++++-----
 chapter05/glibc.xml     | 13 ++++++++++++-
 chapter05/libstdc++.xml |  3 +--
 chapter05/ncurses.xml   |  5 +++++
 chapter06/glibc.xml     | 24 ++++++++++--------------
 chapter06/ncurses.xml   |  5 +++++
 chapter06/perl.xml      |  9 +++++----
 general.ent             |  6 +++---
 packages.ent            | 24 ++++++++++++------------
 patches.ent             | 12 +++++++-----
 12 files changed, 103 insertions(+), 48 deletions(-)

diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index 54f1e5d60..357f16f01 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -36,6 +36,26 @@
     </listitem>
 -->
 
+    <listitem>
+      <para>2015-04-24</para>
+      <itemizedlist>
+        <listitem>
+          <para>[krejzi] - Added a fix for security issue
+          in Glibc (CVE-2015-1781). Thanks to Ken Moffat
+          for identifying the proplem and the fix.</para>
+        </listitem>
+        <listitem>
+          <para>[krejzi] - Fixed Ncurses and Perl build
+          with GCC 5. Thanks to Ken Moffat and Douglas
+          R. Reno for providing the patches.</para>
+        </listitem>
+        <listitem>
+          <para>[krejzi] - Updated to GCC-5.1.0. Fixes
+          <ulink url="&lfs-ticket-root;3779">#3779</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2015-04-21</para>
       <itemizedlist>
diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml
index 6ad7c639b..a5770c97a 100644
--- a/chapter01/whatsnew.xml
+++ b/chapter01/whatsnew.xml
@@ -85,9 +85,9 @@
     <!--<listitem>
       <para>Gawk &gawk-version;</para>
     </listitem>-->
-    <!--<listitem>
+    <listitem>
       <para>GCC &gcc-version;</para>
-    </listitem>-->
+    </listitem>
     <!--<listitem>
       <para>GDBM &gdbm-version;</para>
     </listitem>-->
@@ -248,6 +248,14 @@
       <para>Tcl-core-&tcl-version;</para>
     </listitem>
 
+    <listitem>
+      <para>&ncurses-gcc5-buildfixes-patch;</para>
+    </listitem>
+
+    <listitem>
+      <para>&perl-gcc5-fixes-patch;</para>
+    </listitem>
+
     <!--<listitem>
       <para>&bash-fixes-patch;</para>
     </listitem>-->
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index 6cc70cfcb..d55746f46 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -123,15 +123,23 @@
         <para>MD5 sum: <literal>&mpfr-fixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
-<!--
+
     <varlistentry>
-      <term>Perl Data::Dumper Patch - <token>&perl-fix-patch-size;</token>:</term>
+      <term>Ncurses GCC 5 Fixes Patch - <token>&ncurses-gcc5-buildfixes-patch-size;</token>:</term>
       <listitem>
-        <para>Download: <ulink url="&patches-root;&perl-fix-patch;"/></para>
-        <para>MD5 sum: <literal>&perl-fix-patch-md5;</literal></para>
+        <para>Download: <ulink url="&patches-root;&ncurses-gcc5-buildfixes-patch;"/></para>
+        <para>MD5 sum: <literal>&ncurses-gcc5-buildfixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
--->
+
+    <varlistentry>
+      <term>Perl GCC 5 Fixes Patch - <token>&perl-gcc5-fixes-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&perl-gcc5-fixes-patch;"/></para>
+        <para>MD5 sum: <literal>&perl-gcc5-fixes-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
     <varlistentry>
       <term>Readline Upstream Fixes Patch - <token>&readline-fixes-patch-size;</token>:</term>
       <listitem>
diff --git a/chapter05/glibc.xml b/chapter05/glibc.xml
index 974a7292f..9916b4fb2 100644
--- a/chapter05/glibc.xml
+++ b/chapter05/glibc.xml
@@ -43,6 +43,7 @@
   <sect2 role="installation">
     <title>Installation of Glibc</title>
 
+<!-- The enable-obsolete-rpc should handle this just fine.
     <para>In some cases, particularly LFS 7.1, the rpc headers were not
     installed properly.  Test to see if they are installed in the host system
     and install if they are not:</para>
@@ -51,7 +52,7 @@
   su -c 'mkdir -pv /usr/include/rpc'
   su -c 'cp -v sunrpc/rpc/*.h /usr/include/rpc'
 fi</userinput></screen>
-
+-->
     <para>Fix a regression in the package that affects 32-bit architectures:</para>
 
 <screen><userinput remap="pre">sed -e '/ia32/s/^/1:/' \
@@ -87,6 +88,7 @@ esac</userinput></screen>
       --build=$(../glibc-&glibc-version;/scripts/config.guess) \
       --disable-profile                             \
       --enable-kernel=&min-kernel;                        \
+      --enable-obsolete-rpc                         \
       --with-headers=/tools/include                 \
       libc_cv_forced_unwind=yes                     \
       libc_cv_ctors_header=yes                      \
@@ -121,6 +123,15 @@ esac</userinput></screen>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><parameter>--enable-obsolete-rpc</parameter></term>
+        <listitem>
+          <para>This installs NIS and RPC related headers that are not
+          installed by default. They are required to build GCC and by
+          several BLFS packages.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><parameter>--with-headers=/tools/include</parameter></term>
         <listitem>
diff --git a/chapter05/libstdc++.xml b/chapter05/libstdc++.xml
index 9af130f4b..29d7f2739 100644
--- a/chapter05/libstdc++.xml
+++ b/chapter05/libstdc++.xml
@@ -50,7 +50,7 @@
 
     <para>Create a directory for Libstdc++ and enter it:</para>
 
-<screen><userinput remap="pre">mkdir -pv ../gcc-build
+<screen><userinput remap="pre">mkdir -v ../gcc-build
 cd ../gcc-build</userinput></screen>
 
     <para>Prepare Libstdc++ for compilation:</para>
@@ -59,7 +59,6 @@ cd ../gcc-build</userinput></screen>
     --host=$LFS_TGT                 \
     --prefix=/tools                 \
     --disable-multilib              \
-    --disable-shared                \
     --disable-nls                   \
     --disable-libstdcxx-threads     \
     --disable-libstdcxx-pch         \
diff --git a/chapter05/ncurses.xml b/chapter05/ncurses.xml
index a18a9c819..336172b59 100644
--- a/chapter05/ncurses.xml
+++ b/chapter05/ncurses.xml
@@ -43,6 +43,11 @@
   <sect2 role="installation">
     <title>Installation of Ncurses</title>
 
+    <para>First, apply a patch to prevent a build failure
+    when building with GCC 5:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&ncurses-gcc5-buildfixes-patch;</userinput></screen>
+
     <para>Prepare Ncurses for compilation:</para>
 
 <screen><userinput remap="configure">./configure --prefix=/tools \
diff --git a/chapter06/glibc.xml b/chapter06/glibc.xml
index c9cfa5aaf..9c53628f9 100644
--- a/chapter06/glibc.xml
+++ b/chapter06/glibc.xml
@@ -74,6 +74,16 @@
     -e '/SSE2/s/^1://' \
     -i  sysdeps/i386/i686/multiarch/mempcpy_chk.S</userinput></screen>
 
+    <para>Fix a potential security issue identified upstream:</para>
+
+<screen><userinput remap="pre">sed -i '/glibc.*pad/{i\  buflen = buflen > pad ? buflen - pad : 0;
+                     s/ + pad//}' resolv/nss_dns/dns-host.c</userinput></screen>
+
+    <para>Fix a test case that fails when built using GCC 5:</para>
+
+<screen><userinput remap="pre">sed -e '/tst-audit2-ENV/i CFLAGS-tst-audit2.c += -fno-builtin' \
+    -i elf/Makefile</userinput></screen>
+
     <para>The Glibc documentation recommends building Glibc outside of the source
     directory in a dedicated build directory:</para>
 
@@ -88,20 +98,6 @@ cd ../glibc-build</userinput></screen>
     --enable-kernel=&min-kernel; \
     --enable-obsolete-rpc</userinput></screen>
 
-    <variablelist>
-      <title>The meaning of the new configure options:</title>
-
-      <varlistentry>
-        <term><parameter>--enable-obsolete-rpc</parameter></term>
-        <listitem>
-          <para>Installs NIS and RPC related headers that are not installed by
-          default; these are required to rebuild Glibc and by several BLFS
-          packages.</para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
     <para>Compile the package:</para>
 
 <screen><userinput remap="make">make</userinput></screen>
diff --git a/chapter06/ncurses.xml b/chapter06/ncurses.xml
index 70aca29fe..c82bfa5e0 100644
--- a/chapter06/ncurses.xml
+++ b/chapter06/ncurses.xml
@@ -41,6 +41,11 @@
   <sect2 role="installation">
     <title>Installation of Ncurses</title>
 
+    <para>First, apply a patch to prevent a build failure
+    when building with GCC 5:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&ncurses-gcc5-buildfixes-patch;</userinput></screen>
+
     <para>Don't install a static library that is not handled by configure:</para>
 
 <screen><userinput remap="pre">sed -i '/LIBTOOL_INSTALL/d' c++/Makefile.in</userinput></screen>
diff --git a/chapter06/perl.xml b/chapter06/perl.xml
index 35de645ba..6ace9d861 100644
--- a/chapter06/perl.xml
+++ b/chapter06/perl.xml
@@ -55,11 +55,12 @@
 
 <screen><userinput remap="pre">export BUILD_ZLIB=False
 export BUILD_BZIP2=0</userinput></screen>
-<!--
-    <para>Fix a potential security problem:</para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../&perl-fix-patch;</userinput></screen>
--->
+    <para>Apply a patch to allow the Errno.pm module and the h2ph
+    program to build correctly when building with GCC 5:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&perl-gcc5-fixes-patch;</userinput></screen>
+
     <para>To have full control over the way Perl is set up, you can remove the
     <quote>-des</quote> options from the following command and hand-pick the way
     this package is built. Alternatively, use the command exactly as below to
diff --git a/general.ent b/general.ent
index 89a397b01..974638b94 100644
--- a/general.ent
+++ b/general.ent
@@ -1,14 +1,14 @@
-<!ENTITY version         "SVN-20150421">
+<!ENTITY version         "SVN-20150424">
 <!ENTITY short-version   "svn">  <!-- Used below in &blfs-book;. Change to x.y for release 
                                       but not -rc releases -->
-<!ENTITY releasedate     "April 21, 2015">
+<!ENTITY releasedate     "April 24, 2015">
 <!ENTITY copyrightdate   "1999-2015"><!-- jhalfs needs a literal dash, not &ndash; -->
 <!ENTITY milestone       "7.8">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->
 
 <!ENTITY lfs-root        "http://www.linuxfromscratch.org/">
 <!ENTITY blfs-root       "&lfs-root;blfs/">
-<!ENTITY blfs-book       "&blfs-root;view/&short-version;/"> 
+<!ENTITY blfs-book       "&blfs-root;view/&short-version;/">
 <!ENTITY faq-root        "&lfs-root;faq/">
 <!ENTITY hints-root      "&lfs-root;hints/downloads/files/">
 <!ENTITY hints-index     "&lfs-root;hints/list.html">
diff --git a/packages.ent b/packages.ent
index 4837299ce..875d256e2 100644
--- a/packages.ent
+++ b/packages.ent
@@ -196,20 +196,20 @@
 <!ENTITY gawk-ch6-du "39 MB">
 <!ENTITY gawk-ch6-sbu "0.3 SBU">
 
-<!ENTITY gcc-version "4.9.2">
-<!ENTITY gcc-size "87,832 KB">
+<!ENTITY gcc-version "5.1.0">
+<!ENTITY gcc-size "92,736 KB">
 <!ENTITY gcc-url "&gnu;gcc/gcc-&gcc-version;/gcc-&gcc-version;.tar.bz2">
-<!ENTITY gcc-md5 "4df8ee253b7f3863ad0b86359cd39c43">
+<!ENTITY gcc-md5 "d5525b1127d07d215960e6051c5da35e">
 <!ENTITY gcc-home "http://gcc.gnu.org/">
-<!ENTITY gcc-ch5p1-du "2.0 GB">
-<!ENTITY gcc-ch5p1-sbu "5.9 SBU">
-<!ENTITY gcc-ch5p2-du "2.6 GB">
-<!ENTITY gcc-ch5p2-sbu "7.7 SBU">
-<!ENTITY gcc-ch6-du "2.9 GB ">
-<!ENTITY gcc-ch6-sbu "63 SBU (with tests)">
-
-<!ENTITY libstdcpp-ch5-du "798 MB">
-<!ENTITY libstdcpp-ch5-sbu "0.3 SBU">
+<!ENTITY gcc-ch5p1-du "2.4 GB">
+<!ENTITY gcc-ch5p1-sbu "8.0 SBU">
+<!ENTITY gcc-ch5p2-du "2.8 GB">
+<!ENTITY gcc-ch5p2-sbu "10.2 SBU">
+<!ENTITY gcc-ch6-du "2.6 GB ">
+<!ENTITY gcc-ch6-sbu "92 SBU (with tests)">
+
+<!ENTITY libstdcpp-ch5-du "838 MB">
+<!ENTITY libstdcpp-ch5-sbu "0.4 SBU">
 
 <!ENTITY gdbm-version "1.11">
 <!ENTITY gdbm-size "796 KB">
diff --git a/patches.ent b/patches.ent
index 3b81bc0d6..405ebc879 100644
--- a/patches.ent
+++ b/patches.ent
@@ -30,11 +30,13 @@
 <!ENTITY mpfr-fixes-patch-md5 "5ba8bafe42920d6e570567529629bc59">
 <!ENTITY mpfr-fixes-patch-size "38 KB">
 
-<!--
-<!ENTITY perl-fix-patch "perl-&perl-version;-infinite_recurse_fix-1.patch">
-<!ENTITY perl-fix-patch-md5 "579dfed34e97e0a2fe21b74aa53946ac">
-<!ENTITY perl-fix-patch-size "11 KB">
--->
+<!ENTITY ncurses-gcc5-buildfixes-patch "ncurses-&ncurses-version;-gcc5_buildfixes-1.patch">
+<!ENTITY ncurses-gcc5-buildfixes-patch-md5 "f9015f670940350a3fc3c2ef347e2b33">
+<!ENTITY ncurses-gcc5-buildfixes-patch-size "4 KB">
+
+<!ENTITY perl-gcc5-fixes-patch "perl-&perl-version;-gcc5_fixes-1.patch">
+<!ENTITY perl-gcc5-fixes-patch-md5 "30f4907f63ec3ef7d50fa55e12d2923e">
+<!ENTITY perl-gcc5-fixes-patch-size "8 KB">
 
 <!ENTITY readline-fixes-patch "readline-&readline-version;-upstream_fixes-3.patch">
 <!ENTITY readline-fixes-patch-md5 "6b0d9f4e79319d56a7fee9b35e5cfd1b">
-- 
cgit v1.2.3-54-g00ecf