Context Navigation

← Previous Changeset
Next Changeset →

Changeset dc39c7b

Timestamp:

09/14/2023 10:30:17 PM (8 months ago)

Author:

Thomas Trepl <thomas@…>

Branches:

multilib

Children:

ecf738a

Parents:

ea6fdf5 (diff), ba40e32 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Automatic merge of trunk into multilib

Files:

: 7 edited

chapter01/changelog.xml (modified) (1 diff)
chapter01/whatsnew.xml (modified) (2 diffs)
chapter03/patches.xml (modified) (1 diff)
chapter08/glibc.xml (modified) (3 diffs)
chapter09/network.xml (modified) (2 diffs)
chapter09/networkd.xml (modified) (2 diffs)
patches.ent (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

chapter01/changelog.xml

-              rea6fdf5
+              rdc39c7b
     appropriate for the entry or if needed the entire day's listitem.
     -->
+    <listitem>
+      <para>2023-09-13</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-4806 for Glibc-2.38.  Fixes
+          <ulink url='&lfs-ticket-root;5347'>#5347</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+    <listitem>
+      <para>2023-09-12</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-4527 for Glibc-2.38.  Fixes
+          <ulink url='&lfs-ticket-root;5346'>#5346</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
     <listitem>

chapter01/whatsnew.xml

-              rea6fdf5
+              rdc39c7b
     <listitem><para></para></listitem>  <!-- satisfy build -->
+    <!--<listitem>
+      <para>&grub-upstream-fixes-patch;</para>
+    </listitem>-->
+    <!--<listitem>
+      <para>&readline-fixes-patch;</para>
+    </listitem>-->
+    <!--<listitem revision="systemd">
+      <para>&systemd-upstream-patch;</para>
+    </listitem>-->
+    <listitem>
+      <para>&glibc-upstream-fixes-patch;</para>
+    </listitem>
   </itemizedlist>
 …
     <title>Removed:</title>
     <listitem><para></para></listitem>  <!-- satisfy build -->
+<!--
+    <listitem revision='sysv'>
+      <para>eudev-3.2.12</para>
+    </listitem>
+    <listitem>
+      <para>Pkg-config-0.29.2</para>
+    </listitem>
+    <listitem revision='systemd'>
+      <para>systemd-252-security_fix-1.patch</para>
+    </listitem>
+-->
+    <listitem>
+      <para>glibc-2.38-memalign_fix-1.patch</para>
+    </listitem>
   </itemizedlist>

chapter03/patches.xml

-              rea6fdf5
+              rdc39c7b
 -->
     <varlistentry>
       <term>Glibc Memalign Patch - <token>&glibc-memalign-patch-size;</token>:</term>
+      <term>Glibc Upstream Fixes Patch - <token>&glibc-upstream-fixes-patch-size;</token>:</term>
       <listitem>
         <para>Download: <ulink url="&patches-root;&glibc-memalign-patch;"/></para>
         <para>MD5 sum: <literal>&glibc-memalign-patch-md5;</literal></para>
+        <para>Download: <ulink url="&patches-root;&glibc-upstream-fixes-patch;"/></para>
+        <para>MD5 sum: <literal>&glibc-upstream-fixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>

chapter08/glibc.xml

-              rea6fdf5
+              rdc39c7b
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen>
+    <para>Now fix a regression causing the posix_memalign() function
+    to be very slow in some conditions:</para>
+<screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen>
+    <!-- CVE-2023-4527
+         https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+         https://sourceware.org/ml/libc-alpha/2023-September/151522.html -->
+    <para>Then fix a security vulnerability exploitable when the
+    <option>no-aaaa</option> option is used in
+    <filename>/etc/resolv.conf</filename>:</para>
+<screen><userinput remap="pre">sed \
+  -E "/__res_context_search/\
+      {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&amp;alt_dns_packet_buffer/}" \
+  -i resolv/nss_dns/dns-host.c</userinput></screen>
+    <para>Now fix two security vulnerabilities and a regression causing the
+    posix_memalign() function very slow in some conditions:</para>
+<screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen>
     <para>The Glibc documentation recommends building Glibc
 …
     following:</para>
 <screen><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
+<screen revision='sysv'><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
 <literal># Begin /etc/nsswitch.conf
 …
 hosts: files dns
+networks: files
+protocols: files
+services: files
+ethers: files
+rpc: files
+# End /etc/nsswitch.conf</literal>
+EOF</userinput></screen>
+<screen revision='systemd'><userinput>cat &gt; /etc/nsswitch.conf &lt;&lt; "EOF"
+<literal># Begin /etc/nsswitch.conf
+passwd: files systemd
+group: files systemd
+shadow: files systemd
+hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
 networks: files

chapter09/network.xml

-              rea6fdf5
+              rdc39c7b
      </indexterm>
+     <para>Decide on the IP address, fully-qualified domain name (FQDN), and
+     possible aliases for use in the <filename>/etc/hosts</filename> file. The
+     syntax is:</para>
+     <para>Decide on a fully-qualified domain name (FQDN), and possible aliases
+     for use in the <filename>/etc/hosts</filename> file. If using static IP
+     addresses, you'll also need to decide on an IP address. The syntax
+     for a hosts file entry is:</para>
 <screen><literal>IP_address myhost.example.org aliases</literal></screen>
 …
      range 0-255.</para>
+     <para>A valid private IP address could be 192.168.1.1. A valid FQDN for
+     this IP could be lfs.example.org.</para>
+     <para>Even if not using a network card, a valid FQDN is still required.
+     This is necessary for certain programs to operate correctly.</para>
+     <para>A valid private IP address could be 192.168.1.1.</para>
+     <para>If the computer is to be visible to the Internet, a valid FQDN
+     can be the domain name itself, or a string resulted by concatenating a
+     prefix (often the hostname) and the domain name with a <quote>.</quote>
+     character.  And, you need to contact the domain provider to resolve the
+     FQDN to your public IP address.</para>
+     <para>Even if the computer is not visible to the Internet, a FQDN is
+     still needed for certain programs, such as MTAs, to operate properly.
+     A special FQDN, <literal>localhost.localdomain</literal>, can be used
+     for this purpose.</para>
      <para>Create the  <filename>/etc/hosts</filename> file by running:</para>

chapter09/networkd.xml

-              rea6fdf5
+              rdc39c7b
      range 0-255.</para>
+     <para>A valid private IP address could be 192.168.1.1. A valid FQDN for
+     this IP could be lfs.example.org.</para>
+     <para>Even if not using a network card, a valid FQDN is still required.
+     This is necessary for certain programs, such as MTAs, to operate properly.</para>
+<!--
+     <para>Create the /etc/hosts file using the following command:</para>
+<screen role="nodump"><userinput>cat &gt; /etc/hosts &lt;&lt; "EOF"
+     <para>A valid private IP address could be 192.168.1.1.</para>
+     <para>If the computer is to be visible to the Internet, a valid FQDN
+     can be the domain name itself, or a string resulted by concatenating a
+     prefix (often the hostname) and the domain name with a <quote>.</quote>
+     character.  And, you need to contact the domain provider to resolve the
+     FQDN to your public IP address.</para>
+     <para>Even if the computer is not visible to the Internet, a FQDN is
+     still needed for certain programs, such as MTAs, to operate properly.
+     A special FQDN, <literal>localhost.localdomain</literal>, can be used
+     for this purpose.</para>
+     <para>Create the <filename>/etc/hosts</filename> file using the following
+     command:</para>
+<screen><userinput>cat &gt; /etc/hosts &lt;&lt; "EOF"
 <literal># Begin /etc/hosts
+.0.0.1 localhost.localdomain localhost
+.0.1.1 <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable>
+::1       localhost ip6-localhost ip6-loopback
+<replaceable>&lt;192.168.0.2&gt;</replaceable> <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>[alias1] [alias2] ...</replaceable>
+::1       ip6-localhost ip6-loopback
 ff02::1   ip6-allnodes
 ff02::2   ip6-allrouters
 …
 # End /etc/hosts</literal>
 EOF</userinput></screen>
+-->
+     <para>Create the <filename>/etc/hosts</filename> file using the following
+     command:</para>
+<screen><userinput>cat &gt; /etc/hosts &lt;&lt; "EOF"
+<literal># Begin /etc/hosts
+.0.0.1 localhost.localdomain localhost
+.0.1.1 <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable>
+<replaceable>&lt;192.168.0.2&gt;</replaceable> <replaceable>&lt;FQDN&gt;</replaceable> <replaceable>&lt;HOSTNAME&gt;</replaceable> <replaceable>[alias1] [alias2] ...</replaceable>
+::1       localhost ip6-localhost ip6-loopback
+ff02::1   ip6-allnodes
+ff02::2   ip6-allrouters
+# End /etc/hosts</literal>
+EOF</userinput></screen>
+     <para>The <replaceable>&lt;192.168.0.2&gt;</replaceable>,
+     <replaceable>&lt;FQDN&gt;</replaceable>, and
+     <replaceable>&lt;HOSTNAME&gt;</replaceable> values need to be
+     <para>The <replaceable>&lt;192.168.0.2&gt;</replaceable> and
+     <replaceable>&lt;FQDN&gt;</replaceable> values need to be
      changed for specific uses or requirements (if assigned an IP address by a
      network/system administrator and the machine will be connected to an
      existing network). The optional alias name(s) can be omitted, and the
      <replaceable>&lt;192.168.0.2&gt;</replaceable> line can be omitted if you
+     are using a connection configured with DHCP or IPv6 Autoconfiguration.</para>
+     are using a connection configured with DHCP or IPv6 Autoconfiguration,
+     or using <literal>localhost.localdomain</literal> as the FQDN.</para>
+     <para>The <filename>/etc/hostname</filename> does not contain entries
+     for <literal>localhost</literal>,
+     <literal>localhost.localdomain</literal>, or the hostname (without a
+     domain) because they are handled by the
+     <systemitem class='library'>myhostname</systemitem> NSS module, read
+     the man page <filename>nss-myhostname(8)</filename> for details.</para>
      <para>The ::1 entry is the IPv6 counterpart of 127.0.0.1 and represents
+     the IPv6 loopback interface. 127.0.1.1 is a loopback entry reserved
+     specifically for the FQDN.</para>
+     the IPv6 loopback interface.</para>
    </sect2>

patches.ent

-              rea6fdf5
+              rdc39c7b
 <!ENTITY glibc-fhs-patch-size "2.8 KB">
 <!ENTITY glibc-memalign-patch "glibc-&glibc-version;-memalign_fix-1.patch">
 <!ENTITY glibc-memalign-patch-md5 "2c3552bded42a83ad6a7087c5fbf3857">
 <!ENTITY glibc-memalign-patch-size "20 KB">
+<!ENTITY glibc-upstream-fixes-patch "glibc-&glibc-version;-upstream_fixes-1.patch">
+<!ENTITY glibc-upstream-fixes-patch-md5 "2e347e291804b62a18a43a8cdc79e01e">
+<!ENTITY glibc-upstream-fixes-patch-size "24 KB">
 <!ENTITY grub-upstream-fixes-patch "grub-&grub-version;-upstream_fixes-1.patch">

Note: See TracChangeset for help on using the changeset viewer.