Sunday, January 12, 2020

LFS Updates

Since I got side tracked for so long, the LFS book has been updated since I originally downloaded it back in May of 2019.  As I was performing steps for Section 3.3 earlier this past week, I found that the patches section from the LFS server no longer matched what was in my book, so now it is time to update the book, and update anything else that may have gotten out of date over the past 6 months.

LFS Book update.

 gentoo@livecd ~ $ cd /gentooScratch/sources/lfs_book/  
 gentoo@livecd /gentooScratch/sources/lfs_book $ ls  
 BOOK book_output  
 gentoo@livecd /gentooScratch/sources/lfs_book $ cd BOOK/  
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $ ls  
 INSTALL  appendices       chapter01 chapter04 chapter07 general.ent lfs-bootscripts-20190524.tar.bz2 obfuscate.sh pdf-fixups.sh      stylesheets  
 Makefile aux-file-data.sh chapter02 chapter05 chapter08 images      lfs-latest.php                   packages.ent process-scripts.sh tidy.conf  
 README   bootscripts      chapter03 chapter06 chapter09 index.xml   make-aux-files.sh                patches.ent  prologue           udev-lfs  
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $ svn update  
 Updating '.':  
 U  chapter01/changelog.xml  
 U  chapter01/whatsnew.xml  
 U  chapter06/meson.xml  
 U  chapter06/libcap.xml  
 U  chapter06/systemd.xml  
 U  chapter06/chapter06.xml  
 U  chapter06/bison.xml  
 U  chapter06/shadow.xml  
 U  chapter06/bash.xml  
 U  chapter06/libelf.xml  
 U  chapter06/libffi.xml  
 U  chapter06/python.xml  
 U  chapter06/gettext.xml  
 U  chapter06/check.xml  
 U  chapter06/binutils.xml  
 U  chapter06/linux-headers.xml  
 U  chapter06/glibc.xml  
 U  chapter06/openssl.xml  
 U  chapter06/findutils.xml  
 U  chapter06/gcc.xml  
 U  chapter06/creatingdirs.xml  
 U  chapter06/bc.xml  
 U  chapter06/ninja.xml  
 U  chapter06/eudev.xml  
 U  chapter06/libtool.xml  
 U  chapter06/vim.xml  
 U  chapter06/util-linux.xml  
 U  chapter06/e2fsprogs.xml  
 U  chapter06/perl.xml  
 U  packages.ent  
 U  chapter09/theend.xml  
 U  chapter09/reboot.xml  
 U  general.ent  
 U  appendices/dependencies.xml  
 U  chapter05/bzip2.xml  
 U  chapter05/linux-headers.xml  
 U  chapter05/m4.xml  
 U  chapter05/perl.xml  
 U  chapter05/findutils.xml  
 U  chapter03/patches.xml  
 U  patches.ent  
 U  chapter04/addinguser.xml  
 U  bootscripts/ChangeLog  
 U  bootscripts/lfs/init.d/checkfs  
 U  bootscripts/lfs/init.d/sysklogd  
 U  bootscripts/lfs/init.d/network  
 U  bootscripts/lfs/init.d/mountfs  
 U  bootscripts/lfs/init.d/swap  
 U  bootscripts/lfs/init.d/console  
 U  bootscripts/lfs/init.d/localnet  
 U  bootscripts/lfs/init.d/setclock  
 U  bootscripts/lfs/init.d/udev_retry  
 U  bootscripts/lfs/init.d/modules  
 U  bootscripts/lfs/init.d/mountvirtfs  
 U  bootscripts/lfs/init.d/sysctl  
 U  bootscripts/lfs/init.d/udev  
 U  prologue/why.xml  
 U  prologue/standards.xml  
 U  prologue/bookinfo.xml  
 U  chapter07/systemd-custom.xml  
 U  chapter08/kernel.xml  
 U  chapter02/hostreqs.xml  
 U  chapter02/creatingpartition.xml  
 U  lfs-latest.php  
 U  Makefile  
 U  aux-file-data.sh  
 U  make-aux-files.sh  
 Updated to revision 11722. 
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $ sudo zfs snapshot gentooScratch/sources/lfs_book@SVN_UPDATE_rev_11722 
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $

So I have updated from revision 11610 to 11722, so there have been about 112 updates checked in since I originally obtained the book.  Next step after updating is of course is to rebuild the book.
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $ make clean; make REV=systemd BASEDIR=/gentooScratch/sources/lfs_book/book_output   
 make: *** No rule to make target 'clean'. Stop.  
 Creating and cleaning /home/gentoo/tmp  
 Processing bootscripts...  
 Adjusting for revision systemd...  
 Validating the book...  
 Validation complete.  
 Generating profiled XML for XHTML...  
 Generating chunked XHTML files at /gentooScratch/sources/lfs_book/book_output/ ...  
 Copying CSS code and images...  
 Running Tidy and obfuscate.sh...  
 Generating consolidated wget list at /gentooScratch/sources/lfs_book/book_output/wget-list ...  
 Generating consolidated md5sum file at /gentooScratch/sources/lfs_book/book_output/md5sums ...  
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $ sudo zfs snapshot gentooScratch/sources/lfs_book@book_11722_built  
 gentoo@livecd /gentooScratch/sources/lfs_book/BOOK $
After reloading the book in my browser I now get:
Which is updated and different than the value I got back in may from this blog entry.

LFS Section 2.3 Requirement Changes

A quick browser through the 'Host System Requirements', it looks like my gentoo system still meets or exceeds the expected versions.  The only real difference I noted is the 'requirements' now says GCC 6.2 instead of GCC 5.2.  Not sure if exactly one entire major version bump is a typo or not, my system uses the GCC 5.4.0.  My target version repository is currently set to version 9.1.  If I have trouble building my bootstrap version, I can always build an updated gcc 6.2 chain from my repository, and then use that to build the 9.1.

LFS Section 3.1 Easy Tar Ball Download Changes

I re-perform the easy step to get the latest recommended tarballs similarly to how I performed in my previous 'LFS sections 2.5 through 3.1'  blog entry using the following command:

      wget --input-file=/gentooScratch/sources/lfs_book/book_output/wget-list --continue --directory-prefix=$LFS/sources/lfs_tarballs

and

      zfs snapshot rootPool/root_fs/sources/lfs_tarballs@lfs_book_20200109_updated_tars

Which downloads the following
  • acl-2.2.53.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • attr-2.4.48.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • autoconf-2.69.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • automake-1.16.1.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • bash-5.0.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • bc-2.4.0.tar.gz  [249154 bytes, previous version was bc-1.07.1.tar.gz ] 
  • binutils-2.33.1.tar.xz [21490848 bytes, previous was binutils-2.32.tar.xz ] 
  • bison-3.5.tar.xz [2341024 bytes, previous was bison-3.3.2.tar.xz ] 
  • bzip2-1.0.8.tar.gz [810029 bytes, previous was bzip2-1.0.6.tar.gz ] 
  • check-0.13.0.tar.gz [771029 bytes, previous was check-0.12.0.tar.gz ]  
  • coreutils-8.31.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • dbus-1.12.16.tar.gz [2093296 bytes, previous was dbus-1.12.12.tar.gz ] 
  • dejagnu-1.6.2.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • diffutils-3.7.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • e2fsprogs-1.45.5.tar.gz [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • elfutils-0.178.tar.bz2 [9007557 bytes, previous was elfutils-0.176.tar.bz2 ] 
  • eudev-3.2.9.tar.gz [1959836 bytes, previous was eudev-3.2.7.tar.gz ]
  • expat-2.2.9.tar.gz [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • expect5.45.4.tar.gz [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • file-5.38.tar.gz [9325288 bytes, previous was file-5.37.tar.gz ] 
  • findutils-4.7.0.tar.xz [1895048 bytes, previous was findutils-4.6.0.tar.gz ] 
  • flex-2.6.4.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • gawk-5.0.1.tar.xz [3136004 bytes, previous was gawk-5.0.0.tar.xz] 
  • gcc-9.2.0.tar.xz [70607648 bytes, previous was gcc-9.1.0.tar.xz] 
  • gbdm-1.18-1.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • gettext-0.20.1.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • glibc-2.30.tar.xz  [16576920 bytes, previous was glibc-2.29.tar.xz] 
  • gmp-6.1.2.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • gperf-3.1.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • grep-3.4.tar.xz [1555820 bytes, previous was grep-3.3.tar.xz] 
  • groff-1.22.4.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • grub-2.04.tar.xz  [6393864 bytes, previous was grub-2.02.tar.xz] 
  • gzip-1.10.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • iana-etc-2.30.tar.bz2 [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • inetutils-1.9.4.tar.xz  [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • intltool-0.51.0.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • iproute2-5.4.0.tar.xz [741328 bytes, previous was iproute2-5.1.0.tar.xz] 
  • kbd-2.2.0.tar.xz [1115220 bytes, previous was kbd-2.0.4.tar.xz] 
  • kmod-26.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • less-551.tar.gz [347007 bytes, previous was less-530.tar.gz]  
  • lfs-bootscripts-20191031.tar.xz  [32632 bytes, previous was lfs-bootscripts-20190524.tar.bz2] 
  • libcap-2.30.tar.xz [98528 bytes, previous was libcap-2.27.tar.xz]  
  • libffi-3.3.tar.gz  [1305466 bytes, previous was libffi-3.2.1.tar.gz] 
  • libpipeline-1.5.2.tar.gz [994071 bytes, previous was libpipeline-1.5.1.tar.gz]  
  • libtool-2.4.6.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • linux-5.4.8.tar.xz [109456792 bytes, previous was linux-5.1.3.tar.xz] 
  • m4-1.4.18.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • make-4.2.1.tar.gz [1977576 bytes, previous was make-4.2.1.tar.bz2 (same ver; diff archive)]  
  • man-db-2.9.0.tar.xz [1857216 bytes, previous was man-db-2.8.5.tar.xz]  
  • man-pages-5.04.tar.xz [1684044 bytes, previous was man-pages-5.01.tar.xz]  
  • meson-0.53.0.tar.gz [1548224 bytes, previous was meson-0.50.1.tar.gz] 
  • mpc-1.1.0.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]  
  • mpfr-4.0.2.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • ninja-1.9.0.tar.gz [190860 bytes, new did not previosly have ninja tar ball ] 
  • ncurses-6.1.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • openssl-1.1.1d.tar.gz [8845861 bytes, previous was openssl-1.1.1b.tar.gz] 
  • patch-2.7.6.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • perl-5.30.1.tar.xz [12367844 bytes, previous was perl-5.28.2.tar.xz]  
  • pkg-config-0.29.2.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • procps-ng-3.3.15.tar.xz [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • psmisc-23.2.tar.xz [sslv3 alert handshake failure / Unable to establish SSL connection.]    
  • Python-3.8.1.tar.xz [17828408 bytes, previous was Python-3.7.3.tar.xz]  
  • python-3.8.1-docs-html.tar.bz2  [6527362 bytes, previous was python-3.7.3-docs-html.tar.bz2] 
  • readline-8.0.tar.gz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • sed-4.7.tar.xz [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • shadow-4.8.tar.xz [1609060 bytes, previous was shadow-4.6.tar.xz]  
  • sysklogd-1.5.1.tar.gz  [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • systemd-244.tar.gz [8445963 bytes, previous was systemd-241.tar.gz]  
  • systemd-man-pages-244.tar.xz [517875 bytes, previous was systemd-man-pages-241.tar.xz]  
  • sysvinit-2.96.tar.xz [122164 bytes, previous was sysvinit-2.94.tar.xz]  
  • tar-1.32.tar.xz  [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • tcl8.6.10-src.tar.gz [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • texinfo-6.7.tar.xz [4337984 bytes, previous was texinfo-6.6.tar.xz]  
  • tzdata2019c.tar.gz [392087 bytes, previous was tzdata2019a.tar.gz] 
  • udev-lfs-20171102.tar.xz [10280 bytes, previous was udev-lfs-20171102.tar.bz2 (same ver; diff archive)]  
  • util-linux-2.34.tar.xz [4974812 bytes, previous was util-linux-2.33.2.tar.xz]  
  • vim-8.2.0024.tar.gz [14650417 bytes, previous was vim-8.1.tar.bz2] 
  • XML-Parser-2.46.tar.gz [254763 bytes, previous was XML-Parser-2.44.tar.gz]  
  • xz-5.2.4.tar.xz  [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • zlib-1.2.11.tar.xz  [sslv3 alert handshake failure / Unable to establish SSL connection.]   
  • bash-5.0-upstream_fixes-1.patch [21672 bytes, new did not previosuly have patch ] 
  • bzip2-1.0.8-install_docs-1.patch  [1684 bytes, new did not previously have patch ]  
  • coreutils-8.31-i18n-1.patch   [FILE ALREADY RETRIEVED; NOTHING TO DO]   
  • glibc-2.30-fhs-1.patch [2804 bytes, previous was glibc-2.29-fhs-1.patch]  
  • kbd-2.2.0-backspace-1.patch [12640 bytes, previous was kbd-2.0.4-backspace-1.patch]  
  • sysvinit-2.96-consolidated-1.patch [2468 bytes, previous was sysvinit-2.94-consolidated-4.patch] 
Like in my previous blog entry, there were several files that failed due to SSL errors, the list of packages this time are as follows:

  • e2fsprogs-1.45.5.tar.gz
  • expat-2.2.9.tar.gz
  • expect5.45.4.tar.gz (same ver previously manually downloaded)
  • procps-ng-3.3.15.tar.xz (same ver previously manually downloaded)
  • psmisc-23.2.tar.xz (same ver previously manually downloaded)
  • tcl8.6.10-src.tar.gz
  • xz-5.2.4.tar.xz (same ver previously manually downloaded)
  • zlib-1.2.11.tar.xz (same ver previously manually downloaded)
I manually downloaded the 3 new/updated files that had download errors from the wget script, and created a new snapshot.  Afterwards I removed the 'old' versions and created a new snapshot.

LFS Section 3.2 All Package changes.

For the all packages, I already have the repositories, however some repositories may need to be updated and/or switch or checkout and updated tagged version.  For each package I will fetch a repository update, afterwhich I will perform a single snapshot for the updated repositories.
  • acl (book 2.2.53)
    • no updates found, at version v2.2.53 already
  • attr (book 2.4.48)
    •  updates found, at version v2.4.48 already
  • autoconf (book 2.69)
    •  updates found, at version v2.69 already
  • automake (book 1.16.1)
    • updates found, at version v1.16.1 already
  • bash (book 5.0)
    •  updates found, at version bash-5.0 already
  • bc (book 2.4.0)
    • no updates found, at version bc-1.07.1+LFS
    • Need to change origin
      • previous origin used was https://github.com/fivepiece/gnu-bc
      • LFS points to https://github.com/gavinhoward/bc
        • git fetch --tags https://github.com/gavinhoward/bc
        • git checkout 2.4.0
        • git remote set-url origin https://github.com/gavinhoward/bc
  • binutils (book 2.33.1)
    • updates found, updated from binutils-2_32 to binutils-2_33_1
  • bison (book 3.5)
    • updates found, updates from v3.3.2 to v3.4.92 (no tag/release for 3.5...)
  • bzip2 (book 1.0.8)
    • no git updates found, only version 1.0.6
    • Need to change origin
      • Original origin used was git://git.code.sf.net/p/bzip2/bzip2
      • Additional research turns up git://sourceware.org/git/bzip2.git
        • git remote add originallfs git://git.code.sf.net/p/pzip2/bzip2
        • git remote set-url origin git://sourceware.org/git/bzip2.git
        • git fetch --tags
        • git checkout bzip2-1.0.8
  • check (book 0.13.0)
    • updates found, updated from 0.12.0 to 0.13.0
  • coreutils (book 8.31)
    • updates found, at version v8.31 already
  • dbus (book 1.12.16)
    • updates found, updated from dbus-1.12.12 to dbus-1.12.16
  • dejagnu (book 1.6.2)
    • no updates found, at version 1.6.2 already
  • diffutils (book 3.7)
    • updates found, already at version v3.7
  • e2fsprogs (book 1.45.5)
    • no updates found, already at version v1.45.5
  • elfutils (book 0.178)
    • updates found, updated from elfutils-0.176 to elfutils-0.178
  • expat (book 2.2.9)
    • updates found, updated from R_2_2_6 to R_2_2_9
  • expect (book 5.45.4)
    • Not an original git repo, re-performed expect steps found in 'LFS -- All Packages from Section 3.2' again (after moving older versions to an 'old' dirctory.)
    • Tags still only had 'exepect_5_45' as current latest.
  • file (book 5.38)
    • updates found, updated from FILE5_37 to FILE5_38
  • findutils (book 4.7.0)
    • updates found, updated from v4.6.0 to v4.7.0
  • flex (book 2.6.4)
    • updates found, already at v2.6.4
  • gawk (book 5.0.1)
    • updates found, updated from gawk-5.0.0 to gawk-5.0.1
  • gcc (book 9.2.0)
    • updates found, updates from gcc-9_1_0-release to releases/gcc-9.2.0
  • gdbm (book 1.18.1)
    • updates found, already at v1.18.1
  • gettext (book 0.20.1)
    • updates found, already at v0.20.1
  • glibc (book 2.30)
    • updates found, updated from release/2.29/master to glibc-2.30
  • gmp (book 6.1.2)
    • no updates found, only have tag gmp-6.1.0
  • gperf (book 3.1)
    • no updates, already at v3.1
  • grep (book 3.4)
    • updates found, updated from v3.3 to v3.4
  • groff (book 1.22.4)
    • updates found, already at version 1.22.4
  • grub (book 2.04)
    • updates found, already at version 2.04
  • gzip (book 1.10)
    • updates found, already at v1.10
  • iana-etc (book 2.30)
    • No updates, no src repo, local 2.30 extracted tarball, already at 2.30 on head.
  • inetutils (book 1.9.4)
    •  updates found, already at inetutils-1_9_4
  • intltool (book 0.51.0)
    • No updates found, bazaar appears to be at 0.51.0 already.
  • iproute2 (book 5.4.0)
    • Updates found, updated from v5.1.0 to v5.4.0
  • kbd (book 2.2.0)
    • Updates found, updated from 2.0.4 to v2.2.0
  • kmod (book 26)
    • Updates found, already at v26
  • less (book 551)
    • Updates found, updated from v530 to v551
  • libcap (book 2.30)
    • Updates found, updated from libcap-2.27 to libcap-2.30
  • libffi (book 3.3)
    •  updates found, updated from v3.2.1 to v3.3
  • libpipeline (book 1.5.2)
    •  updates found, updated from 1.5.1 to 1.5.2
  • libtool (book 2.4.6)
    •  No updates, already at v2.4.6
  • linux (book 5.4.8)
    •  Updates found, updated from v5.1.3 to v5.4.10 (latest 5.4)
  • m4 (book 1.4.18)
    • No updates, already at 1.4.18
  • make (book 4.2.1) 
    • Updates found, already at 4.2.1
  • man-db (book 2.9.0)
    • Updates found, updated from 2.8.5 to 2.9.0
  • man-pages (book 5.04)
    •  Updates found, updated from man-pages-5.01 to man-pages-5.04
  • meson (book 0.53.0)
    •  Updates found, updated from 0.50.1 to 0.53.0
  • mpc (book 1.1.0)
    •  Updates found, already at 1.1.0
  • mpfr (book 4.0.2)
    • No remote git repo, already at 4.0.2, ignoring updates for now.
  • ninja (book 1.9.0)
    • Updates found, already at v1.9.0
  • ncurses (book 6.1)
    • Updates found, already at v6.1
  • openssl (book 1.1.1d)
    • Updates found, already at OpenSSL_1_1_1d
  • patch (book 2.7.6)
    • No updates, already at v2.7.6
  • perl (book 5.30.1)
    • Updates found, at v5.31.7
  • pkg-confg (book 0.29.2)
    • No updates, already at pkg-config-0.29.2
  • procps (book 3.3.15)
    •  No updates, at v3.3.16
  • psmisc (book 23.2)
    • No updates, already at v23.3
  • python (book 3.8.1)
    • Updates found, already at v3.8.1
  • python doc (book 3.8.1)
    • Will build from source above, at v3.8.1
  • readline (book 8.0)
    • No updates, already at readline-8.0
  • sed (book 4.7)
    • Updates found, already at v4.7
  • shadow (book 4.8)
    • Updates found, already at 4.8
  • systemd (book 244)
    •  Updates found, already at v244
  • systemd man pages (book 244)
    • Will build from source above, at v244
  • tar (book 1.32)
    • No updates, already at release_1_32
  • tcl (book 8.6.10)
    • Updates found, updated from core-8-6-9 to core-8-6-10
  • texinfo (book 6.7)
    • No updates, already at texinfo-6.7
  • time zone data (book 2019c)
    •  Updates found, already at 2019c
  • util-linux (book 2.34)
    •  No updates, already at v2.34
  • vim (book 8.2.0024)
    •  Updates found, updated from v8.2.0109 to v8.2.0111
  • XML::Parser (book 2.46)
    •  No updates, already at 2.46
  • xz utils (book 5.2.4)
    •  No updates, already at v5.2.4
  • zlib (book 1.2.11)
    •  No updates, already at v1.2.11

LFS Errata Updates

Security Errata

  1. OpenSSL: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547 (Medium to Low). Upgrade to OpenSSL-1.1.1d using the instructions in OpenSSL-1.1.1d.

    Already have downloaded version 1.1.1d, when Chapter 6 is reached, correct version will be installed.

    NO ADDITIONAL INSTRUCTIONS OR PATCHES NEEDED.
  2. e2fsprogs: CVE-2019-5094 (buffer overruns in e2fsck). Update to e2fsprogs-1.45.4 or later using the instructions in e2fsprogs-1.45.4.

    Already have downloaded version 1.45.5, when Chapter 6 is reached, correct version will be isntalled.

    NO ADDITIONAL INSTRUCTIONS OR PATCHES NEEDED.
  3. systemd: CVE-2019-6454 (access control bypass). Apply systemd-241-security_patch-1.patch to systemd and rebuild.

    Manually examined the patch file, the lines that need to be removed for "sd_bus_set_trusted(bus,true);", right before the "sd_bus_negotiate_creds" no longer exists in systemd-v244.

    Looking through the log files for changes to src/shared/bus-util.c provides the following commit log, already applied in my systemd-v244 version:

    commit 35e528018f315798d3bffcb592b32a0d8f5162bd
    Author: Zbigniew J<C4><99>drzejewski-Szmek <zbyszek@in.waw.pl>
    Date:   Tue Aug 27 19:00:34 2019 +0200

        shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description()
       
        https://bugzilla.redhat.com/show_bug.cgi?id=1746057
       
        This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
        is also used in timesyncd, but it has no methods, only read-only properties, and
        in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
        polkit checks.    The version of systemd that will be installed, has this security patch already applied.

    NO ADDITIONAL INSTRUCTIONS OR PATCHES NEEDED.

Misc Errata

  1. There are no current errata items for LFS 9.0-systemd.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)