This is version SVN-20070501 of the Hardened Linux From Scratch book, dated May 1st, 2007. This book is still in an alpha state. Please help to make this book better by testing it and sending feedback to hlfs-dev@linuxfromscratch.org.
Below is a list of changes since the creation of this book for both Glibc and uClibc based books.
Changelog Entries:
May 1st, 2007
[manuel]: Retagged packages.xml and patches.xml. Added *-size, *-url, and *-home entities to packages.ent. Updated the XSL code to do automatized sizes calculations.
April 30th, 2007
[manuel]: Retagged changelog.xml. Added whatsnew.xml. Syncing chapter01 text with LFS-svn.
April 25th, 2007
[Robert]: Added Glibc arc4_prng, ssp_hp-timing, and issetugid() patches.
April 20th, 2007
[Robert]: Optionally, do not install the unneeded SUID pt_chown program from Glibc.
April 18th, 2007
[Robert]: Install the libiberty header in chap6.
April 17th, 2007
[Robert]: Bump to man-pages-2.44.
[Robert]: Remove nogroup, it's not used. Use uid/gid 99 for user nobody.
[Robert]: Bump to gzip-1.3.12.
[Robert]: Add the Glibc branch update patch to chap5.
April 7th, 2007
[Robert]: Removed --disable-libmudflap and --disable-libssp from Embryo. These were added only to save a couple minutes of compile time. GCC still configures itself to use the non-existant libssp regardless. uClibc is going to need libssp until is stops doing segfaults with -fstack-protector-all. Furthermore, LFS does not disable the building of these libraries in GCC-pass1, and it has been working fine.
April 4rth, 2007
[Robert]: Added gcc-uClibc_conf and gcc-uClibc_locale patches. I don't think the gcc-uClibc_libstdc patch is needed because all it does is add -fPIC, and we do that ourselves. Various other modifications to update the uClibc build a bit.
[Robert]: Use uClibc-snapshot for gcc-4.1 support.
[Robert]: Bump to m4-1.4.9.
[Robert]: Bump to uclibc-0.9.28.3.
March 30th, 2007
[Robert]: Added URL's for the Binutils mkstemp and lazy patches.
[Robert]: Added GCC DWARF3 backport patch, so one of Glibc's tests will pass.
[Robert]: Explain --without-debug in Ncurses chap5.
[Robert]: Explain --disable-nls in Embryo.
March 28th, 2007
[Robert]: Fix vimrc to set syntax only if /usr/share/vim exists. Thanks to Adam Kajer.
[Robert]: Removed BLFS bootscripts.
[Robert]: Added BC to chap5 for OpenSSL test suite.
[Robert]: Install tools-su.
March 27th, 2007
[Robert]: Update sysklogd.xml from LFS-svn.
[Robert]: Make ABRT the default behavior for mudflap.
[Robert]: Removed all of BHLFS, we can use the BLFS wiki links instead.
[Robert]: Added udev.xml to chapter 7 from LFS-svn, and updated kernel page from LFS-svn.
March 27th, 2007 [Robert]: Bump to udev-106.
March 26th, 2007
[Robert]: Update Sysklogd fixes patch.
[Robert]: Removed util-linux PIC patch. The lseek patch, from upstream, does the same thing.
[Robert]: Update Shadow's useradd patch.
[Robert]: Bump to psmisc-22.3, and update psmisc.xml from LFS-svn.
[Robert]: Bump to procps-3.2.7.
Robert]: Update module-init-tools.xml from LFS-svn, and added modprobe patch.
[Robert]: Bump to man-1.6c.
[Robert]: Update grub.xml from LFS-svn and added geometry patch.
[Robert]: Bump to bzip2-1.0.4.
[Robert]: Update libtool.xml from LFS-svn.
[Robert]: Bump to file-4.20 and update file.xml from LFS-svn.
[Robert]: Bump to autoconf-2.61.
[Robert]: Bump to iproute2-2.6.20-070313.
[Robert]: Bump to inetutils-1.5.
[Robert]: Bump to vim-7.0-fixes-15.patch. Move vim to /bin.
[Robert]: Bump to readline-5.2.
March 25th, 2007
[Robert]: Added more options to Ncurses chap6.
[Robert]: Bump to coreutils-6.7.
[Robert]: Use 'nobody' for Coreutils test suite.
[Robert]: Bump to openssl-0.9.8e.
[Robert]: Fix chap6 embryo to symlink the binutils dirs. Removed the assertions (for now).
[Robert]: Bump to glibc-2.5-branch_update-2 patch.
[Robert]: Added a bunch of groups, from LFS-svn.
[Robert]: Removed the devices.xml page, this is done in kernfs.xml.
[Robert]: Added nobody group.
[Robert]: Added nobody user.
[Robert]: Update kernfs.xml and chroot.xml from LFS-svn, create /dev/console and /dev/null before mounting /dev as tmpfs.
[Robert]: Bump to gzip-1.3.11.
[Robert]: Bump to findutils-4.2.30.
[Robert]: Bump to Bash-fixes-4 patch.
March 24rth, 2007
[Robert]: Fix chap5 cocoon to symlink the binutils dirs. Removed the assertions (for now).
[Robert]: Bump to linux-2.6.20.4.
March 23rd, 2007
[Robert]: Fix chap5 embryo to symlink the binutils dirs.
[Robert]: Bump to GCC-4.1.2.
March 8th, 2007
[Robert]: Added 'gcc_cv_libc_provides_ssp=yes' to the make command in cocoon.
February 10th, 2007
[Robert]: Added -DSSL_FORBID_ENULL to OpenSSL to disable NULL ciphers, and notes about additional -D defines.
February 9th, 2007
[Robert]: Added description for the Ncurses test suite.
February 7th, 2007
[Robert]: Added a config.site in /tools for uClibc builds.
[Robert]: Fix Expect to compile with uClibc (HAVE_STROPTS_H).
[Robert]: Bump to Bash-3.2.
[Robert]: Removed chapter05/libintl.xml. libintl is provided by uClibc now.
[Robert]: Removed lib stack_end uclibc patch.
February 6th, 2007
[Robert]: Bump to uClibc-0.9.28.1.
January 3rd, 2007
[Robert]: Removed supress_uptime_kill_su Coreutils patch. Install Coreutils to DESTDIR to manipulate files before installing. Make uptime, kill, and su optional in Coreutils, Procfs, and Shadow. Update Procps.xml from LFS-svn. Remove Utils-Linux patch for nologin, because it is supplied by Shadow. Added 386 assembly language versions of true, and false to Coreutils.xml, and nologin to Shadow.xml.
December 30th, 2006
[Robert]: Removed Sed fixes patch, it breaks 'sed'.
[Robert]: Update e2fsprogs.xml from LFS-svn.
[Robert]: Bump to e2fsprogs-1.39.
December 28th, 2006
[Robert]: Bump to m4-1.4.8.
[Robert]: Bump to Gzip 1.3.9.
[Robert]: Bump to Gettext-0.16.1.
[Robert]: Bump to Findutils-4.2.29.
[Robert]: Bump to Tar-1.16.1.
[Robert]: Bump to Ncurses-5.6.
[Robert]: Added Sed command for '/bin/stty' in expect.xml (from LFS-svn).
December 5th, 2006
[Robert]: Added a note about the append-only Coreutils test.
December 4rth, 2006
[Robert]: Moved OpenSSL to chapter 6, and moved Zlib ahead of it (after GCC), and upgraded to 0.9.8c. Removed OpenSSH page.
[Robert]: Move Sed and E2fsprogs ahead of Coreutils to deal with new Coreutils test suite dependencies (from LFS-svn).
[Robert]: Added branch update patch for Binutils-2.17.
December 3rd, 2006
[Robert]: Added branch update patch for Glibc-2.5.
[Robert]: Bump to man-pages-2.43.
December 2nd, 2006
[Robert]: Use 'EXEEXT=-new install-exec-local' to 'make install' ld-new, instead of using 'install ld/ld-new'. This is safer because if --enable-shared is used the 'ld/ld-new' is a script, not a program, and 'ld/.libs/ld-new' is infact the program. Using 'make install' will make sure we are always installing the correct 'ld-new' regardless of configure arguments.
November 27th, 2006
[Robert]: Removed the gcc specs patch, and use sed command instead, to resolve a bug in Binutils test suite.
November 26th, 2006
[Robert]: Moved mtab to pwdgroup.xml.
[Robert]: Create /etc/mtab in createfiles.xml.
[Robert]: Updated chap6 createfiles.xml.
[Robert]: Updated chap6 creatingdirs.xml from LFS-svn.
[Robert]: Update chap5 stripping page from LFS-svn.
[Robert]: Bump to man-pages-2.42.
November 23rd, 2006
[Robert]: Updated both Grep pages (xml).
[Robert]: Added mkstemp(3) patch for Patch.
November 20th, 2006
[Robert]: Bump to man-pages-2.41.
[Robert]: Bump to gettext-0.16.
[Robert]: Bump to tar-1.16.
[Robert]: Bump to tcl8.4.14.
October 16th, 2006
[Robert]: Added Sed fixes-1 patch.
October 14th, 2006
[Robert]: Use assert() to deal with fortify_source warnings in Less chapter 6. Add -Werror to Less too.
[Robert]: Added Less signal_fix patch.
[Robert]: Use assert() to deal with fortify_source warnings in M4 chapter 6.
[Robert]: Bump to Binutils hardened_tmp-3.
[Robert]: Use assert() to deal with fortify_source warnings in Cocoon and Butterfly.
October 13th, 2006
[Robert]: Added fortify_warnings and configure_warnings patches to Vim.
October 12th, 2006
[Robert]: Add sed command to fix overflow in Vim.
[Robert]: Bump to vim hardened_tmp-2 patch.
October 11th, 2006
[Robert]: Bump to vim fixes-13 patch.
[Robert]: Bump to iana-etc-2.10.
[Robert]: Added Glibc blowfish patch.
[Robert]: Bump to grsecurity-2.1.9-2.6.18-200610021833.
[Robert]: Bump to glibc-2.5.
October 10th, 2006
[Robert]: Bump to linux-2.6.18. Added linux unifdef patch. Added util-linux lseek patch.
[Robert]: Add nogroup to /etc/groups.
[Robert]: Bump to man-pages-2.39.
[Robert]: Update util-linux pages from LFS-svn.
[Robert]: Bump to texinfo-4.8a.
[Robert]: Removed perl regex_ssp patch, it doesn't seem to be needed anymore.
October 9th, 2006
[Robert]: Added binutils hardened_tmp patch.
[Robert]: Bump to m4-1.4.7.
[Robert]: Bump to diffutils-2.8.7. Add diffutils hardened_tmp patch. Updated both diffutils pages from LFS-svn.
October 8th, 2006
[Robert]: Bump to coreutils-6.3.
October 7th, 2006
[Robert]: Removed the ^ from the adjusting sed, so it works with gcc34.
[Robert]: Build static with -fPIC too.
September 20th, 2006
[Robert]: Removed net/ from linux-headers, they dont' exist anymore.
[Robert]: Disable fortify_source for Sysklogd until a real solution is found.
September 10th, 2006
[Robert]: Updated both Gzip pages from LFS-svn. Added the Gzip scriptsdir patch.
[Robert]: Bump to vim-7.0-fixes-11.patch.
September 9th, 2006
[Robert]: Bump to grsecurity-2.1.9-2.6.17.11-200609031316.
September 7th, 2006
[Robert]: Bump to m4-1.4.6.
August 30th, 2006
[Robert]: Bump to linux-headers-2.6.17.11-08232006.
August 28th, 2006
[Robert]: Bump to autoconf-2.60. Updated Autoconf and Automake pages from LFS-svn.
[Robert]: Updated Texinfo pages from LFS-svn.
August 27th, 2006
[Robert]: Update Perl pages from LFS-svn.
[Robert]: Bump to Iproute2-2.6.16-060323. Updated iproute2 page from LFS-svn.
[Robert]: Add MUDFLAP_OPTIONS to Glibc's list of environment variables removed for suid programs.
[Robert]: Updated Inetutils pages from LFS-svn. Link ping to libmuflap. Removed the No-Server-Man-Pages patch, replaced with sed commands. Removed the inetutils-gcc4_fixes patc, replaced with sed commands. Remove group write permission from /bin/ping.
[Robert]: Updated Gettext pages from LFS-svn.
[Robert]: Updated Flex pages from LFS-svn. Rebuild libfl.a as libfl.so.
[Robert]: Updated Groff page from LFS-svn.
[Robert]: Updated Less page from LFS-svn, added the --with-secure configure switch.
[Robert]: Updated Bison pages from LFS-svn. Rebuild liby.a as liby.so.
[Robert]: Updated Vim page from LFS-svn, add Vim fixes and spellfile patches. Bump to Vim-7.0. Added Vim hardened_tmp patch
[Robert]: Update Readline page from LFS-svn, and added Readline fixes patch.
[Robert]: Updated Zlib and Coreutils pages from LFS-svn. Added warnings to Zlib. Added warnings to Mktemp. Added fixes to fortify_source warnings to Findutils. Updated Ncurses pages from LFS-svn, added ncurses fixes patch, added --enable-assertions to Ncurses.
August 26th, 2006
[Robert]: Add sed commands to fix fortify_source warnings in Butterfly.
[Robert]: Add sed commands to fix fortify_source warnings in Cocoon.
August 24rth, 2006
[Robert]: Bump to linux-2.6.17.11 and Grsecurity patch to match.
August 21st, 2006
[Robert]: Updated M4 pages from LFS-svn. Added commands to compile M4 with warnings.
[Robert]: Updated Make pages from LFS-svn. Added commands to compile Make with warnings.
[Robert]: Move libmudflap*so* to /lib if you plan to link suid programs to mudflap.
[Robert]: Updated Shadow page from LFS-svn. Added commands to compile Shadow with mudflap.
[Robert]: Updated both Sed pages from LFS-svn. Added warnings, and warning fixes, to Sed chapter 6. Add colors for warning commands.
August 20th, 2006
[Robert]: Bump to findutils-4.2.28, and update both findutils pages from LFS-svn. Added a compiler warnings page to chapter2, and added sed command to compile Findutils with extra warnings.
[Robert]: Updated both Bzip2 pages, from LFS-svn, including an mktemp modification to bzdiff.
[Robert]: Added glibc-hardened_tmp patch to chapter 6.
[Robert]: Added gzip-hardened_tmp patch to chapter 6.
[Robert]: Install Mktemp in chapter 5. This removes the mktemp hack for gccbug in Butterfly, and allows future patches (for Glibc, and others) to use mktemp.
[Robert]: Move the installation of Tar to before Bzip2, in chapter 5, to cope with old/buggy tar versions on the host system and uClibc.
[Robert]: Bump to gettext-0.15.
[Robert]: Removed the link_end uClibc patch. Moved Libintl to its own page, after adjusting the toolchain. Bump to uClibc-snapshot for gcc41 SSP support. uClibc is still broken.
[Robert]: Removed uClibc patches from Embryo toolchain. Configure GCC with uclibc locales.
August 16th, 2006
[Robert]: Install mktemp(1) to /bin, some patches will need this.
[Robert]: Bump to linux-2.6.17.8 and grsecurity-2.1.9-2.6.17.8-200608121035.
August 15th, 2006
[Robert]: Added strlcpy_strlcat Glibc patch.
August 14th, 2006
[Robert]: Added -nopie to a few of Glibc's tests.
August 13th, 2006
[Robert]: Started to color code optional commands and their descriptions, such as blue for ASLR, red for SSP, etc. Later there will be a formal decription of what each color represents.
[Robert]: Added -z combreloc and -z lazy to gcc specs. Reorder gcc startfile spec to more closely resemble vanilla. Added descriptions/help to disable various options. Compile Glibc with 'CC=gcc -nonow' to help out the testsuite.
August 12th, 2006
[Robert]: Added binutils-2.17-lazy-1.patch, from binutils-cvs to add '-z lazy'.
[Robert]: Bump to shadow-4.0.18.1 and add the useradd_fix patch.
[Robert]: Add D_LIBC_REENTRANT to conditions against -D_FORTIFY_SOURCE=2 in gcc specs. Removed -no-fortify flag, use -D_FORTIFY_SOURCE=0 instead.
[Robert]: Added a program to test _FORTIFY_SOURCE and SSP against a strcpy() overflow, when butterfly is installed.
[Robert]: Add -O optimization to gcc specs so _FORTIFY_SOURCE always work. Add test to check for optimization too.
[Robert]: Remove cc1_cpu and profile from cc1plus hardening gcc spec, removed invalid flags, and add -fno-PIE.
August 11th, 2006
[Robert]: Added a few sed commands to Glibc chapter 6, to disable ssp on a few files and to add stack_check_fail.c to ld.so.
August 2nd, 2006
[Robert]: Bump to m4-1.4.5.
[Robert]: Bump to bison-2.3.
[Robert]: Added the Bash fixes patch to chapter 5 bash page. Added Gawk segfault patch to chapter 5 (Glibc-2.4 exposes this bug).
[Robert]: Removed --enable-stackguard-randomization from chapter 5 Glibc, there's no reason to use this in /tools and it wastes kernel entropy. Making chapter 5's Glibc use static canary numbers will also help verify SSP tests in chapter 6 (coming soon) are being run on chapter 6's Glibc.
[Robert]: Bump to shadow-4.0.18.
August 1st, 2006
[Robert]: Added libstd* to chapter 6 symlinks to fix a couple Glibc tests, thanks to CLFS wiki.
July 27th, 2006
[Robert]: Bump to grsecurity-2.1.9-2.6.17.7-200607261817, and linux-2.6.17.7.
July 26th, 2006
[Robert]: Added Inetutils-gcc4_fixes-3.patch to replace the kernel_headers.patch. Added Kbd backspace and gcc4_fixes patches. Added Tar security_fixes and gcc4_fix patches.
[Robert]: Combined chapter 6's gcc and binutils pages into butterfly.xml.
[Robert]: Bump to linux-headers-2.6.17.6-07202006.
July 24rth, 2006
[Robert]: Added -fno-stack-protector to Libgcc so Glibc will compile. Libgcc.a is often hardcoded into other static libraries and will fail to resolve SSP symbols.
[Robert]: Touched up chapter01/how.xml, removing references to static linking pass 1 tools, and other updates. Also touched up chapter05/introduction.xml.
[Robert]: Bump to flex-2.5.33.
July 23rd, 2006
[Robert]: Removed all testsuites, and extra locale installations, from chapter 5. This is to reduce false bug reports.
[Robert]: Added -pie to TCL and Expect.
[Robert]: Added a test to toolchains to make sure GCC is defining FORTIFY_SOURCE, SSP, and PIC.
[Robert]: Move static libraries to /usr/lib/static instead of removing them. Use -fstack-protector-all explicitly on nscd in Glibc, instead of -fstack-protector. All of Glibc's utilities are now PIC (small modification with sed) and linked with -pie.
[Robert]: Bump to man-pages-2.36.
[Robert]: Added 'nice' to bash_profile and chroot command. This might be removed for book releases.
[Robert]: Added --enable-warnings to Ncurses. Bump to perl-libc-2.patch.
July 22nd, 2006
[Robert]: Pipe 'gcc -dumpspecs' to sed and then redirect it to the specs file location, rather than creating a temporary file. This is shorter, less complicated, and easier to read.
[Robert]: Removed installation of locales from chapter 5's Glibc and link to chapter 6's Glibc if users want to install them.
[Robert]: Start adding -i (interactive) to cp(1) commands before running sed(1) when modifying source files. This, along with copying files to *.orig{,2,3,4...}, is to make sure we don't overwrite the vanilla copies.
July 21st, 2006
[Robert]: Bump to Tcl-8.4.13. Removed Binutils posix patch, added sed commands to make Binutils and GCC build with Posix complaint commands.
[Robert]: Add sed command to add -fPIC to the Embryo GCC installation so that Glibc, Libiberty, etc, will build with PIC code. Added specs header file to the Cocoon GCC to make -fpie/fpic, -DFORTIFY_SOURCE=2, -fstack-protector-all, ld -pie -relro -now the default behavior.
July 20th, 2006
[Robert]: Bump to glibc-2.4. Suspend arc4random and pseudo_random patches. Remove glibc-fstack_protector, and glibc-ssp patch. Added glibc-iconv_fix, glibc-iconv_unnest, and glibc-localedef_segfaultpatches.
July 18th, 2006
[Robert]: Removed the -pie -fpie sed commands for each package, the bzip2-hardened_cflags patch, the flex-hardened_cflags patch, util-linux-hardened_cflags patch, and procps-hardened_cflags, they are no longer needed.
July 17th, 2006
[Robert]: Binutils/GCC now use the GCC Top Level Makefile system in a combined tree 3 stage bootstrap. Removed libc-header installation from chapter 5. We don't do any more cross compiling. Replace linux-libc-headers with linux-headers from the CLFS project. Bump to linux-2.6.17.4, and grsec-unstable to match. Binutils/GCC pass1/cross is renamed to Embryo-toolchain. Binutils/GCC pass2/native is renamed to Cocoon-toolchain.
[Robert]: Bump back up to binutils-2.17. Bump to gcc-4.1.1. Removed gcc-hardened_cflags, gcc-linkonce, gcc-no_fixincludes, and gcc-ssp patches, they are no longer needed.
[Robert]: Use 'int main(){return 0;}' for tests in adjusting and readjusting so no compiler warnings are generated.
July 5th, 2006
[Robert]: Go back down to binutils-2.16.1 due to issues with glibc-2.3.6.
July 2nd, 2006
[Robert]: Add sed command to coreutils chapter 6 to fix overflow in the 'who' command (Redhat bug #158405).
July 1st, 2006
[Robert]: Bump to expect-5.43.0-spawn-2 patch.
[Robert]: Bump to make-3.81, this fixes a issue with uClibc and malloc_compat.
[Robert]: Install ld-new to /tools so that binutils-build does not need to be saved.
[Robert]: Bump to Binutils-2.17, and bash-3.1-fixes-8.patch. Added Binutils posix patch. Started adding -v to provide verbose commands, such as to mkdir.
June, 2006
[Robert]: Change package order in chapter 5 to match LFS.
[Robert]: Bump to paxctl-0.4.
[Robert]: Bump to sed-4.1.5.
[Robert]: Bump to coreutils-5.97, and man-pages-2.33.
May, 2006
[manuel]: Added home MD5 sums and sizes to chapter04/packages.xml. Created patches.ent. Changed all patches names by entities.
[manuel]: Added home page links, MD5 sums, and sizes to chapter04/packages.xml. Updated stylesheets.
Feb, 2006
[archaic]: Removed old reference to perl's sprintf patch.
[Robert]: New uClibc config patch. Added bash fixes-3 patch. Bump to coreutils-5.94. Bump to perl 5.8.8.
Jan, 2006
[Robert]: Added MALLOC_GLIBC_COMPAT=y to uClibc config patch, to fix problems with gnu make and the 2.6.14 kernel.
[Robert]: Bump to groff-1.19.2. Bump to less-394. Bump to man-pages-2.21. Bump to psmisc-22.1. Bump to shadow-4.0.14. Bump to udev-081. Stop using svn version of blfs-bootscripts, using version 6.1. Fix the Module-init-tools page to run the testsuite first, to keep it from rewriting the Makefile. Bump to linux-2.6.14.6. Bump to grsecurity-2.1.8-2.6.14.6-200601211647.patch. Fix gccbug to use mktemp.
[Robert]: Put 'make check' on the same line in the xml (for nicer parsing). Made Perl's 'make test' optional. Fixed two typos on the pie page. Removed -fomit-frame-pointer from uClibc's default optimizations, and added more comments about it.
[Robert]: Fix modutils-init-utils --prefix to use / so man pages are installed to /usr/share via makefile script (see makefile). Install /usr/include/asm during linux-libc-headers install, before copying headers. Bump to man-pages 2.18. Bump to libtool-1.5.22. Bump to psmisc-21.9. Added --disable-ipv6 for uClibc to psmisc. Added patch for Perl sprintf vulnerability.
[Robert]: Fixed problems with openssl-0.9.8a-arc4random-1.patch, glibc-2.3.6-ssp-1.patch, and glibc-2.3.6-arc4random-1.patch reported on hlfs-dev list.
Dec, 2005
[archaic]: Removed obsolete readline patch and changed SHLIB_XLDFLAGS option to SHLIB_LIBS.
[archaic]: Updated to blfs-bootscripts-20051121.
[Robert]: Bump to findutils-4.2.27, man-pages-2.16, module-init-tools-3.2.2, bash-3.1, readline-5.1, less-394, tcl-8.4.12, texinfo-4.8-tempfile_fix-2.patch, gawk-3.1.5-segfault_fix-1.patch, and gcc-3.4.5. Install TCL's private headers to /tools/include.
[Robert]: Fixed typo in e2fsprogs configure command.
Nov, 2005
[Robert]: Bump to linux-2.6.14.3 and grsecurity-2.1.7-2.6.14.3-200511261227.
[Robert]: Bump to module-init-tools-3.2.1, man-pages-2.14, findutils-4.2.26. Fix the non-installation of the groups man page in Shadow-utils (already installed by Coreutils). We don't need the linuxthreads tarball for man pages anymore.
[Robert]: Bump to linux-2.6.14.2, linux-libc-headers-2.6.12.0, and grsecurity-2.1.7-2.6.14.2-200511150641.
[Robert]: In chapter5 Gettext, only install msgfmt because that's all we need. Install Perl's Data/Dumper in chapter5, needed for Coreutils tests.
[Robert]: Append HAVE_LANGINFO_CODESET and HAVE_LC_MESSAGES to config.h for Gawk because ./configure doesn't.
[Robert]: Bump to blfs-bootscripts-20051018.
[Robert]: Point Perl's configure to the new less location.
[Robert]: Bump to OpenSSL-0.9.8a.
[Robert]: Bump to glibc-2.3.6. Install the programs from Less to /usr/bin rather than /bin. Added --libexecdir=/usr/lib/findutils for findutils. Bump to coreutils-5.93.
[Robert]: Adjusted udev make commands to build and install udev_run_devd and udev_run_hotplugd. Modified udev rules to execute the new devd and hotplugd programs, and read /etc/dev.d and /etc/hotplug.d directories.
[Robert]: Bump to man-pages-2.13.
[Robert]: Adjust Vim's installation. Removed the gvimrc config file adjustment, and install docs to /usr/share/doc.
[Robert]: Bump to psmisc-21.8.
[Robert]: Relpaced the botched procps hardened_cflags patch.
[Robert]: Fix typos in procps, and shadow, pages. Thanks to Tobias Stoeckmann from hlfs-dev.
[Robert]: Bump to man-pages-2.11.
[Robert]: Bump to vim-6.4, procps-3.2.6, and udev-071.
[Robert]: fomit-frame-pointer works in uClibc now (it's filtered from ldso).
[Robert]: Fix the -pie sed command in kbd.
Oct, 2005
[Robert]: Bump to m4-1.4.4, man-pages-2.10, and ncurses-5.5.
[Robert]: Bump to glibc-2.3.5-arc4random-3.patch. The -2 patch didn't use LIBC_HAS_ARC4RANDOM in the mktemp code.
[Robert]: Bump to file-4.16.
[Robert]: New arc4random patches for uclibc, glibc, and openssl, changing HAVE_ARC4RANDOM to LIBC_HAS_ARC4RANDOM.
[Robert]: Bump to openssl-0.9.7h and openssh-4.2p1. Added commands to install openssh docs, from BLFS.
[Robert]: Bump to blfs-bootscripts-20051001.
[Robert]: Bump to paxctl-0.3.
[Robert]: Added --without-selinux to shadow, it seems to be needed now.
[Robert]: Bump to shadow-4.0.13.
[Robert]: Reverted the arpd sed command, it is needed.
[Robert]: Bump to iproute2-051007. Removed the arpd sed command for iproute2.
[Robert]: Removed unneded udevdir=/dev from udev.
[Robert]: Bump to man-1.6b.
[Robert]: Bump to bison-2.1.
[Robert]: Added tempfile_fix patch for Texinfo.
[Robert]: Bump to man-pages-2.09.
[Robert]: Fixed uClibc-0.9.28-arc4random patch version, from -2 to -1.
[Robert]: Bump Vim security patch to version 2.
[Robert]: Bump to util-linux-2.12r.
[Robert]: Bump to gawk-3.1.5.
[Robert]: Bump to uClibc-0.9.28.
[Robert]: Added upstream patch for Sed, so it can compile with uClibc-0.9.28.
[Robert]: Added SSP regex patch to Perl to correct a bug; removed the -fno-stack-protector added to general cflags for Perl.
Sept, 2005
[Robert]: Added uClibc patch for shadow-4.0.12.
[Robert]: Bump to man-1.6a.
[Robert]: Bump to file-4.15.
[Robert]: Removed old 'export sjlj' from chapter03/settingenvironment.
[Robert]: Added install_docs and bzgrep_security patches for bzip2.
[Robert]: Bump to findutils-4.2.25, Iana-Etc-2.00, Libtool-1.5.20, Shadow-4.0.12, Udev-070.
[Robert]: Revised the main page a bit.
July, 2005
[Robert]: Up to shadow-4.0.11.1.
[Robert]: Removed Zlib security patch, no longer needed.
[Robert]: Up to mktemp-add_tempfile-3 patch (new license).
[Robert]: Bump to automake-1.9.6, udev-064, man-pages-2.07, and zlib-1.2.3.
[Robert]: Bump to blfs-bootscripts-20050709.
[Robert]: Bump to udev-062, iana-etc-1.10, tcl-8.4.11, e2fsprogs-1.38, man-1.6, file 4.14, and man-pages 2.05. Removed file-hardened_cflags patch. Added zlib security patch.
[Robert]: We don't need with-included-regex in Grep chapter6 anymore.
[Robert]: Bump to OpenSSH-4.1p1.
[Robert]: Bump to openssl-0.9.7g.
[Robert]: Change 'mkdir -p' to 'install -d' in chapter6 util-linux.
[Robert]: Bump to shadow-4.0.10.
[Robert]: Change ramfs to tmpfs when mounting /dev. Added compress link to gzip. Use newest mktemp tempfile patch.
[Robert]: Add -fno-stack-protector to Perl to fix a bug in version 5.8.7. Use 500 permissions for /var/empty.
June, 2005
[Robert]: Added with-tclinclude to Expect. Removed with-included-regex from grep. Bump to findutils-4.2.23. Bump flex patch from -2 to -3.
[Robert]: Removed perl uClibc patch, no longer needed.
[Robert]: Bump to findutils-4.2.22(alpha), which fixes a vulnerability with the -L option.
[Robert]: Added command to module-init-tools so it does not rewrite a man page.
[Robert]: Bump to binutils-2.16.1, gettext-0.14.5, perl-5.8.7, tcl-8.4.10, man-pages-2.03, linux-2.6.11.12, and grsecurity.
May, 2005
[Robert]: Bump to linux-2.6.11.11.
[Robert]: Bump to shadow-4.0.9. Both shadow patches, for lastlog and uClibc, are no longer needed.
[Robert]: Bump to gcc-3.4.4.
[Robert]: Fix syslog-ng to sysklogd in chapter 7 bootscripts page.
[Robert]: Upgrade to libtool-1.5.18, and udev-058.
[Robert]: Upgrade blfs-bootscripts.
[Robert]: Upgrade to linux-2.6.11.10 and grsec patch.
[Robert]: Bump to grub-0.97, libtool-1.5.16, and lfs-bootscripts-3.2.1. Added gzip security patch.
[Robert]: Bump to binutils 2.16.
[Robert]: Upgrade to kernel 2.6.11.8.
[Robert]: Suggest emulate trampolines instead of paxctl for localedef.
[Robert]: Remove --enable-sjlj-exceptions stuff, this is only needed with gcc-3.3.x.
April, 2005
[Robert]: Added scanf patch for psmisc uClibc.
[Robert]: Added fix_test patch for Glibc.
[archaic]: Renamed glibc's ssp_arc4random patch to glibc-2.3.5-ssp-1.patch to avoid naming confusion.
[Robert]: New blfs-bootscripts patch.
[Robert]: New arc4random patch for glibc. Upgrade udev version to 057.
[Robert]: Remove more static libraries introduced by glibc-2.3.5.
[manuel]: Updated the stylesheets to use DocBook-XSL 1.68.1.
[Robert]: Added some sysctl commands to the kernfs page in chapter 6, needed on hosts already running grsecurity. Upgraded to gettext-0.14.4.
[Robert]: Add more grsec config help to chapter 7 kernel page.
[Robert]: Upgrade to kernel-2.6.11.7 and grsecurity patch. Upgrade to glibc-2.3.5.
[Robert]: Added openssh page.
[Robert]: Add --enable-noexecstack to GnuPG.
[Robert]: Changes from LFS-unstable; replace iproute2 patch with sed, add sed to e2fsprogs to fix testsuite.
[Robert]: Fix openssl, from blfs. Add new patch for openssl manpages.
[Robert]: Add bootscript logging to sysklogd.conf.
[Robert]: Up to lfs-bootscripts-3.2.0, removed hlfs patch for it.
[Robert]: Disable the building/installing of rsh, rcp, and rlogin in Inetutils, and remove them from the suid page.
[Robert]: Up to m4-1.4.3.
[Robert]: Up to linux-libc-headers-2.6.11.2, linux-2.6.11.6, and new grsecurity patch.
March, 2005
[Robert]: Added gnupg, thanks to pinotj.
[Robert]: Upgrade to openssl-0.9.7f.
[Robert]: Upgrade grsecurity patch.
[Robert]: Upgrade to e2fsprogs 1.37.
[Robert]: Add tar-sparse_fix patch, and shadow-fix_lastlog patch.
[Robert]: Upgrade to linux-2.6.11.5 and udev-056.
[Robert]: Add new rpmatch patch for psmisc.
[Robert]: Replace libol and syslog-ng with sysklogd.
[Robert]: Upgrade to findutils-4.2.20.
[Robert]: Upgrade to psmisc-21.6. Added patch for uClibc.
[Archaic]: Updated blfs-bootscripts to 20050313.
[Robert]: Upgrade to linux-2.6.11.4.
[Robert]: Added configs to udev page.
[Robert]: Removed many unneeded groups.
[manuel]: Added OpenNTPD.
[Robert]: Added tidbit to grep's configure options in chapter 6.
[Robert]: Bump to iproute2 2.6.11-050314.
[Robert]: Add more info on the bookinfo page.
[Robert]: Bump to gettext-0.14.3.
[Robert]: Bump to iproute2-2.6.11-050310.
[manuel]: Added a note in chapter06/gcc.xml to repeat the sanity checks made in chapter05/gcc.xml. Added the Appendices. Added OpenSSL and Rdate.
[Robert]: Bump to linux-libc-headers 2.6.11.0.
[Robert]: Fix bug in ncurses fpie sec command.
[Robert]: Adjusted a bunch of urls in packages.xml. Bump to kernel 2.6.11.2 and matching grsec patch. Added bind-now to chapter 5 glibc.
[Robert]: Bump to udev-054.
[manuel]: Added a placeholder partintro in Part IV - Beyond HLFS. Added xorg.xml.
[manuel]: Updated the bzip2 download link. Added a template to add BHLFS packages. Created the BHLFS dirs structure. Added libpng.xml.
[Robert]: Bump to blfs-bootscripts-20050302.
[Robert]: Add PIC patch for util-linux in chapter 6, fixing problems with llseek in fdisk.
[Robert]: Removed the unistd patch from chapter 5 libc-linux-headers because it's not needed until chapter 6.
[Robert]: Add coreutils uname-3 patch
[Robert]: Move /usr/bin/logger to /bin.
[Robert]: Bump to Binutils 2.14.94.0.2.2
[Robert]: Bump to bzip2-1.0.3.
February, 2005
[Robert]: Use --without-csharp instead of --disable-csharp for Gettext, from LFS-unstable.
[Robert]: Bump to Iana-etc 1.04.
[Robert]: Fix Binutils testsuite. Removed hardened_cflags patch for now.
[manuel]: Finished the migration of chapter07.
[Robert]: Upgrade to findutils-4.2.18
[Robert]: Upgrade to gettext-0.14.2
[archaic]: Added new download URI for util-linux in XML.
[Robert]: Fixed the installation of Gettext with uClibc.
[manuel]: Added some chapter07 pages.
[Robert]: NLS works for uClibc 0.9.27 (but not Man). A PIC patch for linux-libc-headers unistd.h closes bugs with non-pic syscalls, this affected util-linux, vsftpd, and other packages.
[manuel]: Started the migration of chapter07.
[manuel]: Finished the migration of chapter06.
[Robert]: Added a note for alsa-lib and uClibc's config. Gettext in needed in both Glibc and uClibc based books to can build Alsa-Utils and other apps, regarding the use or not of --disable-nls. Fixed uClibc build commands.
[manuel]: Some changes in the top-level index.html intro. Added chapter06 files up to sysvinit.xml
[Robert]: Added chapter 10 for general applications. Added chapter 11 for Xorg/XFree86 and Xorg related packages. Changed the commands to create /etc/ld.so.conf.
[manuel]: Added chapter06 files up to grub.xml. Added README.txt in prologue/bookinfo.xml as abstract to be rendered as introductory text in the top-level index.html.
[Robert]: Added link test back to chap5 adjusting. Added /var/empty to createdirs. Add speed optimizations for uClibc in chapter 6.
[manuel]: Updated to uClibc and Glibc arc4random-2 patch. Added a note about to encrypt the swap space in chapter06/util-linux.xml. Added a missing para to chapter06/glibc.xml. Added chapter06 files up to iana-etc.xml.
[Robert]: Added uClibc dyn_ldconfig-1 patch.
[archaic]: Brought the XML Changelog up to date. Corrected several typos. Updated the milestone.
[manuel]: Finished the migration of chapter05.
[Robert]: Upgrade to findutils-4.2.17, sed-4.1.4, grub-0.96, e2fsprogs-1.36, expect-5.43.0, libtool-1.5.14, automake-1.9.5, file-4.13, syslog-ng-1.6.6, libol-0.3.15, and procps-3.2.5.
[manuel]: Added package files up to Gzip2.
[manuel]: Added build envars to settingenviroment.xml. Added the remaining files in chapter05 up to GCC native.
[Robert]: added arc4random() to uClibc, Glibc, mktemp(3) and SSP. Added pseudo_random patch to the kernel to replace frandom.
[Manuel]: Added separate render for uClibc or glibc based systems.
[manuel]: Misc fixes to the already migrated XML files.
[archaic]: Miscellaneous fixes. Still getting the framework in order.
[archaic]: Rough framework of the first 6 chapters.
[Robert]: Added several hardened_cflags patches. Added a note about the blowfish-passwords hint for shadow-utils. New grsecurity patch. Added -as3 kernel tree patch. Added TODO page.
[Robert]: Added fpie patches for Binutils and GCC.
January, 2005
[Robert]: Upgrade to shadow-4.0.7.
[Robert]: Upgrade to util-linux-2.12q.
[Robert]: Added paxctl to chapter 6; grub and localedef need this to be able to run under the PaX kernel. Upgrade to glibc-2.3.4 release.
[Robert]: Took most of the static libs out of chapter 6. Added /sbin/nologin patch to util-linux. Moved util-linux before libol in chapter 6, so syslog-ng can use /sbin/nologin for a shell. Added patches for coreutils and module-init-utils so they can build without static libs.
[Robert]: Added --with-gnu-ld to e2fsprogs to deal with broken configure script, this is only a cosmetic issue. Added an suers group.
[Robert]: Added rdate. Using ldflags=-pie works better than cflags in chap6 gcc. Added with-random=erandom to mktemp's configure.
[Robert]: Modified gcc specs so 'ld -z now,relro,combreloc' are passed on libaries too. Added tests for relro and now.
[Robert]: Downgrade iproute2 to 2.6.9-ss040831, the newer version does not compile on uClibc. Added OpenSSL. Added OpenNTPD. Added sed to stop the ridiculous number of warnings in iproute2.
January 16th, 2005 Released 0.2.
December, 2004
[archaic]: Updated stylesheets for newest known-good docbook-xsl. Added prologue and chapter1 xml structure.
[archaic]: Updated the changelog and general.ent to match the recent updates.
[robert]: Up to Binutils 2.15.94.0.1, added tls/strip patch. Adjusted chapter 8 kernel.txt to use more unified names for system.map, config file, and kernel file (better for dual booting). Upgrade to udev-047. Upgrade to findutils 4.2.10. Upgrade lfs-bootscripts to 3.0-rc1 (beta).
[archaic]: Added xml changelog.
[robert]: Upgrade to Perl 5.8.6. Add --libdir to Readline and Zlib. Fix symlink for libz.so in zlib.txt. Adjusted commands in hotplug.txt to modify Makefile instead of using rm(1) after 'make install'. Modified --libdir in Shadow to use /lib.
[robert]: Created chapter02 and added pie and ssp pages, added place marker for Gettext to chapter 5 (not yet to chapter 6), fixed the stripping commands in chapter 5.
[robert]: Added build and install for ldd, ldconfig, and iconv in chapter 6's uclibc.txt, added variations to build certain packages statically, starting to put 'make check' back into various packages.
[robert]: Adjust pwdgroup.txt in chapter 6 to use /bin/sh for root's shell, removed --disable-nls from a few places it didn't belong, added /tools/cross to strip command in chapter 5, substitute "i386" with "$(uname -m)" for the toolchain.
[archaic]: Updated DocBook installation changes. Created general.ent. Updated some package/patch versions in the text.
[archaic]: Imported the beginning foundations for XML. Removed the goTidy script (obsoleted by the makefile).
November 28th, 2004
[robert]: Initial alpha release.