question about toolchain in chapter six
Hello all, I just stumbled over the fact, that -- after binutils is installed in chapter six -- gcc still uses /tools/bin/ld due to the symlink in /tools/i686-pc-linux-gnu/bin which still points to /tools/bin/ld. This also means that the lib search path still includes /tools/i686-pc-linux-gnu/lib. Would it be OK to change this symlink to point to the newly installed ld in /usr/bin? Or is the /tools search path still needed? Thanks, Thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: [lfs-dev] Glibc-2.16.0
It is very rare that the developer ever has full control of stdin,
so any use of gets warrants an unconditional warning. Assume it is
always declared, since it is required by C89.
It's required by C89, but deprecated in C99, and removed in C11 -- and
glibc follows C11 by removing the declaration if you're asking for that
standard version. (Which is fun since libstdc++ needs it if you're
asking for a new-enough C++, and was the cause of a bunch of scrambling
earlier this year.) So I think this should be changed instead to only
"#undef gets" and then "_GL_WARN_ON_USE" if C11 is in use.
Not according to C Standards, but this is what I did to circumnavigate
the gets removal problem:
The patch changes stdio.h so that even in C11 gets() is defined, but
adds __attribute__ ((error("gets() is dangerous. Don't use it."))) to
both gets() in stdio.h and bits/stdio2.h.
The advantage from my point of view is that there is no "not defined"
error in the various packages trying to throw a usage warning but the
build errors out when gets() is actually used, with or without FORTIFY.
I was kind of worried, how many packages still use gets() but I built
quite a lot of blfs without any problems:
alsa-lib-1.0.24.1
alsa-utils-1.0.24.2
apache-ant-1.8.2
archive-zip-1.30
at-spi2-atk-2.5.3
at-spi2-core-2.5.3
atk-2.5.3
babl-0.1.10
boost-1.50.0
cairo-1.12.2
cdrdao-1.2.2
cdrtools-2.01
clucene-0.9.21b
cmake-2.8.8-graphic
cmake-2.8.8-text
cpio-2.11
cups-1.5.2
curl-7.25.0
cyrus-sasl-2.1.25
dbus-1.5.10
dbus-glib-0.98
docbook-xml-4.5
docbook-xsl-doc-1.76.1
dvd+rw-tools-7.1
epdfview-0.1.8
exiv2-0.22
expat-2.0.1
faac-1.28
faad2-2.7
ffmpeg-0.10
firefox-13.0.1
flac-1.2.1
fluxbox-1.3.2
fontconfig-2.8.0
freeglut-2.8.0
freetype-2.4.9
gdb-7.4.1
gdk-pixbuf-2.26.1
gegl-0.2.0
giflib-4.1.6
gimp-2.8.0
git-0.99.6
glib-2.33.3
gnutls-3.0.8
gperf-3.0.4
gpgme-1.3.1
gpm-1.20.6
gstreamer-0.10.35
gstreamer-plugins-base-0.10.35
gtk+-2.24.10
gtk+-3.5.6
gtk-iconthemes
icedtea-web-1.2
icu-49.1.1
imlib2-1.4.5
intltool-0.41.1
iptables-1.4.13
jasper-1.900.1
jpegsrc.v8d
json-c-0.9
lame-3.99.3
lcms-1.19
lcms2-2.3
liba52dec-0.7.4
libao-1.1.0
libarchive-2.8.5
libassuan-2.0.3
libatasmart-0.18
libatomic_ops-1.2
libcroco-0.6.5
libdrm-2.4.33
libdvdcss-1.2.11
libdvdnav-4.2.0
libdvdread-4.2.0
libexif-0.6.20
libffi-3.0.10
libgcrypt-1.5.0
libgpg-error-1.10
libgsf-1.14.23
libical-0.48
libidl-0.8.14
libmad-0.15.1b
libmng-1.0.10
libmpeg2-0.5.1
libogg-1.3.0
liboil-0.3.17
libpcap-1.2.0
libpng-1.5.9
libpthread-stubs-0.3
librsvg-2.36.1
libsamplerate-0.1.8
libsndfile-1.0.25
libtasn1-2.10
libtheora-1.1.1
libusb-1.0.8
libvorbis-1.3.2
libvpx-v1.0.0
libxau-1.0.6
libxcb-1.7
libxdmcp-1.1.0
libxml2-2.7.8
libxp-1.0.1
libxslt-1.1.26
links-2.4-graphic
links-2.4-text
lvm2-2.02.88
makedepend-1.0.3
mesalib-8.0.3
minicom-2.6.1
neon-0.29.6
nettle-2.4
nmap-6.00
nspr-4.9
nss-3.13.3
openjdk-1.7.0.5-bin
openldap-2.4.29
openntpd-3.9p1
openssh-6.0p1
openssl-1.0.1c
orc-0.4.16
oxygen-icons-4.8.4
pango-1.30.0
parted-3.0
pciutils-3.1.8
pcre-8.30
pixman-0.25.6
polkit-0.104
poppler-0.18.1
printproto-1.0.5
pth-2.0.7
pulseaudio-2.0
python-2.7.2
qt-4.8.2
raptor2-2.0.6
rasqal-0.9.28
redland-1.0.15
samba-3.6.4
sane-backends-1.0.22
sdl-1.2.15
sdl_image-1.2.12
sg3-utils-1.33
shared-desktop-ontologies-0.9.0
shared-mime-info-0.91
speex-1.2rc1
sqlite-autoconf-3071100
strace-4.6
talloc-2.0.7
tcpdump-4.2.1
tiff-3.9.5
udev-182
udisks-1.0.4
unzip60
usbutils-004
util-macros-1.15.0
vpnc-0.5.3
wget-1.13.4
which-2.20
wireshark-1.6.3
x264-20120214
xcb-proto-1.6
xcb-util-0.3.8
xcursor-themes-1.0.3
xine-lib-1.2.1
xkeyboard-config-2.0
xml-parser-2.40
xorg-app-7.6-3
xorg-driver-7.6-3
xorg-font-7.6-3
xorg-lib-7.6-3
xorg-proto-7.6-3
xorg-server-1.12.1
xsane-0.998
xterm-279
yasm-1.2.0
zip30
diff -Naur glibc-2.16.0-orig/libio/bits/stdio2.h
glibc-2.16.0/libio/bits/stdio2.h
--- glibc-2.16.0-orig/libio/bits/stdio2.h 2012-06-30 21:12:34.0
+0200
+++ glibc-2.16.0/libio/bits/stdio2.h2012-07-15 18:56:29.894899402 +0200
@@ -224,7 +224,8 @@
#if !defined __USE_ISOC11 \
|| (defined __cplusplus && __cplusplus <= 201103L && !defined __USE_GNU)
-extern char *__gets_chk (char *__str, size_t) __wur;
+extern char *__gets_chk (char *__str, size_t) __wur
+ __attribute__ ((error("gets() is dangerous. Don't use it.")));
extern char *__REDIRECT (__gets_warn, (char *__str), gets)
__wur __warnattr ("please use fgets or getline instead, gets can't "
"specify buffer size");
diff -Naur glibc-2.16.0-orig/libio/stdio.h glibc-2.16.0/libio/stdio.h
--- glibc-2.16.0-orig/libio/stdio.h 2012-06-30 21:12:34.0 +0200
+++ glibc-2.16.0/libio/stdio.h 2012-07-15 18:54:12.270126012 +0200
@@ -622,7 +622,7 @@
extern char *fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
__wur;
-#if !defined __USE_ISOC11 \
+#if !defined __USE_ISOC11_THIS_IS_NOT_DEFINED \
|| (defined __cplusplus && __cplusplus <= 201103L)
/* Get a newline-terminated string from stdin, removing t
Re: [lfs-dev] Glibc-2.16.0
> The patch changes stdio.h so that even in C11 gets() is defined, but
> adds __attribute__ ((error("gets() is dangerous. Don't use it."))) to
> both gets() in stdio.h and bits/stdio2.h.
__gets_chk() in bits/stdio2.h
> The advantage from my point of view is that there is no "not defined"
> error in the various packages trying to throw a usage warning but the
> build errors out when gets() is actually used, with or without FORTIFY.
And with any C standard.
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
Re: [lfs-dev] GlibC 2.17 / GCC 2.7.3 [git]
> Thanks for the info. If gcc-4.8.0 is due out in a month, we may want > to hold off on gcc-4.7.3 and go directly there. I may pull a > pre-release version to check it out. I'd expect potential problems > with a c -> c++ conversion. > >-- Bruce In case someone is interested, I have a working toolchain with glibc-2.17/ gcc-4.8-20121223. The problem with the c++ is that the first gcc-compile now needs --enable-languages=c,c++ . This leads to libstdc++ to be built, which requires a libc to be present. I solved the problem by doing ln -sv /usr/lib/Scrt1.o /tools/i686-lfs-linux-gnu/lib ln -sv /usr/lib/crti.o/tools/i686-lfs-linux-gnu/lib ln -sv /usr/lib/crtn.o /tools/i686-lfs-linux-gnu/lib ln -sv /usr/lib/libc.so /tools/i686-lfs-linux-gnu/lib ln -sv /usr/lib/libpthread.so /tools/i686-lfs-linux-gnu/lib ln -sv /usr/include /tools/i686-lfs-linux-gnu befor the first gcc-build. After make I removed this again rm -v /tools/i686-lfs-linux-gnu/include to get the includes installed correctly when installing gcc. After that everything else works as before again and after libc is installed, the second binutils/gcc pass build against the new libc. I am sure, there are better solutions to the c++ problem, but this works for me. thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
binutils pass-2
Hello, I am experimenting a bit with the toolchain in chapter 5 and was looking into the configure script of binutils, wondering what happens with the --with-lib-path argument. however I couldn't find that this argument is parsed at all by configure. Am I wrong? regards thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: binutils pass-2
Dan Nicholson wrote: > On 3/12/06, thorsten <[EMAIL PROTECTED]> wrote: >> Hello, I am experimenting a bit with the toolchain in chapter 5 and was >> looking into the configure script of binutils, wondering what happens >> with the --with-lib-path argument. however I couldn't find that this >> argument is parsed at all by configure. Am I wrong? > > Look at configure in the ld subdirectory. The top level configure > just passes along all the arguments to the subdirectories. > > -- > Dan Thanks for the hint! thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: format string exploit
> Do any of you have gcc3 ssp to confirm this code is aborted > with -fstack-protector-all, and drops to shell with -fno-stack-protector-all? > This code has assembly, you need to pass -no-pie too. I clearly remember > stopping using libsafe because ssp aborted all the same exploits libsafe > would and more. > > robert I have gcc-3.4.5 ssp, tried the exploit. The first tries have been bailed out by my grsec kernel (which in general is a good thing but this time was not intended ;-) ). My second tries with a reguar kernel just gave a segmentation fault, no shell regardless of -fno-stack-protector or not. I will have a closer look within the next 1 or two days, keep you updated. thorsten -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: /bin/ping is group writtable
Vladimir A. Pavlov wrote: > On Monday 28 August 2006 03:24, Robert Connolly wrote: >> sed 's/4775/4755/' -i ping/Makefile.in > > First, I think the shown way is a hack a little. It's better to do the > following after installation: > > chmod 4711 /bin/ping > > Second, shouldn't it be 4711 rather than 4755? The read-by-others access > to a SUID file is a security hole. I even would go one step further, a normal user is not able to troubleshoot network problems so why should he pe able to ping? chmod 0711 /bin/ping [EMAIL PROTECTED]:~$ ping www.goole.de ping: ping must run as root can't init ping: Operation not permitted Every SUID program is potentially dangerous. However, I don't want to start a flamewar about this... Thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
lfs-bootscripts-6.2
This is a possible bug report for the bootscripts 6.2:
What I was trying to do: Have two Instances of openvpn running at the
same time, beeing started and stopped separately by two scripts in
/etc/rc.d/init.d. I called them with:
loadproc -p /var/run/openvpn-1.pid openvpn --config someconfig1 and
loadproc -p /var/run/openvpn-2.pid openvpn --config someconfig2.
And tried to stop them with
killproc -p /var/run/openvpn-1.pid openvpn and
killproc -p /var/run/openvpn-2.pid openvpn respectively.
When both instances are up and I tried to stop one of both, the right
openvpn process gets killed and the pidfile removed but the script
reports a [failed] due to the fact that pidofproc one time gets called
without the -p option. I tried to correct it with the appended patch. I
also tried to correct a message generated by kill "no such process",
which should go to /dev/null I guess.
I hope this helps, regards thorsten
--- lfs-bootscripts-6.2/lfs/init.d/functions.orig 2006-03-22
02:02:32.0 +0100
+++ lfs-bootscripts-6.2/lfs/init.d/functions2006-10-31 14:58:51.0
+0100
@@ -363,7 +363,7 @@
for pid in ${lpids}
do
if [ "${pid}" -ne "$$" -a "${pid}" -ne "${PPID}" ]; then
- kill -0 "${pid}" > /dev/null &&
+ kill -0 "${pid}" > /dev/null 2>&1 &&
pidlist="${pidlist} ${pid}"
fi
@@ -588,7 +588,11 @@
done
if [ -z "${killsig}" ]; then
- pidofproc -s "${1}"
+ if [ -z "${pidfile}" ]; then
+ pidofproc -s "${1}"
+ else
+ pidofproc -s -p "${pidfile}" "${1}"
+ fi
# Program was terminated
if [ "$?" != "0" ]; then
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
Re: lfs-bootscripts-6.2
> This is the same problem Alexander mentioned the other day, I believe. > > Alex :-) > > Oh sorry, I thought my problem is so wheired I didn't look for threads on the list. regards Thorsten -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: fdisk / cfdisk
Robert Connolly wrote: Could someone with glibc and unistd.h patched linux-libc-headers please try to build either vsftpd or proftpd and tell me if it will run. Util-linux doesn't seem able to utilize the change in the headers. robert I would, however I am on buisness till friday morning. That would be the earliest possible time. thorsten -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Feedback on jhalfs
> I was just curious about how many have tried jhalfs at this point and > what comments they might have as to its functionality and/or usefulness. I just finnished building the SVN Book, everything went fine (except some gcc-patches the script tried to download, which weren't there. [and weren' needed either]). I think, it is a very nice and easy to use tool, especially if you want to try out things like i.e. optimization settings or so. It doesn't hurt that hard, if you have to throw away the system afterwards ;-) As Feature I would like a file like i.e. environment, which looks like: all: CFLAGS=something CXXFLAGS= gcc: CFLAGS=some other . grub: .. end Nice tool to play with, thank you Regards Thorsten Happel -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
