In the 11.3 release, --enable-default-pie and --enable-default-ssp are enabled for
GCC. These techniques can mitigate some malicious attacks, but they
do not provide perfect security. Note that some textbooks assume
these options are disabled, so that if you run examples from such a
textbook on an LFS system, you may need to disable PIE and SSP with
the GCC options -fno-pie -no-pie
-fno-stack-protection.
Here is a list of the packages updated since the previous release of LFS.
Upgraded to:
Bash 5.2.15
Bc 6.2.4
Binutils-2.40
D-Bus-1.14.6
Diffutils-3.9
E2fsprogs-1.47.0
Expat-2.5.0
File-5.44
Gawk-5.2.1
Gettext-0.21.1
Grep-3.8
IANA-Etc-20230202
Inetutils-2.4
IPRoute2-6.1.0
Less-608
Libcap-2.67
Libelf-0.188 (from elfutils)
Libffi-3.4.4
Linux-6.1.11
Make-4.4
Man-DB-2.11.2
Man-pages-6.03
MarkupSafe-2.1.2
Meson-1.0.0
MPC-1.3.1
MPFR-4.2.0
Ncurses-6.4
Ninja-1.11.1
Openssl-3.0.8
Procps-ng-4.0.2
Psmisc-23.6
Python-3.11.2
Readline-8.2
Sed-4.9
Shadow-4.13
Systemd-252
Tcl-8.6.13
Texinfo-7.0.2
Tzdata-2022g
Vim-9.0.1273
wheel-0.38.4
XZ-Utils-5.4.1
Zlib-1.2.13
Zstd-1.5.4
Added:
readline-8.2-upstream_fix-1.patch
systemd-252-security_fix-1.patch
Removed:
zstd-1.5.2-upstream_fixes-1.patch