Merge branch 'trunk' into openrc

chapter01/changelog.xml

@@ -40,6 +40,54 @@
     appropriate for the entry or if needed the entire day's listitem.
     -->
 
+    <listitem>
+      <para>2026-05-20</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Update to linux-7.0.9 (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5928">#5928</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
+      <para>2026-05-18</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2026-4046, CVE-2026-5450, and
+          CVE-2026-5928 in glibc (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5930">#5930</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
+      <para>2026-05-14</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Update to expat-2.8.1 (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5933">#5933</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to tcl-8.6.18. Fixes
+          <ulink url="&lfs-ticket-root;5935">#5935</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to vim-9.2.0480 (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5928">#5928</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to linux-7.0.7 (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5932">#5932</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Fix CVE-2026-7210 and CVE-2026-8328 in Python
+          (Security Update). Fixes
+          <ulink url="&lfs-ticket-root;5934">#5934</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2026-05-11</para>
       <itemizedlist>
@@ -72,8 +120,7 @@
           <ulink url='&lfs-ticket-root;5931'>#5931</ulink>.</para>
         </listitem>
         <listitem>
-          <para>[bdubbs] - Add glibc linux7 fixes patch (Security Fix). Fixes
-          <ulink url='&lfs-ticket-root;5930'>#5930</ulink>.</para>
+          <para>[bdubbs] - Add glibc linux7 fixes patch.</para>
         </listitem>
         <listitem>
           <para>[bdubbs] - Add systemd openssl4 build patch. Addresses

chapter01/whatsnew.xml

@@ -257,9 +257,9 @@
     <!--<listitem>
       <para>Tar-&tar-version;</para>
     </listitem>-->
-    <!--<listitem>
+    <listitem>
       <para>Tcl-&tcl-version;</para>
-    </listitem>-->
+    </listitem>
     <listitem>
       <para>Texinfo-&texinfo-version;</para>
     </listitem>
@@ -303,8 +303,11 @@
 
   <itemizedlist>
     <title>Added:</title>
-    <listitem><para></para></listitem>  <!-- satisfy build -->
-    <listitem><para>Python-3.14.4-security_fixes-1.patch</para></listitem>
+    <!--    <listitem><para></para></listitem> -->  <!-- satisfy build -->
+    <listitem><para>glibc-2.43-linux7_fixes-1.patch</para></listitem>
+    <listitem><para>Python-3.14.5-openssl_4-1.patch</para></listitem>
+    <listitem><para>Python-3.14.5-security_fixes-1.patch</para></listitem>
+    <listitem><para>systemd-260.1-buildfix-1.patch</para></listitem>
   </itemizedlist>
 
   <itemizedlist>

chapter03/patches.xml

@@ -78,7 +78,7 @@
 -->
 
     <varlistentry>
-      <term>Glibc Linux7 Fix Patch - <token>&glibc-upstream-patch-size;</token>:</term>
+      <term>Glibc Upstream Fixes Patch - <token>&glibc-upstream-patch-size;</token>:</term>
       <listitem>
         <para>Download: <ulink url="&patches-root;&glibc-upstream-patch;"/></para>
         <para>MD5 sum: <literal>&glibc-upstream-patch-md5;</literal></para>
@@ -126,7 +126,15 @@
     </varlistentry>
 -->
     <varlistentry>
-      <term>Python OpenSSL 4 Patch - <token>&python-security-fixes-patch-size;</token>:</term>
+      <term>Python OpenSSL 4 Patch - <token>&python-openssl4-fixes-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&python-openssl4-fixes-patch;"/></para>
+        <para>MD5 sum: <literal>&python-openssl4-fixes-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
+      <term>Python Security Fixes Patch - <token>&python-security-fixes-patch-size;</token>:</term>
       <listitem>
         <para>Download: <ulink url="&patches-root;&python-security-fixes-patch;"/></para>
         <para>MD5 sum: <literal>&python-security-fixes-patch-md5;</literal></para>

chapter05/glibc.xml

@@ -72,10 +72,14 @@ esac</userinput></screen>
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen>
 
-    <para>Now fix glibc to build against Linux 7.</para>
+    <para>Now fix glibc to build against Linux 7:</para>
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-patch;</userinput></screen>
 
+    <para>The patch applied above also contains fixes of some security
+    vulnerabilities.  The fix is not needed but also harmless for a temporary
+    glibc installation.</para>
+
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
 

chapter08/gcc.xml

@@ -232,7 +232,8 @@ su tester -c "PATH=$PATH make -k check"</userinput></screen>
     <filename>gcc.dg/ipa/pr122458.c</filename>,
     <filename>gcc.dg/lto/toplevel-*-asm-*</filename>, and
     <filename>gcc.dg/plugin/crash-test-nested-*.c</filename> are known to
-    fail.</para>
+    fail.  The test <filename>g++.dg/gomp/deprecate-1.C</filename> is known
+    to fail sometimes.</para>
 
     <para>The LFS editors have investigated those failures and confirmed
     none indicates a critical issue.  Most of them are because the test case

chapter08/glibc.xml

@@ -43,12 +43,6 @@
   <sect2 role="installation">
     <title>Installation of Glibc</title>
 
-    <para>First, apply a fix to DNS processing from upstream:</para>
-
-<screen><userinput remap="pre">sed -e '/while..ancount/c\  for (; ancount > 0; --ancount)'  \
-    -e '/binary_hnok..expected/s/expected_name/name_buffer/' \
-    -i resolv/nss_dns/dns-host.c</userinput></screen>
-
     <para>Some of the Glibc programs use the non-FHS compliant
     <filename class="directory">/var/db</filename> directory to store
     their runtime data. Apply the following patch to make such programs
@@ -56,7 +50,9 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen>
 
-    <para>Now add some fixes to address building and testing with Linux 7:</para>
+    <para>Now add some fixes to address building and testing with Linux 7,
+    and fix 5 security vulnerabilities found after the glibc-2.43
+    release:</para>
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-patch;</userinput></screen>
 

chapter08/python.xml

@@ -45,6 +45,10 @@
 
     <para>First, apply a patch for compatibility with OpenSSL 4:</para>
 
+<screen><userinput remap="pre">patch -Np1 -i ../&python-openssl4-fixes-patch;</userinput></screen>
+
+    <para>Next, fix two security vulnerabilities:</para>
+
 <screen><userinput remap="pre">patch -Np1 -i ../&python-security-fixes-patch;</userinput></screen>
 
     <para>Prepare Python for compilation:</para>

chapter08/tcl.xml

@@ -3,8 +3,8 @@
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
   <!ENTITY % general-entities SYSTEM "../general.ent">
   %general-entities;
-  <!ENTITY tdbc-ver          "1.1.12">
-  <!ENTITY itcl-ver          "4.3.4">
+  <!ENTITY tdbc-ver          "1.1.13">
+  <!ENTITY itcl-ver          "4.3.7">
 ]>
 
 <sect1 id="ch-system-tcl" role="wrap">

packages.ent

@@ -148,11 +148,11 @@
 <!ENTITY elfutils-fin-du "41 MB">
 <!ENTITY elfutils-fin-sbu "0.1 SBU">
 
-<!ENTITY expat-version "2.8.0">
-<!ENTITY expat-dl-version "2_8_0">
-<!ENTITY expat-size "500 KB">
+<!ENTITY expat-version "2.8.1">
+<!ENTITY expat-dl-version "2_8_1">
+<!ENTITY expat-size "504 KB">
 <!ENTITY expat-url "&github;/libexpat/libexpat/releases/download/R_&expat-dl-version;/expat-&expat-version;.tar.xz">
-<!ENTITY expat-md5 "db797f9ddef94ddb1af5ae7db05710ce">
+<!ENTITY expat-md5 "ee5ce823fae282d5d9dadc3b4831a883">
 <!ENTITY expat-home "https://libexpat.github.io/">
 <!ENTITY expat-fin-du "14 MB">
 <!ENTITY expat-fin-sbu "0.1 SBU">
@@ -425,12 +425,12 @@
 <!ENTITY linux-major-version "7">
 <!ENTITY linux-minor-version "0">
 <!ENTITY linux-majmin-version "&linux-major-version;.&linux-minor-version;">
-<!ENTITY linux-patch-version "5">
+<!ENTITY linux-patch-version "9">
 <!--<!ENTITY linux-version "&linux-major-version;.&linux-minor-version;">-->
 <!ENTITY linux-version "&linux-major-version;.&linux-minor-version;.&linux-patch-version;">
-<!ENTITY linux-size "153,485 KB">
+<!ENTITY linux-size "153,486 KB">
 <!ENTITY linux-url "&kernel;linux/kernel/v&linux-major-version;.x/linux-&linux-version;.tar.xz">
-<!ENTITY linux-md5 "ab6eea718e74b5578d46f8343f5fa490">
+<!ENTITY linux-md5 "afe7af08323c71e9424aad06a9a5a201">
 <!ENTITY linux-home "https://www.kernel.org/">
 <!-- measured for 6.10.1 / gcc-14.1.0 on x86_64 with -j4 : 
  minimum is allnoconfig 
@@ -722,15 +722,15 @@
 <!ENTITY tar-fin-du "43 MB">
 <!ENTITY tar-fin-sbu "0.6 SBU">
 
-<!ENTITY tcl-version "8.6.17">
+<!ENTITY tcl-version "8.6.18">
 <!ENTITY tcl-major-version "8.6">
-<!ENTITY tcl-size "11,450 KB">
+<!ENTITY tcl-size "11,540 KB">
 <!ENTITY tcl-url "https://downloads.sourceforge.net/tcl/tcl&tcl-version;-src.tar.gz">
-<!ENTITY tcl-md5 "1ec3444533f54d0f86cd120058e15e48">
+<!ENTITY tcl-md5 "acfe0c9f7d0c626ecf026e834a888da6">
 <!ENTITY tcl-home "https://tcl.sourceforge.net/">
 <!ENTITY tcl-docs-url "https://downloads.sourceforge.net/tcl/tcl&tcl-version;-html.tar.gz">
-<!ENTITY tcl-docs-md5 "60c71044e723b0db5f21be82929f3534">
-<!ENTITY tcl-docs-size "1,170 KB">
+<!ENTITY tcl-docs-md5 "54d1ff0f5eee4e81e5cdaa4baa343397">
+<!ENTITY tcl-docs-size "1,172 KB">
 <!ENTITY tcl-tmp-du "91 MB">
 <!ENTITY tcl-tmp-sbu "2.9 SBU">
 
@@ -769,7 +769,7 @@
 <!ENTITY util-linux-fin-du "346 MB">
 <!ENTITY util-linux-fin-sbu "0.5 SBU">
 
-<!ENTITY vim-version "9.2.0461">
+<!ENTITY vim-version "9.2.0481">
 <!ENTITY vim-docdir "vim/vim92">
 <!ENTITY vim-size "19,502 KB">
 <!ENTITY vim-url "https://github.com/vim/vim/archive/v&vim-version;/vim-&vim-version;.tar.gz">
@@ -784,7 +784,7 @@
      release.  The "Next" button just sets "after=" in the URL.  For
      example, https://github.com/vim/vim/tags?after=v8.1.1847 will show
      us v8.1.1846. -->
-<!ENTITY vim-md5 "86ed20b5a53f2cf14823de2957cee4a8">
+<!ENTITY vim-md5 "59a2473c92078bd23e51f1f0ea5f59f4">
 <!ENTITY vim-home "https://www.vim.org">
 <!ENTITY vim-fin-du "217 MB">
 <!ENTITY vim-fin-sbu "3.2 SBU">

patches.ent

@@ -27,9 +27,9 @@
 <!ENTITY glibc-fhs-patch-md5 "9a5997c3452909b1769918c759eff8a2">
 <!ENTITY glibc-fhs-patch-size "2.8 KB">
 
-<!ENTITY glibc-upstream-patch "glibc-&glibc-version;-linux7_fixes-1.patch">
-<!ENTITY glibc-upstream-patch-md5 "0d438a427c16575b263b19cdb16bbf99">
-<!ENTITY glibc-upstream-patch-size "3.3 KB">
+<!ENTITY glibc-upstream-patch "glibc-&glibc-version;-upstream_fixes-1.patch">
+<!ENTITY glibc-upstream-patch-md5 "1f5074a1dce85a72d2ea465ca76e420b">
+<!ENTITY glibc-upstream-patch-size "49 KB">
 
 <!ENTITY kbd-backspace-patch "kbd-&kbd-version;-backspace-1.patch">
 <!ENTITY kbd-backspace-patch-md5 "f75cca16a38da6caa7d52151f7136895">
@@ -41,9 +41,13 @@
 <!ENTITY perl-upstream-fix-patch-size "13 KB">
 -->
 
-<!ENTITY python-security-fixes-patch "Python-&python-version;-openssl_4-1.patch">
-<!ENTITY python-security-fixes-patch-md5 "597d7737df1b4ea4e184c193da523050">
-<!ENTITY python-security-fixes-patch-size "38 KB">
+<!ENTITY python-openssl4-fixes-patch "Python-&python-version;-openssl_4-1.patch">
+<!ENTITY python-openssl4-fixes-patch-md5 "597d7737df1b4ea4e184c193da523050">
+<!ENTITY python-openssl4-fixes-patch-size "38 KB">
+
+<!ENTITY python-security-fixes-patch "Python-&python-version;-security_fixes-1.patch">
+<!ENTITY python-security-fixes-patch-md5 "1d5084c858197e82f0611b82f0d852f5">
+<!ENTITY python-security-fixes-patch-size "12 KB">
 
 <!--
 <!ENTITY readline-fixes-patch "readline-&readline-version;-upstream_fixes-3.patch">