diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index 82da796a3..dd6375edc 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -40,6 +40,54 @@
appropriate for the entry or if needed the entire day's listitem.
-->
+
+ 2026-05-20
+
+
+ [bdubbs] - Update to linux-7.0.9 (Security Update). Fixes
+ #5928.
+
+
+
+
+
+ 2026-05-18
+
+
+ [xry111] - Fix CVE-2026-4046, CVE-2026-5450, and
+ CVE-2026-5928 in glibc (Security Update). Fixes
+ #5930.
+
+
+
+
+
+ 2026-05-14
+
+
+ [renodr] - Update to expat-2.8.1 (Security Update). Fixes
+ #5933.
+
+
+ [renodr] - Update to tcl-8.6.18. Fixes
+ #5935.
+
+
+ [renodr] - Update to vim-9.2.0480 (Security Update). Fixes
+ #5928.
+
+
+ [renodr] - Update to linux-7.0.7 (Security Update). Fixes
+ #5932.
+
+
+ [renodr] - Fix CVE-2026-7210 and CVE-2026-8328 in Python
+ (Security Update). Fixes
+ #5934.
+
+
+
+
2026-05-11
@@ -72,8 +120,7 @@
#5931.
- [bdubbs] - Add glibc linux7 fixes patch (Security Fix). Fixes
- #5930.
+ [bdubbs] - Add glibc linux7 fixes patch.
[bdubbs] - Add systemd openssl4 build patch. Addresses
diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml
index ee15db77b..3ba9d25bf 100644
--- a/chapter01/whatsnew.xml
+++ b/chapter01/whatsnew.xml
@@ -257,9 +257,9 @@
-
+
Texinfo-&texinfo-version;
@@ -303,8 +303,11 @@
Added:
-
- Python-3.14.4-security_fixes-1.patch
+
+ glibc-2.43-linux7_fixes-1.patch
+ Python-3.14.5-openssl_4-1.patch
+ Python-3.14.5-security_fixes-1.patch
+ systemd-260.1-buildfix-1.patch
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index 62a67441f..5219013c4 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -78,7 +78,7 @@
-->
- Glibc Linux7 Fix Patch - &glibc-upstream-patch-size;:
+ Glibc Upstream Fixes Patch - &glibc-upstream-patch-size;:
Download:
MD5 sum: &glibc-upstream-patch-md5;
@@ -126,7 +126,15 @@
-->
- Python OpenSSL 4 Patch - &python-security-fixes-patch-size;:
+ Python OpenSSL 4 Patch - &python-openssl4-fixes-patch-size;:
+
+ Download:
+ MD5 sum: &python-openssl4-fixes-patch-md5;
+
+
+
+
+ Python Security Fixes Patch - &python-security-fixes-patch-size;:
Download:
MD5 sum: &python-security-fixes-patch-md5;
diff --git a/chapter05/glibc.xml b/chapter05/glibc.xml
index 9c61ac31d..a13e6d423 100644
--- a/chapter05/glibc.xml
+++ b/chapter05/glibc.xml
@@ -72,10 +72,14 @@ esac
patch -Np1 -i ../&glibc-fhs-patch;
- Now fix glibc to build against Linux 7.
+ Now fix glibc to build against Linux 7:
patch -Np1 -i ../&glibc-upstream-patch;
+ The patch applied above also contains fixes of some security
+ vulnerabilities. The fix is not needed but also harmless for a temporary
+ glibc installation.
+
The Glibc documentation recommends building Glibc
in a dedicated build directory:
diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index 6c40e9745..e135f512d 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -232,7 +232,8 @@ su tester -c "PATH=$PATH make -k check"
gcc.dg/ipa/pr122458.c,
gcc.dg/lto/toplevel-*-asm-*, and
gcc.dg/plugin/crash-test-nested-*.c are known to
- fail.
+ fail. The test g++.dg/gomp/deprecate-1.C is known
+ to fail sometimes.
The LFS editors have investigated those failures and confirmed
none indicates a critical issue. Most of them are because the test case
diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index b16e8733f..4fe701dd5 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -43,12 +43,6 @@
Installation of Glibc
- First, apply a fix to DNS processing from upstream:
-
-sed -e '/while..ancount/c\ for (; ancount > 0; --ancount)' \
- -e '/binary_hnok..expected/s/expected_name/name_buffer/' \
- -i resolv/nss_dns/dns-host.c
-
Some of the Glibc programs use the non-FHS compliant
/var/db directory to store
their runtime data. Apply the following patch to make such programs
@@ -56,7 +50,9 @@
patch -Np1 -i ../&glibc-fhs-patch;
- Now add some fixes to address building and testing with Linux 7:
+ Now add some fixes to address building and testing with Linux 7,
+ and fix 5 security vulnerabilities found after the glibc-2.43
+ release:
patch -Np1 -i ../&glibc-upstream-patch;
diff --git a/chapter08/python.xml b/chapter08/python.xml
index fbbbc0afe..7aad5bc61 100644
--- a/chapter08/python.xml
+++ b/chapter08/python.xml
@@ -45,6 +45,10 @@
First, apply a patch for compatibility with OpenSSL 4:
+patch -Np1 -i ../&python-openssl4-fixes-patch;
+
+ Next, fix two security vulnerabilities:
+
patch -Np1 -i ../&python-security-fixes-patch;
Prepare Python for compilation:
diff --git a/chapter08/tcl.xml b/chapter08/tcl.xml
index 3b37715bd..c822207b7 100644
--- a/chapter08/tcl.xml
+++ b/chapter08/tcl.xml
@@ -3,8 +3,8 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
%general-entities;
-
-
+
+
]>
diff --git a/packages.ent b/packages.ent
index 7989bcabe..6591d0f99 100644
--- a/packages.ent
+++ b/packages.ent
@@ -148,11 +148,11 @@
-
-
-
+
+
+
-
+
@@ -425,12 +425,12 @@
-
+
-
+
-
+
-
+
diff --git a/patches.ent b/patches.ent
index 8643849ec..090da7a82 100644
--- a/patches.ent
+++ b/patches.ent
@@ -27,9 +27,9 @@
-
-
-
+
+
+
@@ -41,9 +41,13 @@
-->
-
-
-
+
+
+
+
+
+
+