GLFS Advisories

glfs-brk-12.4-003: GBM (Date: September 11th, 2025)

GLFS provides instructions to install libgbm, a frontend that loads a given backend. This avoids having to install Mesa if a user is installing a driver outside it that provides nearly everything that's needed. This library was installed from the Mesa project, finetuned to install the least amount of files possible. GLFS has since switched to installing the libgbm package outside of Mesa. It's a package that was ripped out of Mesa to avoid unneeded dependencies, build targets, and build time. The installation of certain header files, like for declaring the DRI interface needed by Xorg-Server, has been moved to pages installing drivers outside of Mesa, like NVIDIA. As with GBM from Mesa, you can pick between libgbm or Mesa without consequence. libgbm can replace Mesa's libgbm with no issues, being ABI compatible.

glfs-brk-12.4-002: Mesa OpenGL (Date: September 8th, 2025)

GLFS used to support Mesa's core OpenGL libraries (libGL, libGLX, libEGL, etc.) and equipped the user with the information needed to go with any given core OpenGL library vendor. To a degree, GLFS still does; however, Mesa as a core OpenGL library vendor is no longer supported in the book. It instead prefers libglvnd and its instructions are designed to now funnel the user into using it. It still equips the user with information needed to use Mesa as the core OpenGL library vendor, and the issues that might arise. Mesa as an OpenGL and other API driver vendor is still supported as most drivers on Linux come from the project. But libGL and other libraries of its ilk are now provided by libglvnd.

glfs-brk-12.4-001: PCRE2, SQLite3, Python3 (Date: September 4th, 2025)

PCRE2, SQLite3, and Python3 have been removed from GLFS. All of them are now in Multilib LFS and have proper lib32 instructions if applicable. Go to MLFS for updates to those packages.

Security Advisories

glfs-sa-12.4-001: NVIDIA - Rating: High (Date: October 10th, 2025)

glfs-brk-12.3-007: xcb-util-errors (Date: August 17th, 2025)

glfs-brk-12.3-006: AMDGPU PRO (Date: July 18th, 2025)

glfs-brk-12.3-005: seatd (Date: June 10th, 2025)

glfs-brk-12.3-004: Git (Date: June 10th, 2025)

Git has been removed from GLFS. All downloading instructions now rely on the wget package when pages instruct the user to download files in bulk. No package in GLFS depends on Git otherwise, and no lib32 installation instructions have been present for it as the package does not provide libraries. Follow BLFS for updates to Git.

glfs-brk-12.3-003: libxml2 (Date: April 3rd, 2025)

libxml2-2.13 has upgraded to libxml2-2.14, which has broken ABI. While you can reinstall every package that uses libxml2, or do a complete upgrade, you can instead opt to apply patches which fix security issues without breaking ABI. The patches will be linked in the BLFS advisories.

glfs-brk-12.3-002: 32-bit CPU Support (Date: March 25th, 2025)

Support for 32-bit CPUs (ix86) has been removed from GLFS. This is because there is no testing being done for 32-bit by the GLFS development team due to lack of proper hardware. Another big reason is Steam and its CEF sandboxing is unclear on how to properly bypass and what happens beyond that point. Regardless, beyond Steam, the normal installation instructions generally work on 32-bit hardware; you just will be on your own to work around the edge cases.

glfs-brk-12.3-001: luit (Date: March 5th, 2025)

The luit package has been removed from GLFS as no packages in the book used it. It had no lib32 installation instructions, so feel free to follow BLFS for updates to the luit package.

Security Advisories

glfs-sa-12.3-003: Fontconfig - Rating: Medium (Date: July 3rd, 2025)

In Fontconfig-2.17.1, a heap buffer overflow was fixed that was introduced in 2.17.0. When compiled with santized addresses, it will cause fc-cache to bail out when using the -f option when regenerating the font cache. If a font is malformed as a result of this early bail, Steam will crash, which is why it is mentioned in this advisories page. Upstream has not treated it as a security vulnerability and thus have not reserved a CVE or any security ticket with any authority. Since it can affect GLFS users directly and other issues of its ilk are considered security vulnerabilities, we consider this a vulnerability as well. This issue may not harm you, but if you are on Fontconfig-2.17.0, you should consider updating to Fontconfig-2.17.1 to avoid font recaching bailing via fc-cache which can cause Steam to crash. This is not needed for the 2.16 series.

glfs-sa-12.3-002: NVIDIA - Rating: High (Date: June 21st, 2025)

glfs-sa-12.3-001: libxml2 and Wine - Rating: High (Date: June 21st, 2025)