openssl: mark c_rehash obsolete

The c_rehash script, shipped by OpenSSL versions in current LFS trunk and all previous LFS releases, is vulnerable to CVE-2022-2068. It's fixed in 3.0.4, but OpenSSL 3.0.4 is completely broken on CPU models with AVX-512 extension [1]. So we'd like to defer OpenSSL update and wait for upstream consensus about "would 3.0.5 be released in urgency". But, the upstream has announced that use of c_rehash is obsolete now [2]. So we can tell people not to use it. [1]: https://github.com/openssl/openssl/issues/18625 [2]: https://www.openssl.org/news/secadv/20220621.txt
2025-03-06 14:24:48 +00:00 · 2022-06-23 12:23:06 +08:00 · 2022-06-23 12:23:06 +08:00 · 0b0fa07cd4
commit 0b0fa07cd4
parent e909a1ebdf
1 changed files with 5 additions and 2 deletions
--- a/chapter08/openssl.xml
+++ b/chapter08/openssl.xml
@ -135,8 +135,11 @@ make MANSUFFIX=ssl install</userinput></screen>
        <term><command>c_rehash</command></term>
        <listitem>
          <para>
-            is a <application>Perl</application> script that scans all files in
-            a directory and adds symbolic links to their hash values
+            is a <application>Perl</application> script that
+            scans all files in a directory and adds symbolic links to their
+            hash values.  Use of <command>c_rehash</command> is considered
+            obsolete and should be replaced by
+            <command>openssl rehash</command> command
          </para>
          <indexterm zone="ch-system-openssl c_rehash">
            <primary sortas="b-c_rehash">c_rehash</primary>