diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 87525b31b..23e8dbe6d 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -44,6 +44,14 @@ or as appropriate for the entry or if needed the entire day's listitem. --> + + 2021-05-14 + + + [ken] - Add a Note about upgrading in OpenSSL. + + + 2021-05-12 diff --git a/chapter05/glibc.xml b/chapter05/glibc.xml index c8fabcd64..d7ba1a843 100644 --- a/chapter05/glibc.xml +++ b/chapter05/glibc.xml @@ -132,14 +132,6 @@ cd build - - libc_cv_rtlddir=/usr/lib - - Fix hardcoded path to the executable loader in the - ldd script. - - - diff --git a/chapter08/bzip2.xml b/chapter08/bzip2.xml index f22c99e79..c289e6140 100644 --- a/chapter08/bzip2.xml +++ b/chapter08/bzip2.xml @@ -89,9 +89,9 @@ make clean ln -sv libbz2.so.&bzip2-version; /usr/lib/libbz2.so Install the shared bzip2 binary into the - /bin directory: + /usr/bin directory: -cp -v bzip2-shared /bin/bzip2 +cp -v bzip2-shared /usr/bin/bzip2 Remove an useless static library: diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml index 5a2b80378..b7269d50f 100644 --- a/chapter08/glibc.xml +++ b/chapter08/glibc.xml @@ -127,14 +127,6 @@ cd build - - libc_cv_rtlddir=/usr/lib - - Fix hardcoded path to the executable loader in the - ldd script. - - - diff --git a/chapter08/inetutils.xml b/chapter08/inetutils.xml index b79a0b782..b80db6f1d 100644 --- a/chapter08/inetutils.xml +++ b/chapter08/inetutils.xml @@ -43,6 +43,7 @@ Prepare Inetutils for compilation: ./configure --prefix=/usr \ + --bindir=/usr/bin \ --localstatedir=/var \ --disable-logger \ --disable-whois \ @@ -116,7 +117,7 @@ Move a program to the proper location: -mv -v /{,s}bin/ifconfig +mv -v /usr/{,s}bin/ifconfig diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml index 7b859b15f..3f6d41dd5 100644 --- a/chapter08/openssl.xml +++ b/chapter08/openssl.xml @@ -77,6 +77,25 @@ make MANSUFFIX=ssl install cp -vfr doc/* /usr/share/doc/openssl-&openssl-version; + + + You should update OpenSSL when a new version which fixes vulnerabilities + is announced. The releases run in series, with a letter for each release + after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS + installs only the shared libraries, there is no need to recompile packages + which link to libcrypto.so or + libssl.so + when upgrading in the same series. + + + + However, any running programs linked to those libraries need to be stopped + and restarted. Read the related entries in + for details. + + + + diff --git a/chapter08/pkgmgt.xml b/chapter08/pkgmgt.xml index 6c628c3d6..809421c3f 100644 --- a/chapter08/pkgmgt.xml +++ b/chapter08/pkgmgt.xml @@ -41,7 +41,7 @@ the Hints Project and see if one of them fits your need. - + Upgrade Issues A Package Manager makes it easy to upgrade to newer versions when they @@ -91,6 +91,25 @@ you have to downgrade a package, or the package changes the versioning scheme of library files suddenly. + If a package containing a shared library is updated, + and the name of library doesn't change, but a severe issue + (especially, a security vulnerability) is fixed, all running programs + linked to the shared library should be restarted. The following + command, run as root after + updating, will list what is using the old versions of those libraries + (replace libfoo with the name of the + library): + +grep -l -e 'libfoo.*deleted' /proc/*/maps | + tr -cd 0-9\\n | xargs -r ps u + + + If OpenSSH is being used for accessing + the system and it is linked to the updated library, you need to + restart sshd service, then logout, login again, + and rerun that command to confirm nothing is still using the + deleted libraries. +