Automatic merge of trunk into multilib

chapter01/changelog.xml

@@ -44,6 +44,14 @@
     <listitem revision="sysv"> or <listitem revision="systemd"> as
     appropriate for the entry or if needed the entire day's listitem.
     -->
+    <listitem>
+      <para>2021-05-14</para>
+      <itemizedlist>
+        <listitem>
+          <para>[ken] - Add a Note about upgrading in OpenSSL.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
 
     <listitem>
       <para>2021-05-12</para>

chapter05/glibc.xml

@@ -132,14 +132,6 @@ cd       build</userinput></screen>
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><parameter>libc_cv_rtlddir=/usr/lib</parameter></term>
-        <listitem>
-          <para>Fix hardcoded path to the executable loader in the
-            <command>ldd</command> script.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><option>libc_cv_include_x86_isa_level=no</option></term>
         <listitem>

chapter08/bzip2.xml

@@ -89,9 +89,9 @@ make clean</userinput></screen>
 ln -sv libbz2.so.&bzip2-version; /usr/lib/libbz2.so</userinput></screen>
 
     <para>Install the shared <command>bzip2</command> binary into the
-    <filename class="directory">/bin</filename> directory:</para>
+    <filename class="directory">/usr/bin</filename> directory:</para>
 
-<screen><userinput remap="install">cp -v bzip2-shared /bin/bzip2</userinput></screen>
+<screen><userinput remap="install">cp -v bzip2-shared /usr/bin/bzip2</userinput></screen>
 
     <para>Remove an useless static library:</para>
 

chapter08/glibc.xml

@@ -127,14 +127,6 @@ cd       build</userinput></screen>
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><parameter>libc_cv_rtlddir=/usr/lib</parameter></term>
-        <listitem>
-          <para>Fix hardcoded path to the executable loader in the
-            <command>ldd</command> script.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><option>libc_cv_include_x86_isa_level=no</option></term>
         <listitem>

chapter08/inetutils.xml

@@ -43,6 +43,7 @@
     <para>Prepare Inetutils for compilation:</para>
 
 <screen><userinput remap="configure">./configure --prefix=/usr        \
+            --bindir=/usr/bin    \
             --localstatedir=/var \
             --disable-logger     \
             --disable-whois      \
@@ -116,7 +117,7 @@
 
     <para>Move a program to the proper location:</para>
 
-<screen><userinput remap="install">mv -v /{,s}bin/ifconfig</userinput></screen>
+<screen><userinput remap="install">mv -v /usr/{,s}bin/ifconfig</userinput></screen>
 
   </sect2>
 

chapter08/openssl.xml

@@ -77,6 +77,25 @@ make MANSUFFIX=ssl install</userinput></screen>
 
 <screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
 
+    <note>
+      <para>
+        You should update OpenSSL when a new version which fixes vulnerabilities
+        is announced. The releases run in series, with a letter for each release
+        after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS
+        installs only the shared libraries, there is no need to recompile packages
+        which link to <filename class="libraryfile">libcrypto.so</filename> or
+        <filename class="libraryfile">libssl.so</filename>
+        <emphasis>when upgrading in the same series.</emphasis>
+      </para>
+
+      <para>
+        However, any running programs linked to those libraries need to be stopped
+        and restarted. Read the related entries in
+        <xref linkend='pkgmgmt-upgrade-issues'/> for details.
+      </para>
+
+    </note>
+
   </sect2>
 
   <!-- - - - - - - - - - -->

chapter08/pkgmgt.xml

@@ -41,7 +41,7 @@
   the <ulink url="&hints-root;">Hints Project</ulink> and see if one of them
   fits your need.</para>
 
-  <sect2>
+  <sect2 id='pkgmgmt-upgrade-issues'>
     <title>Upgrade Issues</title>
 
     <para>A Package Manager makes it easy to upgrade to newer versions when they
@@ -91,6 +91,25 @@
       you have to downgrade a package, or the package changes the versioning
       scheme of library files suddenly.</para> </listitem>
 
+      <listitem> <para>If a package containing a shared library is updated,
+      and the name of library doesn't change, but a severe issue
+      (especially, a security vulnerability) is fixed, all running programs
+      linked to the shared library should be restarted.  The following
+      command, run as <systemitem class="username">root</systemitem> after
+      updating, will list what is using the old versions of those libraries
+      (replace <replaceable>libfoo</replaceable> with the name of the
+      library):</para>
+
+<screen><userinput role="nodump">grep -l  -e '<replaceable>libfoo</replaceable>.*deleted' /proc/*/maps |
+   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
+
+      <para>
+        If <application>OpenSSH</application> is being used for accessing
+        the system and it is linked to the updated library, you need to
+        restart <command>sshd</command> service, then logout, login again,
+        and rerun that command to confirm nothing is still using the
+        deleted libraries.
+      </para></listitem>
     </itemizedlist>
 
   </sect2>