From e909a1ebdf37d817f53707c5a998a6786d5af1cd Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Wed, 22 Jun 2022 15:12:06 +0800
Subject: [PATCH 1/4] bc: enable readline

Using readline can improve line editing feature of bc, but it's not
enabled by default.

As readline is already installed before bc, let's pick up this
improvement with no cost.
---
 appendices/dependencies.xml |  4 ++--
 chapter08/bc.xml            | 16 ++++++++++++----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/appendices/dependencies.xml b/appendices/dependencies.xml
index 6493aa1f9..3ad5c0097 100644
--- a/appendices/dependencies.xml
+++ b/appendices/dependencies.xml
@@ -244,7 +244,7 @@
       <segmentedlist id="bc-depends">
         <segtitle>&dependencies;</segtitle>
         <seglistitem>
-          <seg>Bash, Binutils, Coreutils, GCC, Glibc, Grep, and Make</seg>
+          <seg>Bash, Binutils, Coreutils, GCC, Glibc, Grep, Make, and Readline</seg>
         </seglistitem>
       </segmentedlist>
 
@@ -2615,7 +2615,7 @@
       <segmentedlist id="readline-before">
         <segtitle>&before;</segtitle>
         <seglistitem>
-          <seg>Bash and Gawk</seg>
+          <seg>Bash, Bc, and Gawk</seg>
         </seglistitem>
       </segmentedlist>
 
diff --git a/chapter08/bc.xml b/chapter08/bc.xml
index 9678ddd54..4493f8219 100644
--- a/chapter08/bc.xml
+++ b/chapter08/bc.xml
@@ -43,7 +43,7 @@
 
     <para>Prepare Bc for compilation:</para>
 
-<screen><userinput remap="configure">CC=gcc ./configure --prefix=/usr -G -O3</userinput></screen>
+<screen><userinput remap="configure">CC=gcc ./configure --prefix=/usr -G -O3 -r</userinput></screen>
 
     <variablelist>
       <title>The meaning of the configure options:</title>
@@ -55,6 +55,14 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><parameter>-G</parameter></term>
+        <listitem>
+          <para>Omit parts of the test suite that won't work
+          without a GNU bc present.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><parameter>-O3</parameter></term>
         <listitem>
@@ -63,10 +71,10 @@
       </varlistentry>
 
       <varlistentry>
-        <term><parameter>-G</parameter></term>
+        <term><parameter>-r</parameter></term>
         <listitem>
-          <para>Omit  parts of the test suite that won't work
-          without a GNU bc present.</para>
+          <para>Enable the use of <application>Readline</application> to
+          improve the line editing feature of bc.</para>
         </listitem>
       </varlistentry>
     </variablelist>

From 0b0fa07cd497c31d24c64359e50d65641986b81f Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Thu, 23 Jun 2022 12:23:06 +0800
Subject: [PATCH 2/4] openssl: mark c_rehash obsolete

The c_rehash script, shipped by OpenSSL versions in current LFS trunk
and all previous LFS releases, is vulnerable to CVE-2022-2068.  It's
fixed in 3.0.4, but OpenSSL 3.0.4 is completely broken on CPU models with
AVX-512 extension [1]. So we'd like to defer OpenSSL update and wait for
upstream consensus about "would 3.0.5 be released in urgency".

But, the upstream has announced that use of c_rehash is obsolete now [2].
So we can tell people not to use it.

[1]: https://github.com/openssl/openssl/issues/18625
[2]: https://www.openssl.org/news/secadv/20220621.txt
---
 chapter08/openssl.xml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml
index 044c715a4..70502969c 100644
--- a/chapter08/openssl.xml
+++ b/chapter08/openssl.xml
@@ -135,8 +135,11 @@ make MANSUFFIX=ssl install</userinput></screen>
         <term><command>c_rehash</command></term>
         <listitem>
           <para>
-            is a <application>Perl</application> script that scans all files in
-            a directory and adds symbolic links to their hash values
+            is a <application>Perl</application> script that
+            scans all files in a directory and adds symbolic links to their
+            hash values.  Use of <command>c_rehash</command> is considered
+            obsolete and should be replaced by
+            <command>openssl rehash</command> command
           </para>
           <indexterm zone="ch-system-openssl c_rehash">
             <primary sortas="b-c_rehash">c_rehash</primary>

From 40488bd037b36726f17c26bba8f2b36e051db0a2 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Thu, 23 Jun 2022 18:11:46 +0800
Subject: [PATCH 3/4] grep: mark egrep and fgrep obsolete

They are deprecated since 2007, and the next grep release (3.8 or 4.0)
will print a warning if they are used.

Url: https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a951562
---
 chapter08/grep.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/chapter08/grep.xml b/chapter08/grep.xml
index d06a1ba85..9861d239f 100644
--- a/chapter08/grep.xml
+++ b/chapter08/grep.xml
@@ -77,7 +77,8 @@
       <varlistentry id="egrep">
         <term><command>egrep</command></term>
         <listitem>
-          <para>Prints lines matching an extended regular expression</para>
+          <para>Prints lines matching an extended regular expression.
+          It is obsoleted, use <command>grep -E</command> instead</para>
           <indexterm zone="ch-system-grep egrep">
             <primary sortas="b-egrep">egrep</primary>
           </indexterm>
@@ -87,7 +88,8 @@
       <varlistentry id="fgrep">
         <term><command>fgrep</command></term>
         <listitem>
-          <para>Prints lines matching a list of fixed strings</para>
+          <para>Prints lines matching a list of fixed strings.
+          It is obsoleted, use <command>grep -F</command> instead</para>
           <indexterm zone="ch-system-grep fgrep">
             <primary sortas="b-fgrep">fgrep</primary>
           </indexterm>

From bfc6495520f79cc627206abe295a979655cbe871 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Thu, 23 Jun 2022 18:12:37 +0800
Subject: [PATCH 4/4] bootscripts: change obsoleted egrep to grep -E

---
 bootscripts/lfs/init.d/cleanfs | 2 +-
 bootscripts/lfs/init.d/modules | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bootscripts/lfs/init.d/cleanfs b/bootscripts/lfs/init.d/cleanfs
index c75923c34..9ab994fcc 100644
--- a/bootscripts/lfs/init.d/cleanfs
+++ b/bootscripts/lfs/init.d/cleanfs
@@ -105,7 +105,7 @@ case "${1}" in
       (exit ${failed})
       evaluate_retval
 
-      if egrep -qv '^(#|$)' /etc/sysconfig/createfiles 2>/dev/null; then
+      if grep -E -qv '^(#|$)' /etc/sysconfig/createfiles 2>/dev/null; then
          log_info_msg "Creating files and directories... "
          create_files      # Always returns 0
          evaluate_retval
diff --git a/bootscripts/lfs/init.d/modules b/bootscripts/lfs/init.d/modules
index 3ef4cec0d..19d7b1388 100644
--- a/bootscripts/lfs/init.d/modules
+++ b/bootscripts/lfs/init.d/modules
@@ -35,7 +35,7 @@ case "${1}" in
       # Exit if there's no modules file or there are no
       # valid entries
       [ -r /etc/sysconfig/modules ]             || exit 0
-      egrep -qv '^($|#)' /etc/sysconfig/modules || exit 0
+      grep -E -qv '^($|#)' /etc/sysconfig/modules || exit 0
 
       log_info_msg "Loading modules:"