From 7f25c8447d99d0ea9a88f822089300d06a500edb Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Fri, 14 May 2021 22:44:01 +0800 Subject: [PATCH 1/3] glibc: remove libc_cv_rtlddir override for now Back to use the sed. Need to investigate later. --- chapter05/glibc.xml | 3 +-- chapter08/glibc.xml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/chapter05/glibc.xml b/chapter05/glibc.xml index e3d77b8bf..79c65913a 100644 --- a/chapter05/glibc.xml +++ b/chapter05/glibc.xml @@ -80,8 +80,7 @@ cd build --build=$(../scripts/config.guess) \ --enable-kernel=&min-kernel; \ --with-headers=$LFS/usr/include \ - libc_cv_slibdir=/usr/lib \ - libc_cv_rtlddir=/usr/lib + libc_cv_slibdir=/usr/lib The meaning of the configure options: diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml index 2b4c064e5..9aefe30d2 100644 --- a/chapter08/glibc.xml +++ b/chapter08/glibc.xml @@ -72,8 +72,7 @@ cd build --enable-kernel=&min-kernel; \ --enable-stack-protector=strong \ --with-headers=/usr/include \ - libc_cv_slibdir=/usr/lib \ - libc_cv_rtlddir=/usr/lib + libc_cv_slibdir=/usr/lib The meaning of the configure options: From 7a8a136dffb723dac58d1161cfee173ac369be38 Mon Sep 17 00:00:00 2001 From: Bruce Dubbs Date: Fri, 14 May 2021 10:17:51 -0500 Subject: [PATCH 2/3] Tweak mail address for missing patches --- stylesheets/patcheslist.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stylesheets/patcheslist.xsl b/stylesheets/patcheslist.xsl index d562ee2d7..d86d1814d 100644 --- a/stylesheets/patcheslist.xsl +++ b/stylesheets/patcheslist.xsl @@ -38,7 +38,7 @@ umask 002 chgrp lfswww *.patch && if [ `wc -l copyerrs | sed 's/ *//' | cut -f1 -d' '` -gt 0 ]; then - mail -s "Missing LFS patches" lfs-book@linuxfromscratch.org < copyerrs + mail -s "Missing LFS patches" lfs-book@lists.linuxfromscratch.org < copyerrs fi exit From 6df63e484f39596859dd7712adbfd4989a87e4db Mon Sep 17 00:00:00 2001 From: Ken Moffat Date: Fri, 14 May 2021 16:41:52 +0100 Subject: [PATCH 3/3] OpenSSL: add a note about upgrading. --- chapter01/changelog.xml | 8 ++++++++ chapter08/openssl.xml | 28 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 4cf1252c9..614731b11 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -42,6 +42,14 @@ or as appropriate for the entry or if needed the entire day's listitem. --> + + 2021-05-14 + + + [ken] - Add a Note about upgrading in OpenSSL. + + + 2021-05-12 diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml index 934d5bd83..b96c355f7 100644 --- a/chapter08/openssl.xml +++ b/chapter08/openssl.xml @@ -77,6 +77,34 @@ make MANSUFFIX=ssl install cp -vfr doc/* /usr/share/doc/openssl-&openssl-version; + + + You should update OpenSSL when a new version which fixes vulnerabilities + is announced. The releases run in series, with a letter for each release + after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS + installs only the shared libraries, there is no need to recompile packages + which link to libcrypto.so or + libssl.so + when upgrading in the same series. + + + + However, any running programs linked to those libraries need to be stopped + and restarted. The following command, run as + root after udating, will list what is + using the old versions of those libraries: + + +grep -l -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps | + tr -cd 0-9\\n | xargs -r ps u + + + If you used OpenSSH to login to the system, you + need to logout, login again, and rerun that command to confirm nothing is + still using the deleted libraries. + + +