Ignore:
Timestamp:
05/14/2021 03:41:52 PM (3 years ago)
Author:
Ken Moffat <ken@…>
Branches:
11.0, 11.0-rc1, 11.0-rc2, 11.0-rc3, 11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, arm, bdubbs/gcc13, ml-11.0, multilib, renodr/libudev-from-systemd, s6-init, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
Children:
80838616, e04bf44
Parents:
78361854
Message:

OpenSSL: add a note about upgrading.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • chapter08/openssl.xml

    r78361854 r6df63e4  
    7777
    7878<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
     79
     80    <note>
     81      <para>
     82        You should update OpenSSL when a new version which fixes vulnerabilities
     83        is announced. The releases run in series, with a letter for each release
     84        after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS
     85        installs only the shared libraries, there is no need to recompile packages
     86        which link to <filename class="libraryfile">libcrypto.so</filename> or
     87        <filename class="libraryfile">libssl.so</filename>
     88        <emphasis>when upgrading in the same series.</emphasis>
     89      </para>
     90
     91      <para>
     92        However, any running programs linked to those libraries need to be stopped
     93        and restarted. The following command, run as
     94        <systemitem class="username">root</systemitem> after udating, will list what is
     95        using the old versions of those libraries:
     96      </para>
     97
     98<screen><userinput role="nodump">grep -l  -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps |
     99   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
     100
     101      <para>
     102        If you used <application>OpenSSH</application> to login to the system, you
     103        need to logout, login again, and rerun that command to confirm nothing is
     104        still using the deleted libraries.
     105      </para>
     106    </note>
    79107
    80108  </sect2>
Note: See TracChangeset for help on using the changeset viewer.