diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2022-06-23 12:23:06 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2022-06-23 12:23:06 +0800 |
| commit | 0b0fa07cd497c31d24c64359e50d65641986b81f (patch) | |
| tree | 2ffe8e60e263f51791433d6e64f0534406945bbe /chapter08 | |
| parent | e909a1ebdf37d817f53707c5a998a6786d5af1cd (diff) | |
openssl: mark c_rehash obsolete
The c_rehash script, shipped by OpenSSL versions in current LFS trunk
and all previous LFS releases, is vulnerable to CVE-2022-2068. It's
fixed in 3.0.4, but OpenSSL 3.0.4 is completely broken on CPU models with
AVX-512 extension [1]. So we'd like to defer OpenSSL update and wait for
upstream consensus about "would 3.0.5 be released in urgency".
But, the upstream has announced that use of c_rehash is obsolete now [2].
So we can tell people not to use it.
[1]: https://github.com/openssl/openssl/issues/18625
[2]: https://www.openssl.org/news/secadv/20220621.txt
Diffstat (limited to 'chapter08')
| -rw-r--r-- | chapter08/openssl.xml | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml index 044c715a4..70502969c 100644 --- a/chapter08/openssl.xml +++ b/chapter08/openssl.xml @@ -135,8 +135,11 @@ make MANSUFFIX=ssl install</userinput></screen> <term><command>c_rehash</command></term> <listitem> <para> - is a <application>Perl</application> script that scans all files in - a directory and adds symbolic links to their hash values + is a <application>Perl</application> script that + scans all files in a directory and adds symbolic links to their + hash values. Use of <command>c_rehash</command> is considered + obsolete and should be replaced by + <command>openssl rehash</command> command </para> <indexterm zone="ch-system-openssl c_rehash"> <primary sortas="b-c_rehash">c_rehash</primary> |