Thanks for filling in the SRU template, confirming the fix (comment #22) and refreshing the debdiff on top of -security (comment #28)!
I confirmed the patch matches the upstream commit and applied some minimal fixes/improvements: - d/changelog: UNRELEASED -> jammy - actually remove the d/p/168.patch file (not just from d/p/series) - Add DEP-3 headers: +Origin: upstream, https://github.com/liske/needrestart/commit/101f006118f6d7f49986048178e329c8bf0196eb +Bug: https://github.com/liske/needrestart/issues/129 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2004203 With this the change LGTM and is ready for SRU review! – Sponsored into the Jammy UNAPPROVED queue. $ dput ubuntu ../needrestart_3.5-5ubuntu2.5_source.changes Uploading needrestart using ftp to ubuntu (host: upload.ubuntu.com; directory: /ubuntu) running checksum: verify checksums before uploading running check-debs: makes sure the upload contains a binary package running ppaforppaonly: Stop uploads to the archive with or to ppa without ~ppa suffix. running placeholderbug: Stop if using common placeholder numbers as bug reference. running updatemaintainer: Stop if ubuntu changes are without ubuntu maintainer. running required-fields: check whether a field is present and non-empty in the changes file running nobug: Stop if uploading without any bug reference. running releasemismatch: Warn about mismatching suffixesg e.g. focal with a XX.YY not being 20.04 running suite-mismatch: check the target distribution for common errors running supported-distribution: check whether the target distribution is currently supported (using distro-info) {'allowed': ['release', 'proposed', 'backports', 'security'], 'known': ['release', 'proposed', 'updates', 'backports', 'security']} running gitubuntu: Warn if uploading without git-ubuntu Vcs-* entries. running gpg: check GnuPG signatures before the upload running badauthor: Stop if uploading with root@ or ubuntu@ email adresses. Uploading needrestart_3.5-5ubuntu2.5.dsc Uploading needrestart_3.5-5ubuntu2.5.debian.tar.xz Uploading needrestart_3.5-5ubuntu2.5_source.buildinfo Uploading needrestart_3.5-5ubuntu2.5_source.changes ** Bug watch added: github.com/liske/needrestart/issues #129 https://github.com/liske/needrestart/issues/129 ** Changed in: needrestart (Ubuntu Jammy) Status: Incomplete => In Progress -- You received this bug notification because you are a member of Debcrafters packages, which is subscribed to needrestart in Ubuntu. https://bugs.launchpad.net/bugs/2004203 Title: With needrestart, apt-get does not respect non-interactive instruction when upgrading services Status in needrestart package in Ubuntu: Fix Released Status in needrestart source package in Jammy: In Progress Bug description: [ Impact ] * Servers and other systems running `unattended-upgrades` will not automatically restart services that use binaries that were updated, even when explicitly configured to do so. This may lead to security holes remaining open or other misbehaviour, until the machine or services are restarted for other reasons. This defeats the primary functionality of that package. [ Test Plan ] * Use an Ubuntu Jammy test system with typical configuration. I used a fresh LXD container. * Install `unattended-upgrades`. Ensure `needrestart` and `update- notifier-common` are also installed, but that should usually be the case. * Configure `needrestart` to automatically restart services: * Create `/etc/needrestart/conf.d/auto-restart.conf` with content: $nrconf{restart} = 'a'; * Locate any package that some running service has an indirect dependency on (such as libc, libssl3, python, java, etc). Using something more uncommon like java might be easier than something that has a lot of dependencies like libc/libssl3. * In my case I chose `<dep>=libc6` and `<service>=cron`. * `apt list -a <dep>` to see other versions of the package. Usually there will be an older version available from the main repository, while the current version is from the update or security repository. * `sudo apt install <dep>=<version>` to explicitly downgrade the package to the older version. (You may need to select a different package, or more packages, to resolve conflicts or avoid removing other packages.) * Observe that the dependent services will be automatically restarted when you do this. (I checked this via the start time in `systemctl status <service>`.) * `sudo unattended-upgrade` to request immediate upgrade of outdated packages, which should reverse the above change. * Observe that while `/var/log/unattended-upgrades/unattended-upgrades-dpkg.log` reports `NEEDRESTART-SVC` as expected, the services in question are not actually restarted. (Again I confirmed this via `systemctl status <service>`.) [ Where problems could occur ] * There is a low chance of regressions given that the patch has been included in the packaged deb since kinetic. * Since this bug has been around for some time a number of users may have implemented workarounds in their scripts that this fix could break. * I have tested at least one workaround which was discussed on the associated github issue (https://github.com/liske/needrestart/issues/270) and confirmed that this fix does not break it. Namely running `needrestart -r a -f readline` after `unattended-upgrade` does not prompt and does not cause any additional restarts. * Someone could have been relying on the broken behavior to avoid automatic restarts. This seems unlikely, as it is directly against the described behavior of the package. [ Other Info ] Related: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/2055280 Related: https://github.com/liske/needrestart/issues/270 Related: https://github.com/liske/needrestart/pull/214 (upstream patch) The debdiff has been updated since security patches were released since juergh's upload, but the fix is substantially the same. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2004203/+subscriptions -- Mailing list: https://launchpad.net/~debcrafters-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~debcrafters-packages More help : https://help.launchpad.net/ListHelp
