[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
The reason I want to remove the code is that it wasn't meant for Desktop. It works on Desktop when using wayland but this is was definitely not the intent back then. As I say in https://code.launchpad.net/~adrien/ubuntu/+source/openssl/+git/openssl/+merge/466581 , I don't think the postinst can be fixed due the behavior not having been specified: you can't fix something if the intent is unknown. I am saddened that needrestart is not on desktop machines but on the other hand, the code has probably never really worked fine for the past 10 or 15 years. It's not like we would be removing something that works in favor of something that isn't ready. By the way, I run a server install on my laptop unfortunately so I experience the needrestart path. That being said, I've only heard complaints about the current postinst. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Well, we're not in the world of needrestart just yet, it's only seeded in Server. On Thu, 30 May 2024, 04:20 Seth Arnold, <244...@bugs.launchpad.net> wrote: > Adrien, thanks so much for digging into this again. > > This is so very complicated, why does openssl need special handling in > the world of needrestart? My inclination is to remove all this > complexity and address any shortcomings of needrestart in the > needrestart package. Am I off base? > > Thanks > > -- > You received this bug notification because you are subscribed to openssl > in Ubuntu. > https://bugs.launchpad.net/bugs/244250 > > Title: > Spurious reboot notifications caused by libssl upgrades. > > Status in openssl package in Ubuntu: > Fix Released > > Bug description: > The postinst script for libssl0.9.8 currently has a bug where it sends > a reboot notifcation whenever libssl is configured. So reconfiguring > libssl0.9.8 or even just installing libssl0.9.8 will result in a > reboot notification. Sending of the reboot notification should > definitely be moved inside the upgrading guard. The correct fix is > likely to move it inside a version comparison guard for particular > important updates like Colin suggests below -- this is what every > other standard package using notify-reboot-required does. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions > > Launchpad-Notification-Type: bug > Launchpad-Bug: distribution=ubuntu; sourcepackage=openssl; component=main; > status=Fix Released; importance=Undecided; assignee= > marc.deslauri...@canonical.com; > Launchpad-Bug-Tags: glucid lucid > Launchpad-Bug-Information-Type: Public > Launchpad-Bug-Private: no > Launchpad-Bug-Security-Vulnerability: no > Launchpad-Bug-Commenters: adrien andersk cjwatson > iamnotwhatiam-deactivatedaccount janitor khaled-blah mdeslaur > nutznboltz-deactivatedaccount seth-arnold tabbott tbushnell tepples > Launchpad-Bug-Reporter: i am not what i am > (iamnotwhatiam-deactivatedaccount) > Launchpad-Bug-Modifier: Seth Arnold (seth-arnold) > Launchpad-Message-Rationale: Subscriber (openssl in Ubuntu) > Launchpad-Message-For: schopin > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Adrien, thanks so much for digging into this again. This is so very complicated, why does openssl need special handling in the world of needrestart? My inclination is to remove all this complexity and address any shortcomings of needrestart in the needrestart package. Am I off base? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
I did some archeology because I'm trying to get rid of the Ubuntu delta compared to Debian. I think the code change in 1.0.0e-2ubuntu3 is problematic. No blame: the shell script was already hairy and difficult to understand and in order to spot that, I had to identify a chunk of dead code, remove it, and come back on the script again months later. In short, I'm going to drop the postinst. The current code is easier to read as it's shorter: if [ "$1" = "configure" ] then if [ ! -z "$2" ] && [ ! -x /usr/lib/needrestart/apt-pinvoke ] ; then if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi fi fi IOW, apt-pinvoke must be chmod -x (i.e. we're on Desktop), X must not be running (i.e. we're on Server), then we'll call notify-reboot-required. Of course, with wayland now, you could be on desktop with a GUI and pass the pidof test. Still, that's not the intent and wasn't. Pidof is a poor proxy and I'll rather remove the code than add another special case. I could _maybe_ be convinced of removing the pidof test but keeping the apt-pinvoke one though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
A web server is supposed to retrieve data from database, run application logic, write back to database if needed, write an HTML document or JSON object to output, and wait for the next request. Ideally, it's stateless between requests. A desktop application, on the other hand, is more likely to have a lot of state in RAM that isn't persisted to the file system. In particular, you can't "simply restart" a web browser because when a browser restarts, it retrieves the HTML document open in each tab as if the user had navigated to it again. This incurs data loss in two ways: 1. If the user is offline, pages open in tabs for later reading will be replaced with "Cannot find server" error pages. (Chromium, for example, shows the "downasaur" minigame.) I often do this on my laptop so that I have something to read while riding the bus to work or wherever. 2. Several web applications, such as comment composition forms on Slashdot, lose DOM state if closed. When the browser navigates to the page again, the DOM is reset to what it was when the page was first opened, and the comment that the user was composing is lost. I imagine any webmail site that doesn't automatically save drafts in the background has the same problem, and even those that do save drafts will have a problem if the user is offline and the site doesn't use a Service Worker. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@mdeslaur: Thank you for your reply! Does that mean that it is supposed to happen on an Ubuntu server system? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@khaled-blah: yes, on a server, it should do the usual and add a reboot required blurb to the motd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@mdeslaur: Again, thank you for your reply! Pardon my ignorance but I've never quite understood why that is - why is an update of libssl different from an update of other libs where you can simply restart the depending applications/daemons? And why is it different on a desktop? Maybe these questions require lengthy answers so if you could point me in a direction where I read up on these questions I'd be very grateful. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
On Ubuntu 14.04 this bug still persists. Is there any reason why libssl would require different treatment than other libraries? I.e. why wouldn't it suffice to restart services depending on libssl or libcrypto? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@khaled-blah: please file a new bug, you are not supposed to see reboot notifications when openssl gets upgraded on a desktop system. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
The problem still exists. Xubuntu 11.10 on a desktop, the only application with an open window that is obviously using SSL is Firefox, the only update was for libssl and openssl, and Update Manager still tells me a reboot is required. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Agreed. It really doesn't make sense to issue the reboot-required notification when we aren't doing the whole restart-services dance. I'll look at the branch you proposed for this. ** Changed in: openssl (Ubuntu) Status: Fix Released = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
This bug was fixed in the package openssl - 1.0.0e-2ubuntu3 --- openssl (1.0.0e-2ubuntu3) oneiric; urgency=low * Only issue a restart required notification on important upgrades, and not other actions such as reconfiguration or initial installation. (LP: #244250) -- Anders Kaseorg ande...@mit.edu Tue, 04 Oct 2011 13:33:35 +0100 ** Changed in: openssl (Ubuntu) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Actually, we do want a reboot notification when we issue security updates. When we issue security updates, we don't enter the major upgrade section, as we don't want the update to automatically restart services, but we do want the sysadmin to perform a planned reboot/service restart as the running services will be using a vulnerable openssl. I'm upload a fix to move the notification to the upgrade section instead of the major upgrade section. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
On Tue, Oct 4, 2011 at 3:37 PM, Marc Deslauriers marc.deslauri...@canonical.com wrote: Actually, we do want a reboot notification when we issue security updates. When we issue security updates, we don't enter the major upgrade section, as we don't want the update to automatically restart services, but we do want the sysadmin to perform a planned reboot/service restart as the running services will be using a vulnerable openssl. I'm upload a fix to move the notification to the upgrade section instead of the major upgrade section. No, this is fundamentally incorrect. This would be ok *only *if you had some sensible isolation between servers and clients. It is ridiculous that user workstations running no servers at all get told to reboot because of a security change to ssl. We had to engineer a whole system to prevent the reboot notifications from being honored on our workstations because the have been so sloppily and carelessly set, with incorrect reasoning like this. *Any *library could need a security update; *any *library could have a security update which is relevant to running services, and it is *not *correct to force reboots on every package install merely because *sometimes *on *some *systems it might be necessary for the security fix. We do not force reboots when firefox gets a security fix, or sh, or ... and that's the right thing. openssl is *not *different than the rest of these. Thomas -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
We've already removed reboot notifications from openssl on desktops, I'm just talking about servers. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
How do you distinguish a server from a desktop, and what about servers that don't run ssl-using daemons? Thomas On Oct 4, 2011 2:05 PM, Marc Deslauriers marc.deslauri...@canonical.com wrote: We've already removed reboot notifications from openssl on desktops, I'm just talking about servers. -- You received this bug notification because you are a member of Goobuntu Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. Status in “openssl” package in Ubuntu: Fix Released Bug description: The postinst script for libssl0.9.8 currently has a bug where it sends a reboot notifcation whenever libssl is configured. So reconfiguring libssl0.9.8 or even just installing libssl0.9.8 will result in a reboot notification. Sending of the reboot notification should definitely be moved inside the upgrading guard. The correct fix is likely to move it inside a version comparison guard for particular important updates like Colin suggests below -- this is what every other standard package using notify-reboot-required does. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Right now, the best way we have of determining if we're a server or a desktop is to check if X is running. It's not ideal, and suggestions are welcome. We need a way for sysadmins to get notifications that some of the major automatic updates they are installing, such as openssl and the kernel, require services and/or the system to get restarted after a security update. The mechanism we have now is the reboot notification tool. I agree that a lot of libraries can have security issues also, and in fact, most of the server packages will gracefully restart when they get security updates. For openssl, and a few other select libraries, things are different. Security issues in openssl usually are of importance for network servers, and automatically restarting all the running daemons isn't an option, especially since the server could be running software that wasn't installed from packages in the archive. In this case, the reboot notification indicates to the sysadmin that manual intervention is needed. If the sysadmin decides that nothing on his server is affected, he can simply remove the reboot notification file. Yes, this solution is far from perfect, but the alternative is to disable notifications completely, which is not a viable option. I am completely open to suggestions on improving this process and having a discussion with you, outside of this bug, to have your ideas on how it could be done in a way which would satisfy the majority of our users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
On Wed, Oct 5, 2011 at 12:54 AM, Marc Deslauriers marc.deslauri...@canonical.com wrote: Right now, the best way we have of determining if we're a server or a desktop is to check if X is running. It's not ideal, and suggestions are welcome. I think my question is suggesting that there really isn't a principled distinction between desktop and server for things like this. We need a way for sysadmins to get notifications that some of the major automatic updates they are installing, such as openssl and the kernel, require services and/or the system to get restarted after a security update. The mechanism we have now is the reboot notification tool. It's the right tool, but the correct approach is the standard one: Debian packages should do in-place upgrades, except the kernel. With libc much work was spent figuring out what to restart and how, and it works. openssl should do the same thing. I agree that a lot of libraries can have security issues also, and in fact, most of the server packages will gracefully restart when they get security updates. For openssl, and a few other select libraries, things are different. Security issues in openssl usually are of importance for network servers, and automatically restarting all the running daemons isn't an option, especially since the server could be running software that wasn't installed from packages in the archive. In this case, the reboot notification indicates to the sysadmin that manual intervention is needed. If the sysadmin decides that nothing on his server is affected, he can simply remove the reboot notification file. Yes, this solution is far from perfect, but the alternative is to disable notifications completely, which is not a viable option. Not running X doesn't mean that someone is running ssl servers, right? Why not look for ssl servers, specifically, and only if there are ssl servers running, call for the reboot? Thomas -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
This bug was fixed in the package openssl - 1.0.0e-2ubuntu1 --- openssl (1.0.0e-2ubuntu1) oneiric; urgency=low * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and CVE-2011-3210 (LP: #850608). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification bubble on libssl1.0.0 upgrade. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. * debian/libssl1.0.0.postinst: only display restart notification on servers (LP: #244250) openssl (1.0.0e-2) unstable; urgency=low * Add a missing $(DEB_HOST_MULTIARCH) openssl (1.0.0e-1) unstable; urgency=low * New upstream version - Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. (CVE-2011-3207) - Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. (CVE-2011-3210) - Add protection against ECDSA timing attacks (CVE-2011-1945) * Block DigiNotar certifiates. Patch from Raphael Geissert geiss...@debian.org * Generate hashes for all certs in a file (Closes: #628780, #594524) Patch from Klaus Ethgen kl...@ethgen.de * Add multiarch support (Closs: #638137) Patch from Steve Langasek / Ubuntu * Symbols from the gost engine were removed because it didn't have a linker file. Thanks to Roman I Khimov khi...@altell.ru (Closes: #631503) * Add support for s390x. Patch from Aurelien Jarno aure...@debian.org (Closes: #641100) * Add build-arch and build-indep targets to the rules file. openssl (1.0.0d-3) unstable; urgency=low * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060) * Apply patches from Scott Schaefer saschae...@neurodiverse.org to fix various pod and spelling errors. (Closes: #622820, #605561) * Add missing symbols for the engines (Closes: #623038) * More spelling fixes from Scott Schaefer (Closes: #395424) * Patch from Scott Schaefer to better document pkcs12 password options (Closes: #462489) * Document dgst -hmac option. Patch by Thorsten Glaser t...@mirbsd.de (Closes: #529586) -- Steve Beattie sbeat...@ubuntu.com Wed, 14 Sep 2011 22:06:03 -0700 ** Changed in: openssl (Ubuntu) Status: Confirmed = Fix Released ** Bug watch added: OpenSSL RT #2065 http://rt.openssl.org/Ticket/Display.html?id=2065 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1945 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3207 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3210 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
This bug is not fixed. It’s still the case that libssl1.0.0 generates a spurious reboot notification during reconfiguration, on initial installation, and on non-critical upgrades, as originally reported. The only change in 1.0.0e-2ubuntu1 is that this no longer happens at all on systems running /usr/bin/X (even for critical upgrades!). Please reopen this bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
** Branch linked: lp:~sbeattie/ubuntu/oneiric/openssl/lp850608 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
** Changed in: openssl (Ubuntu) Assignee: Luke Yelavich (themuso) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
** Tags added: glucid lucid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Still seen on my 8.04 development workstation and my 10.10 laptop. Based on Colin Watson's comment, I guess it should work like this: 1. Automatically restart services that depend on SSL, just as we do when the services' packages are upgraded. 2. Give a logout recommended notice (not a reboot required notice) to any user using a desktop environment that depends on SSL. 3. Give an application restart recommended notice to any user using an application that depends on SSL, much as we currently do after upgrading Firefox. Logging out and back in is disruptive to the end user's work flow, but at least doing so is less disruptive than restarting, especially on a machine that takes a long time to POST and that is suspended more often than shut down. I almost feel like reporting this as a paper cut. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
I've changed the description to more precisely characterize the actionable problem here, namely a buggy postinst script that sends spurious reboot notifications. ** Summary changed: - reboot every single update in the past month on ubuntu hardy nearly. massively decreasing my uptime. + Spurious reboot notifications caused by libssl upgrades. ** Description changed: - I have been asked to reboot after every single update in the past month - on ubuntu hardy nearly. I find this very typical of windows and - microsoft behavior ( except they only update on tuesdays). How can you - justify a reboot after i just updated today (see below for the - packages). - - Setting up libruby1.8 (1.8.6.111-2ubuntu1.1) ... - - Setting up openssl (0.9.8g-4ubuntu3.3) ... - - Setting up ruby1.8 (1.8.6.111-2ubuntu1.1) ... - Setting up samba-common (3.0.28a-1ubuntu4.3) ... - - Setting up smbclient (3.0.28a-1ubuntu4.3) ... - Setting up samba (3.0.28a-1ubuntu4.3) ... - * Starting Samba daemons[ OK ] - - Setting up samba-doc (3.0.28a-1ubuntu4.3) ... - - Setting up libsmbclient (3.0.28a-1ubuntu4.3) ... - - - - - Surely that openssl bug was fixed a while ago. If some one can provide a good reason for all these reboots I will close this. I wish to remind everyone that rebooting after each update is not a good sign. + The postinst script for libssl0.9.8 currently has a bug where it sends a + reboot notifcation whenever libssl is configured. So reconfiguring + libssl0.9.8 or even just installing libssl0.9.8 will result in a reboot + notification. Sending of the reboot notification should definitely be + moved inside the upgrading guard. The correct fix is likely to move it + inside a version comparison guard for particular important updates like + Colin suggests below -- this is what every other standard package using + notify-reboot-required does. ** Changed in: openssl (Ubuntu) Status: New = Confirmed -- Spurious reboot notifications caused by libssl upgrades. https://bugs.launchpad.net/bugs/244250 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs