[Bug 2084571] Re: needrestart: container restart is broken
** Merge proposal linked: https://code.launchpad.net/~r41k0u/ubuntu/+source/needrestart/+git/needrestart/+merge/478237 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
** Merge proposal unlinked: https://code.launchpad.net/~r41k0u/ubuntu/+source/needrestart/+git/needrestart/+merge/478237 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
** Merge proposal linked: https://code.launchpad.net/~r41k0u/ubuntu/+source/needrestart/+git/needrestart/+merge/478237 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
This bug was fixed in the package needrestart - 3.6-7ubuntu4.3 --- needrestart (3.6-7ubuntu4.3) noble-security; urgency=medium * SECURITY UPDATE: incorrect usage of PYTHONPATH environment variable - debian/patches/CVE-2024-48990.patch: chdir to a clean directory to avoid loading arbirary objects, sanitize PYTHONPATH before spawning a new python interpreter - CVE-2024-48990 * SECURITY UPDATE: race condition for checking path to python - debian/patches/CVE-2024-48991.patch: sync path for both check and usage for python interpreter - CVE-2024-48991 * SECURITY UPDATE: incorrect usage of RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: chdir to a clean directory to avoid loading arbirary objects, sanitize RUBYLIB before spawning a new ruby interpreter - CVE-2024-48992 * SECURITY UPDATE: incorrect usage of Perl ScanDeps - debian/patches/CVE-2024-11003.patch: remove usage of ScanDeps to avoid parsing arbitrary code - CVE-2024-11003 -- Sudhakar Verma Thu, 14 Nov 2024 14:59:09 +0530 ** Changed in: needrestart (Ubuntu Noble) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-11003 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48990 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48991 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48992 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
This bug was fixed in the package needrestart - 3.6-8ubuntu5 --- needrestart (3.6-8ubuntu5) plucky; urgency=medium * Fix container handling (LP: #2084571) - d/p/ubuntu-mode.patch: make sure containers aren't restarted from APT - d/p/lp2084571/0019-container-fix-always-ignoring-lxc-lxd-instances-regr.patch: cherry-picked fix from upstream. -- Simon Chopin Tue, 15 Oct 2024 17:56:08 +0200 ** Changed in: needrestart (Ubuntu Plucky) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
removing the block-proposed tag for plucky ** Tags removed: block-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
** Changed in: needrestart (Ubuntu Plucky) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
uploads to plucky are accepted now. ** Changed in: needrestart (Ubuntu Noble) Status: New => Fix Committed ** Tags added: verification-needed-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
Hello Simon, or anyone else affected, Accepted needrestart into oracular-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu4.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- oracular to verification-done-oracular. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-oracular. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Description changed: [ Impact ] needrestart supports restarting containers with outdated binaries when running in the context of the hypervisor, however said support appears to be broken in Noble and Oracular. While we do not want to handle containers as part of the APT-triggered restarts, the user might rely on that particular feature in their own scripts. This will get fixed by backporting an upstream fix, as well as amending the Ubuntu-mode patch. [ Test plan ] ``` apt install -t noble-proposed needrestart lxc launch ubuntu-daily:noble to-be-restarted lxc exec to-be-restarted touch /tmp/restart-marker lxc exec to-be-restarted apt remove needrestart # we don't want it to restart outdated services from within the container! lxc exec to-be-restarted apt reinstall libc6 # should make a whole lot of things outdated. apt reinstall libc-bin # the actual package doesn't matter, we just want the needrestart hook in an APT context - sleep 3 # to be sure, wait a bit for any container restart to take effect + sleep 3 # to be sure, wait a bit for any container restart to take effect (but there should be none) lxc exec to-be-restarted stat /tmp/restart-marker # This is SUPPOSED TO WORK, we don't want the APT hook to touch containers needrestart -r a sleep 3 # to make sure any restart has time to take effect lxc exec to-be-restarted stat /tmp/restart-marker # This is SUPPOSED TO FAIL, the container should have restarted. ``` [ Where problems could occur ] While the "Ubuntu mode" code is touched to avoid restarting containers, errors in that code could lead to us restarting user containers during unattended-upgrades, hence the relevant test in the test plan. ** Description changed: [ Impact ] needrestart supports restarting containers with outdated binaries when running in the context of the hypervisor, however said support appears to be broken in Noble and Oracular. While we do not want to handle containers as part of the APT-triggered restarts, the user might rely on that particular feature in their own scripts. This will get fixed by backporting an upstream fix, as well as amending the Ubuntu-mode patch. [ Test plan ] ``` apt install -t noble-proposed needrestart lxc launch ubuntu-daily:noble to-be-restarted lxc exec to-be-restarted touch /tmp/restart-marker lxc exec to-be-restarted apt remove needrestart # we don't want it to restart outdated services from within the container! lxc exec to-be-restarted apt reinstall libc6 # should make a whole lot of things outdated. apt reinstall libc-bin # the actual package doesn't matter, we just want the needrestart hook in an APT context sleep 3 # to be sure, wait a bit for any container restart to take effect (but there should be none) lxc exec to-be-restarted stat /tmp/restart-marker # This is SUPPOSED TO WORK, we don't want the APT hook to touch containers needrestart -r a - sleep 3 # to make sure any restart has time to take effect + sleep 3 # to make sure any restart has time to take effect (there should be none) lxc exec to-be-restarted stat /tmp/restart-marker # This is SUPPOSED TO FAIL, the container should have restarted. ``` [ Where problems could occur ] While the "Ubuntu mode" code is touched to avoid restarting containers, errors in that code could lead to us restarting user containers during unattended-upgrades, hence the relevant test in the test plan. ** Description changed: [ Impact ] needrestart supports restarting containers with outdated binaries when running in the context of the hypervisor, however said support appears to be bro
[Bug 2084571] Re: needrestart: container restart is broken
** Changed in: needrestart (Ubuntu Noble) Importance: Undecided => Medium ** Also affects: needrestart (Ubuntu Plucky) Importance: Medium Assignee: Simon Chopin (schopin) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
** Also affects: needrestart (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: needrestart (Ubuntu Oracular) Importance: Medium Assignee: Simon Chopin (schopin) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2084571] Re: needrestart: container restart is broken
Since the archive is in limbo I'm uploading the SRUs to the queues but tag as block-proposed to be 100% sure this doesn't make it to any release pocket before I get the fix in plucky. ** Tags added: block-proposed block-proposed-noble block-proposed- oracular -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084571 Title: needrestart: container restart is broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2084571/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
