diff options
| author | Xi Ruoyao <xry111@mengyan1223.wang> | 2021-05-16 02:52:59 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@mengyan1223.wang> | 2021-05-16 02:55:02 +0800 |
| commit | 59fef4c47ec96d7c10db3b8c24790142018f131c (patch) | |
| tree | 1d433413caf3b46c035cc3805fff2bbe933a0921 /chapter08 | |
| parent | 80838616e5a049e80efda352f5cf91a2fd22ea66 (diff) | |
generalize ken's note for shared library update, ...
and move it into package management section
Diffstat (limited to 'chapter08')
| -rw-r--r-- | chapter08/openssl.xml | 13 | ||||
| -rw-r--r-- | chapter08/pkgmgt.xml | 21 |
2 files changed, 22 insertions, 12 deletions
diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml index b96c355f7..d1690efc6 100644 --- a/chapter08/openssl.xml +++ b/chapter08/openssl.xml @@ -90,19 +90,10 @@ make MANSUFFIX=ssl install</userinput></screen> <para> However, any running programs linked to those libraries need to be stopped - and restarted. The following command, run as - <systemitem class="username">root</systemitem> after udating, will list what is - using the old versions of those libraries: + and restarted. Read the related entries in + <xref linkend='pkgmgmt-upgrade-issues'/> for details. </para> -<screen><userinput role="nodump">grep -l -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps | - tr -cd 0-9\\n | xargs -r ps u</userinput></screen> - - <para> - If you used <application>OpenSSH</application> to login to the system, you - need to logout, login again, and rerun that command to confirm nothing is - still using the deleted libraries. - </para> </note> </sect2> diff --git a/chapter08/pkgmgt.xml b/chapter08/pkgmgt.xml index 6c628c3d6..809421c3f 100644 --- a/chapter08/pkgmgt.xml +++ b/chapter08/pkgmgt.xml @@ -41,7 +41,7 @@ the <ulink url="&hints-root;">Hints Project</ulink> and see if one of them fits your need.</para> - <sect2> + <sect2 id='pkgmgmt-upgrade-issues'> <title>Upgrade Issues</title> <para>A Package Manager makes it easy to upgrade to newer versions when they @@ -91,6 +91,25 @@ you have to downgrade a package, or the package changes the versioning scheme of library files suddenly.</para> </listitem> + <listitem> <para>If a package containing a shared library is updated, + and the name of library doesn't change, but a severe issue + (especially, a security vulnerability) is fixed, all running programs + linked to the shared library should be restarted. The following + command, run as <systemitem class="username">root</systemitem> after + updating, will list what is using the old versions of those libraries + (replace <replaceable>libfoo</replaceable> with the name of the + library):</para> + +<screen><userinput role="nodump">grep -l -e '<replaceable>libfoo</replaceable>.*deleted' /proc/*/maps | + tr -cd 0-9\\n | xargs -r ps u</userinput></screen> + + <para> + If <application>OpenSSH</application> is being used for accessing + the system and it is linked to the updated library, you need to + restart <command>sshd</command> service, then logout, login again, + and rerun that command to confirm nothing is still using the + deleted libraries. + </para></listitem> </itemizedlist> </sect2> |