[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.

Launchpad Bug Tracker 244250 at bugs.launchpad.net
Thu Sep 15 20:00:11 UTC 2011 

This bug was fixed in the package openssl - 1.0.0e-2ubuntu1

---------------
openssl (1.0.0e-2ubuntu1) oneiric; urgency=low

  * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
    CVE-2011-3210 (LP: #850608). Remaining changes:
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification bubble on libssl1.0.0
        upgrade.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
      http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
      0.9.8 variant.
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building.  Patch from Neil Williams.
      + Don't build for processors no longer supported: i486, i586 (on
        i386), v8 (on sparc).
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
  * debian/libssl1.0.0.postinst: only display restart notification on
    servers (LP: #244250)

openssl (1.0.0e-2) unstable; urgency=low

  * Add a missing $(DEB_HOST_MULTIARCH)

openssl (1.0.0e-1) unstable; urgency=low

  * New upstream version
    - Fix bug where CRLs with nextUpdate in the past are sometimes accepted
      by initialising X509_STORE_CTX properly. (CVE-2011-3207)
    - Fix SSL memory handling for (EC)DH ciphersuites, in particular
      for multi-threaded use of ECDH. (CVE-2011-3210)
    - Add protection against ECDSA timing attacks (CVE-2011-1945)
  * Block DigiNotar certifiates.  Patch from
    Raphael Geissert <geissert at debian.org>
  * Generate hashes for all certs in a file (Closes: #628780, #594524)
    Patch from Klaus Ethgen <Klaus at Ethgen.de>
  * Add multiarch support (Closs: #638137)
    Patch from Steve Langasek / Ubuntu
  * Symbols from the gost engine were removed because it didn't have
    a linker file.  Thanks to Roman I Khimov <khimov at altell.ru>
    (Closes: #631503)
  * Add support for s390x.  Patch from Aurelien Jarno <aurel32 at debian.org>
    (Closes: #641100)
  * Add build-arch and build-indep targets to the rules file.

openssl (1.0.0d-3) unstable; urgency=low

  * Make it build on sparc64.  Patch from Aurelien Jarno.  (Closes: #626060)
  * Apply patches from Scott Schaefer <saschaefer at neurodiverse.org> to
    fix various pod and spelling errors. (Closes: #622820, #605561)
  * Add missing symbols for the engines (Closes: #623038)
  * More spelling fixes from Scott Schaefer (Closes: #395424)
  * Patch from Scott Schaefer to better document pkcs12 password options
    (Closes: #462489)
  * Document dgst -hmac option.  Patch by Thorsten Glaser <tg at mirbsd.de>
    (Closes: #529586)
 -- Steve Beattie <sbeattie at ubuntu.com>   Wed, 14 Sep 2011 22:06:03 -0700

** Changed in: openssl (Ubuntu)
       Status: Confirmed => Fix Released

** Bug watch added: OpenSSL RT #2065
   http://rt.openssl.org/Ticket/Display.html?id=2065

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1945

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3207

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3210

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/244250

Title:
  Spurious reboot notifications caused by libssl upgrades.

Status in “openssl” package in Ubuntu:
  Fix Released

Bug description:
  The postinst script for libssl0.9.8 currently has a bug where it sends
  a reboot notifcation whenever libssl is configured.  So reconfiguring
  libssl0.9.8 or even just installing libssl0.9.8 will result in a
  reboot notification.  Sending of the reboot notification should
  definitely be moved inside the upgrading guard.  The correct fix is
  likely to move it inside a version comparison guard for particular
  important updates like Colin suggests below -- this is what every
  other standard package using notify-reboot-required does.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions

More information about the foundations-bugs mailing list