[Bug 1832522] Re: openssl maintainer scripts do not trigger services restart

Launchpad Bug Tracker 1832522 at bugs.launchpad.net
Fri Jun 14 02:05:12 UTC 2019 

This bug was fixed in the package openssl - 1.1.1-1ubuntu2.1~18.04.2

---------------
openssl (1.1.1-1ubuntu2.1~18.04.2) bionic; urgency=medium

  * Cherrypick upstream patch to fix ca -spkac output to be text again.
    LP: #1828215
  * Cherrypick upstream patch to prevent over long nonces in ChaCha20-Poly1305
    CVE-2019-1543
  * Bump major version of OpenSSL in postinst to trigger services restart
    upon upgrade. Many services listed there must be restarted when
    upgrading 1.1.0 to 1.1.1. LP: #1832522

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Wed, 12 Jun 2019 00:12:47
+0100

** Changed in: openssl (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1543

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832522

Title:
  openssl maintainer scripts do not trigger services restart

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * Major libssl ugprades require services to be restarted, for them to continue to function correctly at runtime.
   * The maintainer scripts were not adjusted to trigger.

  [Test Case]

   * Install bionic from release pocket and install ssl using daemon e.g. openssh-server libapache-mod-ssl
   * Upgrade libssl1.1
   * Ensure that services that use openssl are offered to be restarted.

  [Regression Potential]

   * We are rebuilding libssl1.1 and changing maintainer scripts. Given
  that we have missed upgrade trigger, we will ask users to restart
  services again even if they may have restarted them already.

  [Other Info]
   
   * Previous major libssl upgrade issue of similar nature was
     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions

More information about the foundations-bugs mailing list