generalize ken's note for shared library update, ...

and move it into package management section
2025-03-05 22:04:48 +00:00 · 2021-05-16 02:52:59 +08:00 · 2021-05-16 02:52:59 +08:00 · 59fef4c47e
commit 59fef4c47e
parent 80838616e5
2 changed files with 22 additions and 12 deletions
--- a/chapter08/openssl.xml
+++ b/chapter08/openssl.xml
@ -90,19 +90,10 @@ make MANSUFFIX=ssl install</userinput></screen>

      <para>
        However, any running programs linked to those libraries need to be stopped
-        and restarted. The following command, run as
-        <systemitem class="username">root</systemitem> after udating, will list what is
-        using the old versions of those libraries:
+        and restarted. Read the related entries in
+        <xref linkend='pkgmgmt-upgrade-issues'/> for details.
      </para>

-<screen><userinput role="nodump">grep -l  -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps |
-   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
-
-      <para>
-        If you used <application>OpenSSH</application> to login to the system, you
-        need to logout, login again, and rerun that command to confirm nothing is
-        still using the deleted libraries.
-      </para>
    </note>

  </sect2>
--- a/chapter08/pkgmgt.xml
+++ b/chapter08/pkgmgt.xml
@ -41,7 +41,7 @@
  the <ulink url="&hints-root;">Hints Project</ulink> and see if one of them
  fits your need.</para>

-  <sect2>
+  <sect2 id='pkgmgmt-upgrade-issues'>
    <title>Upgrade Issues</title>

    <para>A Package Manager makes it easy to upgrade to newer versions when they
@ -91,6 +91,25 @@
      you have to downgrade a package, or the package changes the versioning
      scheme of library files suddenly.</para> </listitem>

+      <listitem> <para>If a package containing a shared library is updated,
+      and the name of library doesn't change, but a severe issue
+      (especially, a security vulnerability) is fixed, all running programs
+      linked to the shared library should be restarted.  The following
+      command, run as <systemitem class="username">root</systemitem> after
+      updating, will list what is using the old versions of those libraries
+      (replace <replaceable>libfoo</replaceable> with the name of the
+      library):</para>
+
+<screen><userinput role="nodump">grep -l  -e '<replaceable>libfoo</replaceable>.*deleted' /proc/*/maps |
+   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
+
+      <para>
+        If <application>OpenSSH</application> is being used for accessing
+        the system and it is linked to the updated library, you need to
+        restart <command>sshd</command> service, then logout, login again,
+        and rerun that command to confirm nothing is still using the
+        deleted libraries.
+      </para></listitem>
    </itemizedlist>

  </sect2>