From 59fef4c47ec96d7c10db3b8c24790142018f131c Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@mengyan1223.wang>
Date: Sun, 16 May 2021 02:52:59 +0800
Subject: [PATCH] generalize ken's note for shared library update, ...

and move it into package management section
---
 chapter08/openssl.xml | 13 ++-----------
 chapter08/pkgmgt.xml  | 21 ++++++++++++++++++++-
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml
index b96c355f7..d1690efc6 100644
--- a/chapter08/openssl.xml
+++ b/chapter08/openssl.xml
@@ -90,19 +90,10 @@ make MANSUFFIX=ssl install</userinput></screen>
 
       <para>
         However, any running programs linked to those libraries need to be stopped
-        and restarted. The following command, run as
-        <systemitem class="username">root</systemitem> after udating, will list what is
-        using the old versions of those libraries:
+        and restarted. Read the related entries in
+        <xref linkend='pkgmgmt-upgrade-issues'/> for details.
       </para>
 
-<screen><userinput role="nodump">grep -l  -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps |
-   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
-
-      <para>
-        If you used <application>OpenSSH</application> to login to the system, you
-        need to logout, login again, and rerun that command to confirm nothing is
-        still using the deleted libraries.
-      </para>
     </note>
 
   </sect2>
diff --git a/chapter08/pkgmgt.xml b/chapter08/pkgmgt.xml
index 6c628c3d6..809421c3f 100644
--- a/chapter08/pkgmgt.xml
+++ b/chapter08/pkgmgt.xml
@@ -41,7 +41,7 @@
   the <ulink url="&hints-root;">Hints Project</ulink> and see if one of them
   fits your need.</para>
 
-  <sect2>
+  <sect2 id='pkgmgmt-upgrade-issues'>
     <title>Upgrade Issues</title>
 
     <para>A Package Manager makes it easy to upgrade to newer versions when they
@@ -91,6 +91,25 @@
       you have to downgrade a package, or the package changes the versioning
       scheme of library files suddenly.</para> </listitem>
 
+      <listitem> <para>If a package containing a shared library is updated,
+      and the name of library doesn't change, but a severe issue
+      (especially, a security vulnerability) is fixed, all running programs
+      linked to the shared library should be restarted.  The following
+      command, run as <systemitem class="username">root</systemitem> after
+      updating, will list what is using the old versions of those libraries
+      (replace <replaceable>libfoo</replaceable> with the name of the
+      library):</para>
+
+<screen><userinput role="nodump">grep -l  -e '<replaceable>libfoo</replaceable>.*deleted' /proc/*/maps |
+   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
+
+      <para>
+        If <application>OpenSSH</application> is being used for accessing
+        the system and it is linked to the updated library, you need to
+        restart <command>sshd</command> service, then logout, login again,
+        and rerun that command to confirm nothing is still using the
+        deleted libraries.
+      </para></listitem>
     </itemizedlist>
 
   </sect2>