Bug#184036: libc6: xscreensaver can no longer authenticate me

To: Anthony DeRobertis <asd@suespammers.org>, 184036@bugs.debian.org
Subject: Bug#184036: libc6: xscreensaver can no longer authenticate me
From: GOTO Masanori <gotom@debian.or.jp>
Date: Thu, 13 Mar 2003 09:03:08 +0900
Message-id: <[🔎] 80hea85e0z.wl@oris.opensource.jp>
Reply-to: GOTO Masanori <gotom@debian.or.jp>, 184036@bugs.debian.org
In-reply-to: <[🔎] 956C6AAA-5316-11D7-B26E-00039317863E@suespammers.org>
References: <[🔎] 80llzn6ya3.wl@oris.opensource.jp> <[🔎] 956C6AAA-5316-11D7-B26E-00039317863E@suespammers.org>

At Mon, 10 Mar 2003 11:37:29 -0500,
Anthony DeRobertis wrote:
> On Monday, March 10, 2003, at 10:23 AM, GOTO Masanori wrote:
> > At Mon, 10 Mar 2003 08:17:08 -0500,
> > Anthony DeRobertis wrote:
> >> On Sunday, March 9, 2003, at 07:09 PM, GOTO Masanori wrote:
> >>>> Everything that does authentication needs to be restarted after the
> >>>> glibc upgrade, correct?
> >>>
> >>> I think "yes".
> >>>
> >>> So we're warning with libc6 upgrade in postinst.  Moreover, upgrading
> >>> libc6 from 2.2 to 2.3 (or upgrade everytime, ideally) should need
> >>> system restart.  Unfortunately, there is no way to fix it.
> >>
> >> There probably is a way to fix it, or at least I hope there is!
> >> Otherwise, upgrading from woody to sarge is going to be a real mess.
> >
> > Well, I also would like to know the better answer...
> 
> Early in #165358, in <80smz1vkq2.wl@oris.opensource.jp>, you (GOTO 
> Masanori) mentioned bumping the libnss* versions up:
> 
>      "IMHO, one way to fix it is bumping up glibc nss version,
>       because breaking ABI back compatibility always change its
>       lib.so version (Of course, it needs upstream decision).
>       Thus, libnss_files.so.3 -> libnss_files-2.3.1.so (Don't
>       test unless you know what is occured)."
> 
> I haven't been able to find anything more about this; is there some 
> reason it wouldn't work? (if both versions of the libnss stuff were 
> kept around, of course)

I'm afraid to lose some compatibilities - before we bump up the libnss
version, we have to clear and investigate what is the problem.  If
someone try to do it, I would like to know the result.

> > 	Bug#165258: libc6: Should restart services when upgrading from 
> > versions prior to 2.3
> > 	Bug#165358: libc6 2.3.1-1 breaks fetchmail/exim (and others?)
> 
> And I participated in those two threads, and couldn't find them...
> 
> > 	Bug#165375: libc6: cannot login using ssh
> 
> Hmmm, bug number typo...

Err, I'm sorry.

> > BTW, do you think adding some warning for libc6 postinst as follows
> > until we have a right fix:
> 
> s/postinst/preinst/ (I assume that's what you meant)

Oh, yes.

> >   "Note that you should not upgrade glibc if your display shows xdm,
> >   kdm or xscreensaver.  Upgrading causes you not to login at all.  If
> >   you force to update, please restart them."
> 
> Same problem with gdm. I ran into it, and didn't file that bug because 
> someone else already had. I bet xlock has the same problem as well. 
> Probably vlock, too. So, the warning needs to be pretty broad. Also, 
> it's a tad bit awkward, maybe:
> 
> "Please note that any program that does lookups through the name 
> service switch (usernames, passwords, groups, hostnames, etc.) will 
> need to be restarted after this upgrade. You will be prompted to 
> restart some of them, but there are many others.
> 
> "Some programs which you must handle manually include X display 
> managers such as xdm, kdm, and gdm; X screen savers (if set to lock the 
> display); and console locking programs like vlock. To be on the 
						     ^ If you want to be...
> absolute safe side, you should reboot after installing this upgrade.
>
> "If you do not restart these programs, you won't be able to log in 
> through or unlock them.

It seems fine.  I agree.  It may need below modification to glibc:

	* postinst restart script is moved to preinst
	* Some message are added

Jeff (he made this restarting script), is it OK?  I plan to work it.

> Do you wish to continue? (N/y)"

Hmm, it's conservative.  Hitting enter key fails upgrade.  If user
wants to stop their xdm or kdm, s/he hits "N".  But in many case user
does not need to restart them (because they login to their machine via
network).  I believe a lot of users are not stupid.  So I think [Y/n]
makes sense further.

> Yes, it's a rather long note, and I'm sure I've missed a few programs. 
> I wonder if it breaks Mozilla; due to my X-death I didn't get to find 
> out. If it does, I guess web browsers should be added. And if it does, 
> then I'm sure things like squid and privoxy are in trouble too. And I 
> guess I left out samba...

Well, if we start to argue such things, we have to care about a bunch
of programs using libc6 - it's hard.  I think if we can achieve
"workaround", we can say it's ok.

Regards,
-- gotom

Reply to:

Follow-Ups:
- Bug#184036: libc6: xscreensaver can no longer authenticate me
  - From: GOTO Masanori <gotom@debian.or.jp>

References:
- Bug#184036: libc6: xscreensaver can no longer authenticate me
  - From: GOTO Masanori <gotom@debian.or.jp>
- Bug#184036: libc6: xscreensaver can no longer authenticate me
  - From: Anthony DeRobertis <asd@suespammers.org>

Prev by Date: Re: cvs commit to glibc-package/debian by gotom
Next by Date: Re: cvs commit to glibc-package/debian by gotom
Previous by thread: Bug#184036: libc6: xscreensaver can no longer authenticate me
Next by thread: Bug#184036: libc6: xscreensaver can no longer authenticate me
Index(es):
- Date
- Thread