forked from liske/needrestart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
877 lines (758 loc) · 38.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
needrestart 3.8
* Security:
- [Core] CVE-2024-48991: Prevent race condition on /proc/$PID/exec evaluation.
(responsibly reported by Qualys)
- [Interp] CVE-2024-11003: Drop usage of Module::ScanDeps to prevent LPE.
(responsibly reported by Qualys)
- [Interp] CVE-2024-48990: Do not set PYTHONPATH environment variable to prevent a LPE.
(responsibly reported by Qualys)
- [Interp] CVE-2024-48992: Do not set RUBYLIB environment variable to prevent a LPE.
(responsibly reported by Qualys)
* Features:
- [CONT] Add Incus support.
(github pull request #315 by Colin Watson @cjwatson)
* Changes:
- [Core] Refactor device number comparison to be independent of leading zeros.
(closes #286)
- [Interp] Enable ruby check for versioned ruby binary names.
(suggested by Qualys)
- [Interp] Chdir into empty directory to prevent python parsing arbitrary files.
(motivated by Qualys)
* Fixes:
- [VM] Fix spelling mistake.
(github pull request #309 by @fritz-fritz)
- [Core] Make OpenMetrics output prometheus compatible.
(github pull request #311 by Gabriel Filion @lelutin)
- [uCode] Fix error handling logic being dependent on debug level.
(github pull request #313 by Aristarkh Zagorodnikov @onyxmaster)
- [Core] Fix "Use of uninitialized value $sdev in right bitshift".
(github pull request #314 by Aristarkh Zagorodnikov @onyxmaster)
This release contains some critical security fixes in the interpreter module.
While the default configuration was vulnerable it is possible to migitate
the issues by disabling the interpeter heuristic: `$nrconf{interpscan} = 0;`
All CVEs received a CVSS core of:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]
Qualys Security Advisory:
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
Many thanks to the Qualys Security Advisory team and Mark Esler from the
Ubuntu Security Team for the responsible disclosure, reviewing patches and
coordinating the disclosure of these security issues.
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 19 Nov 2024 17:00:00 +0100
needrestart 3.7
* Features:
- [Interp] Add optional persistent cache support for perl scanning.
(github pull request #282 by Jean-Marc Saffroy @saffroy)
- [Core] Add OpenMetrics time series output.
(github pull request #308 by Gabriel Filion @lelutin)
* Changes:
- [Core] Replace `which` by `command -v`.
(github pull request #254 by @a1346054)
- [Core] Ignore USBGuard.
(github pull request #257 by Christoph Anton Mitterer @calestyo)
- [Core] Do not ignore dhclient but prevent restart ifup automaticly.
(github pull request #262 by @anarcat)
- [Core] Add greetd to the list of restart exclusions.
(github pull request #266 by Iván Zaera @ivan-zaera)
- [Core] Support dbus replacements.
(github pull request #276 by @Vladimir-csp)
- [Core] Apply override_rc deterministically.
(github pull request #280 by Corey Hickey @bugfood)
- [uCode] Test vendor id before check for Intel ucode.
(github pull request #284 by FRITZ|FRITZ @fritz-fritz)
- [uCode] Fix AMD ucode checking in non-debug mode.
(github pull request #288 by @anarcat)
- [uCode] Mark unavailable ucode as CURRENT.
(github pull request #290 by @anarcat)
- [Kernel] Increase read size for version strings.
(github pull request #293 by @jaycci)
- [README] Add RPi5 details.
(github pull request #298 by @Opa-)
- [README] Add RPi1 details.
(github pull request #304 by @juadde)
- [uCode] Add an option to print uCode hints w/o acknowledgement.
(github pull request #307 by Adam @adsr)
* Fixes:
- [README] Prevent shell expansion in example.
(github pull request #252 by David Taylor @dtaylor84)
- [Core] Fix VM detection regression introduced in f54d85c.
(github pull request #248 by @zxyrepf)
- [uCode] Fix uninitialized value regression.
(github pull request #273 by Stefan Bühler @stbuehler)
- [uCode] Fix AMD uCode check in non-debug mode.
(github pull request #278 by Jan-Philipp Litza @jplitza)
- [CONT] Fix always ignoring lxc/lxd instances.
(github issue #245 by Mitsuya Shibata @m-shibata)
- [Core] Fix shellcheck issues.
(github issue #300 by Eisuke Kawashima @e-kwsm)
- [Kernel] Fix kernel version detection for kernel images >= 6.0.
(github issue #245 by Stefan Bühler @tik-stbuehler)
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 11 Aug 2024 22:59:32 +0200
needrestart 3.6
* Security:
- [Interp] CVE-2022-30688: Anchor interpreter regex to prevent local privilege escalation.
(responsibly reported by Jakub Wilk)
* Features:
- [Core] Add support for runit.
(Debian Bug#972685 by Lorenzo Puliti <plorenzo@disroot.org>)
- [VM] Add support to detect outdated VM processes (i.e. qemu).
(github pull request #216 by Christian Ehrhardt @cpaelzer)
* Changes:
- [Cont] Improve LXD container support.
(github pull request #188 by James TD Smith @ahktenzero)
- [Cont] Update cgroup regex for LXC 4.0.
(github pull request #215 by James TD Smith @ahktenzero)
- [Cont] Support cgroup v2 for docker.
(github pull request #234 by Markus Frosch @lazyfrosch)
- [Cont] Support cgroup v2 for LXC/LXD.
(github pull request #238 by Trent Lloyd @lathiat)
- [Core] Support cgroup v2 for services and user sessions.
- [Core] Support systemd manager restart on Ubuntu 20.04+.
(github pull request #195 by Lars Kollstedt @LarsKollstedt)
- [Core] Do not restart bluetooth.service by default.
(github pull request #209 by Erik Tews @eriktews)
- [Core] Do not restart elogind by default.
(github issue #205 by @HumanG33k)
- [Core] Output user sessions in batch mode.
(github pull request #232 by @anarcat)
- [Core] Use ImVirt for virtualization detection if not running on systemd.
(Debian Bug#984789 by Patrik Schindler <poc@pocnet.net>)
- [Interp] Add tolerance when checking script file ctimes to avoid false positives.
(github pull request #233 by Corey Hickey @bugfood)
- [Kernel] Replace strings(1) by GNU grep to drop binutils dependency.
(Debian Bug#986507 by Trent W. Buck <trentbuck@gmail.com>)
* Fixes:
- [Core] Fix comment for default value of `skip_mapfiles`.
(github pull request #179 by @iasdeoupxe)
- [Interp] Fix detection for ruby script started from relative paths.
(github pull request #182 by Alexander Neumann @rtpt-alex)
- [Core] Fix typos.
(github pull request #189 by @wwuck)
(github pull request #193 by Stefan Weil @stweil)
- [Core] Fix verbose/verbosity confusion in needrestart.conf.
(github pull request #197 by Jan-Philipp Litza @jplitza)
- [Core] Ignore memfd files like used by nvidia's binary drivers.
(github pull request #200 by Jan Visser @starquake)
- [Core] Ignore all memfd mappings.
(Debian Bug#972685 by Michail Bachmann <m.bachmann@cms.hu-berlin.de>)
- [Core] Ignore Java Native Access mappings.
(github issue #142 by @nirgal)
(github issue #185 by Ivan Zaera @izaera)
- [Core] nagios: Do not print perfdata data in unkown state.
(github pull request #222 by Lorenz @RincewindsHat)
- [uCode] Fix 'uninitialized value' on AMD.
(github pull request #226 by Christian Garbs @mmitch)
* Misc:
- Minor cleanups (whitespaces, shellcheck, ...).
(github pull request #217 by @a1346054)
- Update README.batch.md.
(github pull request #219 by Stavros Ntentos @stdedos)
- Add icinga2 example config.
(github pull request #223 by Lorenz @RincewindsHat)
- [uCode] Fix lsinitrd example.
(github pull request #240 by Corey Hickey @bugfood)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 17 May 2022 17:00:00 +0200
needrestart 3.5
* Features:
- [uCode] Check for pending AMD microcode updates (experimental).
(Debian Bug#886611 by Paul Wise <pabs@debian.org>)
(github issue #150 by Tom Reynolds @tomreyn and Mark Wagie @yochananmarqos)
* Changes:
- [Core] Add network.service to blacklist.
(github pull request #145 by Marc Dequènes (Duck) @duck-rh)
- [uCode] Check microcode revision of each individual CPUs.
- [Kernel] Support kernel image filename filtering required for Raspbian.
(github issue #146 by @takichikawa)
(github issue #155 by Fenhl @fenhl and Christian @git-developer)
- [uCode] Support local override for iucode_tool call.
(github issue #148 by @mphilipps and Marc Dequènes (Duck) @duck-rh)
- [notify] Add app name to notify-send call.
(github issue #76 by @Vladimir-csp)
* Fixes:
- [Core] Do not restart networking.service.
(Debian Bug#922725 by Timo Sigurdsson <public_timo.s@silentcreek.de>).
- [Core] Fix typo in man page for env variable DEBIAN_FRONT(END).
(Debian Bug#922864 by Lee Garrett <debian@rocketjump.eu>)
(Debian Bug#923853 by Petter Reinholdtsen <pere@hungry.com>)
- [Interp] Restore cwd when skipping processes with unavailable cwd.
(github issue #147 by Stavros Ntentos @stdedos)
- [Core] Remove leading zero before testing in map_files.
(Debian Bug#928225 by Alexander Galanin <al@galanin.nnov.ru>)
- [Core] Fix typos in ex/needrestart.conf.
(github pull request #163 by Simon Brand @brandsimon)
- [UI] Don't fail when terminal has zero columns width.
(github pull request #167 by @libnoon)
- [Core] Ignore mapped files not found on filesystem (stat) to suppress
chroot false positives.
(github issue #158 by @mphilipps)
(github issue #152 by Ivan Kurnosov @zerkms and @djl)
- [Core] Supress warnings from Proc::ProcessTable.
(github issue #170 by @mphilipps)
- [CONT] Fix docker detection on CentOS 7.
(github issue #165 by Christian Ruppert @idl0r)
- [notify] Fix notify-send not working with dbus-user-session.
(github issue #76 by @Vladimir-csp)
- [Core] Ignore mapped files in temporary directories.
(Debian Bug#925408 by Donald Pellegrino <donald.a.pellegrino@gmail.com>)
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 22 Mar 2020 17:36:57 +0100
needrestart 3.4
* Features:
- [L10n] Add Czech localization.
(github pull request #131 by @p-bo)
(github pull request #132 by @p-bo)
(github pull request #133 by @p-bo)
- [Core] Add FRR to override.
(github pull request #138 by David Lamparter @eqvinox)
- [Core] Detect if run inside a container or vm using systemd.
(github issue #139 by Tobby @tobby88)
- [Core] Skip needrestart in apt hook if system is shutting down.
(Debian Bug#914753 by Balint Reczey <balint.reczey@canonical.com>)
* Changes:
- [Core] Do restart systemd-journald (again).
(see also Debian Bug#771122, #771254 and #898818)
(Debian Bug#898818 by Mathieu Parent <sathieu@debian.org>)
* Fixes:
- [uCode] Ignore broken microcode files (required for CentOS).
(github issue #123 by Marc Dequènes (Duck) @duck-rh)
- [uCode] Parse output of old iucode-tool 1.5.
(github pull request #127 by Lutz Heermann @LuHee)
- [uCode] Prevent microcode false positives for BIOS updates.
(Debian Bug#906958 by Maik Zumstrull <maik@zumstrull.net>)
- [uCode] Handle microcode updates for multiple CPUs in initramfs.
(Debian Bug#907372 by Paul Wise <pabs@debian.org>)
- [Core] Ignore temporary mappings of elasticsearch.
(github issue #134 by Georg @teadur)
- [Core] Do not restart oneshot services from systemd-cron.
(Debian Bug#917073 by Antti Salmela <asalmela@iki.fi>)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 05 Feb 2019 22:43:12 +0100
needrestart 3.3
* Fixes:
- [Core] Configuration file is ignored.
(Debian Bug#901999 by Andreas Schmidt <pi-c@arcor.de>)
(Debian Bug#902031 by Axel Beckert <abe@debian.org>)
(Debian Bug#902049 by Jon <nuxi@vault24.org>)
(github issue #121 by Sven Hartge @shartge)
- [Interp] Supress uninitalized value if abs_path fails.
(github issue #120 by Craig Andrews @candrews)
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 24 Jun 2018 13:32:47 +0200
needrestart 3.2
* Changes:
- [Kernel] Include /boot/kernel* while looking for linux
kernel images (required for Gentoo)
(Gentoo Bug 654958 by Klaus Ethgen)
(github pull request #113 by Craig Andrews @candrews)
- [Core] Do not restart ModemManager by default.
(github pull request #119 by @bodqhrohro)
* Fixes:
- [UI] Do not call GetTerminalSize if STDOUT is not a tty.
(github pull request #110 by Michael Scherer @mscherer)
- [uCode] Filter microcode for CPU signature and flags.
(github issue #112 by @mgondium)
(Debian Bug#900298 by Francois Mescam <fmescam@sd-123993.dedibox.fr>)
- [uCode] Assigning ucodehints a false value disables ucode
checks.
(github issue #115 by Johannes Kampmeyer @xschlef)
- [Hooks] Ignore non-executable init scripts.
(github issue #116 by Marc Dequènes (Duck) @duck-rh)
- [L10n] Fix typo in Russian localization.
(github pull request #118 by @bodqhrohro)
- [UI] Do not leak fd into restarted services.
(Debian Bug#893152 by Stephen Rothwell <debbugs@rothwell.id.au>)
-- Thomas Liske <thomas@fiasko-nw.net> Sat, 16 Jun 2018 17:42:51 +0200
needrestart 3.1
* Changes:
- [uCode] Handle microcode upgrades in early boot initrd images,
required at least on Arch Linux.
(github issue #106 by @Wuestengecko)
* Fixes:
- [uCode] Fix uninitialized value in batch mode.
(Debian Bug#891923 by Bob Proulx <bob@proulx.com>)
(github issue #105 by Evgenii Terechkov @evgkrsk)
- [uCode] Fix completely broken microcode update detection.
(github issue #108 by @Wuestengecko)
- [UI] Fix microcode revision placeholders in NeedRestart::UI::stdio.
-- Thomas Liske <thomas@fiasko-nw.net> Thu, 29 Mar 2018 23:22:55 +0200
needrestart 3.0
* Features:
- [Core] Possible to suspend needrestart in apt-get hook using
the NEEDRESTART_SUSPEND environment variable.
(github issue #71 by Ludovic Gasc @GMLudo et. al.)
- [Core] Possible to override the configured restart mode using
the NEEDRESTART_MODE environment variable.
(Debian Bug#866105 by Marc Haber <mh+debian-bugs@zugschlus.de>)
- [uCode] Check for pending Intel microcode updates.
(Debian Bug#886445 by Paul Wise <pabs@debian.org>)
* Changes:
- [Core] Do not try to restart service units with RefuseManualStop=yes.
(github issue #75 by Marc Dequènes @duck-rh)
- [Kernel] Try to adopt RPM's version sorting to get most recent kernel.
(github issue #73 by Maximilian Gaß @mxey)
- [Core] Tune blacklist_mappings default setting to match on deleted maps.
- [UI] Respect verbosity in UI::stdio, just like UI::Debconf.
(github pull request #88 by @guillaume-uH57J9)
- [Core] Improve output formating.
(github issue #84 by Stavros Ntentos @stdedos)
- [Core] Improve container detection to skip kernel and microcode checks.
* Fixes:
- [Core] Makefile: Fix installation of restart.d/ scripts.
(Debian Bug#851866 by Sven Hartge <sven@svenhartge.de>)
- [Core] Fix warning in Perl 5.20.x, not triggered in 5.24.x
in needrestart.conf (Oil Runtime Compiler's JIT files).
(patch by Patrick Matthäi (Debian))
- [Core] Do not restart oneshot services.
(Debian Bug#862840 by Alan Jenkins <alan.christopher.jenkins@gmail.com>)
- [Core] Ignore rc-local.service.
(Debian Bug#852864 by Paul Wise <pabs@debian.org>)
- [Core] Do not restart libvirt by default.
(github issue #69 by Craig Andrews @candrews)
- [Interp/Perl] Add missing cwd restore before a return.
(github issues #55 and #70 Craig Andrews @candrews and Stefan Bühler @stbuehler)
- [Core] README.md: Fix spelling.
(github issue #74 by Edward Betts @EdwardBetts)
- [Core] Add bird to override.
(github issue #78 by Björn Lässig @Farom)
- [Interp/(Perl|Python)] Use absolute paths used to search the package
of a script file.
(github issue #79 by Christopher Odenbach @odenbach)
- [Hook] Use rpm -q --filesbypkg rather than rpmquery.
(github issue #81 by Sven Hartge @shartge)
- [CONT] Detect docker container ns running not on systemd.
- [CONT] Ignore processes running inside docker containers.
(github issue #80 by Christopher Odenbach @odenbach)
- [Core] Ignore special filename mappings used by recent versions of
KDE plasmashell.
(github issue #65 by @GoTeamAnt)
(Debian Bug#879091 by Paul Wise <pabs@debian.org>)
- [Core] Fix handling of library mappings if target does not exist.
(github issue #58 by @pigen)
(Debian Bug#878700 by Richard Hector <richard@walnut.gen.nz>)
- [Hook] Fix handling of multiarch packages.
(github issue #56 by @mayasd)
- [Interp] Ignore interpreter processes with unreachable root fs (i.e.
in different mnt ns).
(github issue #72 by Stefan Bühler @stbuehler)
- [Core] Add missing unnamed device major numbers (fix for OpenVZ).
(Debian Bug#876452 by Piotr Pańczyk <piotr.panczyk@assecobs.pl>)
- [UI] Do not call GetTerminalSize() if STDOUT is not a TTY.
(Debian Bug#859387 by by Paul Wise <pabs@debian.org>)
(github issues #85 and #86 by @guillaume-uH57J9)
- [UI] Fix switch from interactive to list mode if debconf is run
noninteractive.
(Debian Bug#876459 by Piotr Pańczyk <piotr.panczyk@assecobs.pl>)
- [man] Add documentation on restart mode if run non-interactive.
(Debian Bug#842512 by Antoine Beaupré <anarcat@debian.org>)
- [Core] Ignore some Java false positives (JNA, JFFI).
(github pull request #89 by Maximilian Gaß @mxey)
(github issue #60 by @ge-fa)
- [Core] Output NRPE message "root needed" on stdout.
(github pull request #91 by @nirgal)
- [Core] Use override_cont when querying containers.
(github pull request #94 by Nigel Kukard @nkukard)
- [Core] Do not restart docker by default.
- [Core] Fix typo in man page.
(Debian Bug#885448 by Paul Wise <pabs@debian.org>)
- [Interp] Fix perl warning if cwd is unreachable.
(github issue #99 by @glitsj16)
- [Hook] Replace remaining calls of rpmquery by rpm.
(github issue #100 by Matthias Hörmann @taladar)
- [Core] Fix additional unit detection in dbus restart handler.
(github issue #104 by Alexander Barton @alexbarton)
-- Thomas Liske <thomas@fiasko-nw.net> Fri, 23 Feb 2018 13:38:46 +0100
needrestart 2.11
* Features:
- [Core] Allow special treatment to restart services (i.e. dbus).
(github issue #44 by @Vladimir-csp)
- [Cont] Support restarting LXD-based LXC containers.
(github issue #26 by James Johnston @JohnstonJ)
- [Core] New config option to enforce legacy session detection if systemd
is used without PAM integration.
(github issue #52 by @micw and Eric S. @Korni22)
* Fixes:
- [Core] Fix default config type for override_* settings.
(github issue #47 by @mphilipps)
- [Kernel] Ignore initrd filenames while looking for kernel image files.
(github issue #49 by Evgenii Terechkov @evgkrsk)
- [Kernel] Strip .img from version string when deducting the kernel
version from filename.
(github issue #49 by Evgenii Terechkov @evgkrsk)
- [Core] Fix wrong regex quotation in default configuration file.
(Debian Bug#844283 by Paul Wise <pabs@debian.org>)
- [Core] Add display-manager 'lxdm' to override.
(Debian Bug#845996 by Rodrigo Campos <rodrigo@sdfg.com.ar>)
- [Interp] Make paths when searching source files relative to the root
path of the process.
(github issue #54 by Tomasz Kontusz @ktosiek)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 17 Jan 2017 15:59:36 +0100
needrestart 2.10
* Features:
- [Interp] Allow ignoring of interpreted files.
(github issue #39 by Wolfgang Karall @wolfgangkarall)
- [Core] Make verification of mapped files in fileystem configurable as a
workaround for broken grsecurity kernels.
(github issue #46 by @jleroy @eigengrau)
- [Core] Make ignore of mapped files configurable.
(github issue #45 by @stbuehler)
* Fixes:
- [Core] Do not ignore processes if maps file could not be read.
- [Perl] Silence warnings of Module::ScanDeps for dynamic loaded modules.
(github issue #41 by @bxkx @r-lindner)
- [UI] Do not use Text::Wrap while printing restart commands.
(Debian Bug#838622 by Paul Wise <pabs@debian.org>)
- [Core] Do really restart services in automatic mode.
(Debian Bug#838355 by Georg <georg@riseup.net>)
- [Kernel] Include /boot/*.img while looking for linux kernel images.
Fixes kernel detection on Raspbian.
(github issue #38 by @fenhl)
-- Thomas Liske <thomas@fiasko-nw.net> Thu, 03 Nov 2016 23:37:05 +0100
needrestart 2.9
* Changes:
- [l10n] Add RU translation for notify.d stuff.
(github issue #29 by @Vladimir-csp)
(github issue #31 by @Vladimir-csp)
- [Conf] Add lxcfs to override_rc.
(Debian Bug#832166 by Evgeni Golov <evgeni@debian.org>)
- [Conf] Pass arguments of apt-pinvoke to needrestart.
(Debian Bug#826220 by Wolfgang Karall-Ahlborn <lists+debian-bugs@karall-edv.at>)
- [Core] Use $(MAKE) instead of make for parallel make.
(github issue #34 by Craig Andrews @candrews)
- [Core] Make nagios severities configurable.
(github issue #32 by Christoph Anton Mitterer @calestyo)
* Features:
- [Core] Sys-V: use chkconfig tags if LSB tags are missing.
(github issue #33 by Evgenii Terechkov @evgkrsk)
- [Interp] Cache file lists of interpreter processes.
(Debian Bug#826247 by Wolfgang Karall-Ahlborn <lists+debian-bugs@karall-edv.at>)
* Fixes:
- [UI] Add a workaround for bug in Term::ReadKey if STDOUT does not
print on a TTY (see also Debian Bug#824564).
- [Core] Fix orcexec regex to match on removed files, too.
(Debian Bug#828103 by Paul Wise <pabs@debian.org>)
- [Core] Don't compare device numbers on anon fs (i.e. OpenVZ's simfs).
(github issue #28 by Sven-Haegar Koch @haegar)
- [Core] Fix odd perl warnings about LSB tags.
(github issue #33 by Evgenii Terechkov @evgkrsk)
- [Core] Make systemctl_combine config option working.
(Debian Bug#826526 by Paul Wise <pabs@debian.org>)
- [Core] Handle newlines in kernel versions gracefully.
(Debian Bug#827162 by Martin Steigerwald <martin@lichtvoll.de>)
- [Core] Fix session counter in nagios plugin mode.
-- Thomas Liske <thomas@fiasko-nw.net> Sat, 03 Sep 2016 14:52:41 +0200
needrestart 2.8
* Changes:
- [Core] Restart SysV init services on systemd using systemctl.
(Debian Bug#818853 by Paul Wise <pabs@debian.org>)
- [Core] Print a combined `systemctl restart` command line for skipped
services (config option).
(Debian Bug#818853 by Paul Wise <pabs@debian.org>)
- [l10n] Make NeedRestart::UI::stdio localized and update German localization.
- [notify] Disable mail notification by default (notify.conf).
* Features:
- [Core] Add a easy UI mode hiding technical details for non-technical users.
(Debian Bug#819824 by Patrick Schleizer <adrelanos@riseup.net>))
- [Cont] Detect systemd-machined containers.
* Fixes:
- [Conf] Add xendomains to override_rc.
(Debian Bug#817807 by Samuel Thibault <sthibault@debian.org>)
- [Core] Do not terminate debconf after restart service selection since it
is still needed for container selection.
- [Core] Fix regex handling in cgroup detection.
(github pull request #25 by Courtney Bane @cbane)
- [Core] Fix library probing inside filesystem namespaces (i.e. LXC
containers).
(github issue #23 by Lukas Pirl @lpirl)
- [Interp] Fix incomplete skipping of scanning files in Interp/*.pm
if cwd is unknown.
- [Interp] Improve getopts parsing (Interp::*) to remove "Uknown option:"
warnings.
(Debian Bug#817927 by F. Petitjean <francois.petitjean@bureauveritas.com>)
- [notify.d] Fix bashisms in /etc/needrestart/notify.d/*.
(Debian Bug#818001 by Cristian Ionescu-Idbohrn
<cristian.ionescu-idbohrn@axis.com>)
(github issue #21 by Sebastian Brandt @sbrandtb)
(Debian Bug#824184 by Axel Beckert <abe@debian.org>)
- [UI] stdio: do not skip service asked while choosing auto mode.
-- Thomas Liske <thomas@fiasko-nw.net> Mon, 16 May 2016 18:45:51 +0200
needrestart 2.7
* [Bug] Ignore init rc being symlinks to upstart-job.
(github issue #16 by Jonas Genannt @hggh)
* [Bug] Allow systemd service names with dots in them.
(github issue #19 by Michael Fladischer <michael@fladi.at>)
* [Bug] Add display-manager 'slim' to override.
(Debian Bug#816061 by Lars Kruse <devel@sumpfralle.de>)
* [debconf] Add russian translation.
(Debian Bug#815086 by Vladimir Kudrya <pzs-fs@yandex.ru>)
* [notify] Add support for translation of notify scripts.
(Debian Bug#815086 by Vladimir Kudrya <pzs-fs@yandex.ru>)
* [Core] Add support for translation of core script.
(Debian Bug#815086 by Vladimir Kudrya <pzs-fs@yandex.ru>)
* [Bug] Fix missing translations in debconf template file.
(Debian Bug#815086 by Vladimir Kudrya <pzs-fs@yandex.ru>)
* [notify] Notification scripts can be disabled globaly (see notify.conf).
(Debian Bug#787297 by Christoph Anton Mitterer <calestyo@scientia.net>)
* [Core] Improve output of restart commands.
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 06 Mar 2016 14:46:45 +0100
needrestart 2.6
* [Bug] Do not notify system users via email.
(Debian Bug#812399 by Marc Haber <mh+debian-packages@zugschlus.de>)
* [Bug] Do no restart services in interactive restart mode while
debconf's noninteractive frontend is used.
(Debian Bug#803249 by Felix Geyer <fgeyer@debian.org>)
* [Bug] Fix broken detection of old mappings due to regression
introduced in v2.3 (commit acf6a07).
(Debian Bug#810970 by Andreas Schmidt <pi-c@arcor.de>)
-- Thomas Liske <thomas@fiasko-nw.net> Wed, 17 Feb 2016 22:14:32 +0100
needrestart 2.5
* [Bug] Fix broken kernel detection due to syntax error.
(Debian Bug#810031 by Martin Steigerwald <martin@lichtvoll.de>)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 05 Jan 2016 23:17:53 +0100
needrestart 2.4
* [Bug] Drop unused dependency on File::Slurp.
(Debian Bug#799733 by Christoph Anton Mitterer <calestyo@scientia.net>)
(Debian Bug#799734 by Sven Hartge <sven@svenhartge.de>)
* [Bug] Add user@\d+.service to override_rc.
(Debian Bug#788380 by Shirish Agarwal <shirishag75@gmail.com>)
* [Bug] Add override for systemd-logind due to another systemd regression.
(Debian Bug#800718 by Sven Hartge <sven@svenhartge.de>)
* [Bug] Fix grammar in hook scripts.
(Debian Bug#805980 by Justin B Rye <justin.byam.rye@gmail.com>)
* [Bug] Fix kernel detection on non x86* arch.
(Debian Bug#800720 by Sven Hartge <sven@svenhartge.de>)
* [Kernel] Extract kernel version on non-x86(_64) archs (allows ABI checks).
-- Thomas Liske <thomas@fiasko-nw.net> Fri, 01 Jan 2016 21:54:47 +0100
needrestart 2.3
* [Bug] Add lightdm to override.
(Debian Bug#791649 by Martin Steigerwald <martin@lichtvoll.de>)
* [Bug] Do not try container detection in user mode.
(Debian Bug#791665 by Ansgar Burchardt <ansgar@debian.org>)
* [Bug] Remove unsupported HTML markups from notifications.
(Debian Bug#791664 by Ansgar Burchardt <ansgar@debian.org>)
* [Bug] Compare inodes of mapped files more reliable for chrooted
processes.
(github issue #11 by Markus Frosch <markus@lazyfrosch.de>)
* [Kernel] Skip kernel detection within containers.
* [UI] Add a quiet option to drop any progress messages.
(Debian Bug#791708 by Rodrigo Campos <rodrigo@sdfg.com.ar>)
* [Bug] Do not handle user services as system services.
(Debian Bug#792032 by Ansgar Burchardt <ansgar@debian.org>)
* [Bug] Fix cutting path names read from /proc/PID/maps at spaces
resulting in false-positives.
-- Thomas Liske <thomas@fiasko-nw.net> Sat, 19 Sep 2015 20:38:19 +0200
needrestart 2.2
* [regression] Processes using chroot were always detected as obsolete
since missing binaries in /proc/PID/root/.
(Debian Bug#786584 by François Mescam <francois@mescam.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 26 May 2015 23:56:11 +0200
needrestart 2.1
* [Bug] Ignore /usr/bin/apt-get.
(Debian Bug#784237 by Thijs Kinkhorst <thijs@debian.org>)
* [Bug] Add override for systemd's emergency.service and rescue.service.
(Debian Bug#784437)
* [Bug] Ignore Oil Runtime Compiler's JIT files.
(Debian Bug#786374 by Francois Mescam <francois@mescam.org>)
* [Bug] Fix 2c037bc did broke the progressbar.
(Related to Debian Bug#768124)
* [Cont] Detect and suggest to restart containers:
- docker
- LXC
(Debian Bug#783181 by Brian Minton <brian@minton.name>)
* [Core] Add nagios plugin mode (-p).
(github issue #5 by Ludovic Gasc [@GMLudo])
* [Core] Use /proc/$PID/root to scan for files fixing false positives on
containers (i.e. LXC) using bind mounts.
(Debian Bug#783181 by Brian Minton <brian@minton.name>)
* [Interp] Skip scanning files with Interp/* if cwd is unknown.
(Debian Bug#779832 by wforumw <wforumw@gmail.com>)
* [Interp] Skip scanning files with Interp/* if cwd is unknown.
(Debian Bug#779832 by wforumw <wforumw@gmail.com>)
* [Kernel] Add kernel hints option not requiring an acknowledgement by
the user.
(Debian Bug#769811 by Axel Beckert <abe@debian.org>)
* [Kernel] Take version number comparing stuff from Dpkg::Version to
compare kernel versions correctly.
(Debian Bug#781657 by Martin Steigerwald <Martin@Lichtvoll.de>)
* [UI] Improve restart query in interactive mode (stdio).
(Debian Bug#772859 by Axel Beckert <abe@debian.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Fri, 22 May 2015 01:45:17 +0200
needrestart 2.0
* [regression] List commands in list mode.
(Debian Bug#764042 by Paul Wise <pabs@debian.org>)
* Add a conf.d/ directory.
(Debian Bug#764043 by Paul Wise <pabs@debian.org>)
* [UI] Fix empty current/expected kernel version string used by
debconf template.
(Debian Bug#764917 by Laurent Bonnaud <L.Bonnaud@laposte.net>)
* Don't blacklist services by default but use a new override_rc option
to don't restart some critical services by default.
(Debian Bug#763937 by Christoph Anton Mitterer <calestyo@scientia.net>)
* Don't restart services greylisted in override_rc in auto mode.
(Debian Bug#770937 by Axel Beckert <abe@debian.org>)
* [UI] Disable progress bar while running non-interactive.
(Debian Bug#768124 by Phillip Berndt <phillip.berndt@googlemail.com>)
* [UI] Fix warning on uninitialized values while reading from /dev/stdin.
(Debian Bug#768124 by Phillip Berndt <phillip.berndt@googlemail.com>)
* [Interp] Add basic Java detection support.
* Add PolicyKit action file to allow needrestart-session to run
needrestart as root.
* [UI] Add `-f <fe>` CLI parameter to allow to overwrite the
DEBIAN_FRONTEND environment variable used by debconf(7).
-- Thomas Liske <thomas@fiasko-nw.net> Fri, 23 Jan 2015 00:46:13 +0100
needrestart 1.2
* Prepare po-debconf usage and add German translation.
(Debian Bug#761068 by David Prévot <taffit@debian.org>)
* Drop dependency on Term::ProgressBar::Simple.
(Debian Bug#761192 by Thijs Kinkhorst <thijs@debian.org>)
* Fix blacklist to match upgraded binaries (dpkg).
(Debian Bug#761346 by Paul Wise <pabs@debian.org>)
* Fix detection of unit names on systemd 215+.
(Debian Bug#762312 by Sven Hartge <sven@svenhartge.de>)
* Ignore special paths (SYSV IPC, DRM, /dev), fixing some
false positives.
* Add service blacklist configuration option to fix display
manager blacklisting with systemd.
* Handle restarts of systemd manager and sysv init using
their specific commands.
(Debian Bug#762528 by Paul Wise <pabs@debian.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 28 Sep 2014 23:48:42 +0200
needrestart 1.1
* Ignore DHCP clients.
(Debian Bug#752111 by Axel Beckert <abe@debian.org>)
* Add options allowing to select which check should be performed.
(Proposed by Axel Beckert <abe@debian.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Sat, 16 Aug 2014 09:57:29 +0200
needrestart 1.0
* Fix grammar errors and use a additional debconf template.
(Debian Bug#748652 by Justin B Rye <justin.byam.rye@gmail.com>)
* Ignore device ID in /proc/<pid>/maps on kFreeBSD.
(Reported by Axel Beckert <abe@debian.org>).
* Ignore device ID for unnamed devices due to broken implementation on btrfs.
(Debian Bug#750734 by Frederik Himpe <fhimpe@vub.ac.be>)
* Skip scanning of needrestart process.
(Debian Bug#751877 by Thijs Kinkhorst <thijs@debian.org>)
* [UI] Drop UI specific progress indicators, use
Term::ProgressBar::Simple to minimize disruption of the terminal.
(Debian Bug#748758 by Thijs Kinkhorst <thijs@debian.org>)
* [UI] Support 'backup' capability of Debconf.
* [Interp] Fix include path retrieval on python3.
(Debian Bug#750589 by Cristian Ionescu-Idbohrn
<cristian.ionescu-idbohrn@axis.com>)
* [Interp] Handle errors on python include path retrieval gracefully.
(Debian Bug#750589 by Cristian Ionescu-Idbohrn
<cristian.ionescu-idbohrn@axis.com>)
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 17 Jun 2014 15:21:15 +0200
needrestart 0.9
* Drop external dependency on strings command from binutils.
* Fix "uninitialized value" by apparent kernel threads.
(Debian Bug#746363 by Axel Beckert <abe@debian.org>)
* Read kernel version from x86 kernel boot header and handle
uncompressed kernel images.
(Debian Bug#746550 by Axel Beckert <abe@debian.org>)
* Several small bugfixes:
- [Interp] initial source file detection broken due using getopt
instead of getopts
(Debian Bug#746363 by Axel Beckert <abe@debian.org>)
- [UI] fix newlines in Debconf template
- [UI] fix "No such file or directory" triggered by stdio
(Debian Bug#746550 by Axel Beckert <abe@debian.org>)
- [Interp] Use source file instead of /proc/<pid>/exe to find package.
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 11 May 2014 22:48:42 +0200
needrestart 0.8
* Fix non-numeric argument on progress_prep call.
(Debian Bug#744961 by Cristian Ionescu-Idbohrn
<cristian.ionescu-idbohrn@axis.com>)
* Feature: interpreter support enables needrestart to look for obsolete
source files in scripting languages:
- Perl: using Module::ScanDeps
- Python: using home made source file scanning
- Ruby: using home made source file scanning
* Feature: detect running on obsolete kernels
(Debian Bug#745270 by Paul Wise <pabs@debian.org>)
* NeedRestart::UI::Dialog: has been dropped
* NeedRestart::UI::stdio: add mass processing
* Several small bugfixes.
-- Thomas Liske <thomas@fiasko-nw.net> Sun, 27 Apr 2014 10:15:35 +0200
needrestart 0.7
* Improved rc script detection, e.g.: previous releases failed to
detect apache2's init script after upgrading libssl1.0.0.
* Handle Linux VServer naming convention on deleted binaries.
(Thanks to Phillip Berndt [@phillipberndt])
* Support GNU formatted device ids.
(github issue #1 by Phillip Berndt [@phillipberndt])
* Hooks: Use only available package managers.
* Hooks: Ignore hooks not returning any rc scripts
(fixes detecting apache2's rc script).
* Hooks: Prefer rc scripts w/ matching pid
(fixes calling unnecessary rc scripts like libvirt-guests).
* Improve rc script detection by using a two pass
analysis.
* Fallback to NeedRestart::UI::stdio while being verbose.
(Debian Bug#744000 by Paul Wise <pabs@debian.org>)
* Add default UI configuration option.
(Debian Bug#744001 by Paul Wise <pabs@debian.org>)
* Apply blacklist while processing parent processes.
(Debian Bug#744002 by Paul Wise <pabs@debian.org>)
* Apply Debian's 01-makefile-fix.diff upstream.
-- Thomas Liske <thomas@fiasko-nw.net> Mon, 14 Apr 2014 21:50:15 +0200
needrestart 0.6
* Add lightdm to blacklist.
(Debian Bug#735027 by Michael Gilbert <mgilbert@debian.org>)
* Print eval exception message on config file errors.
* Use systemd if available.
(Debian Bug#731028 by Paul Wise <pabs@debian.org>)
* Use service to run traditional SysV scripts.
* Change batch processing output.
* Print full restart commands in list mode.
(Debian Bug#731028 by Paul Wise <pabs@debian.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Mon, 07 Apr 2014 22:52:18 +0200
needrestart 0.5
* Ignore mapped files in /tmp.
* Handle LSB tags case insensitivly.
(Debian Bug#731165 by Christian Ionescu-Idbohrn
<cristian.ionescu-idbohrn@axis.com>)
* Prevent config file in dpkg.cfg.d to break dpkg
after removing needrestart.
(Debian Bug#732461 by Andreas Beckmann <anbe@debian.org>)
-- Thomas Liske <thomas@fiasko-nw.net> Thu, 02 Jan 2014 19:55:49 +0100
needrestart 0.4
* Fix spelling:
- typo in debconf template (s/restartet/restarted/;)
(Debian Bug#723935 by Axel Beckert <abe@debian.org>)
- debconf template title (s/orphaned/outdated/;)
(Debian Bug#723935 by Justin B Rye <justin.byam.rye@gmail.com>)
* Fix progress bar increase to grow up to 100%:
- binaries were counted twice
- kernel threads did not increase progress
* Demand restart of deleted binaries.
* Add sudo binary to example blacklist.
(Debian Bug#725937 by Jim Barber <jim.barber@ddihealth.com>)
* Drop version number from man page.
(Debian Bug#729997 by Raf Czlonka <rafal.czlonka@gmail.com>)
* NeedRestart::UI::Debconf: Fix return code handling if readline
is used as debconf frontend.
(Debian Bug#729997 by Raf Czlonka <rafal.czlonka@gmail.com>)
-- Thomas Liske <thomas@fiasko-nw.net> Thu, 28 Nov 2013 19:30:06 +0100
needrestart 0.3
* Fix typo reported by Patrick Matthäi.
* Add man page provided by Patrick Matthäi (Debian).
* Offer restart on non-existing mappings.
* Add PacMan hook.
* Be more fault-tolerant in batch mode.
* Provide a more sophisticated apt/dpkg trigger.
* Fix ignored -r command line parameter.
(Debian Bug#721809 by Axel Beckert <abe@debian.org>)
* Ignore forked/detached daemon childs (pidfile heuristic).
(Debian Bug#721810 by Axel Beckert <abe@debian.org>)
* Provide modular UI including debconf and dialog based
frontends.
* Ignore binaries due blacklist config option.
-- Thomas Liske <thomas@fiasko-nw.net> Sat, 14 Sep 2013 12:55:16 +0200
needrestart 0.2
* Support (l)ist only, (i)nteractive restart and
(a)utomaticly restart modes.
* Supply apt.conf.d script to call needrestart on every upgrade.
* Drop dependency on (Debian's) run-parts.
* Drop Term::Query dependency.
* Ignore rc scripts to be run in other run-levels.
* Add batch mode.
-- Thomas Liske <thomas@fiasko-nw.net> Tue, 02 Apr 2013 21:51:48 +0200
needrestart 0.1
* Initial release.
-- Thomas Liske <thomas@fiasko-nw.net> Fri, 29 Mar 2013 19:40:09 +0100