nginx-common postinst execution fails when upgrading to or reinstalling 1.10.1-0ubuntu3

Bug #1637058 reported by Michael Marley on 2016-10-27
54
This bug affects 10 people
Affects Status Importance Assigned to Milestone
nginx (Debian)
Fix Released
Unknown
nginx (Ubuntu)
Status tracked in Zesty
Trusty
High
Unassigned
Xenial
High
Unassigned
Yakkety
High
Unassigned
Zesty
High
Thomas Ward

Bug Description

The first installation of the nginx-common on a system without nginx installed works fine, but attempting to reinstall it (or upgrade from a previous version of nginx-common) results in the post-install script exiting with status 1. I attempted to debug this issue myself, but rapidly became lost in a maze of scripts calling each other.

Luckily, the issue is easy to reproduce. From a system without nginx installed:

michael@mamarley-desktop:~/Downloads$ sudo dpkg -i nginx-common_1.10.1-0ubuntu3_all.deb
[sudo] password for michael:
Selecting previously unselected package nginx-common.
(Reading database ... 414684 files and directories currently installed.)
Preparing to unpack nginx-common_1.10.1-0ubuntu3_all.deb ...
Unpacking nginx-common (1.10.1-0ubuntu3) ...
Setting up nginx-common (1.10.1-0ubuntu3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
Processing triggers for systemd (231-9git1) ...
michael@mamarley-desktop:~/Downloads$ sudo dpkg -i nginx-common_1.10.1-0ubuntu3_all.deb
(Reading database ... 414728 files and directories currently installed.)
Preparing to unpack nginx-common_1.10.1-0ubuntu3_all.deb ...
Unpacking nginx-common (1.10.1-0ubuntu3) over (1.10.1-0ubuntu3) ...
Setting up nginx-common (1.10.1-0ubuntu3) ...
dpkg: error processing package nginx-common (--install):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for systemd (231-9git1) ...
Errors were encountered while processing:
 nginx-common
michael@mamarley-desktop:~/Downloads$

CVE References

Emil (eaglex) wrote :

For anyone needing a quick work-around, see: http://askubuntu.com/a/842313/582734

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nginx (Ubuntu):
status: New → Confirmed
Thomas Ward (teward) wrote :

Please verify which Ubuntu version you are on. If you are not using Zesty then this bug is invalid for your release, as 1.10.1-0ububtu3 is only in Zesty.

Changed in nginx (Ubuntu):
importance: Undecided → High
Thomas Ward (teward) wrote :

The issue seems to have to do with the package version comparison introduced in the postings script based on the data reported on Ask Ubuntu.

Changed in nginx (Ubuntu):
assignee: nobody → Thomas Ward (teward)
Changed in nginx (Ubuntu Zesty):
status: Confirmed → In Progress
Hassan El Jacifi (waver) wrote :

Hi Thomas,

The bug is not affecting only Zesty, it affect different Ubuntu version if you're using the NGINX ppa [1]

[1] https://launchpad.net/~nginx/+archive/ubuntu/stable

Regards,

Thomas Ward (teward) wrote :

Hassan,

The PPA is not tracked in this bug; PPAs are not in the Ubuntu repositories; so this would need to have been filed as such. (But you're right, that doesn't mean you can rely on *this* bug to track the PPAs)

Hassan El Jacifi (waver) wrote :

Thomas,

Sure, I only want to inform you as you're the PPA maintainer. As some of us use this PPA on different Ubuntu version for some specific reason and there's no way to report the bug directly there.

Thanks

Thomas Ward (teward) wrote :

Hassan,

You could always have manually created the bug. It's already created.

PPA tracker bug: https://bugs.launchpad.net/nginx/+bug/1637200

Thomas Ward (teward) wrote :

The core problem is the handling of the version comparison and it not catching the 'failure' and returning a non-failure code as intended.

This results in dpkg dying off, and the observed issues. We're working on a fix.

Thomas Ward (teward) on 2016-10-27
Changed in nginx (Ubuntu Yakkety):
status: New → Confirmed
Changed in nginx (Ubuntu Xenial):
status: New → Confirmed
Changed in nginx (Ubuntu Trusty):
status: New → Confirmed
Thomas Ward (teward) wrote :

We have confirmed that this issue also impacts the recently-released Security fixes for CVE-2016-1247; adding those affected versions to the bug.

Thomas Ward (teward) on 2016-10-27
Changed in nginx (Ubuntu Zesty):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.10.1-0ubuntu1.2

---------------
nginx (1.10.1-0ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY REGRESSION: postinst upgrade failure (LP: #1637058)
    - debian/nginx-common.postinst: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:14:26 -0400

Changed in nginx (Ubuntu Yakkety):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.4.6-1ubuntu3.7

---------------
nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:53 -0400

Changed in nginx (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.10.0-0ubuntu0.16.04.4

---------------
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:14 -0400

Changed in nginx (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Yakkety):
importance: Undecided → High
Changed in nginx (Ubuntu Xenial):
importance: Undecided → High
Changed in nginx (Ubuntu Trusty):
importance: Undecided → High
Hassan El Jacifi (waver) wrote :

Thomas,

Thanks. Issue fixed

Changed in nginx (Debian):
status: Unknown → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nginx - 1.10.1-0ubuntu5

---------------
nginx (1.10.1-0ubuntu5) zesty; urgency=medium

  * debian/nginx-common.config:
    - Fix the return code so the script does not exit during version
      string comparisons.
    - Also update the version string to compare with (for zesty only)

 -- Thomas Ward <email address hidden> Thu, 27 Oct 2016 10:48:45 -0400

Changed in nginx (Ubuntu Zesty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.