2022-10-19 06:49:47 |
msaxl |
bug |
|
|
added bug |
2022-10-19 06:56:29 |
msaxl |
summary |
package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück |
package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 |
|
2022-10-19 16:28:43 |
Steve Langasek |
openssh (Ubuntu): status |
New |
Incomplete |
|
2022-10-19 16:29:21 |
Steve Langasek |
openssh (Ubuntu): importance |
Undecided |
Critical |
|
2022-10-19 16:29:27 |
Steve Langasek |
tags |
amd64 apport-package kinetic |
amd64 apport-package foundations-todo kinetic |
|
2022-10-19 16:29:39 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Foundations Bugs |
2022-10-20 06:17:16 |
Steve Langasek |
openssh (Ubuntu): status |
Incomplete |
Triaged |
|
2022-10-21 19:35:50 |
Matthieu Clemenceau |
tags |
amd64 apport-package foundations-todo kinetic |
amd64 apport-package foundations-todo fr-2890 kinetic |
|
2022-10-21 22:45:39 |
Christophe M. |
attachment added |
|
Machine-1_dist-upgrade.zip https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5625850/+files/Machine-1_dist-upgrade.zip |
|
2022-10-26 16:37:02 |
Nick Rosbrook |
nominated for series |
|
Ubuntu Kinetic |
|
2022-10-26 16:37:02 |
Nick Rosbrook |
bug task added |
|
openssh (Ubuntu Kinetic) |
|
2022-10-26 16:42:04 |
Nick Rosbrook |
description |
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
|
2022-10-26 18:33:56 |
Nick Rosbrook |
attachment added |
|
openssh_9.0p1-1ubuntu8.debdiff https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5627076/+files/openssh_9.0p1-1ubuntu8.debdiff |
|
2022-10-26 20:44:31 |
Ubuntu Foundations Team Bug Bot |
tags |
amd64 apport-package foundations-todo fr-2890 kinetic |
amd64 apport-package foundations-todo fr-2890 kinetic patch |
|
2022-10-26 20:44:42 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2022-10-27 13:40:04 |
Nick Rosbrook |
description |
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
[NOTE FOR SRU TEAM]
I would prefer that vorlon review the attached patch before the upload is accepted. I will remove this note when that has happened.
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
|
2022-10-27 13:45:56 |
Chris M. |
bug |
|
|
added subscriber Chris M. |
2022-11-01 08:32:13 |
Brian Murray |
description |
[NOTE FOR SRU TEAM]
I would prefer that vorlon review the attached patch before the upload is accepted. I will remove this note when that has happened.
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
|
2022-11-01 08:32:15 |
Brian Murray |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2022-11-01 08:45:10 |
Nick Rosbrook |
description |
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) |
|
2022-11-01 09:23:09 |
Nick Rosbrook |
attachment added |
|
openssh_9.0p1-1ubuntu8-v2.debdiff https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5628224/+files/openssh_9.0p1-1ubuntu8-v2.debdiff |
|
2022-11-02 18:15:39 |
Brian Murray |
openssh (Ubuntu Kinetic): status |
Triaged |
Fix Committed |
|
2022-11-02 18:15:40 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-11-02 18:15:42 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2022-11-02 18:15:46 |
Brian Murray |
tags |
amd64 apport-package foundations-todo fr-2890 kinetic patch |
amd64 apport-package foundations-todo fr-2890 kinetic patch verification-needed verification-needed-kinetic |
|
2022-11-03 11:11:57 |
Nick Rosbrook |
tags |
amd64 apport-package foundations-todo fr-2890 kinetic patch verification-needed verification-needed-kinetic |
amd64 apport-package foundations-todo fr-2890 kinetic patch verification-done-kinetic verification-needed |
|
2022-11-07 15:13:52 |
Julian Andres Klode |
openssh (Ubuntu): assignee |
|
Nick Rosbrook (enr0n) |
|
2022-11-07 16:18:01 |
Steve Langasek |
openssh (Ubuntu): status |
Triaged |
In Progress |
|
2022-11-07 16:18:03 |
Steve Langasek |
openssh (Ubuntu): status |
In Progress |
Fix Committed |
|
2022-11-12 19:33:42 |
Venugopal |
openssh (Ubuntu): status |
Fix Committed |
Fix Released |
|
2022-11-12 19:42:28 |
Steve Langasek |
openssh (Ubuntu): status |
Fix Released |
Fix Committed |
|
2022-11-21 09:11:27 |
Launchpad Janitor |
openssh (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
2022-11-21 09:11:33 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-12-02 02:03:37 |
Launchpad Janitor |
openssh (Ubuntu): status |
Fix Committed |
Fix Released |
|
2023-06-02 15:22:37 |
Benjamin Drung |
tags |
amd64 apport-package foundations-todo fr-2890 kinetic patch verification-done-kinetic verification-needed |
amd64 apport-package fr-2890 kinetic patch verification-done-kinetic verification-needed |
|
2024-01-02 10:32:02 |
Benjamin Drung |
removed subscriber Ubuntu Foundations Bugs |
|
|
|