[Bug 2059874] Re: on upgrade sshd-socket-generator conversion does not respect administrator intent

Launchpad Bug Tracker 2059874 at bugs.launchpad.net
Mon Apr 15 22:30:05 UTC 2024 

This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13

---------------
openssh (1:9.6p1-3ubuntu13) noble; urgency=medium

  [ Marco Trevisan (TreviƱo) ]
  * debian: Remove dependency on libsystemd
    As per the xz backdoor we learned that the least dependencies sshd have,
    the best it is, so avoid to plug libsystemd (which also brings various
    other dependencies) inside sshd for no reason:

    - d/p/systemd-readiness.patch: Use upstream patch with no libsystemd
      dependency
    - d/p/systemd-socket-activation.patch: Import patch from debian that
      mimics the libsystemd sd_listen_fds() code, as refactored by Colin
      Watson.
    - d/control: Remove dependencies on  libsystemd-dev | libelogind-dev
    - d/rules: Drop --with-systemd flag (new options are used by default)

  [ Nick Rosbrook ]
  * debian/patches: only set PAM_RHOST if remote host is not "UNKNOWN"
    (LP: #2060150)
  * debian/openssh-server.postinst: don't re-enable ssh.socket if it was disabled
    (LP: #2059874)
  * d/p/sshd-socket-generator.patch: do not always ignore ListenStream=22
    (LP: #2059872)

 -- Nick Rosbrook <enr0n at ubuntu.com>  Fri, 05 Apr 2024 15:30:31 -0400

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2059874

Title:
  on upgrade sshd-socket-generator conversion does not respect
  administrator intent

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  the openssh-server 1:9.6p1-3ubuntu11 postinst contains this code
  snippet:

  if [ "$action" == configure ]; then
    ..snip..
    if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then
      ..snip..
      if [ -d /run/systemd/system ]; then
        # Make sure ssh.service is disabled.
        systemctl unmask ssh.service
        systemctl disable --now ssh.service > /dev/null 2>&1

        # sshd-socket-generator is invoked on daemon-reload.
        systemctl daemon-reload
        systemctl enable ssh.socket
      fi
    fi
  fi

  This does not respect existing service and socket unit configuration,
  it effectively re-enables a disabled ssh.service (and even a masked
  one), and a manually disabled socket unit. I strongly suspect it does
  not respect systemd presets either.

  This is unexpected behaviour.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2059874/+subscriptions

More information about the foundations-bugs mailing list