Bug#491263: network-console, etch netinst, openssh

To: Frans Pop <elendil@planet.nl>
Cc: 491263@bugs.debian.org, debian-release@lists.debian.org, Mike Edwards <pf-debian-bugs@mirkwood.net>
Subject: Bug#491263: network-console, etch netinst, openssh
From: Martin Zobel-Helas <zobel@ftbfs.de>
Date: Fri, 18 Jul 2008 22:51:28 +0200
Message-id: <[🔎] 20080718205128.GI6779@ftbfs.de>
Reply-to: Martin Zobel-Helas <zobel@ftbfs.de>, 491263@bugs.debian.org
In-reply-to: <[🔎] 200807180745.45121.elendil@planet.nl>
References: <[🔎] 20080718044626.GC4173@eriador.mirkwood.net> <[🔎] 200807180745.45121.elendil@planet.nl>

Hi, 

On Fri Jul 18, 2008 at 07:45:32 +0200, Frans Pop wrote:
> reassign 491263 debian-installer 20070308etch2
> thanks
> 
> On Friday 18 July 2008, Mike Edwards wrote:
> > A few issues relating to network-console on etch netinst 4.0r3:
> >
> > * Keys generated by network-console are found on the blacklist included
> > with newer versions of openssh-server.
> >
> > * If network-console is used for a new installation, openssh-server is
> > installed on the new system, but .broken keys are left lying around in
> > /etc/ssh.
> >
> > * Likewise to above, the rsa host key (/etc/ssh/ssh_host_rsa_key.pub)
> > is found to be on the blacklist, and appears that it may be the same
> > rsa key used during installation via network-console.
> 
> That is correct. Thanks for alerting us to the issue.
> 
> For most architectures c.q. installation methods this will be fixed 
> automatically with the next point release (coming very soon) as the fixed 
> version of openssh will be included on the CD images.
> 
> What (I personally at least) had not realized yet is that that still 
> leaves a few cases where network-console is included in the D-I initrds. 
> This affects in particular s390, arm (iop32x/ixp4xx) and mipsel (cobalt).
> 
> Stable Release team:
> Have fixed versions of openssh/openssl already been accepted into p-u?

zobel@ries:~% dak ls -S -sstable,proposed-updates openssh openssl
openssh-client |  1:4.3p2-9 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-client | 1:4.3p2-9etch2 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-client-udeb |  1:4.3p2-9 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-client-udeb | 1:4.3p2-9etch2 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-server |  1:4.3p2-9 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-server | 1:4.3p2-9etch2 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-server-udeb |  1:4.3p2-9 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
openssh-server-udeb | 1:4.3p2-9etch2 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
       ssh |  1:4.3p2-9 |        stable | all
       ssh | 1:4.3p2-9etch2 | proposed-updates | all
ssh-askpass-gnome |  1:4.3p2-9 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
ssh-askpass-gnome | 1:4.3p2-9etch2 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
  ssh-krb5 |  1:4.3p2-9 |        stable | all
  ssh-krb5 | 1:4.3p2-9etch2 | proposed-updates | all
   openssh |  1:4.3p2-9 |        stable | source
   openssh | 1:4.3p2-9etch2 | proposed-updates | source
libcrypto0.9.8-udeb | 0.9.8c-4etch1 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libcrypto0.9.8-udeb | 0.9.8c-4etch3 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl-dev | 0.9.8c-4etch1 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl-dev | 0.9.8c-4etch3 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl0.9.8 | 0.9.8c-4etch1 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl0.9.8 | 0.9.8c-4etch3 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl0.9.8-dbg | 0.9.8c-4etch1 |        stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl0.9.8-dbg | 0.9.8c-4etch3 | proposed-updates | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
   openssl | 0.9.8c-4etch1 |        stable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
   openssl | 0.9.8c-4etch3 | proposed-updates | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc


> If they have and given the above I propose to do a new upload of 
> debian-installer to be included in 4.0r4. If all goes well, they should 
> be built with time to spare for the planned schedule but we would need 
> quick responses if there are issues.
> 
> Any objections against an upload? There would be no other changes.

go ahead. if you need any assistance, don't hesitate to contact me (see IRC)

Greetings
Martin

-- 
 Martin Zobel-Helas <zobel@debian.org>  |  Debian Release Team Member
 Debian & GNU/Linux Developer           |           Debian Listmaster
 Public key http://zobel.ftbfs.de/5d64f870.asc   -   KeyID: 5D64 F870
 GPG Fingerprint:  5DB3 1301 375A A50F 07E7  302F 493E FB8E 5D64 F870

Reply to:

References:
- Bug#491263: network-console, etch netinst, openssh
  - From: Mike Edwards <pf-debian-bugs@mirkwood.net>
- Bug#491263: network-console, etch netinst, openssh
  - From: Frans Pop <elendil@planet.nl>

Prev by Date: Bug#491034: marked as done (cdinst problem ("root bridge"?))
Next by Date: Re: [PATCH] RAID10 and RAID6
Previous by thread: Processed: Re: Bug#491263: network-console, etch netinst, openssh
Next by thread: Bug#491263: network-console, etch netinst, openssh
Index(es):
- Date
- Thread