[Bug 2019191] Re: [MIR] dhcpcd
Christian Ehrhardt
2019191 at bugs.launchpad.net
Wed Aug 16 09:01:05 UTC 2023
As requested just source + dhcpcd-base in mantic-proposed for now.
Override component to main
dhcpcd 1:10.0.2-3ubuntu2 in mantic: universe/misc -> main
Override [y|N]? y
1 publication overridden.
Override component to main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic amd64: universe/net/optional/100% -> main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic arm64: universe/net/optional/100% -> main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic armhf: universe/net/optional/100% -> main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic ppc64el: universe/net/optional/100% -> main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic riscv64: universe/net/optional/100% -> main
dhcpcd-base 1:10.0.2-3ubuntu2 in mantic s390x: universe/net/optional/100% -> main
Override [y|N]? y
6 publications overridden.
** Changed in: dhcpcd (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dhcpcd in Ubuntu.
https://bugs.launchpad.net/bugs/2019191
Title:
[MIR] dhcpcd
Status in dhcpcd package in Ubuntu:
Fix Released
Status in dhcpcd5 package in Debian:
Fix Released
Bug description:
[Availability]
The package dhcpcd5 is already in Ubuntu universe.
The package dhcpcd5 builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/dhcpcd5
[Rationale]
The package dhcpcd5 is required in Ubuntu main to replace isc-dhcp-client.
ISC has announced the end of life for ISC DHCP as of the end of 2022.
In FO092 specification, we compare the alternatives among dhcpcd, udhcpc,
ipconfig, dhclient, systemd-networkd, network-manager, dhcpcanon.
dhcpcd is small (to be included in initramfs), supports DHCPv6, can be called
from shell (to be used in initramfs and cloud-init). It’s the best candidate currently.
The package dhcpcd5 is required in Ubuntu main no later than 23.10 release.
So in 24.04 we can have sufficient time to replace the usage of isc-dhcp-client,
and finally demote isc-dhcp-client to universe.
[Security]
- Had 15 security issues in the past
- links to such security issues in trackers
https://ubuntu.com/security/CVE-2005-1848 allows remote attackers to cause a denial of service (daemon crash)
https://ubuntu.com/security/CVE-2011-0996 allows remote attackers to execute arbitrary commands
https://ubuntu.com/security/CVE-2012-2152 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code
https://ubuntu.com/security/CVE-2012-6698 allows remote DHCP servers to cause a denial of service (out-of-bounds write)
https://ubuntu.com/security/CVE-2012-6699 allows remote DHCP servers to cause a denial of service (out-of-bounds read)
https://ubuntu.com/security/CVE-2012-6700 allows remote DHCP servers to cause a denial of service
https://ubuntu.com/security/CVE-2014-6060 allows remote DHCP servers to cause a denial of service
https://ubuntu.com/security/CVE-2014-7912 allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption)
https://ubuntu.com/security/CVE-2014-7913 allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption)
https://ubuntu.com/security/CVE-2016-1503 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow)
https://ubuntu.com/security/CVE-2016-1504 allows remote attackers to cause a denial of service (invalid read and crash)
https://ubuntu.com/security/CVE-2019-11577 contains a buffer overflow
https://ubuntu.com/security/CVE-2019-11578 allowed attackers to infer secrets
https://ubuntu.com/security/CVE-2019-11579 contains a 1-byte read overflow
https://ubuntu.com/security/CVE-2019-11766 buffer over-read
- context that shows how these issues got handled in
the past
https://launchpad.net/ubuntu/+source/dhcpcd5/6.0.5-2build0.14.04.1
A fakesync from Debian to trusty-security for CVE-2014-6060
- no `suid` or `sgid` binaries
- Binary dhcpcd in /usr/sbin/dhcpcd is no problem because it’s expected to be executed by daemon scripts or services.
- Package dhcpcd-base does not install services, timers or recurring jobs
- Package dhcpcd does install services, timers or recurring jobs
- dhcpcd.service
Hardened systemd service, Protect{System, Home, Clock, KernelModules, KernelLogs, ControlGroups},
Restrict{Namespaces, Realtime, SUIDSGID}, SystemCallFilter,
PrivateDevices, LockPersonality, MemoryDenyWriteExecute,
- dhcpcd at .service
Not used by default, for single network interface.
- apparmor-profiles package contains profile /usr/share/apparmor/extra-profiles/sbin.dhcpcd
- Package does open privileged ports (ports < 1024).
- DHCPv6 client port: 546/UDP
- BOOTP client port: 68/UDP
- Packages contains extensions to security-sensitive software
hook plugins in /usr/lib/dhcpcd/dhcpcd-hooks/
[Quality assurance - function/usage]
- integration with ntp is broken after ntp was replaced by ntpsec. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036085
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/dhcpcd5/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=dhcpcd5
- Upstream's bug tracker
https://github.com/NetworkConfiguration/dhcpcd/issues
- The package has important open bugs, listing them:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034465 dhcpcd -U results in "Bad system call"
Fixed in the new release, but it’s not uploaded due to freeze in Debian.
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https://launchpad.net/ubuntu/+source/dhcpcd5/9.4.1-21/+build/26015669/+files/buildlog_ubuntu-mantic-amd64.dhcpcd5_9.4.1-21_BUILDING.txt.gz
The tests are very trivial, not related to its core functionality.
https://github.com/NetworkConfiguration/dhcpcd/tree/master/tests
- The package does have failing autopkgtests tests right now, but since
they always fail, they are handled as "ignored failure".
https://autopkgtest.ubuntu.com/packages/d/dhcpcd5
dhcpcd itself conflicts/replaces isc-dhcp-client, which is needed by ubuntu-minimal.
So Ubuntu autopkgtest can't run the tests.
We want to drop isc-dhcp-client in the future, so it should be ok currently.
the tests pass on Debian however Debian doesn't run the isolation-machine tests https://ci.debian.net/packages/d/dhcpcd5/
[Quality assurance - packaging]
- debian/watch is present but not works because upstream no longer provides
tarball on their website.
It has been fixed in https://salsa.debian.org/debian/dhcpcd5/-/commit/4fe065dbf546e4e79b0327cb91dc883a34380a88
not uploaded yet.
- debian/control defines a correct Maintainer field (no Ubuntu delta)
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https://launchpad.net/ubuntu/+source/dhcpcd5/9.4.1-21/+build/26015669/+files/buildlog_ubuntu-mantic-amd64.dhcpcd5_9.4.1-21_BUILDING.txt.gz
- Please attach the full output you have got from
W: dhcpcd: changelog-distribution-does-not-match-changes-file unstable != mantic [usr/share/doc/dhcpcd/changelog.Debian.gz:1]
W: dhcpcd-base: changelog-distribution-does-not-match-changes-file unstable != mantic [usr/share/doc/dhcpcd-base/changelog.Debian.gz:1]
W: dhcpcd5: changelog-distribution-does-not-match-changes-file unstable != mantic [usr/share/doc/dhcpcd5/changelog.Debian.gz:1]
W: dhcpcd5 changes: distribution-and-changes-mismatch mantic unstable
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8 [usr/share/man/man5/dhcpcd.conf.5.gz:1]
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8 [usr/share/man/man8/dhcpcd-run-hooks.8.gz:1]
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8 [usr/share/man/man8/dhcpcd.8.gz:1]
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium (no debconf questions)
- Packaging and build is easy, link to debian/rules
https://salsa.debian.org/debian/dhcpcd5/-/blob/debian/sid/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS
- Misuse of Conflicts/Breaks violate Debian Policy 7.4 (but not strictly forbidden). https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036085
[Maintenance/Owner]
- Owning Team will be Foundations team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is dhcpcd
- Link to upstream project https://github.com/NetworkConfiguration/dhcpcd
- The source package may be renamed to dhcpcd as requested in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026169
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/2019191/+subscriptions
More information about the foundations-bugs
mailing list