[Bug 1978144] [NEW] [MIR] ipmitool

Launchpad Bug Tracker 1978144 at bugs.launchpad.net
Tue Mar 21 15:37:56 UTC 2023 

You have been subscribed to a public bug by Seth Arnold (seth-arnold):

An MIR was originally attempted a few years ago (see LP: #1576812) but
was denied as the package was not yet in a good enough state. In that
time ipmitool has become a more reasonable candidate for main inclusion.

ipmitool is used often by MAAS and has shown up in component mismatches
for a few years. It is also used often for high availability systems.

[Availability]
The package ipmitool is already in Ubuntu universe.
The package ipmitool builds for the architectures it is designed to work on.
It currently builds and works for architectures: any
Link to package https://launchpad.net/ubuntu/+source/ipmitool

[Rationale]
- The package ipmitool will generally be useful for a large part of our
  user base since it is widely used in systems management and in various
  HA components. It is also suggested by tools such as cluster-glue which
  is in main

[Security]
- Based on CVE trackers ipmitool had 2 relevant security issues
- CVE-2020-5208 (https://ubuntu.com/security/CVE-2020-5208): handled in
  1.8.19 upstream and in a set of 6 patches in 1.8.18-10.1 Debian/Ubuntu
- CVE-2011-4339 (https://ubuntu.com/security/CVE-2011-4339): Fixed
  in 1.8.11-5

- The binary ipmievd is installed to /usr/sbin. It has a fairly limited
  scope with limited exposure, acting as a daemon for sending IPMI events
  to syslog. ipmievd requires super user priveleges to access syslog.
- The package installs a service corresponding to ipmievd located at:
  /etc/init.d/ipmievd and /lib/systemd/system/ipmievd.service
- The package does not open privileged ports (ports < 1024), but defaults to
  using port 514 in certain situations.
- The package does not contain extensions to security-sensitive software

[Quality assurance - function/usage]
- The package works well right after install. Site-specific options for
  accessing a BMC may be necessary, but are documented in the man page.

[Quality assurance - maintenance]
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ipmitool
- The package is maintained well in Debian/Ubuntu and does not have too
  many bugs with nothing long term and critical open
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- The package does not run a test at build time because it has no test
  suite. If it had tests they would likely have strict hardware
  dependencies.
- The package does not have any autopkgtests

[Quality assurance - packaging]
- debian/watch is present and works

- This package does not yield massive lintian Warnings, Errors
Lintain results:
W: ipmitool-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/83/f454e3ecf71ef36fda026461a8785a747ec163.debug]
W: ipmitool-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/d9/d138606f42a79ef56f95617d3f57b765b3afe4.debug]

- Lintian overrides are no longer present in the package

- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy

[UI standards]
- Outside of the comand-line tool, the application is not end-user facing.
  It has no translations present though.
- ipmitool has no desktop file, and is primarily used via the
  command-line on servers

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be Ubuntu Server
- Team is already subscribed to the package

- This does not use static builds
- This does not use vendored code

[Background information]
The Package description explains the package well
Upstream Name is ipmitool
Link to upstream project https://github.com/ipmitool/ipmitool

** Affects: ipmitool (Ubuntu)
     Importance: Undecided
         Status: Won't Fix


** Tags: sec-1107
-- 
[MIR] ipmitool
https://bugs.launchpad.net/bugs/1978144
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.

More information about the ubuntu-archive mailing list