Bug#1013430: marked as done (dhcpcd5: please enable priviledge separation)

To: Martin-Éric Racine <martin-eric.racine@iki.fi>
Subject: Bug#1013430: marked as done (dhcpcd5: please enable priviledge separation)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 29 Jun 2022 18:12:13 +0000
Message-id: <[🔎] handler.1013430.D1013430.16565262159288.ackdone@bugs.debian.org>
Reply-to: 1013430@bugs.debian.org
References: <E1o6c8i-000BBd-Pu@fasolo.debian.org> <165598811250.1949.2629393689164245683.reportbug@geode.lan>

Your message dated Wed, 29 Jun 2022 18:10:12 +0000
with message-id <E1o6c8i-000BBd-Pu@fasolo.debian.org>
and subject line Bug#1013430: fixed in dhcpcd5 9.4.1-2
has caused the Debian Bug report #1013430,
regarding dhcpcd5: please enable priviledge separation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1013430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013430
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dhcpcd5: please enable priviledge separation
From: Martin-Éric Racine <martin-eric.racine@iki.fi>
Date: Thu, 23 Jun 2022 15:41:52 +0300
Message-id: <165598811250.1949.2629393689164245683.reportbug@geode.lan>

Package: dhcpcd5
Version: 9.4.1-0.1
Severity: important
Tags: ipv6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In Debian 9.4.1-0.1, dhcpcd5 isn't built with priviledge separation. Enabling this would improve security by forking separate sub-processes for IPv4 and IPv6.

I have a 9.4.1-0.2 ready at https://mentors.debian.net/package/dhcpcd5/ which enables priviledge separation using the canonical non-zero user "daemon" ready to sponsor.

Martin-Éric

- -- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-security'), (500, 'testing')
Architecture: i386 (i586)

Kernel: Linux 5.18.0-2-686 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dhcpcd5 depends on:
ii  libc6     2.33-7
ii  libudev1  251.2-5
ii  lsb-base  11.2

Versions of packages dhcpcd5 recommends:
pn  openresolv | resolvconf  <none>

Versions of packages dhcpcd5 suggests:
pn  dhcpcd-gtk  <none>
pn  dhcpcd-ui   <none>

- -- Configuration Files:
/etc/dhcpcd.conf changed [not included]

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmK0X44ACgkQrh+Cd8S0
17Y2KRAAmLn0Td0hbEMd4Rf2yRqYtK1k8XjiK6d9/pzWAYAHeXwic3k6ck3osuMn
fLfcH5EsfNhcGulFnFXUOw4mR5JpwHKQaKM56BGCSWioWv7vp9qTXj4n4uBOhzI+
RRN7Y2dkQpiBr4SjiGMO58iQ2fk/w104sjodBsHZL9GTPym5AaWWg5O2TnSnTFhI
cl+UxR2zSTBfPA4vpCfqVWg/1FayyyVDL5h8pAEV66F2GnjMtyPEyIzI6ljTS8uj
hLPXzzNNwZIp6kesQTvZG/igJ2awzEKs+texF2YVW1JJAGy5U/7RZZH+vQI3HKqv
G6zaVBnLG/+FRlxRumSP6t6rJKuAxX9YAcKtwLONoUZ4CGc9bbENdsVU7WgEs4++
LfuYuyuCLel5Ul8wYhcY8jA14rnjX5j14KFXowwfBE9a9QpDDPHCKql5A826Vwxe
CZAr41XUkPpzMPOkey6cdIdKpFxVFSvTQpX0Dr+SmBbL+OHsbkaZtBFLJWN96iek
r32L3gHf/qb+x9WPogO7aEnxeYRp8al0vho3c1TxkzUNi1uEJgo/n51WBZP2kpWJ
aZyN9o23KdTUDHKviY8//MeB2bQ4UgNsfrJUH7uKoJ5/LzNF9Q+w469rR9QU4Lvg
hV0RcPkFD0UJ4hiulnMvvlh/duGBZ/gMlv6+cVtDSZnUkJvY4vI=
=OlOO
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 1013430-close@bugs.debian.org
Subject: Bug#1013430: fixed in dhcpcd5 9.4.1-2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 29 Jun 2022 18:10:12 +0000
Message-id: <E1o6c8i-000BBd-Pu@fasolo.debian.org>
Reply-to: Martin-Éric Racine <martin-eric.racine@iki.fi>

Source: dhcpcd5
Source-Version: 9.4.1-2
Done: Martin-Éric Racine <martin-eric.racine@iki.fi>

We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1013430@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin-Éric Racine <martin-eric.racine@iki.fi> (supplier of updated dhcpcd5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jun 2022 22:37:37 +0300
Source: dhcpcd5
Binary: dhcpcd-base dhcpcd-base-dbgsym dhcpcd5
Architecture: source amd64 all
Version: 9.4.1-2
Distribution: unstable
Urgency: medium
Maintainer: Martin-Éric Racine <martin-eric.racine@iki.fi>
Changed-By: Martin-Éric Racine <martin-eric.racine@iki.fi>
Description:
 dhcpcd-base - DHCPv4 and DHCPv6 dual-stack client (binaries and exit hooks)
 dhcpcd5    - DHCPv4 and DHCPv6 dual-stack client (init.d script and systemd un
Closes: 980861 1001763 1008059 1013430 1013763
Changes:
 dhcpcd5 (9.4.1-2) unstable; urgency=medium
 .
   [ Martin-Éric Racine ]
   * Adopt package (Closes: #1013763).
     Thanks to Scott Leggett for having maintained the package in recent years.
   * Implement privilege separation (Closes: #1013430).
     + Add to [rules]:
       --privsepuser=dhcpcd
     + Add to [posinst]: dhcpcd system user creation.
     + Add to [postrm]: dhcpcd system user deletion.
     + Add to [control]: Depends: adduser
   * Bump Standards-Version to 4.6.1 (no change required).
   * Merge patch against hooks/60-ntp-common.conf (Closes: #1008059).
   * Move path of Chrony helper from /usr/lib to /usr/libexec (Closes: #980861).
   * Fix openntpd restart command (Closes: #1001763).
   * Split package into two targets:
     + dhcpcd-base (binaries, exit hooks and manual pages) Provides: dhcp-client
     + dhcpcd5 (init.d script and systemd unit) Depends: dhcpcd-base
     Thus dhcpcd-base provides a dhcp-client backend for ifupdown that offers
     a dual-stack replacement for isc-dhcp-client.
     Meanwhile dhcpcd5 still exists for minimalist systems without ifupdown.
   [ Scott Leggett ]
   * Avoid pointless NTP client reloads
   * Add local gbp.conf for upstream tag format.
   * Add to [control]:
     + Rules-Requires-Root: no
   * Tests: work around issue with checksums on veth interfaces.
   * Tests: Give NTP services more grace time for updates.
   * Add support for systemd unit file hardening.
   [ Bastian Germann ]
   * Update rundir to align with upstream.
   [ Julien Rabier ]
   * Update the systemd unit.
   * Add a systemd unit template for interface-specific cases.
Checksums-Sha1:
 09237debeaa9bb48e7436ebc661906e3d1421b5a 1854 dhcpcd5_9.4.1-2.dsc
 bf8fa944cf04843c494ed8df718dcbf6dc3274d2 14632 dhcpcd5_9.4.1-2.debian.tar.xz
 deeaff6c07a6e16b940af3694ab12aa74c8030dd 455424 dhcpcd-base-dbgsym_9.4.1-2_amd64.deb
 4c23d5b048dc8becce500441085ec02f6effc3c2 189716 dhcpcd-base_9.4.1-2_amd64.deb
 95979fabefced3e4ceb06196664d9b1a3810b414 9800 dhcpcd5_9.4.1-2_all.deb
 7c2d025c47f03da21beb37e74b43650ba9f79643 6121 dhcpcd5_9.4.1-2_amd64.buildinfo
Checksums-Sha256:
 cd220742061a3aeb8730a8579255019061103ddda9cb4a715a7dd1911f531123 1854 dhcpcd5_9.4.1-2.dsc
 47cc3b7975b1004ed8c0e69fd8e6e7ca22c43411684dee84e1737c0634718029 14632 dhcpcd5_9.4.1-2.debian.tar.xz
 b4fd1bdd9a68997ac06d0240ee6d396d72e447500d793679c7cb57e0f066f710 455424 dhcpcd-base-dbgsym_9.4.1-2_amd64.deb
 ff7915b2954233304e154e7d8224c3aa95114c4978a444b6ac88be5ff6046819 189716 dhcpcd-base_9.4.1-2_amd64.deb
 01d95de0083f34ce6ee5462e6508d7db91d73db078cb129cde7dee3ef69acfe7 9800 dhcpcd5_9.4.1-2_all.deb
 27b817a7e78bef64b7c89f374de23d14531c0fbe35ceb50da3274f94a574ffea 6121 dhcpcd5_9.4.1-2_amd64.buildinfo
Files:
 f075b70f7b1090d20650a88c0edade98 1854 net optional dhcpcd5_9.4.1-2.dsc
 beb14820fe1d36f4ce403f7f69a16695 14632 net optional dhcpcd5_9.4.1-2.debian.tar.xz
 883d37b87d72ce0190759d1ac029558d 455424 debug optional dhcpcd-base-dbgsym_9.4.1-2_amd64.deb
 84875820dacaf807188acec279ffa972 189716 net optional dhcpcd-base_9.4.1-2_amd64.deb
 0145003401454502dcfc0bd598e33ff9 9800 net optional dhcpcd5_9.4.1-2_all.deb
 49220ae5a6a821aabacfdcdfd66597d4 6121 net optional dhcpcd5_9.4.1-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmK7g8AQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFIanC/935JsoNONQdBCf/Obw4KBfmW1x5DoSQnsv
ciFuFdGyycowNb6rdkF3Xg4LBf21rh0CzaImzTQ+CF9VD/hn+XuLmFCHHf5muXW0
akk4An27HcvrqhqjuoP/uHAxRAdIzLDkdruRlf9I8/U/fTyGcEX65/Gwbq73Hq56
kwywrFKwVi1+bunJNl3PyzAV8hrmYhNCfIp7O1DNoon2LJgt16LG3GSyePPcSW+g
PIVkd44EW8/61mVEVwFXnukRs1hK58/UHXnwFZL1CMtbFIS6a9thsrn7Zv5H182t
66ASXz20AuxRmu+XKg57AtbcnhUB+m320A6W34L1RzehT1ZzJTbRWVmem9PNHcPo
0B64nmg6sQOgaPhjl3ZoNt2r+49in14PhbJp5c4TAbyPUWqwWLCtESqQ5pNBo4M4
OeDOYNLPx5hQQVL8u/zR7cbVUJjf4nWT3pJ0pWNhGBqkK+C/H3R7qSJyXV7rsXMe
lpde06+6wkBnYJpAXCIcf9V4bSGYD4o=
=FLTv
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#1001763: marked as done (dhcpcd5: dhcpcd fails to restart openntpd)
Next by Date: Bug#980861: marked as done (dhcpcd5: chrony hook refers to wrong helper location)
Previous by thread: Bug#1001763: marked as done (dhcpcd5: dhcpcd fails to restart openntpd)
Next by thread: Bug#980861: marked as done (dhcpcd5: chrony hook refers to wrong helper location)
Index(es):
- Date
- Thread