Bug#991432: marked as done (unblock: freeradius/3.0.21+dfsg-2.1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 23 Jul 2021 22:04:00 +0000
with message-id <E1m73Gy-0005ps-Ia@respighi.debian.org>
and subject line unblock freeradius
has caused the Debian Bug report #991432,
regarding unblock: freeradius/3.0.21+dfsg-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991432
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: freeradius/3.0.21+dfsg-2.1
• From: Jochen Sprickerhof <jspricke@debian.org>
• Date: Fri, 23 Jul 2021 13:45:47 +0200
• Message-id: <[🔎] 162704074796.101953.825271443581106147.reportbug@fenchel>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package freeradius

[ Reason ]
Misleading comment in systemd service file about how to get capabilities
for privileged ports: #985967.

[ Impact ]
Users could have a hard time how to use freeradius.

[ Tests ]
To test manually:
$ sudo apt install freeradius-dhcp
$ sed 's/port = 6700/port = 67/' /etc/freeradius/3.0/sites-available/dhcp > /etc/freeradius/3.0/sites-enabled/dhcp
$ systemctl restart freeradius

[ Risks ]
This only changes a commented line in a service file, I don't see a
risk.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
Send upstream as
https://github.com/FreeRADIUS/freeradius-server/pull/4150

unblock freeradius/3.0.21+dfsg-2.1

diff -Nru freeradius-3.0.21+dfsg/debian/changelog freeradius-3.0.21+dfsg/debian/changelog
--- freeradius-3.0.21+dfsg/debian/changelog	2020-08-24 10:46:49.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/changelog	2021-07-23 13:19:03.000000000 +0200
@@ -1,3 +1,13 @@
+freeradius (3.0.21+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix capabilities in service file.
+    As freeradius is not run as root we need to request extra capabilities
+    wiht AmbientCapabilities instead of limiting the set with
+    CapabilityBoundingSet. (Closes: #985967)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Fri, 23 Jul 2021 13:19:03 +0200
+
 freeradius (3.0.21+dfsg-2) unstable; urgency=medium
 
   * Cherry-Pick upstream fixes to build with Python3.8 (Closes: #966860)
diff -Nru freeradius-3.0.21+dfsg/debian/freeradius.service freeradius-3.0.21+dfsg/debian/freeradius.service
--- freeradius-3.0.21+dfsg/debian/freeradius.service	2020-08-24 10:46:49.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/freeradius.service	2021-07-23 13:13:11.000000000 +0200
@@ -41,7 +41,7 @@
 NoNewPrivileges=true
 
 # Allow binding to secure ports, broadcast addresses, and raw interfaces.
-#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
+#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
 
 # Private /tmp that isn't shared by other processes
 PrivateTmp=true

--- End Message ---

--- Begin Message ---

• To: 991432-done@bugs.debian.org
• Subject: unblock freeradius
• From: Sebastian Ramacher <sramacher@respighi.debian.org>
• Date: Fri, 23 Jul 2021 22:04:00 +0000
• Message-id: <E1m73Gy-0005ps-Ia@respighi.debian.org>

Unblocked.

--- End Message ---