Bug#991432: unblock: freeradius/3.0.21+dfsg-2.1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#991432: unblock: freeradius/3.0.21+dfsg-2.1
From: Jochen Sprickerhof <jspricke@debian.org>
Date: Fri, 23 Jul 2021 13:45:47 +0200
Message-id: <[🔎] 162704074796.101953.825271443581106147.reportbug@fenchel>
Reply-to: Jochen Sprickerhof <jspricke@debian.org>, 991432@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package freeradius

[ Reason ]
Misleading comment in systemd service file about how to get capabilities
for privileged ports: #985967.

[ Impact ]
Users could have a hard time how to use freeradius.

[ Tests ]
To test manually:
$ sudo apt install freeradius-dhcp
$ sed 's/port = 6700/port = 67/' /etc/freeradius/3.0/sites-available/dhcp > /etc/freeradius/3.0/sites-enabled/dhcp
$ systemctl restart freeradius

[ Risks ]
This only changes a commented line in a service file, I don't see a
risk.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
Send upstream as
https://github.com/FreeRADIUS/freeradius-server/pull/4150

unblock freeradius/3.0.21+dfsg-2.1

diff -Nru freeradius-3.0.21+dfsg/debian/changelog freeradius-3.0.21+dfsg/debian/changelog
--- freeradius-3.0.21+dfsg/debian/changelog	2020-08-24 10:46:49.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/changelog	2021-07-23 13:19:03.000000000 +0200
@@ -1,3 +1,13 @@
+freeradius (3.0.21+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix capabilities in service file.
+    As freeradius is not run as root we need to request extra capabilities
+    wiht AmbientCapabilities instead of limiting the set with
+    CapabilityBoundingSet. (Closes: #985967)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Fri, 23 Jul 2021 13:19:03 +0200
+
 freeradius (3.0.21+dfsg-2) unstable; urgency=medium
 
   * Cherry-Pick upstream fixes to build with Python3.8 (Closes: #966860)
diff -Nru freeradius-3.0.21+dfsg/debian/freeradius.service freeradius-3.0.21+dfsg/debian/freeradius.service
--- freeradius-3.0.21+dfsg/debian/freeradius.service	2020-08-24 10:46:49.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/freeradius.service	2021-07-23 13:13:11.000000000 +0200
@@ -41,7 +41,7 @@
 NoNewPrivileges=true
 
 # Allow binding to secure ports, broadcast addresses, and raw interfaces.
-#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
+#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
 
 # Private /tmp that isn't shared by other processes
 PrivateTmp=true

Reply to:

Follow-Ups:
- Bug#991432: marked as done (unblock: freeradius/3.0.21+dfsg-2.1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#991421: unblock: lemonldap-ng/2.0.11+ds-4
Next by Date: Bug#991434: unblock: six/1.16.0-2 (pre-approval)
Previous by thread: Bug#991425: marked as done (unblock: mupdf/1.17.0+ds1-2 [pre-approval])
Next by thread: Bug#991432: marked as done (unblock: freeradius/3.0.21+dfsg-2.1)
Index(es):
- Date
- Thread