Your message dated Sun, 10 Nov 2024 14:50:03 +0000
with message-id <e1ta9gn-00ecy2...@fasolo.debian.org>
and subject line Bug#1086014: fixed in newpid 14
has caused the Debian Bug report #1086014,
regarding newpid: autopkgtest failures caused by ping no longer being installed
with CAP_NET_RAW
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1086014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: newpid
Version: 13
Severity: important
Tags: ftbfs patch
As of version 3:20240905-1 of iputils, ping is no longer installed with
CAP_NET_RAW or setuid root permissions. Instead, it relies on the
net.ipv4.ping_group_range sysctl to grant non-root users the ability to use
it. This change is impacting the newpid check-newnet tests as invoked by
autopkgtest, which create new network namespaces that don't grant
unprivileged users the ability to run ping.
If the newpid invocations in the tests run as root, that will fix the issue.
That may not be the ideal solution in all cases, but it does resolve the
issue when run with autopkgtest. See the attached patch for one possible
implementation of this change.
For background on the iputils change, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008281
noah
-- System Information:
Debian Release: 12.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.11+bpo-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
>From 60728458dabc3415b59230fad7738ab2dbea8d64 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <fr...@morgul.net>
Date: Thu, 24 Oct 2024 18:42:51 -0400
Subject: [PATCH] Fix unprivileged ping execution in autopkgtest
---
debian/tests/control | 3 ++-
test/Makefile | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/tests/control b/debian/tests/control
index 13b5c56..94d417c 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,3 +1,4 @@
Depends: @, iputils-ping
-Test-Command: make check
+Test-Command: make check ROOTCMD=sudo
Features: test-name=check
+Restrictions: needs-sudo
diff --git a/test/Makefile b/test/Makefile
index 5bd3082..79714f5 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -11,8 +11,8 @@ check-zombie:
check-newnet:
# remove time/rtt output for reproducibility
# iputils-ping 3:20190515-2 added a "ping: " prefix in front of errors,
remove it for compatibility
- ( newpid -n ping -q -c 1 -n 127.0.0.1 2>&1 | sed -e
's/\(time\|rtt\).*//'; \
- newpid -n ping -q -c 1 -n 192.0.2.1 2>&1 | sed -e 's/^ping: //' \
+ ( $(ROOTCMD) newpid -n ping -q -c 1 -n 127.0.0.1 2>&1 | sed -e
's/\(time\|rtt\).*//'; \
+ $(ROOTCMD) newpid -n ping -q -c 1 -n 192.0.2.1 2>&1 | sed -e
's/^ping: //' \
) | tee newnet.out
diff -u newnet.expected newnet.out
--
2.39.5
--- End Message ---
--- Begin Message ---
Source: newpid
Source-Version: 14
Done: Christoph Berg <m...@debian.org>
We believe that the bug you reported is fixed in the latest version of
newpid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1086...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <m...@debian.org> (supplier of updated newpid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Nov 2024 15:35:27 +0100
Source: newpid
Architecture: source
Version: 14
Distribution: unstable
Urgency: medium
Maintainer: Christoph Berg <m...@debian.org>
Changed-By: Christoph Berg <m...@debian.org>
Closes: 1086014
Changes:
newpid (14) unstable; urgency=medium
.
* ping is no longer suid root; run autopkgtest with sudo.
Thanks Noah Meyerhans! (Closes: #1086014)
Checksums-Sha1:
fe992f49591b1b3a17b845d0e017e7190b8a375e 1530 newpid_14.dsc
89f78b1a573ecd4013bd274eb89be8048ad5be79 7156 newpid_14.tar.xz
Checksums-Sha256:
2c3a0737a9b13e7dcd332d0b2fcfb39002cc72d558529acea7bd8856906dacc4 1530
newpid_14.dsc
4fb1ae15d39f46c51b5d1e1663e0b1de551403622674447465ab31c710104c76 7156
newpid_14.tar.xz
Files:
7ce964d0fd0d15ebea42203db57f4b98 1530 utils optional newpid_14.dsc
23f5c2f228bc6a6c46bea9500394b2e3 7156 utils optional newpid_14.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmcwxbkACgkQTFprqxLS
p66sNBAArKNHs5vyKNth7DBIA78qGWUSm6t6Orxcqqqhb2RDbZPo5v53+UdouXTU
uXDziAwaVz8W5sPv2Eq2YvKfcbR4NcIhHErjQDHjfrfWCTnvGisVwga35fvDke9k
3Y2eNCD8K5md0iMZfGUphCvaB4WylAE9QiK0sJTu/7M/CyH4LunMQckJZhZd2iMB
6t4pYGZAjrJ5qQDcYrC10uIznRDlWdHOu/t1EfaEzL3Qjn55yYU4kVjuOEqxxQBa
VBJ7uiH3n2z+FhCP0saSwfThlhUzm20uB7TFrf0lMlkjSHgW8jDTrlXA6gT2UIlo
UszfKOkGR5z8qyAe2M+022sJtTeHBjI6JroZXb0X2FVF9JNp8Wq3YoVgG7lz8y4c
jbVewDG9lqBy3MrGxCixxBR/NKmh0JxEW0YdY3llVvylLJNeQG2B5dHxArtXKioE
WZoxRlm01uLRfjwSJzjk78m/4pTeviHgSaZ8phEmzAbydQYK2OgaUseZ1xUP5lvv
13myZwvFjn78j3CEuznh2ugOCY2zzJPGjHzaYAQpWBuHPeqK7W+CRaL6XXYz5rt6
pjqim5jciy3Jn2loGjVcQru/g/T146Op/r62OnCdbWjl4ChDsWPflZ6NVEjbkEIK
YvcH0082ipxGHtv24kIO9gudV2rZyTZjsplMHwx+2bmM66TVkb4=
=acG7
-----END PGP SIGNATURE-----
pgps1t7hdeHQo.pgp
Description: PGP signature
--- End Message ---
