[MIR] dhcpcd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dhcpcd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
dhcpcd5 (Debian) |
Fix Released
|
Unknown
|
Bug Description
[Availability]
The package dhcpcd5 is already in Ubuntu universe.
The package dhcpcd5 builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https:/
[Rationale]
The package dhcpcd5 is required in Ubuntu main to replace isc-dhcp-client.
ISC has announced the end of life for ISC DHCP as of the end of 2022.
In FO092 specification, we compare the alternatives among dhcpcd, udhcpc,
ipconfig, dhclient, systemd-networkd, network-manager, dhcpcanon.
dhcpcd is small (to be included in initramfs), supports DHCPv6, can be called
from shell (to be used in initramfs and cloud-init). It’s the best candidate currently.
The package dhcpcd5 is required in Ubuntu main no later than 23.10 release.
So in 24.04 we can have sufficient time to replace the usage of isc-dhcp-client,
and finally demote isc-dhcp-client to universe.
[Security]
- Had 15 security issues in the past
- links to such security issues in trackers
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
https:/
- context that shows how these issues got handled in
the past
https:/
A fakesync from Debian to trusty-security for CVE-2014-6060
- no `suid` or `sgid` binaries
- Binary dhcpcd in /usr/sbin/dhcpcd is no problem because it’s expected to be executed by daemon scripts or services.
- Package dhcpcd-base does not install services, timers or recurring jobs
- Package dhcpcd does install services, timers or recurring jobs
- dhcpcd.service
Hardened systemd service, Protect{System, Home, Clock, KernelModules, KernelLogs, ControlGroups},
Restrict{
PrivateDe
- dhcpcd@.service
Not used by default, for single network interface.
- apparmor-profiles package contains profile /usr/share/
- Package does open privileged ports (ports < 1024).
- DHCPv6 client port: 546/UDP
- BOOTP client port: 68/UDP
- Packages contains extensions to security-sensitive software
hook plugins in /usr/lib/
[Quality assurance - function/usage]
- integration with ntp is broken after ntp was replaced by ntpsec. https:/
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker
https:/
- The package has important open bugs, listing them:
- https:/
Fixed in the new release, but it’s not uploaded due to freeze in Debian.
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https:/
The tests are very trivial, not related to its core functionality.
https:/
- The package does have failing autopkgtests tests right now, but since
they always fail, they are handled as "ignored failure".
https:/
dhcpcd itself conflicts/replaces isc-dhcp-client, which is needed by ubuntu-minimal.
So Ubuntu autopkgtest can't run the tests.
We want to drop isc-dhcp-client in the future, so it should be ok currently.
the tests pass on Debian however Debian doesn't run the isolation-machine tests https:/
[Quality assurance - packaging]
- debian/watch is present but not works because upstream no longer provides
tarball on their website.
It has been fixed in https:/
not uploaded yet.
- debian/control defines a correct Maintainer field (no Ubuntu delta)
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https:/
- Please attach the full output you have got from
W: dhcpcd: changelog-
W: dhcpcd-base: changelog-
W: dhcpcd5: changelog-
W: dhcpcd5 changes: distribution-
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/
W: dhcpcd-base: groff-message command exited with status 1: /usr/libexec/
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium (no debconf questions)
- Packaging and build is easy, link to debian/rules
https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS
- Misuse of Conflicts/Breaks violate Debian Policy 7.4 (but not strictly forbidden). https:/
[Maintenance/Owner]
- Owning Team will be Foundations team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is dhcpcd
- Link to upstream project https:/
- The source package may be renamed to dhcpcd as requested in
https:/
Changed in dhcpcd5 (Debian): | |
status: | Unknown → New |
description: | updated |
description: | updated |
Changed in dhcpcd5 (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
tags: | added: sec-2101 |
Changed in dhcpcd5 (Debian): | |
status: | New → Fix Released |
Changed in dhcpcd5 (Ubuntu): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Camila Camargo de Matos (ccdm94) |
status: | New → In Progress |
Changed in dhcpcd (Ubuntu): | |
assignee: | nobody → Shengjing Zhu (zhsj) |
I suggest waiting until dhcpcd 10.0.1 has been uploaded to Debian and imported into Ubuntu before switching the default DHCP client. It should also be noted that Debian will migrate the source:pkg to dhcpcd (i.e.drop the 5) starting with the 10.0.1 upload.