Test script ** Description changed:
[ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. - [ Test Plan ] - * detailed instructions how to reproduce the bug + To easily test this on a single machine, a test script is being provided + to setup networking and dnsmasq configuration. - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. - * if other testing is appropriate to perform before landing this update, - this should also be described here. + # Launch a jammy VM + + lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm + + # open a root shell in that VM. All subsequent commands must be executed + as root in that VM + + lxc shell j-dnsmasq-2042587 + + # download test script + + wget + https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738170/+files/setup- + and-server.sh + + # make it executable + + chmod +x setup-and-server.sh + + # install dnsmasq. Ignore the postinst error (because systemd-resolved + is also running and there is a port conflict) + + apt update && apt install dnsmasq -y + + # run the setup script. It will configure things and start dnsmasq ready + to be tested + + ./setup-and-server.sh + + + # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): + + + No DHCP relay: + + ip netns exec client dhclient -d -v p2 + + The setup script should log an IP that is not a relay. For example: + dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 + ########################### + IP = 192.168.47.150 + ########################### + + + With DHCP relay set to 192.168.47.9, IP should NOT be that address: + + ip netns exec client dhclient -d -v p2 -g 192.168.47.9 + + + With the affected dnsmasq package, we will see an error: + dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 + ########################### + IP = 192.168.47.9 + TEST FAILED + ########################### + + The error is that the obtained IP is that of the dhcp relay (provided + via the -g option). + + With the fixed dnsmasq package, "TEST FAILED" must not appear, and the + IP should not be that of the provided dhcp relay. + [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp-script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 ** Attachment removed: "setup-and-server.sh" https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738170/+files/setup-and-server.sh ** Attachment added: "setup-and-server.sh" https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup-and-server.sh ** Description changed: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. - # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget - https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738170/+files/setup- + https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh - - # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): - + # in another root session inside the vm (so run "lxc shell + j-dnsmasq-2042587" in another terminal), run the proposed commands from + the setup script (and press ctrl-c after the result is shown): No DHCP relay: - ip netns exec client dhclient -d -v p2 + ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: - dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 - dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 - dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.150 ########################### - With DHCP relay set to 192.168.47.9, IP should NOT be that address: - ip netns exec client dhclient -d -v p2 -g 192.168.47.9 - + ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: - dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 + dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.9 TEST FAILED ########################### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. - [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp-script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 ** Changed in: dnsmasq (Ubuntu) Status: New => Fix Released ** Description changed: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. + + This was fixed in 2.87, therefore making only jammy carry an affected + package. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): No DHCP relay: ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.150 ########################### With DHCP relay set to 192.168.47.9, IP should NOT be that address: ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.9 TEST FAILED ########################### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp-script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 ** Description changed: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. This was fixed in 2.87, therefore making only jammy carry an affected package. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): No DHCP relay: ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.150 ########################### With DHCP relay set to 192.168.47.9, IP should NOT be that address: ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.9 TEST FAILED ########################### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the change is - wrong or breaks something else: how would this show up? - - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. - - * This must '''never''' be "None" or "Low", or entirely an argument as to why - your upload is low risk. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + If the fix is incorrect, it would mean the dhcp-script would get an incorrect IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers and pointers if the dhcp-script option is in use. + This fix was committed upstream a few months after the bug was introduced, so it took a while to be noticed. [ Other Info ] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + Not at this time. [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp-script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2042587 Title: jammy's version breaks existing dhcp scripts with relay Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. This was fixed in 2.87, therefore making only jammy carry an affected package. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): No DHCP relay: ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.150 ########################### With DHCP relay set to 192.168.47.9, IP should NOT be that address: ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ########################### IP = 192.168.47.9 TEST FAILED ########################### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. [ Where problems could occur ] If the fix is incorrect, it would mean the dhcp-script would get an incorrect IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers and pointers if the dhcp-script option is in use. This fix was committed upstream a few months after the bug was introduced, so it took a while to be noticed. [ Other Info ] Not at this time. [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp- script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
