[ubuntu/impish-proposed] isc-dhcp 4.4.1-2.3ubuntu1 (Accepted)

Lukas Märdian slyon at ubuntu.com
Mon Aug 9 11:50:12 UTC 2021 

isc-dhcp (4.4.1-2.3ubuntu1) impish; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - debian/control: Add libcap-dev build dependency.
    - Apparmor profiles for dhclient and dhcpd.
    - Apport hook for isc-dhcp-client and isc-dhcp-server.
    - Add systemd units for -server and -relay.
    - If /etc/ltsp/dhcpd.conf exists, use that instead of
      /etc/dhcp/dhcpd.conf.
    - Create user/group dhcpd and make isc-dhcp-server depend on adduser.
    - isc-dhcp-server: Suggest policycoreutils instead of recommending it.
    - Create /etc/dhcp/ddns-keys/ for DDNS updates.
    - Increase the timeout to 300 seconds for dhclient.conf (following the
      default added by dhclient-safer-timeout).
    - Sanitize environment in dhclient-script.linux.
    - add IPv6 initramfs support.
    - Separate default file for isc-dhcp-relay6.
    - Drop isc-dhcp-server/new_auth_behavior question from high to medium
    - dhclient-script.linux: handle empty case also when waiting for ipv6 link
      local DAD.
    - debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
      the logic for handling search domains to also write it to the output
      file when only the domain name is provided by the DHCP server. Copied
      code from debian/dhclient-script.linux.
    - Remaining Ubuntu patches:
      + dhclient-fix-backoff
      + revert-next-server
      + multi-ip-addr-per-if
      + dhclient-safer-timeout
      + onetry_retry_after_initial_success
      + dhcp-lpf-ib.patch
      + dhcp-improved-xid.patch
      + dhcp-gpxe-cid.patch
      + dhcp-improved-xid-correct-byte-order.patch
      + dhcp-4.2.4-dhclient-options-changed.patch
      + ubuntu-dhcpd-conf.patch
    - Apply patch from Alkis Georgopoulos to generate correct
      net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
    - Build-depend on debhelper (>= 9.20160709) for systemd support.
    - Write pidfile before informing parent of success.
    - Ship dhcp exit hook to push DNS information to resolved. LP #1889068
    - debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
    /proc/*/task/*/comm (LP #1870729)
    - debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
    (LP #1850820)
    - debian/rules: build with -fno-strict-aliasing.
    - debian/rules: Build with -O2 instead on -O3 on ppc64el
    - Fix env variable for INTERFACES
      + d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
        variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
        respective services file.
    - Stop building the udeb on request.
  * Dropped Ubuntu changes:
    - debian/patches/CVE-2021-25217.patch, applied in Debian

isc-dhcp (4.4.1-2.3) unstable; urgency=high

  * Non-maintainer upload.
  * A buffer overrun in lease file parsing code can be used to exploit a
    common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
    (Closes: #989157)

Date: Mon, 09 Aug 2021 13:31:01 +0200
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/isc-dhcp/4.4.1-2.3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 09 Aug 2021 13:31:01 +0200
Source: isc-dhcp
Built-For-Profiles: noudeb
Architecture: source
Version: 4.4.1-2.3ubuntu1
Distribution: impish
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Closes: 989157
Changes:
 isc-dhcp (4.4.1-2.3ubuntu1) impish; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/control: Add libcap-dev build dependency.
     - Apparmor profiles for dhclient and dhcpd.
     - Apport hook for isc-dhcp-client and isc-dhcp-server.
     - Add systemd units for -server and -relay.
     - If /etc/ltsp/dhcpd.conf exists, use that instead of
       /etc/dhcp/dhcpd.conf.
     - Create user/group dhcpd and make isc-dhcp-server depend on adduser.
     - isc-dhcp-server: Suggest policycoreutils instead of recommending it.
     - Create /etc/dhcp/ddns-keys/ for DDNS updates.
     - Increase the timeout to 300 seconds for dhclient.conf (following the
       default added by dhclient-safer-timeout).
     - Sanitize environment in dhclient-script.linux.
     - add IPv6 initramfs support.
     - Separate default file for isc-dhcp-relay6.
     - Drop isc-dhcp-server/new_auth_behavior question from high to medium
     - dhclient-script.linux: handle empty case also when waiting for ipv6 link
       local DAD.
     - debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
       the logic for handling search domains to also write it to the output
       file when only the domain name is provided by the DHCP server. Copied
       code from debian/dhclient-script.linux.
     - Remaining Ubuntu patches:
       + dhclient-fix-backoff
       + revert-next-server
       + multi-ip-addr-per-if
       + dhclient-safer-timeout
       + onetry_retry_after_initial_success
       + dhcp-lpf-ib.patch
       + dhcp-improved-xid.patch
       + dhcp-gpxe-cid.patch
       + dhcp-improved-xid-correct-byte-order.patch
       + dhcp-4.2.4-dhclient-options-changed.patch
       + ubuntu-dhcpd-conf.patch
     - Apply patch from Alkis Georgopoulos to generate correct
       net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
     - Build-depend on debhelper (>= 9.20160709) for systemd support.
     - Write pidfile before informing parent of success.
     - Ship dhcp exit hook to push DNS information to resolved. LP #1889068
     - debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
     /proc/*/task/*/comm (LP #1870729)
     - debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
     (LP #1850820)
     - debian/rules: build with -fno-strict-aliasing.
     - debian/rules: Build with -O2 instead on -O3 on ppc64el
     - Fix env variable for INTERFACES
       + d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
         variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
         respective services file.
     - Stop building the udeb on request.
   * Dropped Ubuntu changes:
     - debian/patches/CVE-2021-25217.patch, applied in Debian
 .
 isc-dhcp (4.4.1-2.3) unstable; urgency=high
 .
   * Non-maintainer upload.
   * A buffer overrun in lease file parsing code can be used to exploit a
     common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
     (Closes: #989157)
Checksums-Sha1:
 902c470e42cbfa8f0cd3416800425e220700ea83 2691 isc-dhcp_4.4.1-2.3ubuntu1.dsc
 ad4a02b63d4554eac3118acfda4a6741d7fc4009 118524 isc-dhcp_4.4.1-2.3ubuntu1.debian.tar.xz
 abd0a2bbb9a60137ec2afad69f018fd2a41e3dbe 7988 isc-dhcp_4.4.1-2.3ubuntu1_source.buildinfo
Checksums-Sha256:
 0def523a0923f8fb776c564caa07f7ed3c72c97cb8d2f153d66feb659bfcffaf 2691 isc-dhcp_4.4.1-2.3ubuntu1.dsc
 4f82f96574e42d0fd1399433efd267e42d2c40fb345db0d4d5ffd87b1697177c 118524 isc-dhcp_4.4.1-2.3ubuntu1.debian.tar.xz
 d46eb5896990e51c03c82a800155acc9dc1f8f853bac72d440be7f17361c17ce 7988 isc-dhcp_4.4.1-2.3ubuntu1_source.buildinfo
Files:
 3925008978c7b605562fa842259d4329 2691 net important isc-dhcp_4.4.1-2.3ubuntu1.dsc
 fdfa67570f19fb2b4ef825722f434cc9 118524 net important isc-dhcp_4.4.1-2.3ubuntu1.debian.tar.xz
 2e50a27f99ce877db83b6df0acd0026f 7988 net important isc-dhcp_4.4.1-2.3ubuntu1_source.buildinfo
Original-Maintainer: Debian ISC DHCP Maintainers <isc-dhcp at packages.debian.org>

More information about the impish-changes mailing list