[ubuntu/lucid] dhcp3 3.1.3-1ubuntu1 (Accepted)

Chuck Short zulcss at ubuntu.com
Tue Dec 8 15:30:14 GMT 2009


dhcp3 (3.1.3-1ubuntu1) lucid; urgency=low

  * Merge from debian testing.  Remaining changes:
    - Deroot server (Debian #308832)
      + droppriv.dpatch, deroot-server.dpatch: Code changes.
      + debian/control: Add libcap-dev build dependency.
      + debian/dhcp3-server.postinst: Create dhcpd system user.
      + debian/dhcp3-server.init.d: Create paths with appropriate permissions
        for dhcpd system user access.
    - Send hostname to DHCP server by default (LP #10239, Debian #151820):
      + debian/patches/dynamic-hostname.dpatch: Add support for a new string
        type 'h' which behaves like 't' except that '<hostname>' is changed to
        the current hostname. Change 'host-name' DHCP option type from 't' to
        'h'
      + debian/dhclient.conf: Enable send-hostname by default.
    - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
      when failing to get an address also when operating in oneshot mode (-1).
      This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
    - debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
      subnet-mask in dhcpd.conf. (LP #26661)
    - dhclient-more-debug.dpatch: Show the requested/offered client IP in log
      output, for better debugging. (LP #35265, Debian #486611)
    - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
      writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
      early. (Ubuntu specific until Debian uses this rule, too)
    - revert-next-server.dpatch: Revert the need of the next-server option in
      dhcpd.conf so it points to the own IP again for tftp if the option is
      not set. (Patch by Oliver Grawert; disputed upstream)
    - debian/dhcp3-server.init.d: Allow LTSP to override default configuration
      in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
      debian/dhcpd.conf. (Ubuntu specific)
    - debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
      specific)
    - debian/rules: Enable build hardening. Add hardening-wrapper build
      dependency. (Ubuntu specific)
    - debian/dhclient-script.linux: Drop keeping of old search/domain values
      if we didn't get any from the DHCP response. It is inconsistent with
      resolvconf and should rather use default/supercede options in
      /etc/dhcp3/dhclient.conf.
    - add enforcing Apparmor profile for dhcp3 client and server:
      - debian/control: Suggests apparmor
      - debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
      - debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
        dhcp3-server earlier than Ubuntu 7.04
      - debian/dhcp3-{client,server}.postinst: reload apparmor
      - debian/dhcp3-{client,server}.postrm: remove force-complain link
      - debian/rules: copy profile into DESTDIR
      - debian/dhcp3-server.files: install usr.sbin.dhcpd3
      - debian/dhcp3-client.files: install sbin.dhclient3
      - debian/README.Debian: add note on Apparmor
      - Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
        of Pxr with its own unrestricted profile. This simplifies the profile,
      - debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
      - debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
     - add ifupdown hook so the dhclient3 Apparmor profile is loaded before
       calling dhclient3, which can happen under certain conditions with udev
       - debian/dhcp3-client.files: install dhclient3-apparmor ifup script
       - debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
       - debian/rules: copy ifup script into DESTDIR
     - simplify ifupdown logic since we will mount securityfs in mountkern.sh
       instead of trying to wait around for it here. Thanks to Scott James
       Remnant for analysis (LP: #399954)

dhcp3 (3.1.3-1) unstable; urgency=low

  * New upstream release

dhcp3 (3.1.2p1-2) unstable; urgency=high

  * Address DoS when the dhcp-client-identifier and hardware Ethernet
    configuration settings are used at the same time (CVE-2009-1892) (closes:
    #549584)
  * debian/control: bumped Standards-Version (no changes)
  * debian/changelog: delimited legacy changelog entry to placate Lintian
  * added debian/README.source

dhcp3 (3.1.2p1-1) unstable; urgency=high

  * New upstream release
  * Address stack overflow vulnerability in dhclient when handling large
    netmask options (CVE-2009-0692) (CERT VU#410676)
  * debian/control: build-depend on debhelper >> 5
  * debian/dhcp3-server.postinst: use a non-absolute path to restorecon
  * debian/dhcp3-{server,relay}.init.d: add a Lintian-detectable test for
    /etc/default/dhcp3-server before sourcing it
  * debian/control: bump Standards-Version

Date: Mon, 23 Nov 2009 18:15:20 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 23 Nov 2009 18:15:20 +0000
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.3-1ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description: 
 dhcp-client - DHCP client transitional package
 dhcp3-client - DHCP client
 dhcp3-client-udeb - DHCP Client for debian-installer (udeb)
 dhcp3-common - common files used by all the dhcp3* packages
 dhcp3-dev  - API for accessing and modifying the DHCP server and client state
 dhcp3-relay - DHCP relay daemon
 dhcp3-server - DHCP server for automatic IP address assignment
 dhcp3-server-ldap - DHCP server able to use LDAP as backend
Closes: 549584
Changes: 
 dhcp3 (3.1.3-1ubuntu1) lucid; urgency=low
 .
   * Merge from debian testing.  Remaining changes:
     - Deroot server (Debian #308832)
       + droppriv.dpatch, deroot-server.dpatch: Code changes.
       + debian/control: Add libcap-dev build dependency.
       + debian/dhcp3-server.postinst: Create dhcpd system user.
       + debian/dhcp3-server.init.d: Create paths with appropriate permissions
         for dhcpd system user access.
     - Send hostname to DHCP server by default (LP #10239, Debian #151820):
       + debian/patches/dynamic-hostname.dpatch: Add support for a new string
         type 'h' which behaves like 't' except that '<hostname>' is changed to
         the current hostname. Change 'host-name' DHCP option type from 't' to
         'h'
       + debian/dhclient.conf: Enable send-hostname by default.
     - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
       when failing to get an address also when operating in oneshot mode (-1).
       This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
     - debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
       subnet-mask in dhcpd.conf. (LP #26661)
     - dhclient-more-debug.dpatch: Show the requested/offered client IP in log
       output, for better debugging. (LP #35265, Debian #486611)
     - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
       writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
       early. (Ubuntu specific until Debian uses this rule, too)
     - revert-next-server.dpatch: Revert the need of the next-server option in
       dhcpd.conf so it points to the own IP again for tftp if the option is
       not set. (Patch by Oliver Grawert; disputed upstream)
     - debian/dhcp3-server.init.d: Allow LTSP to override default configuration
       in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
       debian/dhcpd.conf. (Ubuntu specific)
     - debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
       specific)
     - debian/rules: Enable build hardening. Add hardening-wrapper build
       dependency. (Ubuntu specific)
     - debian/dhclient-script.linux: Drop keeping of old search/domain values
       if we didn't get any from the DHCP response. It is inconsistent with
       resolvconf and should rather use default/supercede options in
       /etc/dhcp3/dhclient.conf.
     - add enforcing Apparmor profile for dhcp3 client and server:
       - debian/control: Suggests apparmor
       - debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
       - debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
         dhcp3-server earlier than Ubuntu 7.04
       - debian/dhcp3-{client,server}.postinst: reload apparmor
       - debian/dhcp3-{client,server}.postrm: remove force-complain link
       - debian/rules: copy profile into DESTDIR
       - debian/dhcp3-server.files: install usr.sbin.dhcpd3
       - debian/dhcp3-client.files: install sbin.dhclient3
       - debian/README.Debian: add note on Apparmor
       - Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
         of Pxr with its own unrestricted profile. This simplifies the profile,
       - debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
       - debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
      - add ifupdown hook so the dhclient3 Apparmor profile is loaded before
        calling dhclient3, which can happen under certain conditions with udev
        - debian/dhcp3-client.files: install dhclient3-apparmor ifup script
        - debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
        - debian/rules: copy ifup script into DESTDIR
      - simplify ifupdown logic since we will mount securityfs in mountkern.sh
        instead of trying to wait around for it here. Thanks to Scott James
        Remnant for analysis (LP: #399954)
 .
 dhcp3 (3.1.3-1) unstable; urgency=low
 .
   * New upstream release
 .
 dhcp3 (3.1.2p1-2) unstable; urgency=high
 .
   * Address DoS when the dhcp-client-identifier and hardware Ethernet
     configuration settings are used at the same time (CVE-2009-1892) (closes:
     #549584)
   * debian/control: bumped Standards-Version (no changes)
   * debian/changelog: delimited legacy changelog entry to placate Lintian
   * added debian/README.source
 .
 dhcp3 (3.1.2p1-1) unstable; urgency=high
 .
   * New upstream release
   * Address stack overflow vulnerability in dhclient when handling large
     netmask options (CVE-2009-0692) (CERT VU#410676)
   * debian/control: build-depend on debhelper >> 5
   * debian/dhcp3-server.postinst: use a non-absolute path to restorecon
   * debian/dhcp3-{server,relay}.init.d: add a Lintian-detectable test for
     /etc/default/dhcp3-server before sourcing it
   * debian/control: bump Standards-Version
Checksums-Sha1: 
 287fcbd58d25e58acc2ee35f6a4ec3705fbb451a 1306 dhcp3_3.1.3-1ubuntu1.dsc
 92fea5036c38a840f2f944b6cd1d90b18f950b7c 804097 dhcp3_3.1.3.orig.tar.gz
 cadc156aee31934b5de65217c1b1c07d272897cf 140326 dhcp3_3.1.3-1ubuntu1.diff.gz
Checksums-Sha256: 
 01be61a9b537b865f7d0f49876bdd97f25f7661b2ee6d31010f53c53136b264d 1306 dhcp3_3.1.3-1ubuntu1.dsc
 cb363247a897beaf5708c98d3a80dba8edd8f639d6bd1f4ada6c5a64ba51e2d4 804097 dhcp3_3.1.3.orig.tar.gz
 61ee41d6a4a24892665564530019d4119bb3f1d00a549abc717c909408ff4225 140326 dhcp3_3.1.3-1ubuntu1.diff.gz
Files: 
 b512a3b962556abc6424bbf4117b97a4 1306 net important dhcp3_3.1.3-1ubuntu1.dsc
 6ee8af8b283c95b3b4db5e88b6dd9a26 804097 net important dhcp3_3.1.3.orig.tar.gz
 3562aae45b8ab897cef72125c5f1d27f 140326 net important dhcp3_3.1.3-1ubuntu1.diff.gz
Launchpad-Bugs-Fixed: 399954
Original-Maintainer: Andrew Pollock <apollock at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksebVsACgkQIHZ33voUATtxaACfYwT1OfTJtUvo+yHPv/zFY0wt
6kkAn3fHKB7HNl6qlqVN03VOqvTCTp9E
=EHr5
-----END PGP SIGNATURE-----


More information about the Lucid-changes mailing list