[ubuntu/lucid] dhcp3 3.1.3-1ubuntu1 (Accepted)
Chuck Short
zulcss at ubuntu.com
Tue Dec 8 15:30:14 GMT 2009
dhcp3 (3.1.3-1ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes:
- Deroot server (Debian #308832)
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient-script.linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf.
- add enforcing Apparmor profile for dhcp3 client and server:
- debian/control: Suggests apparmor
- debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
dhcp3-server earlier than Ubuntu 7.04
- debian/dhcp3-{client,server}.postinst: reload apparmor
- debian/dhcp3-{client,server}.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-server.files: install usr.sbin.dhcpd3
- debian/dhcp3-client.files: install sbin.dhclient3
- debian/README.Debian: add note on Apparmor
- Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
- debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
- debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
- debian/dhcp3-client.files: install dhclient3-apparmor ifup script
- debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
- debian/rules: copy ifup script into DESTDIR
- simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)
dhcp3 (3.1.3-1) unstable; urgency=low
* New upstream release
dhcp3 (3.1.2p1-2) unstable; urgency=high
* Address DoS when the dhcp-client-identifier and hardware Ethernet
configuration settings are used at the same time (CVE-2009-1892) (closes:
#549584)
* debian/control: bumped Standards-Version (no changes)
* debian/changelog: delimited legacy changelog entry to placate Lintian
* added debian/README.source
dhcp3 (3.1.2p1-1) unstable; urgency=high
* New upstream release
* Address stack overflow vulnerability in dhclient when handling large
netmask options (CVE-2009-0692) (CERT VU#410676)
* debian/control: build-depend on debhelper >> 5
* debian/dhcp3-server.postinst: use a non-absolute path to restorecon
* debian/dhcp3-{server,relay}.init.d: add a Lintian-detectable test for
/etc/default/dhcp3-server before sourcing it
* debian/control: bump Standards-Version
Date: Mon, 23 Nov 2009 18:15:20 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/dhcp3/3.1.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 23 Nov 2009 18:15:20 +0000
Source: dhcp3
Binary: dhcp3-server dhcp3-server-ldap dhcp3-common dhcp3-dev dhcp-client dhcp3-client dhcp3-client-udeb dhcp3-relay
Architecture: source
Version: 3.1.3-1ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description:
dhcp-client - DHCP client transitional package
dhcp3-client - DHCP client
dhcp3-client-udeb - DHCP Client for debian-installer (udeb)
dhcp3-common - common files used by all the dhcp3* packages
dhcp3-dev - API for accessing and modifying the DHCP server and client state
dhcp3-relay - DHCP relay daemon
dhcp3-server - DHCP server for automatic IP address assignment
dhcp3-server-ldap - DHCP server able to use LDAP as backend
Closes: 549584
Changes:
dhcp3 (3.1.3-1ubuntu1) lucid; urgency=low
.
* Merge from debian testing. Remaining changes:
- Deroot server (Debian #308832)
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient-script.linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf.
- add enforcing Apparmor profile for dhcp3 client and server:
- debian/control: Suggests apparmor
- debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
dhcp3-server earlier than Ubuntu 7.04
- debian/dhcp3-{client,server}.postinst: reload apparmor
- debian/dhcp3-{client,server}.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-server.files: install usr.sbin.dhcpd3
- debian/dhcp3-client.files: install sbin.dhclient3
- debian/README.Debian: add note on Apparmor
- Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
- debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
- debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
- debian/dhcp3-client.files: install dhclient3-apparmor ifup script
- debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
- debian/rules: copy ifup script into DESTDIR
- simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)
.
dhcp3 (3.1.3-1) unstable; urgency=low
.
* New upstream release
.
dhcp3 (3.1.2p1-2) unstable; urgency=high
.
* Address DoS when the dhcp-client-identifier and hardware Ethernet
configuration settings are used at the same time (CVE-2009-1892) (closes:
#549584)
* debian/control: bumped Standards-Version (no changes)
* debian/changelog: delimited legacy changelog entry to placate Lintian
* added debian/README.source
.
dhcp3 (3.1.2p1-1) unstable; urgency=high
.
* New upstream release
* Address stack overflow vulnerability in dhclient when handling large
netmask options (CVE-2009-0692) (CERT VU#410676)
* debian/control: build-depend on debhelper >> 5
* debian/dhcp3-server.postinst: use a non-absolute path to restorecon
* debian/dhcp3-{server,relay}.init.d: add a Lintian-detectable test for
/etc/default/dhcp3-server before sourcing it
* debian/control: bump Standards-Version
Checksums-Sha1:
287fcbd58d25e58acc2ee35f6a4ec3705fbb451a 1306 dhcp3_3.1.3-1ubuntu1.dsc
92fea5036c38a840f2f944b6cd1d90b18f950b7c 804097 dhcp3_3.1.3.orig.tar.gz
cadc156aee31934b5de65217c1b1c07d272897cf 140326 dhcp3_3.1.3-1ubuntu1.diff.gz
Checksums-Sha256:
01be61a9b537b865f7d0f49876bdd97f25f7661b2ee6d31010f53c53136b264d 1306 dhcp3_3.1.3-1ubuntu1.dsc
cb363247a897beaf5708c98d3a80dba8edd8f639d6bd1f4ada6c5a64ba51e2d4 804097 dhcp3_3.1.3.orig.tar.gz
61ee41d6a4a24892665564530019d4119bb3f1d00a549abc717c909408ff4225 140326 dhcp3_3.1.3-1ubuntu1.diff.gz
Files:
b512a3b962556abc6424bbf4117b97a4 1306 net important dhcp3_3.1.3-1ubuntu1.dsc
6ee8af8b283c95b3b4db5e88b6dd9a26 804097 net important dhcp3_3.1.3.orig.tar.gz
3562aae45b8ab897cef72125c5f1d27f 140326 net important dhcp3_3.1.3-1ubuntu1.diff.gz
Launchpad-Bugs-Fixed: 399954
Original-Maintainer: Andrew Pollock <apollock at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksebVsACgkQIHZ33voUATtxaACfYwT1OfTJtUvo+yHPv/zFY0wt
6kkAn3fHKB7HNl6qlqVN03VOqvTCTp9E
=EHr5
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list