Change logs for isc-dhcp source package in Impish

isc-dhcp (4.4.1-2.3ubuntu1.1) impish; urgency=medium

  * d/apparmor/sbin.dhclient: fix apparmor="DENIED" errors (LP: #1918410)

 -- Lukas Märdian <email address hidden>  Tue, 21 Jun 2022 12:42:51 +0200

isc-dhcp (4.4.1-2.3ubuntu1) impish; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - debian/control: Add libcap-dev build dependency.
    - Apparmor profiles for dhclient and dhcpd.
    - Apport hook for isc-dhcp-client and isc-dhcp-server.
    - Add systemd units for -server and -relay.
    - If /etc/ltsp/dhcpd.conf exists, use that instead of
      /etc/dhcp/dhcpd.conf.
    - Create user/group dhcpd and make isc-dhcp-server depend on adduser.
    - isc-dhcp-server: Suggest policycoreutils instead of recommending it.
    - Create /etc/dhcp/ddns-keys/ for DDNS updates.
    - Increase the timeout to 300 seconds for dhclient.conf (following the
      default added by dhclient-safer-timeout).
    - Sanitize environment in dhclient-script.linux.
    - add IPv6 initramfs support.
    - Separate default file for isc-dhcp-relay6.
    - Drop isc-dhcp-server/new_auth_behavior question from high to medium
    - dhclient-script.linux: handle empty case also when waiting for ipv6 link
      local DAD.
    - debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
      the logic for handling search domains to also write it to the output
      file when only the domain name is provided by the DHCP server. Copied
      code from debian/dhclient-script.linux.
    - Remaining Ubuntu patches:
      + dhclient-fix-backoff
      + revert-next-server
      + multi-ip-addr-per-if
      + dhclient-safer-timeout
      + onetry_retry_after_initial_success
      + dhcp-lpf-ib.patch
      + dhcp-improved-xid.patch
      + dhcp-gpxe-cid.patch
      + dhcp-improved-xid-correct-byte-order.patch
      + dhcp-4.2.4-dhclient-options-changed.patch
      + ubuntu-dhcpd-conf.patch
    - Apply patch from Alkis Georgopoulos to generate correct
      net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
    - Build-depend on debhelper (>= 9.20160709) for systemd support.
    - Write pidfile before informing parent of success.
    - Ship dhcp exit hook to push DNS information to resolved. LP #1889068
    - debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
    /proc/*/task/*/comm (LP #1870729)
    - debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
    (LP #1850820)
    - debian/rules: build with -fno-strict-aliasing.
    - debian/rules: Build with -O2 instead on -O3 on ppc64el
    - Fix env variable for INTERFACES
      + d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
        variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
        respective services file.
    - Stop building the udeb on request.
  * Dropped Ubuntu changes:
    - debian/patches/CVE-2021-25217.patch, applied in Debian

isc-dhcp (4.4.1-2.3) unstable; urgency=high

  * Non-maintainer upload.
  * A buffer overrun in lease file parsing code can be used to exploit a
    common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
    (Closes: #989157)

 -- Lukas Märdian <email address hidden>  Mon, 09 Aug 2021 13:31:01 +0200

isc-dhcp (4.4.1-2.2ubuntu9) impish; urgency=medium

  * No-change rebuild due to OpenLDAP soname bump.

 -- Sergio Durigan Junior <email address hidden>  Mon, 21 Jun 2021 17:49:00 -0400

isc-dhcp (4.4.1-2.2ubuntu8) impish; urgency=medium

  * Fix regression caused by rebuild with newer toolchain (LP: #1930917)
    - debian/rules: build with -fno-strict-aliasing.

 -- Marc Deslauriers <email address hidden>  Mon, 07 Jun 2021 08:25:03 -0400

isc-dhcp (4.4.1-2.2ubuntu7) impish; urgency=medium

  * SECURITY UPDATE: DoS via incorrect option information parsing
    - debian/patches/CVE-2021-25217.patch: fix parsing in common/parse.c.
    - CVE-2021-25217

 -- Marc Deslauriers <email address hidden>  Tue, 25 May 2021 06:45:17 -0400

isc-dhcp (4.4.1-2.2ubuntu6) hirsute; urgency=medium

  * d/rules: Build with -O2 instead on -O3 on ppc64el
    to work around network-manager's regression.

 -- Utkarsh Gupta <email address hidden>  Mon, 08 Mar 2021 16:37:18 +0530