-
isc-dhcp (4.4.1-2.3ubuntu1.1) impish; urgency=medium
* d/apparmor/sbin.dhclient: fix apparmor="DENIED" errors (LP: #1918410)
-- Lukas Märdian <email address hidden> Tue, 21 Jun 2022 12:42:51 +0200
-
isc-dhcp (4.4.1-2.3ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control: Add libcap-dev build dependency.
- Apparmor profiles for dhclient and dhcpd.
- Apport hook for isc-dhcp-client and isc-dhcp-server.
- Add systemd units for -server and -relay.
- If /etc/ltsp/dhcpd.conf exists, use that instead of
/etc/dhcp/dhcpd.conf.
- Create user/group dhcpd and make isc-dhcp-server depend on adduser.
- isc-dhcp-server: Suggest policycoreutils instead of recommending it.
- Create /etc/dhcp/ddns-keys/ for DDNS updates.
- Increase the timeout to 300 seconds for dhclient.conf (following the
default added by dhclient-safer-timeout).
- Sanitize environment in dhclient-script.linux.
- add IPv6 initramfs support.
- Separate default file for isc-dhcp-relay6.
- Drop isc-dhcp-server/new_auth_behavior question from high to medium
- dhclient-script.linux: handle empty case also when waiting for ipv6 link
local DAD.
- debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
the logic for handling search domains to also write it to the output
file when only the domain name is provided by the DHCP server. Copied
code from debian/dhclient-script.linux.
- Remaining Ubuntu patches:
+ dhclient-fix-backoff
+ revert-next-server
+ multi-ip-addr-per-if
+ dhclient-safer-timeout
+ onetry_retry_after_initial_success
+ dhcp-lpf-ib.patch
+ dhcp-improved-xid.patch
+ dhcp-gpxe-cid.patch
+ dhcp-improved-xid-correct-byte-order.patch
+ dhcp-4.2.4-dhclient-options-changed.patch
+ ubuntu-dhcpd-conf.patch
- Apply patch from Alkis Georgopoulos to generate correct
net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
- Build-depend on debhelper (>= 9.20160709) for systemd support.
- Write pidfile before informing parent of success.
- Ship dhcp exit hook to push DNS information to resolved. LP #1889068
- debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
/proc/*/task/*/comm (LP #1870729)
- debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
(LP #1850820)
- debian/rules: build with -fno-strict-aliasing.
- debian/rules: Build with -O2 instead on -O3 on ppc64el
- Fix env variable for INTERFACES
+ d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
respective services file.
- Stop building the udeb on request.
* Dropped Ubuntu changes:
- debian/patches/CVE-2021-25217.patch, applied in Debian
isc-dhcp (4.4.1-2.3) unstable; urgency=high
* Non-maintainer upload.
* A buffer overrun in lease file parsing code can be used to exploit a
common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
(Closes: #989157)
-- Lukas Märdian <email address hidden> Mon, 09 Aug 2021 13:31:01 +0200
-
isc-dhcp (4.4.1-2.2ubuntu9) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:49:00 -0400
-
isc-dhcp (4.4.1-2.2ubuntu8) impish; urgency=medium
* Fix regression caused by rebuild with newer toolchain (LP: #1930917)
- debian/rules: build with -fno-strict-aliasing.
-- Marc Deslauriers <email address hidden> Mon, 07 Jun 2021 08:25:03 -0400
-
isc-dhcp (4.4.1-2.2ubuntu7) impish; urgency=medium
* SECURITY UPDATE: DoS via incorrect option information parsing
- debian/patches/CVE-2021-25217.patch: fix parsing in common/parse.c.
- CVE-2021-25217
-- Marc Deslauriers <email address hidden> Tue, 25 May 2021 06:45:17 -0400
-
isc-dhcp (4.4.1-2.2ubuntu6) hirsute; urgency=medium
* d/rules: Build with -O2 instead on -O3 on ppc64el
to work around network-manager's regression.
-- Utkarsh Gupta <email address hidden> Mon, 08 Mar 2021 16:37:18 +0530