lp:ubuntu/karmic/dhcp3

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

52. By Kees Cook on 2009-10-07

Remove if-pre-up workaround for AppArmor now that it is started
from the initramfs. This solves unexpected behavior when apparmor
is temporarily disabled on a system using DHCP.

51. By Jamie Strandboge on 2009-10-07

debian/apparmor-profile.dhclient3: allow access to lease files and
script for synce-hal to work. (LP: #445442)

50. By Kees Cook on 2009-07-17

debian/apparmor-dhclient3.ifupdown: use profile name instead of stdin.

49. By Jamie Strandboge on 2009-07-17

* Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
  of Pxr with its own unrestricted profile. This simplifies the profile,
  does not change the security stance of the profile, and works around an
  AppArmor regression in Ubuntu kernel 2.6.31-3.19. (LP: #400349)
* debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile,
  not all of AppArmor
* debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile,
  not all of AppArmor

48. By Jamie Strandboge on 2009-07-16

simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)

47. By Jamie Strandboge on 2009-07-13

* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
  server
  - debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
    dhclient.c to verify that length of data is not longer than netmask
    (iaddr)
  - CVE-2009-0692

46. By Steve Langasek on 2009-05-08

* Merge from Debian unstable. Remaining Ubuntu changes:
  - Deroot server (Debian #308832)
    + droppriv.dpatch, deroot-server.dpatch: Code changes.
    + debian/control: Add libcap-dev build dependency.
    + debian/dhcp3-server.postinst: Create dhcpd system user.
    + debian/dhcp3-server.init.d: Create paths with appropriate permissions
      for dhcpd system user access.
  - Send hostname to DHCP server by default (LP #10239, Debian #151820):
    + debian/patches/dynamic-hostname.dpatch: Add support for a new string
      type 'h' which behaves like 't' except that '<hostname>' is changed to
      the current hostname. Change 'host-name' DHCP option type from 't' to
      'h'.
    + debian/dhclient.conf: Enable send-hostname by default.
  - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
    when failing to get an address also when operating in oneshot mode (-1).
    This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
  - debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
    subnet-mask in dhcpd.conf. (LP #26661)
  - dhclient-more-debug.dpatch: Show the requested/offered client IP in log
    output, for better debugging. (LP #35265, Debian #486611)
  - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
    writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
    early. (Ubuntu specific until Debian uses this rule, too)
  - revert-next-server.dpatch: Revert the need of the next-server option in
    dhcpd.conf so it points to the own IP again for tftp if the option is
    not set. (Patch by Oliver Grawert; disputed upstream)
  - debian/dhcp3-server.init.d: Allow LTSP to override default configuration
    in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
    debian/dhcpd.conf. (Ubuntu specific)
  - debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
    specific)
  - debian/rules: Enable build hardening. Add hardening-wrapper build
    dependency. (Ubuntu specific)
  - debian/dhclient-script.linux: Drop keeping of old search/domain values
    if we didn't get any from the DHCP response. It is inconsistent with
    resolvconf and should rather use default/supercede options in
    /etc/dhcp3/dhclient.conf.
  - add enforcing Apparmor profile for dhcp3 client and server:
    - debian/control: Suggests apparmor
    - debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
    - debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
      dhcp3-server earlier than Ubuntu 7.04
    - debian/dhcp3-{client,server}.postinst: reload apparmor
    - debian/dhcp3-{client,server}.postrm: remove force-complain link
    - debian/rules: copy profile into DESTDIR
    - debian/dhcp3-server.files: install usr.sbin.dhcpd3
    - debian/dhcp3-client.files: install sbin.dhclient3
    - debian/README.Debian: add note on Apparmor
  - add ifupdown hook so the dhclient3 Apparmor profile is loaded before
    calling dhclient3, which can happen under certain conditions with udev
    - debian/dhcp3-client.files: install dhclient3-apparmor ifup script
    - debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
    - debian/rules: copy ifup script into DESTDIR

45. By Jonathan Marsden on 2009-03-23

debian/dhclient.conf: Request ntp-servers by default (LP: #74164)

44. By Jamie Strandboge on 2009-03-17

debian/apparmor-profile.dhclient3: adjust to allow NetworkManager and
connmann access to dbus (LP: #342235)

43. By Jamie Strandboge on 2009-02-24

debian/apparmor-profile.dhclient3: adjust to support connman. Patch
thanks to Mark Shuttleworth. (LP: #333711)