lp:ubuntu/lucid/dhcp3

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid/dhcp3
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

58. By Thierry Carrez

debian/dhclient-script.linux: Fix regression in host_name option
handling, so that it's always honored when /etc/hostname is not set,
fixes LP: #537978, #482313, #90388, #476491

57. By Evan

Fix missing fi in debian/dhclient-script.linux (LP: #519206).

56. By Chuck Short

* Merge from debian testing. Remaining changes:
  - Deroot server (Debian #308832):
    + droppriv.dpatch, deroot-server.dpatch: Code changes.
    + debian/control: Add libcap-dev build dependency.
    + debian/dhcp3-server.postinst: Create dhcpd system user.
    + debian/dhcp3-server.init.d: Create paths with appropriate permissions
      for dhcpd system user access.
   - Send hostname to DHCP server by default (LP #10239, Debian #151820):
     + debian/patches/dynamic-hostname.dpatch: Add support for a new string
       type 'h' which behaves like 't' except that '<hostname>' is changed to
       the current hostname. Change 'host-name' DHCP option type from 't' to
       'h'.
     + debian/dhclient.conf: Enable send-hostname by default.
    - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
      when failing to get an address also when operating in oneshot mode (-1).
      This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
    - debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
      subnet-mask in dhcpd.conf. (LP #26661)
    - dhclient-more-debug.dpatch: Show the requested/offered client IP in log
      output, for better debugging. (LP #35265, Debian #486611)
    - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
      writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
      early. (Ubuntu specific until Debian uses this rule, too)
    - revert-next-server.dpatch: Revert the need of the next-server option in
      dhcpd.conf so it points to the own IP again for tftp if the option is
      not set. (Patch by Oliver Grawert; disputed upstream)
    - debian/dhcp3-server.init.d: Allow LTSP to override default configuration
      in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
      debian/dhcpd.conf. (Ubuntu specific)
    - debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
      specific)
    - debian/rules: Enable build hardening. Add hardening-wrapper build
      dependency. (Ubuntu specific)
    - debian/dhclient-script.linux: Drop keeping of old search/domain values
      if we didn't get any from the DHCP response. It is inconsistent with
      resolvconf and should rather use default/supercede options in
      /etc/dhcp3/dhclient.conf.
    - add enforcing Apparmor profile for dhcp3 client and server:
      + debian/control: Suggests apparmor
      + debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
      + debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
        dhcp3-server earlier than Ubuntu 7.04
      + debian/dhcp3-{client,server}.postinst: reload apparmor
      + debian/dhcp3-{client,server}.postrm: remove force-complain link
      + debian/rules: copy profile into DESTDIR
      + debian/dhcp3-server.files: install usr.sbin.dhcpd3
      + debian/dhcp3-client.files: install sbin.dhclient3
      + debian/README.Debian: add note on Apparmor
      + Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
        of Pxr with its own unrestricted profile. This simplifies the profile,
      + debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
      + debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
     - add ifupdown hook so the dhclient3 Apparmor profile is loaded before
       calling dhclient3, which can happen under certain conditions with udev
       + debian/dhcp3-client.files: install dhclient3-apparmor ifup script
       + debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
       + debian/rules: copy ifup script into DESTDIR
     - simplify ifupdown logic since we will mount securityfs in mountkern.sh
       instead of trying to wait around for it here. Thanks to Scott James
       Remnant for analysis (LP: #399954)

 [Chuck Short]
 * debian/rules, debian/apport/dhcp3-server.py, debian/apport/dhcp3-client.py,
   debian/dhcp3-client.files, debian/dhcp3-server.files, debian/dhcp3-common.dirs:
   Install apport hook, apart of the server-lucid-apport-hooks specification.

55. By Jamie Strandboge

* drop patch for CVE-2009-0692 as this was fixed in 3.1.3
  - http://oldwww.isc.org/sw/dhcp/dhcp_rel2.php?noframes=1

54. By Kees Cook

debian/dhcp3-client.links: install symlink for early loading of
dhclient AppArmor profile.

53. By Chuck Short

* Merge from debian testing. Remaining changes:
  - Deroot server (Debian #308832)
    + droppriv.dpatch, deroot-server.dpatch: Code changes.
    + debian/control: Add libcap-dev build dependency.
    + debian/dhcp3-server.postinst: Create dhcpd system user.
    + debian/dhcp3-server.init.d: Create paths with appropriate permissions
      for dhcpd system user access.
  - Send hostname to DHCP server by default (LP #10239, Debian #151820):
    + debian/patches/dynamic-hostname.dpatch: Add support for a new string
      type 'h' which behaves like 't' except that '<hostname>' is changed to
      the current hostname. Change 'host-name' DHCP option type from 't' to
      'h'
    + debian/dhclient.conf: Enable send-hostname by default.
  - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
    when failing to get an address also when operating in oneshot mode (-1).
    This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
  - debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
    subnet-mask in dhcpd.conf. (LP #26661)
  - dhclient-more-debug.dpatch: Show the requested/offered client IP in log
    output, for better debugging. (LP #35265, Debian #486611)
  - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
    writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
    early. (Ubuntu specific until Debian uses this rule, too)
  - revert-next-server.dpatch: Revert the need of the next-server option in
    dhcpd.conf so it points to the own IP again for tftp if the option is
    not set. (Patch by Oliver Grawert; disputed upstream)
  - debian/dhcp3-server.init.d: Allow LTSP to override default configuration
    in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
    debian/dhcpd.conf. (Ubuntu specific)
  - debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
    specific)
  - debian/rules: Enable build hardening. Add hardening-wrapper build
    dependency. (Ubuntu specific)
  - debian/dhclient-script.linux: Drop keeping of old search/domain values
    if we didn't get any from the DHCP response. It is inconsistent with
    resolvconf and should rather use default/supercede options in
    /etc/dhcp3/dhclient.conf.
  - add enforcing Apparmor profile for dhcp3 client and server:
    - debian/control: Suggests apparmor
    - debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
    - debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
      dhcp3-server earlier than Ubuntu 7.04
    - debian/dhcp3-{client,server}.postinst: reload apparmor
    - debian/dhcp3-{client,server}.postrm: remove force-complain link
    - debian/rules: copy profile into DESTDIR
    - debian/dhcp3-server.files: install usr.sbin.dhcpd3
    - debian/dhcp3-client.files: install sbin.dhclient3
    - debian/README.Debian: add note on Apparmor
    - Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
      of Pxr with its own unrestricted profile. This simplifies the profile,
    - debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
    - debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
   - add ifupdown hook so the dhclient3 Apparmor profile is loaded before
     calling dhclient3, which can happen under certain conditions with udev
     - debian/dhcp3-client.files: install dhclient3-apparmor ifup script
     - debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
     - debian/rules: copy ifup script into DESTDIR
   - simplify ifupdown logic since we will mount securityfs in mountkern.sh
     instead of trying to wait around for it here. Thanks to Scott James
     Remnant for analysis (LP: #399954)

52. By Kees Cook

Remove if-pre-up workaround for AppArmor now that it is started
from the initramfs. This solves unexpected behavior when apparmor
is temporarily disabled on a system using DHCP.

51. By Jamie Strandboge

debian/apparmor-profile.dhclient3: allow access to lease files and
script for synce-hal to work. (LP: #445442)

50. By Kees Cook

debian/apparmor-dhclient3.ifupdown: use profile name instead of stdin.

49. By Jamie Strandboge

* Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
  of Pxr with its own unrestricted profile. This simplifies the profile,
  does not change the security stance of the profile, and works around an
  AppArmor regression in Ubuntu kernel 2.6.31-3.19. (LP: #400349)
* debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile,
  not all of AppArmor
* debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile,
  not all of AppArmor

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/dhcp3
This branch contains Public information 
Everyone can see this information.

Subscribers