lp:ubuntu/lucid-proposed/dhcp3
- Get this branch:
- bzr branch lp:ubuntu/lucid-proposed/dhcp3
Branch merges
Branch information
Recent revisions
- 63. By Stéphane Graber
-
* Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
of UDP checksums. (LP: #930962)
* Update apparmor profile to add required the "network packet raw" rule
for the checksum change. - 62. By Jamie Strandboge
-
* debian/
dhclient- script. linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient- script. udeb or debian/ dhclient- script. kfreebsd since
AppArmor isn't used in these environments.
- LP: #1045986
* debian/patches/ adjust- configure- for-linux3. dpatch: default to linux-2.2
for 3.0+ kernels - 61. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via specially crafted packets
- debian/patches/ CVE-2011- 2748-2749. dpatch: tighten up restriction in
common/discover. c, properly calculate length in common/options.c,
validate packet->options in server/dhcp.c.
- CVE-2011-2748
- CVE-2011-2749 - 60. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
because of special quilt handling in debian/rules for the ldap
patches.
- debian/patches/ 00list: move CVE-2011-0997 patch before the ldap
patches, and add comment.
- CVE-2011-0997 - 59. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/ CVE-2011- 0997.dpatch: filter strings in
client/dhclient. c, common/options.c.
- CVE-2011-0997 - 58. By Thierry Carrez
-
debian/
dhclient- script. linux: Fix regression in host_name option
handling, so that it's always honored when /etc/hostname is not set,
fixes LP: #537978, #482313, #90388, #476491 - 56. By Chuck Short
-
* Merge from debian testing. Remaining changes:
- Deroot server (Debian #308832):
+ droppriv.dpatch, deroot-server. dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server. postinst: Create dhcpd system user.
+ debian/dhcp3-server. init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/ dynamic- hostname. dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'.
+ debian/dhclient. conf: Enable send-hostname by default.
- dhclient-onetry- call-clientscri pt.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/ dhcpd.conf- subnet- examples. dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug. dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient- script. linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server. dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server. init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server. config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient- script. linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/ dhclient. conf.
- add enforcing Apparmor profile for dhcp3 client and server:
+ debian/control: Suggests apparmor
+ debian/dhcp3-{ client, server} .dirs: add etc/apparmor. d/force- complain
+ debian/dhcp3-{ client, server} .preinst: force-complain on upgrades from
dhcp3- server earlier than Ubuntu 7.04
+ debian/dhcp3-{ client, server} .postinst: reload apparmor
+ debian/dhcp3-{ client, server} .postrm: remove force-complain link
+ debian/rules: copy profile into DESTDIR
+ debian/dhcp3-server. files: install usr.sbin.dhcpd3
+ debian/dhcp3-client. files: install sbin.dhclient3
+ debian/README. Debian: add note on Apparmor
+ Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
+ debian/dhcp3-client. postinst: adjust to reload only the dhlient3 profile.
+ debian/dhcp3-server. postinst: adjust to reload only the dhcpd3 profile.
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
+ debian/dhcp3-client. files: install dhclient3-apparmor ifup script
+ debian/dhcp3-client. dirs: add etc/network/ if-pre- up.d
+ debian/rules: copy ifup script into DESTDIR
- simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)[Chuck Short]
* debian/rules, debian/apport/ dhcp3-server. py, debian/ apport/ dhcp3-client. py,
debian/dhcp3-client. files, debian/ dhcp3-server. files, debian/ dhcp3-common. dirs:
Install apport hook, apart of the server-lucid-apport- hooks specification. - 55. By Jamie Strandboge
-
* drop patch for CVE-2009-0692 as this was fixed in 3.1.3
- http://oldwww. isc.org/ sw/dhcp/ dhcp_rel2. php?noframes= 1
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/dhcp3