lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729
- Get this branch:
- bzr branch lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729
Branch merges
- Ubuntu Security Sponsors Team: Pending requested
- Ubuntu Sponsors: Pending requested
-
Diff: 99 lines (+76/-0)3 files modifieddebian/changelog (+12/-0)
debian/patches/00list (+2/-0)
debian/patches/CVE-2011-0413.dpatch (+62/-0)
Related bugs
Bug #720729: DoS by sending message over IPv6 for a declined and abandoned address. | Undecided | Fix Released |
Related blueprints
Branch information
- Owner:
- Dave Walker
- Status:
- Development
Recent revisions
- 16. By Dave Walker
-
* SECURITY UPDATE: denial of service via processing of message from an address
that was previously declined, causing assert failure. (LP: #720729)
- debian/patches/ CVE-2011- 0413.dpatch: Reclaim the previously abandoned
address in isc-dhcp/server/ mdb6.c, by retagging the lease and adding
a sane expiration value. Based on changes between upstream releases
4.1.2 and 4.1.2-P1
- CVE-2011-0413 - 15. By Jamie Strandboge
-
* debian/
apparmor- profile. dhcpd: allow read access to @{PROC} /[0-9]* /net/dev
LP: #688186
* debian/apparmor- profile. dhclient: tighten to allow access to
@{PROC}/[0-9]* /net/** , not @{PROC}/sys/net
* debian/isc-dhcp- client. postinst: move the old dhclient3 AppArmor aside on
upgrade. This is needed to properly support upgrades to 11.04 and 12.04.
LP: #688191 - 12. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Deroot server (Debian #308832).
- Send hostname to DHCP server by default (LP #10239, Debian #151820).
- dhclient-onetry- call-clientscri pt.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode
(-1). This fixes avahi-autoipd invocation through dhcdbd.
- dhcpd.conf-subnet- examples. dpatch: Give an example for subnet-mask in
dhcpd.conf.
- dhclient-more-debug. dpatch: Show the requested/offered client IP in
log output, for better debugging.
- debian/dhclient- script. linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when ifup is called from an Upstart job
triggered by udev (Ubuntu-specific until Debian uses this rule, too).
- revert-next-server. dpatch: Revert the need of the next-server option
in dhcpd.conf so it points to the own IP again for tftp if the option
is not set (patch by Oliver Grawert; disputed upstream).
- debian/isc-dhcp- server. init.d: Allow LTSP to override default
configuration in /etc/ltsp/dhcpd.conf. Point that out in a header
comment in debian/dhcpd.conf (Ubuntu-specific).
- debian/isc-dhcp- server. config: Drop debconf question to medium
(Ubuntu-specific) .
- Enable build hardening. Add hardening-wrapper build dependency
(Ubuntu-specific) .
- Add enforcing AppArmor profile for DHCP client and server.
- Install apport hooks.
- debian/dhclient- script. linux: Fix regression in host_name option
handling, so that it's always honored when /etc/hostname is not set.
- dhclient-fix-backoff. dpatch,
dhclient-initial- random- delay-option. dpatch: Speed up DHCP negotiation
(Debian #509089).
- fix_exit_hook_doc_ manpage. diff: Modify client/ dhclient- script( 8) to
include information about the script directories
/etc/dhcp/dhclient- enter-hooks. d and /etc/dhcp/ dhclient- enter-hooks. d.
* Drop preinst code to set AppArmor to complain mode on upgrades from very
old Ubuntu releases, predating the last LTS.
* Fix syntax errors in isc-dhcp-server apport hook.
* Use dh_apport.
* Make isc-dhcp-server depend on adduser for its postinst.
* Fix configure test for ber_init to work correctly with 'ld
--no-add-needed'.
* isc-dhcp-client Breaks: network-manager (<< 0.8.2~rc1), since earlier
versions were patched in Ubuntu to hardcode assumptions for
dhcp3-client. - 11. By Andrew Pollock
-
debian/rules: configure client to use correct path for DHCPv6 leases file
(closes: #587884) - 10. By Andrew Pollock
-
split out the udeb dhclient-script so there's one for Linux and one for
kFreeBSD (closes: #551054) - 9. By Andrew Pollock
-
* debian/rules: really enable DHCPv6 (closes: #587269)
* debian/control: conflict with resolvconf <= 1.45 (closes: #586095) - 8. By Andrew Pollock
-
* debian/rules: stop invoking dh_installinit with --noscripts so the
update-rc.d stuff is done properly
* debian/isc-dhcp- {relay, server} .{postinst, postrm} : remove calls to
update-rc.d and invoke-rc.d, let dh_installinit handle it
* debian/isc-dhcp- server. init.d: add a start-time dependency on $named
(closes: #586035)
* debian/{rules, isc-dhcp- server. {prerm, postinst} }: ignore failure to start
the DHCP server
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/isc-dhcp