lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:ubuntu/natty/isc-dhcp at revision 16

Ubuntu Security Sponsors Team: Pending requested 2011-02-17

Ubuntu Sponsors: Pending requested 2011-02-17

Diff: 99 lines (+76/-0)

3 files modified

debian/changelog (+12/-0)
debian/patches/00list (+2/-0)
debian/patches/CVE-2011-0413.dpatch (+62/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #720729: DoS by sending message over IPv6 for a declined and abandoned address.

Undecided

Fix Released

Link a bug report

Related blueprints

17. By Dave Walker on 2011-02-17

Adjusted spacing on debian/patches/CVE-2011-0413.dpatch

16. By Dave Walker on 2011-02-17

* SECURITY UPDATE: denial of service via processing of message from an address
  that was previously declined, causing assert failure. (LP: #720729)
  - debian/patches/CVE-2011-0413.dpatch: Reclaim the previously abandoned
    address in isc-dhcp/server/mdb6.c, by retagging the lease and adding
    a sane expiration value. Based on changes between upstream releases
    4.1.2 and 4.1.2-P1
  - CVE-2011-0413

15. By Jamie Strandboge on 2010-12-09

* debian/apparmor-profile.dhcpd: allow read access to @{PROC}/[0-9]*/net/dev
  LP: #688186
* debian/apparmor-profile.dhclient: tighten to allow access to
  @{PROC}/[0-9]*/net/**, not @{PROC}/sys/net
* debian/isc-dhcp-client.postinst: move the old dhclient3 AppArmor aside on
  upgrade. This is needed to properly support upgrades to 11.04 and 12.04.
  LP: #688191

14. By Colin Watson on 2010-12-06

releasing version 4.1.1-P1-15ubuntu1

13. By Colin Watson on 2010-12-06

merge from Debian 4.1.1-P1-15

12. By Colin Watson on 2010-11-09

* Resynchronise with Debian. Remaining changes:
  - Deroot server (Debian #308832).
  - Send hostname to DHCP server by default (LP #10239, Debian #151820).
  - dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
    when failing to get an address also when operating in oneshot mode
    (-1). This fixes avahi-autoipd invocation through dhcdbd.
  - dhcpd.conf-subnet-examples.dpatch: Give an example for subnet-mask in
    dhcpd.conf.
  - dhclient-more-debug.dpatch: Show the requested/offered client IP in
    log output, for better debugging.
  - debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
    writable; this isn't the case when ifup is called from an Upstart job
    triggered by udev (Ubuntu-specific until Debian uses this rule, too).
  - revert-next-server.dpatch: Revert the need of the next-server option
    in dhcpd.conf so it points to the own IP again for tftp if the option
    is not set (patch by Oliver Grawert; disputed upstream).
  - debian/isc-dhcp-server.init.d: Allow LTSP to override default
    configuration in /etc/ltsp/dhcpd.conf. Point that out in a header
    comment in debian/dhcpd.conf (Ubuntu-specific).
  - debian/isc-dhcp-server.config: Drop debconf question to medium
    (Ubuntu-specific).
  - Enable build hardening. Add hardening-wrapper build dependency
    (Ubuntu-specific).
  - Add enforcing AppArmor profile for DHCP client and server.
  - Install apport hooks.
  - debian/dhclient-script.linux: Fix regression in host_name option
    handling, so that it's always honored when /etc/hostname is not set.
  - dhclient-fix-backoff.dpatch,
    dhclient-initial-random-delay-option.dpatch: Speed up DHCP negotiation
    (Debian #509089).
  - fix_exit_hook_doc_manpage.diff: Modify client/dhclient-script(8) to
    include information about the script directories
    /etc/dhcp/dhclient-enter-hooks.d and /etc/dhcp/dhclient-enter-hooks.d.
* Drop preinst code to set AppArmor to complain mode on upgrades from very
  old Ubuntu releases, predating the last LTS.
* Fix syntax errors in isc-dhcp-server apport hook.
* Use dh_apport.
* Make isc-dhcp-server depend on adduser for its postinst.
* Fix configure test for ber_init to work correctly with 'ld
  --no-add-needed'.
* isc-dhcp-client Breaks: network-manager (<< 0.8.2~rc1), since earlier
  versions were patched in Ubuntu to hardcode assumptions for
  dhcp3-client.

11. By Andrew Pollock on 2010-07-02

debian/rules: configure client to use correct path for DHCPv6 leases file
(closes: #587884)

10. By Andrew Pollock on 2010-06-29

split out the udeb dhclient-script so there's one for Linux and one for
kFreeBSD (closes: #551054)

9. By Andrew Pollock on 2010-06-26

* debian/rules: really enable DHCPv6 (closes: #587269)
* debian/control: conflict with resolvconf <= 1.45 (closes: #586095)

8. By Andrew Pollock on 2010-06-15

* debian/rules: stop invoking dh_installinit with --noscripts so the
  update-rc.d stuff is done properly
* debian/isc-dhcp-{relay,server}.{postinst,postrm}: remove calls to
  update-rc.d and invoke-rc.d, let dh_installinit handle it
* debian/isc-dhcp-server.init.d: add a start-time dependency on $named
  (closes: #586035)
* debian/{rules,isc-dhcp-server.{prerm,postinst}}: ignore failure to start
  the DHCP server