Change log for dhcp3 package in Ubuntu
| 1 → 50 of 82 results | First • Previous • Next • Last |
dhcp3 (3.1.3-2ubuntu3.5) lucid-proposed; urgency=low
* Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
of UDP checksums. (LP: #930962)
* Update apparmor profile to add required the "network packet raw" rule
for the checksum change.
-- Stephane Graber <email address hidden> Thu, 23 May 2013 19:58:28 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu3.4) lucid-security; urgency=low
* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient-script.udeb or debian/dhclient-script.kfreebsd since
AppArmor isn't used in these environments.
- LP: #1045986
* debian/patches/adjust-configure-for-linux3.dpatch: default to linux-2.2
for 3.0+ kernels
-- Jamie Strandboge <email address hidden> Wed, 05 Sep 2012 10:58:55 -0500
Available diffs
dhcp3 (3.0.6.dfsg-1ubuntu9.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via specially crafted packets
- debian/patches/CVE-2011-2748-2749.dpatch: tighten up restriction in
common/discover.c, properly calculate length in common/options.c,
validate packet->options in server/dhcp.c.
- CVE-2011-2748
- CVE-2011-2749
-- Marc Deslauriers <email address hidden> Thu, 11 Aug 2011 11:54:18 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu3.3) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via specially crafted packets
- debian/patches/CVE-2011-2748-2749.dpatch: tighten up restriction in
common/discover.c, properly calculate length in common/options.c,
validate packet->options in server/dhcp.c.
- CVE-2011-2748
- CVE-2011-2749
-- Marc Deslauriers <email address hidden> Thu, 11 Aug 2011 11:39:52 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu6.3) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via specially crafted packets
- debian/patches/CVE-2011-2748-2749.dpatch: tighten up restriction in
common/discover.c, properly calculate length in common/options.c,
validate packet->options in server/dhcp.c.
- CVE-2011-2748
- CVE-2011-2749
-- Marc Deslauriers <email address hidden> Thu, 11 Aug 2011 11:24:41 -0400
Available diffs
dhcp3 (3.1.2-1ubuntu7.3) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
because of special quilt handling in debian/rules for the ldap
patches.
- debian/patches/00list: move CVE-2011-0997 patch before the ldap
patches, and add comment.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Tue, 19 Apr 2011 09:25:29 -0400
Available diffs
- diff from 3.1.2-1ubuntu7.2 to 3.1.2-1ubuntu7.3 (559 bytes)
dhcp3 (3.1.3-2ubuntu6.2) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
because of special quilt handling in debian/rules for the ldap
patches.
- debian/patches/00list: move CVE-2011-0997 patch before the ldap
patches, and add comment.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Tue, 19 Apr 2011 09:03:47 -0400
Available diffs
- diff from 3.1.3-2ubuntu6.1 to 3.1.3-2ubuntu6.2 (580 bytes)
dhcp3 (3.1.3-2ubuntu3.2) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
because of special quilt handling in debian/rules for the ldap
patches.
- debian/patches/00list: move CVE-2011-0997 patch before the ldap
patches, and add comment.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Tue, 19 Apr 2011 09:10:55 -0400
Available diffs
- diff from 3.1.3-2ubuntu3.1 to 3.1.3-2ubuntu3.2 (577 bytes)
| Deleted in natty-release (Reason: Superseded by isc-dhcp; LP: #758357) |
dhcp3 (3.1.3-2ubuntu7) natty; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 16:50:39 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu6.1) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 08:55:27 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu3.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 08:57:21 -0400
Available diffs
dhcp3 (3.1.2-1ubuntu7.2) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 08:58:41 -0400
Available diffs
dhcp3 (3.0.6.dfsg-1ubuntu9.2) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 09:01:59 -0400
Available diffs
dhcp3 (3.0.3-6ubuntu7.2) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <email address hidden> Mon, 11 Apr 2011 09:04:51 -0400
Available diffs
dhcp3 (3.1.3-2ubuntu6) maverick; urgency=low
* update to use dh_apparmor:
- debian/rules, debian/{dhcp3-client,dhcp3-server}-post{inst,rm}: updated
to use dh_apparmor
- debian/control: Build-Depends on debhelper >= 7.4.20ubuntu6
* debian/apparmor-profile*: use local include
* debian/dhcp3-client.*: remove old check for if-pre-up.d's
dhclient3-apparmor on upgrade, as well as the no longer used conffile
functions
-- Jamie Strandboge <email address hidden> Fri, 06 Aug 2010 15:34:54 -0500
Available diffs
- diff from 3.1.3-2ubuntu5 to 3.1.3-2ubuntu6 (14.4 KiB)
| Superseded in maverick-release |
dhcp3 (3.1.3-2ubuntu5) maverick; urgency=low * debian/patches/fix_exit_hook_doc_manpage.diff: fix LP: #53024, Modified client/dhclient-script.8 manpage to include information about the script folders /etc/dhcp3/dhclient-enter-hooks.d and /etc/dhcp3/dhclient-enter-hooks.d. -- Dustin Kirkland <email address hidden> Tue, 27 Jul 2010 15:55:09 -0400
Available diffs
| Superseded in maverick-release |
dhcp3 (3.1.3-2ubuntu4) maverick; urgency=low
* Speed up DHCP negotiation:
- Add dhclient-fix-backoff.dpatch: Fix the delays between consecutive
requests (the backoff algorithm).
- Add dhclient-initial-random-delay-option.dpatch: Provide an option for
the intial random delay instead of hardcoding it, and set it to 0 by
default.
- Thanks to Michel Lespinasse <email address hidden> for the patches! See patch
headers and Debian #509089 for details.
-- Martin Pitt <email address hidden> Fri, 25 Jun 2010 11:44:00 +0200
Available diffs
dhcp3 (3.1.3-2ubuntu3) lucid; urgency=low
* debian/dhclient-script.linux: Fix regression in host_name option
handling, so that it's always honored when /etc/hostname is not set,
fixes LP: #537978, #482313, #90388, #476491
-- Thierry Carrez <email address hidden> Thu, 01 Apr 2010 16:52:36 +0200
Available diffs
- diff from 3.1.3-2ubuntu2 to 3.1.3-2ubuntu3 (565 bytes)
| Superseded in lucid-release |
dhcp3 (3.1.3-2ubuntu2) lucid; urgency=low * Fix missing fi in debian/dhclient-script.linux (LP: #519206). -- Evan Dandrea <email address hidden> Tue, 09 Feb 2010 10:41:24 +0000
Available diffs
- diff from 3.1.3-2ubuntu1 to 3.1.3-2ubuntu2 (416 bytes)
| Superseded in lucid-release |
dhcp3 (3.1.3-2ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes:
- Deroot server (Debian #308832):
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'.
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient-script.linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf.
- add enforcing Apparmor profile for dhcp3 client and server:
+ debian/control: Suggests apparmor
+ debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
+ debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
dhcp3-server earlier than Ubuntu 7.04
+ debian/dhcp3-{client,server}.postinst: reload apparmor
+ debian/dhcp3-{client,server}.postrm: remove force-complain link
+ debian/rules: copy profile into DESTDIR
+ debian/dhcp3-server.files: install usr.sbin.dhcpd3
+ debian/dhcp3-client.files: install sbin.dhclient3
+ debian/README.Debian: add note on Apparmor
+ Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
+ debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
+ debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
+ debian/dhcp3-client.files: install dhclient3-apparmor ifup script
+ debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
+ debian/rules: copy ifup script into DESTDIR
- simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)
[Chuck Short]
* debian/rules, debian/apport/dhcp3-server.py, debian/apport/dhcp3-client.py,
debian/dhcp3-client.files, debian/dhcp3-server.files, debian/dhcp3-common.dirs:
Install apport hook, apart of the server-lucid-apport-hooks specification.
Available diffs
dhcp3 (3.1.1-5ubuntu8.2) jaunty-security; urgency=low
* debian/patches/00list: put CVE-2009-0692.dpatch before the ldap patches,
so it doesn't get rolled back when building the non-ldap dhcp packages.
Please note that on Ubuntu 8.10 and later this CVE is reduced to a
denial of service due to FORTIFY_SOURCE compiler protections. Ubuntu
9.04 is further protected with an AppArmor profile. Thanks to Colin
Watson for discovering the issue.
-- Jamie Strandboge <email address hidden> Tue, 26 Jan 2010 21:35:50 -0600
Available diffs
- diff from 3.1.1-5ubuntu8.1 to 3.1.1-5ubuntu8.2 (634 bytes)
dhcp3 (3.1.1-1ubuntu2.2) intrepid-security; urgency=low
* debian/patches/00list: put CVE-2009-0692.dpatch before the ldap patches,
so it doesn't get rolled back when building the non-ldap dhcp packages.
Please note that on Ubuntu 8.10 and later this CVE is reduced to a
denial of service due to FORTIFY_SOURCE compiler protections. Ubuntu
9.04 is further protected with an AppArmor profile. Thanks to Colin
Watson for discovering the issue.
-- Jamie Strandboge <email address hidden> Tue, 26 Jan 2010 21:37:06 -0600
Available diffs
- diff from 3.1.1-1ubuntu2.1 to 3.1.1-1ubuntu2.2 (634 bytes)
dhcp3 (3.1.2-1ubuntu7.1) karmic-security; urgency=low
* debian/patches/00list to put CVE-2009-0692.dpatch before the ldap patches,
so it doesn't get rolled back when building the non-ldap dhcp packages.
Please note that on Ubuntu 8.10 and later this CVE is reduced to a
denial of service due to FORTIFY_SOURCE compiler protections. Ubuntu
9.04 is further protected with an AppArmor profile. Thanks to Colin
Watson for discovering the issue.
-- Jamie Strandboge <email address hidden> Tue, 26 Jan 2010 21:34:43 -0600
Available diffs
| Superseded in lucid-release |
dhcp3 (3.1.3-1ubuntu3) lucid; urgency=low
* drop patch for CVE-2009-0692 as this was fixed in 3.1.3
- http://oldwww.isc.org/sw/dhcp/dhcp_rel2.php?noframes=1
-- Jamie Strandboge <email address hidden> Tue, 26 Jan 2010 21:28:23 -0600
Available diffs
- diff from 3.1.3-1ubuntu2 to 3.1.3-1ubuntu3 (863 bytes)
| Superseded in lucid-release |
dhcp3 (3.1.3-1ubuntu2) lucid; urgency=low
* debian/dhcp3-client.links: install symlink for early loading of
dhclient AppArmor profile.
-- Kees Cook <email address hidden> Tue, 15 Dec 2009 11:31:21 -0800
Available diffs
- diff from 3.1.3-1ubuntu1 to 3.1.3-1ubuntu2 (396 bytes)
| Superseded in lucid-release |
dhcp3 (3.1.3-1ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes:
- Deroot server (Debian #308832)
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient-script.linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf.
- add enforcing Apparmor profile for dhcp3 client and server:
- debian/control: Suggests apparmor
- debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
dhcp3-server earlier than Ubuntu 7.04
- debian/dhcp3-{client,server}.postinst: reload apparmor
- debian/dhcp3-{client,server}.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-server.files: install usr.sbin.dhcpd3
- debian/dhcp3-client.files: install sbin.dhclient3
- debian/README.Debian: add note on Apparmor
- Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
- debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile.
- debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile.
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
- debian/dhcp3-client.files: install dhclient3-apparmor ifup script
- debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
- debian/rules: copy ifup script into DESTDIR
- simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)
Available diffs
- diff from 3.1.2-1ubuntu7 to 3.1.3-1ubuntu1 (51.6 KiB)
dhcp3 (3.1.2-1ubuntu7) karmic; urgency=low
* Remove if-pre-up workaround for AppArmor now that it is started
from the initramfs. This solves unexpected behavior when apparmor
is temporarily disabled on a system using DHCP.
-- Kees Cook <email address hidden> Wed, 07 Oct 2009 16:27:10 -0700
Available diffs
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu6) karmic; urgency=low
* debian/apparmor-profile.dhclient3: allow access to lease files and
script for synce-hal to work. (LP: #445442)
-- Jamie Strandboge <email address hidden> Wed, 07 Oct 2009 09:04:07 -0500
Available diffs
- diff from 3.1.2-1ubuntu5 to 3.1.2-1ubuntu6 (539 bytes)
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu5) karmic; urgency=low * debian/apparmor-dhclient3.ifupdown: use profile name instead of stdin. -- Kees Cook <email address hidden> Fri, 17 Jul 2009 12:07:19 -0700
Available diffs
- diff from 3.1.2-1ubuntu4 to 3.1.2-1ubuntu5 (713 bytes)
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu4) karmic; urgency=low
* Adjust dhclient AppArmor profile to call dhclient-script with Uxr instead
of Pxr with its own unrestricted profile. This simplifies the profile,
does not change the security stance of the profile, and works around an
AppArmor regression in Ubuntu kernel 2.6.31-3.19. (LP: #400349)
* debian/dhcp3-client.postinst: adjust to reload only the dhlient3 profile,
not all of AppArmor
* debian/dhcp3-server.postinst: adjust to reload only the dhcpd3 profile,
not all of AppArmor
-- Jamie Strandboge <email address hidden> Fri, 17 Jul 2009 09:57:19 -0500
Available diffs
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu3) karmic; urgency=low
* simplify ifupdown logic since we will mount securityfs in mountkern.sh
instead of trying to wait around for it here. Thanks to Scott James
Remnant for analysis (LP: #399954)
-- Jamie Strandboge <email address hidden> Thu, 16 Jul 2009 11:25:40 -0500
Available diffs
- diff from 3.1.2-1ubuntu2 to 3.1.2-1ubuntu3 (865 bytes)
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu2) karmic; urgency=low
* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
server
- debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
dhclient.c to verify that length of data is not longer than netmask
(iaddr)
- CVE-2009-0692
-- Jamie Strandboge <email address hidden> Mon, 13 Jul 2009 15:01:19 -0500
Available diffs
- diff from 3.1.2-1ubuntu1 to 3.1.2-1ubuntu2 (907 bytes)
dhcp3 (3.0.3-6ubuntu7.1) dapper-security; urgency=low
* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
server
- debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
dhclient.c to verify that length of data is not longer than netmask
(iaddr)
- CVE-2009-0692
-- Jamie Strandboge <email address hidden> Wed, 24 Jun 2009 11:31:39 -0500
Available diffs
dhcp3 (3.0.6.dfsg-1ubuntu9.1) hardy-security; urgency=low
* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
server
- debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
dhclient.c to verify that length of data is not longer than netmask
(iaddr)
- CVE-2009-0692
-- Jamie Strandboge <email address hidden> Wed, 24 Jun 2009 11:30:13 -0500
Available diffs
dhcp3 (3.1.1-1ubuntu2.1) intrepid-security; urgency=low
* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
server
- debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
dhclient.c to verify that length of data is not longer than netmask
(iaddr)
- CVE-2009-0692
-- Jamie Strandboge <email address hidden> Wed, 24 Jun 2009 11:27:56 -0500
Available diffs
dhcp3 (3.1.1-5ubuntu8.1) jaunty-security; urgency=low
* SECURITY UPDATE: stack overflow when connecting to malicious DHCP v4
server
- debian/patches/CVE-2009-0692.dpatch: update script_write_params() in
dhclient.c to verify that length of data is not longer than netmask
(iaddr)
- CVE-2009-0692
-- Jamie Strandboge <email address hidden> Wed, 24 Jun 2009 09:46:16 -0500
Available diffs
| Superseded in karmic-release |
dhcp3 (3.1.2-1ubuntu1) karmic; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Deroot server (Debian #308832)
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to
'h'.
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is
not set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
- debian/dhclient-script.linux: Drop keeping of old search/domain values
if we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf.
- add enforcing Apparmor profile for dhcp3 client and server:
- debian/control: Suggests apparmor
- debian/dhcp3-{client,server}.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-{client,server}.preinst: force-complain on upgrades from
dhcp3-server earlier than Ubuntu 7.04
- debian/dhcp3-{client,server}.postinst: reload apparmor
- debian/dhcp3-{client,server}.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-server.files: install usr.sbin.dhcpd3
- debian/dhcp3-client.files: install sbin.dhclient3
- debian/README.Debian: add note on Apparmor
- add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
- debian/dhcp3-client.files: install dhclient3-apparmor ifup script
- debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
- debian/rules: copy ifup script into DESTDIR
Available diffs
- diff from 3.1.1-5ubuntu8 to 3.1.2-1ubuntu1 (15.4 KiB)
dhcp3 (3.1.1-5ubuntu8) jaunty; urgency=low * debian/dhclient.conf: Request ntp-servers by default (LP: #74164) -- Jonathan Marsden <email address hidden> Mon, 23 Mar 2009 19:42:32 -0700
Available diffs
- diff from 3.1.1-5ubuntu7 to 3.1.1-5ubuntu8 (512 bytes)
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu7) jaunty; urgency=low
* debian/apparmor-profile.dhclient3: adjust to allow NetworkManager and
connmann access to dbus (LP: #342235)
-- Jamie Strandboge <email address hidden> Tue, 17 Mar 2009 17:26:19 -0500
Available diffs
- diff from 3.1.1-5ubuntu6 to 3.1.1-5ubuntu7 (463 bytes)
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu6) jaunty; urgency=low
* debian/apparmor-profile.dhclient3: adjust to support connman. Patch
thanks to Mark Shuttleworth. (LP: #333711)
-- Jamie Strandboge <email address hidden> Tue, 24 Feb 2009 08:47:29 -0600
Available diffs
- diff from 3.1.1-5ubuntu5 to 3.1.1-5ubuntu6 (745 bytes)
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu5) jaunty; urgency=low * don't wait in ifupdown script if apparmor isn't installed (LP: #331444) -- Jamie Strandboge <email address hidden> Thu, 19 Feb 2009 07:44:45 -0600
Available diffs
- diff from 3.1.1-5ubuntu4 to 3.1.1-5ubuntu5 (495 bytes)
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu4) jaunty; urgency=low
* add enforcing Apparmor profile for dhcp3-client:
- debian/control: Suggests apparmor
- debian/dhcp3-client.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-client.preinst: force-complain on upgrades from dhcp3-client
earlier than Ubuntu 7.04
- debian/dhcp3-client.postinst: reload apparmor
- debian/dhcp3-client.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-client.files: install sbin.dhclient3
- debian/README.Debian: expand note on Apparmor
* add ifupdown hook so the dhclient3 Apparmor profile is loaded before
calling dhclient3, which can happen under certain conditions with udev
- debian/dhcp3-client.files: install dhclient3-apparmor ifup script
- debian/dhcp3-client.dirs: add etc/network/if-pre-up.d
- debian/rules: copy ifup script into DESTDIR
* rename debian/apparmor-profile to debian/apparmor-profile.dhcpd3
* debian/apparmor-profile.dhcpd3: allow eucalyptus paths
* References
- https://wiki.ubuntu.com/ApparmorProfileMigration
-- Jamie Strandboge <email address hidden> Wed, 18 Feb 2009 08:23:14 -0600
Available diffs
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu3) jaunty; urgency=low
* add enforcing Apparmor profile:
- debian/control: Suggests apparmor
- debian/dhcp3-server.dirs: add etc/apparmor.d/force-complain
- debian/dhcp3-server.preinst: force-complain on upgrades from dhcp3-server
earlier than Ubuntu 7.04
- debian/dhcp3-server.postinst: reload apparmor
- debian/dhcp3-server.postrm: remove force-complain link
- debian/rules: copy profile into DESTDIR
- debian/dhcp3-server.files: install usr.sbin.dhcpd3
- debian/README.Debian: add note on Apparmor
* References
- https://wiki.ubuntu.com/ApparmorProfileMigration
-- Jamie Strandboge <email address hidden> Tue, 10 Feb 2009 15:08:42 -0600
Available diffs
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu2) jaunty; urgency=low
* Raise minimum valid MTU to 577 to avoid broken devices that send 576,
which is unlikely to be correct either (LP: #274069, debian bug #513616).
-- Kees Cook <email address hidden> Fri, 30 Jan 2009 11:13:15 -0800
Available diffs
- diff from 3.1.1-5ubuntu1 to 3.1.1-5ubuntu2 (723 bytes)
| Superseded in jaunty-release |
dhcp3 (3.1.1-5ubuntu1) jaunty; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Deroot server (Debian #308832)
+ droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Add libcap-dev build dependency.
+ debian/dhcp3-server.postinst: Create dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to 'h'.
+ debian/dhclient.conf: Enable send-hostname by default.
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become
writable; this isn't the case when udev's 85-ifupdown.rules calls ifup
early. (Ubuntu specific until Debian uses this rule, too)
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is not
set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
- debian/rules: Enable build hardening. Add hardening-wrapper build
dependency. (Ubuntu specific)
* debian/dhclient-script.linux: Drop keeping of old search/domain values if
we didn't get any from the DHCP response. It is inconsistent with
resolvconf and should rather use default/supercede options in
/etc/dhcp3/dhclient.conf. (see Debian #486535)
Available diffs
- diff from 3.1.1-1ubuntu2 to 3.1.1-5ubuntu1 (15.9 KiB)
dhcp3 (3.1.1-1ubuntu2) intrepid; urgency=low
* debian/{control,rules}: enable PIE hardening
-- Kees Cook <email address hidden> Wed, 20 Aug 2008 15:52:41 -0700
Available diffs
- diff from 3.1.1-1ubuntu1 to 3.1.1-1ubuntu2 (725 bytes)
| Superseded in intrepid-release |
dhcp3 (3.1.1-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable. Remaining Ubuntu changes:
- debian/control, debian/dhcp3-server.init.d: LSB init script.
(Debian #486508)
- Deroot server (Debian #308832)
+ debian/patches/droppriv.dpatch, deroot-server.dpatch: Code changes.
+ debian/control: Build-depend on libcap-dev.
+ debian/dhcp3-server.post{inst,rm}: Create/remove dhcpd system user.
+ debian/dhcp3-server.init.d: Create paths with appropriate permissions
for dhcpd system user access.
- Send hostname to DHCP server by default (LP #10239, Debian #151820):
+ debian/patches/dynamic-hostname.dpatch: Add support for a new string
type 'h' which behaves like 't' except that '<hostname>' is changed to
the current hostname. Change 'host-name' DHCP option type from 't' to 'h'.
+ debian/dhclient.conf: Enable send-hostname by default.
- debian/rules: Remove client/scripts/debian on clean again.
(Debian #486514)
- dhclient-onetry-call-clientscript.dpatch: Call 'dhclient-script FAIL'
when failing to get an address also when operating in oneshot mode (-1).
This fixes avahi-autoipd invocation through dhcdbd. (Debian #486520)
- debian/dhcp3-server.init.d, debian/dhcp3-server.postinst: Do not install
unnecessary rc.d symlinks for levels 0 and 6, for faster shutdown.
(Debian #486518)
- debian/dhclient-script.linux: Do not clobber old search/domain values if
we didn't get any from the DHCP response. (Debian #486535)
- debian/patches/dhcpd.conf-subnet-examples.dpatch: Give an example for
subnet-mask in dhcpd.conf. (LP #26661)
- dhclient-more-debug.dpatch: Show the requested/offered client IP in log
output, for better debugging. (LP #35265, Debian #486611)
- debian/dhclient-script.linux: Wait for /etc/resolv.conf to become writable.
- revert-next-server.dpatch: Revert the need of the next-server option in
dhcpd.conf so it points to the own IP again for tftp if the option is not
set. (Patch by Oliver Grawert; disputed upstream)
- debian/dhcp3-server.init.d: Allow LTSP to override default configuration
in /etc/ltsp/dhcpd.conf. Point that out in a header comment in
debian/dhcpd.conf. (Ubuntu specific)
- debian/dhcp3-server.config: Drop debconf question to medium. (Ubuntu
specific)
* Drop obsolete Ubuntu changes:
- debian/dhclient.conf: Get the interface-mtu parameter again. Previous
Ubuntu versions ignored it because of broken old DHCP servers which hand
out the wrong value. (LP#61989) However, this breaks correct and
deliberately sent non-default values, which is a bigger pain. If this is
still an issue, a better fix is to discard unplausibly low values only.
- Drop the client derooting patch. It is very intrusive, never offered true
protection (susceptible to $PATH injection and other bypasses), and is a
constant source of bugs. (LP: #39249)
- Drop the pm-utils hook for stopping/starting dhcp3-server on
suspend/resume. This was necessary in the acpi-support ages (which tore
down ethernet interfaces on resume), but pm-utils does not do that any
more.
* debian/patches/deroot-server.dpatch: Juggle Makefile.dist patch to not
conflict with ldap patch.
* dhclient-more-debug.dpatch: Fix printing of address when renewing a lease
(printed "<null address>" before). (LP: #35265)
Available diffs
- diff from 3.0.6.dfsg-1ubuntu9 to 3.1.1-1ubuntu1 (268.0 KiB)
dhcp3 (3.0.6.dfsg-1ubuntu9) hardy; urgency=low
* Add debian/patches/dhclient-more-debug.dpatch: Show the requested/offered
client IP in log output, for better debugging. Thanks to Peter Miller for
the patch! (Closes: #35265)
-- Martin Pitt <email address hidden> Wed, 02 Apr 2008 15:30:15 +0200
| Superseded in hardy-release |
dhcp3 (3.0.6.dfsg-1ubuntu8) hardy; urgency=low
* give the pm script a better matching name (90dhcp3-server
instead of 90dhcpd)
* clean up build tree properly
-- Oliver Grawert <email address hidden> Tue, 01 Apr 2008 17:01:25 +0200
| Superseded in hardy-release |
dhcp3 (3.0.6.dfsg-1ubuntu7) hardy; urgency=low * move the old acpi suspend/resume scripts properly to pm-utils -- Oliver Grawert <email address hidden> Tue, 01 Apr 2008 15:47:33 +0200
| 1 → 50 of 82 results | First • Previous • Next • Last |
