isc-dhcp (4.4.1-2.3ubuntu2.4) jammy; urgency=medium
[ Mauricio Faria de Oliveira ]
* Prevent race condition that might ignore DHCP OFFERs/ACKs
when dhclient receives DHCP traffic noise. (LP: #1926139)
The previous/racy behavior can be switched back on with
the 'DHCP_FD_FLAGS_POKE=0' environment variable or
the 'dhcp.fd_flags_poke=0' kernel cmdline option.
- d/p/lp1926139-watch-socket-fd-later.patch: fix, switches.
- d/apparmor/sbin.dhclient,usr.sbin.dhcpd: /proc/cmdline r.
[ Steve Langasek ]
* Include /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes
in the initramfs. (LP: #1937110)
- d/initramfs-tools/share/hooks/zz-dhclient: copy_exec it.
-- Mauricio Faria de Oliveira <mfo@canonical.com> Tue, 31 Jan 2023 18:54:40 -0300
isc-dhcp (4.4.1-2.3ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: option refcount overflow
- debian/patches/CVE-2022-2928.patch: correct reference counts in
common/options.c, common/tests/option_unittest.c.
- CVE-2022-2928
* SECURITY UPDATE: DHCP memory leak
- debian/patches/CVE-2022-2929.patch: properly free memory when hitting
errors in common/options.c.
- CVE-2022-2929
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 04 Oct 2022 08:27:08 -0400
isc-dhcp (4.4.1-2.3ubuntu2.2) jammy; urgency=medium
* Disable make_resolv_conf() if systemd-resolved is in use (LP: #1972029)
This functionality was moved from systemd 246-2ubuntu1 (enter-hook) to
isc-dhcp 4.4.1-2.1ubuntu7 (exit-hook). The part overriding
make_resolv_conf() was dropped, but is needed to avoid it overriding
/etc/resolv.conf, managed by sd-resolved (stub-resolv.conf).
-- Lukas Märdian <slyon@ubuntu.com> Tue, 19 Jul 2022 09:56:44 +0200
isc-dhcp (4.4.1-2.3ubuntu2.1) jammy; urgency=medium
* d/apparmor/sbin.dhclient: fix apparmor="DENIED" errors (LP: #1918410)
-- Lukas Märdian <slyon@ubuntu.com> Tue, 21 Jun 2022 12:39:11 +0200
isc-dhcp (4.4.1-2.3ubuntu2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 12:59:39 +0100
isc-dhcp (4.4.1-2.3ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control: Add libcap-dev build dependency.
- Apparmor profiles for dhclient and dhcpd.
- Apport hook for isc-dhcp-client and isc-dhcp-server.
- Add systemd units for -server and -relay.
- If /etc/ltsp/dhcpd.conf exists, use that instead of
/etc/dhcp/dhcpd.conf.
- Create user/group dhcpd and make isc-dhcp-server depend on adduser.
- isc-dhcp-server: Suggest policycoreutils instead of recommending it.
- Create /etc/dhcp/ddns-keys/ for DDNS updates.
- Increase the timeout to 300 seconds for dhclient.conf (following the
default added by dhclient-safer-timeout).
- Sanitize environment in dhclient-script.linux.
- add IPv6 initramfs support.
- Separate default file for isc-dhcp-relay6.
- Drop isc-dhcp-server/new_auth_behavior question from high to medium
- dhclient-script.linux: handle empty case also when waiting for ipv6 link
local DAD.
- debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
the logic for handling search domains to also write it to the output
file when only the domain name is provided by the DHCP server. Copied
code from debian/dhclient-script.linux.
- Remaining Ubuntu patches:
+ dhclient-fix-backoff
+ revert-next-server
+ multi-ip-addr-per-if
+ dhclient-safer-timeout
+ onetry_retry_after_initial_success
+ dhcp-lpf-ib.patch
+ dhcp-improved-xid.patch
+ dhcp-gpxe-cid.patch
+ dhcp-improved-xid-correct-byte-order.patch
+ dhcp-4.2.4-dhclient-options-changed.patch
+ ubuntu-dhcpd-conf.patch
- Apply patch from Alkis Georgopoulos to generate correct
net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
- Build-depend on debhelper (>= 9.20160709) for systemd support.
- Write pidfile before informing parent of success.
- Ship dhcp exit hook to push DNS information to resolved. LP #1889068
- debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
/proc/*/task/*/comm (LP #1870729)
- debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
(LP #1850820)
- debian/rules: build with -fno-strict-aliasing.
- debian/rules: Build with -O2 instead on -O3 on ppc64el
- Fix env variable for INTERFACES
+ d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
respective services file.
- Stop building the udeb on request.
* Dropped Ubuntu changes:
- debian/patches/CVE-2021-25217.patch, applied in Debian
-- Lukas Märdian <slyon@ubuntu.com> Mon, 09 Aug 2021 13:31:01 +0200
isc-dhcp (4.4.1-2.3) unstable; urgency=high
* Non-maintainer upload.
* A buffer overrun in lease file parsing code can be used to exploit a
common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
(Closes: #989157)
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 27 May 2021 06:59:48 +0200
isc-dhcp (4.4.1-2.2ubuntu9) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 17:49:00 -0400
isc-dhcp (4.4.1-2.2ubuntu8) impish; urgency=medium
* Fix regression caused by rebuild with newer toolchain (LP: #1930917)
- debian/rules: build with -fno-strict-aliasing.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 07 Jun 2021 08:25:03 -0400
isc-dhcp (4.4.1-2.2ubuntu7) impish; urgency=medium
* SECURITY UPDATE: DoS via incorrect option information parsing
- debian/patches/CVE-2021-25217.patch: fix parsing in common/parse.c.
- CVE-2021-25217
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 May 2021 06:45:17 -0400
# For older changelog entries, run 'apt-get changelog isc-dhcp-client'
Generated by dwww version 1.14 on Thu Jan 23 03:42:33 CET 2025.