isc-dhcp (4.4.3-P1-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/control: Add libcap-dev build dependency.
- Apparmor profiles for dhclient and dhcpd.
- Apport hook for isc-dhcp-client and isc-dhcp-server.
- Add systemd units for -server and -relay.
- If /etc/ltsp/dhcpd.conf exists, use that instead of
/etc/dhcp/dhcpd.conf.
- Create user/group dhcpd and make isc-dhcp-server depend on adduser.
- isc-dhcp-server: Suggest policycoreutils instead of recommending it.
- Create /etc/dhcp/ddns-keys/ for DDNS updates.
- Increase the timeout to 300 seconds for dhclient.conf (following the
default added by dhclient-safer-timeout).
- Sanitize environment in dhclient-script.linux.
- add IPv6 initramfs support.
- Separate default file for isc-dhcp-relay6.
- Drop isc-dhcp-server/new_auth_behavior question from high to medium
- dhclient-script.linux: handle empty case also when waiting for ipv6 link
local DAD.
- debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix
the logic for handling search domains to also write it to the output
file when only the domain name is provided by the DHCP server. Copied
code from debian/dhclient-script.linux.
- Remaining Ubuntu patches:
+ dhclient-fix-backoff
+ revert-next-server
+ multi-ip-addr-per-if
+ dhclient-safer-timeout
+ onetry_retry_after_initial_success
+ dhcp-lpf-ib.patch
+ dhcp-improved-xid.patch
+ dhcp-gpxe-cid.patch
+ dhcp-improved-xid-correct-byte-order.patch
+ dhcp-4.2.4-dhclient-options-changed.patch
+ ubuntu-dhcpd-conf.patch
- Apply patch from Alkis Georgopoulos to generate correct
net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers.
- Write pidfile before informing parent of success.
- Ship dhcp exit hook to push DNS information to resolved. LP #1889068
- debian/apparmor/usr.sbin.dhcpd: also allow r+w on /proc/*/comm and
/proc/*/task/*/comm (LP #1870729)
- debian/apparmor/sbin.dhclient: also properly confine /usr/sbin/dhclient
(LP #1850820)
- debian/rules: build with -fno-strict-aliasing.
- debian/rules: Build with -O2 instead on -O3 on ppc64el
- Fix env variable for INTERFACES
+ d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
respective services file.
- Stop building the udeb on request.
- debian/resolved: chown $statedir to systemd-resolve
- d/apparmor/sbin.dhclient: fix apparmor="DENIED" errors
- Disable make_resolv_conf() if systemd-resolved is in use.
- Include /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes in
the initramfs.
- debian/rules: update to use dh_installsystemd.
- debian/control: add Pre-Depends: ${misc:Pre-Depends} for
init-system-helpers.
- drop shebang line from apport hooks; these are sourced not executed
and /usr/bin/python as an interpreter just confuses things.
- debian/isc-dhcp-server.postinst: dhcpd user home directory on new
installs should be /run, not /var/run. No handling of migration at this
time.
- debian/patches/bind-outdated-config.guess.patch: run autoreconf in
the bind directory.
- Reorder the initramfs hook so that all files end up in the right
directories.
* Dropped patches, included upstream:
- debian/patches/CVE-2022-2928.patch
- debian/patches/CVE-2022-2929.patch
isc-dhcp (4.4.3-P1-1) unstable; urgency=low
* New upstream version 4.4.3-P1
* Remove no longer needed CVE-2022-2928.patch and CVE-2022-2929.patch
isc-dhcp (4.4.3-2.1) unstable; urgency=medium
* Non-maintainer upload.
* An option refcount overflow exists in dhcpd (CVE-2022-2928)
(Closes: #1021320)
* DHCP memory leak (CVE-2022-2929) (Closes: #1021320)
-- Graham Inggs <email address hidden> Mon, 28 Nov 2022 14:34:02 +0000
