lp:~smoser/ubuntu/precise/isc-dhcp/nouid

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #930962: dhcp3-server reports many bad udp checksums to syslog using virtio NIC	High	Fix Released
Bug #1057358: dhcpd in isc-dhcp-server-ldap cannot read /etc/ldap/ldap.conf due to missing entry in apparmor profile	Medium	Fix Released
Bug #1069570: 1 MAC Address, two IPs - DNS is "out of sync" with DHCP leases databases	Undecided	Won't Fix

Link a bug report

Related blueprints

55. By Scott Moser on 2013-06-03

* refresh against 4.1.ESV-R4-0ubuntu5.8
* Allow dhcpd to read /etc/ldap/ldap.conf for isc-dhcp-server-ldap.
  (LP: #1057358). Backported from Stéphane Graber's quantal patch.
* Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
  of UDP checksums. (LP: #930962)
* Update apparmor profile to add required the "network packet raw" rule
  for the checksum change.

54. By Scott Moser on 2013-06-03

Pull in changes suggested by Nobuto MURATA, so patch stays applied.

* debian/patches/add-option-ignore-client-uids.patch:
  - make its patch order earlier than ldap ones to prevent from
    reverted during the build, refresh patch.
* debian/patches/dhcp-4.1.0-ldap-code.dpatch: refreshed so that patch
  application did not fail after patch above.

53. By Scott Moser on 2013-04-29

releasing version 4.1.ESV-R4-0ubuntu5.6+nouid0

52. By Scott Moser on 2013-04-29

debian/patches/add-option-ignore-client-uids.patch:
Enable option 'ignore-client-uids' (LP: #1069570)

51. By Stéphane Graber on 2012-09-18

[ Scott Moser ]
* debian/apparmor-profile.dhcpd: use include directory to enable
  other packages to re-use isc-dhcp-server. (LP: #1049177)

[ Stéphane Graber ]
* Update onetry_retry_after_initial_success to disable the onetry variable
  early enough to actually prevent dhclient from exiting. (LP: #974284)
* Update droppriv patch to also call initgroups() (LP: #727837)

50. By Marc Deslauriers on 2012-09-14

[ Jamie Strandboge ]
* debian/dhclient-script.linux: Explicitly set the PATH to that of
  ENV_SUPATH in /etc/login.defs and unset various other variables. We need
  to do this so /sbin/dhclient cannot abuse the environment to escape
  AppArmor confinement via this script. Don't worry about
  debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
  since AppArmor isn't used in these environments.
  - LP: #1045986

[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via ipv6 lease expiration time
  reduction
  - debian/patches/CVE-2012-3955.patch: properly handle time reduction in
    server/dhcpv6.c, server/mdb6.c.
  - CVE-2012-3955

49. By Stéphane Graber on 2012-07-27

Move onetry_retry_after_initial_success to the proper spot in the patch
stack so that it actually gets applied. (LP: #974284)

48. By Stéphane Graber on 2012-05-27

* Set -pf option for both isc-dhcp-server and isc-dhcp-server6 so they
  create their pid files in a path that's actually writable. (LP: #985417)
* Also allow read access to the pid file in the apparmor profile,
  otherwise only the initial start succeeds. (LP: #1005062)
* On upgrade from dhcp3-server, move /etc/default/dhcp3-server to
  /etc/default/isc-dhcp-server. (LP: #1003971)
* On upgrade from dhcp3-relay, remove /etc/default/dhcp3-relay.
  (LP: #1005547)
* Try to preseed isc-dhcp-relay with the values from
  /etc/default/dhcp3-relay. (LP: #1005547)

47. By Stéphane Graber on 2012-04-10

releasing version 4.1.ESV-R4-0ubuntu5

46. By Stéphane Graber on 2012-04-10

Exit onetry mode after we get our initial lease in -1 mode.