Package "isc-dhcp"

  isc-dhcp (4.1.ESV-R4-0ubuntu5.8) precise-proposed; urgency=low

  [ Dave Chiluk ]
  * Allow dhcpd to read /etc/ldap/ldap.conf for isc-dhcp-server-ldap.
    (LP: #1057358). Backported from St��phane Graber's quantal patch.

  [ St��phane Graber ]
  * Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
    of UDP checksums. (LP: #930962)
  * Update apparmor profile to add required the "network packet raw" rule
    for the checksum change.
 -- Stephane Graber <email address hidden> Thu, 23 May 2013 11:13:07 -0400

  isc-dhcp (4.1.ESV-R4-0ubuntu5.6) precise-proposed; urgency=low

  [ Scott Moser ]
  * debian/apparmor-profile.dhcpd: use include directory to enable
    other packages to re-use isc-dhcp-server. (LP: #1049177)

  [ St��phane Graber ]
  * Update onetry_retry_after_initial_success to disable the onetry variable
    early enough to actually prevent dhclient from exiting. (LP: #974284)
  * Update droppriv patch to also call initgroups() (LP: #727837)
 -- Stephane Graber <email address hidden> Tue, 18 Sep 2012 10:34:10 -0400

  isc-dhcp (4.1.ESV-R4-0ubuntu5.5) precise-security; urgency=low

  [ Jamie Strandboge ]
  * debian/dhclient-script.linux: Explicitly set the PATH to that of
    ENV_SUPATH in /etc/login.defs and unset various other variables. We need
    to do this so /sbin/dhclient cannot abuse the environment to escape
    AppArmor confinement via this script. Don't worry about
    debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
    since AppArmor isn't used in these environments.
    - LP: #1045986

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via ipv6 lease expiration time
    reduction
    - debian/patches/CVE-2012-3955.patch: properly handle time reduction in
      server/dhcpv6.c, server/mdb6.c.
    - CVE-2012-3955
 -- Marc Deslauriers <email address hidden> Fri, 14 Sep 2012 12:58:33 -0400

  isc-dhcp (4.1.ESV-R4-0ubuntu5.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed client identifiers
    - debian/patches/CVE-2012-3571.dpatch: validate packets in
      common/options.{c,h}.
    - CVE-2012-3571.dpatch
  * SECURITY UPDATE: denial of service via memory leaks
    - debian/patches/CVE-2012-3954.dpatch: properly manage memory in
      common/options.c and server/dhcpv6.c.
    - CVE-2012-3954
 -- Marc Deslauriers <email address hidden> Wed, 25 Jul 2012 17:04:18 -0400

  isc-dhcp (4.1.ESV-R4-0ubuntu5.1) precise-proposed; urgency=low

  * Set -pf option for both isc-dhcp-server and isc-dhcp-server6 so they
    create their pid files in a path that's actually writable. (LP: #985417)
  * Also allow read access to the pid file in the apparmor profile,
    otherwise only the initial start succeeds. (LP: #1005062)
  * On upgrade from dhcp3-server, move /etc/default/dhcp3-server to
    /etc/default/isc-dhcp-server. (LP: #1003971)
  * On upgrade from dhcp3-relay, remove /etc/default/dhcp3-relay.
    (LP: #1005547)
  * Try to preseed isc-dhcp-relay with the values from
    /etc/default/dhcp3-relay. (LP: #1005547)
 -- Stephane Graber <email address hidden> Sun, 27 May 2012 20:41:13 -0400