ISC DHCP 4.2.0 is now available!

[David W. Hankins]

ISC DHCP 4.2.0 is now available for download.

This is the final release of ISC DHCP 4.2.0, a feature release which
contains several new features, as well as current bug fixes.  Of note,
DDNS processing is now done asynchronously - so that the DHCP server
can continue to process DHCP packets while DDNS updates are pending,
and the failover protocol has been enhanced with two features that
can improve DHCP server endurance when the partner disconnects.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

    http://www.isc.org/software/dhcp/420

This release, and its OpenPGP-signatures are available now from:

    ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0.tar.gz
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

    http://www.isc.org/about/openpgp/


			Changes since 4.2.0rc1

- Documentation cleanup covering multiple tickets
  [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
  [ISC-Bugs #20263] add text describing some default values
  [ISC-Bugs #20193] single quotes at the start of a line indicate a control
  line to nroff, escape them if we actually want a quote.
  [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs

                        Changes since 4.2.0b2

- Add declaration for variable in debug code in alloc.c.  [ISC-Bugs #21472]

                        Changes since 4.2.0b1

- Prohibit including lease time information in a response to a DHCP INFORM.
  [ISC-Bugs #21092]

! Accept a client id of length 0 while hashing.  Previously the server would
  exit if it attempted to hash a zero length client id, providing attackers
  with a simple denial of service attack.  [ISC-Bugs #21253]
  CERT: VU#541921 - CVE: CVE-2010-2156

- A memory leak in ddns processing was closed.  [ISC-Bugs #21377]

- Modify the exception handling for initial context creation.  Previously
  we would try and clean up before exiting.  This could present problems
  when the cleanup required part of the context that wasn't available.  It
  also didn't do much as we exited afterwards anyway.   Now we simply log
  the error and exit. [ISC-Bugs #21093]

- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
  previously allocated (active) lease to a client that has changed subnets,
  despite being on different shared networks.  Dynamic prefixes specifically
  allocated in shared networks also now are not offered if the client has
  moved.  [ISC-Bugs #21152]

- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]

- Fix the trace code to handle timing events better and to truncate a file
  before using instead of overwriting it.  [ISC-Bugs #20969]

- Modify the determination of the default TTL to use for DDNS updates.
  The user may still configure the ttl via ddns-ttl.  The default for
  both v4 and v6 is now 1/2 the (preferred) lease time with a limit.  The
  previous defaults (1/2 lease time without a limit for v4 and a default
  value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
  [ISC-Bugs #21126]

- libisc/libdns is now brought up to version 9.7.1rc1.  This corrects
  three reported flaws in ISC DHCP;

  o DHCP processes (dhcpd, dhclient) fail to start if one of either the
    IPv4 or IPv6 address families is not present.  [ISC-Bugs #21122]
  o Assertion failure when attempting to cancel a previously running DDNS
    update.  [ISC-Bugs #21133]

  o Compilation failure of libisc/libdns due to the use of a flexible
    array member.  [ISC-Bugs #21316]

                        Changes since 4.2.0a2

- Update the fsync code to work with the changes to the DDNS code.  It now
  uses a timer instead of noticing if there are no more packets to process.

- When constructing the DNS name structure from a text string append
  the root to relative names.  This satisfies a requirement in the DNS
  library that names be absolute instead of relative and prevents DHCP
  from crashing.  [ISC-Bugs #21054]

- "The LDAP Patch" that has been circulating for some time, written by
  Brian Masney and S.Kalyanasundraram and maintained for application to
  the DHCP-4 sources by David Cantrell has been included.  Please be
  advised that these sources were contributed, and do not yet meet the
  high standards we place on production sources we include by default.
  As a result, the LDAP features are only included by using a compile-time
  option which defaults off, and if you enable it you do so under your
  own recognizance.  We will be improving this software over time.
  [ISC-Bugs #17741]

                        Changes since 4.2.0a1

- When using 'ignore client-updates;', the FQDN returned to the client
  is no longer truncated to one octet.

- Cleaned up an unused hardware address variable in nak_lease().

- Manpage entries for the ia-pd and ia-prefix options were updated to
  reflect support for prefix delegation.

- Cleaned up some compiler warnings

- An optimization described in the failover protocol draft is now included,
  which permits a DHCP server operating in communications-interrupted state
  to 'rewind' a lease to the state most recently transmitted to its peer,
  greatly increasing a server's endurance in communications-interrupted.
  This is supported using a new 'rewind state' record on the dhcpd.leases
  entry for each lease.

- Fix the trace code which was broken by the changes to the DDNS code.

                        Changes since 4.1.0 (new features)

- Failover port configuration can now be left to defaults (port 647) as
  described in the -12 revision of the Failover draft (and assigned by
  IANA).  Thanks in part to a patch from David Cantrell at Red Hat.

- If configured, dhclient may now transmit to an anycast MAC address,
  rather than using a broadcast address.  Thanks to a patch from David
  Cantrell at Red Hat.

- Added client support for setting interface MTU and metric, thanks to
  Roy "UberLord" Marples <roy at marples.name>.

- Added client -D option to specify DUID type to send.

- A new failover configuration parameter has been introduced for those
  environments where DHCP servers can be reasonably guaranteed to be
  "down" when the failover TCP socket is severed, "auto-partner-down".
  This parameter is not generally safe, and by default is disabled, so
  please carefully review the documentation of this parameter in the
  dhcpd.conf(5) manpage before determining to use it yourself.

- Added a configuration function, 'gethostname()', which calls the system
  function of the same name and presents the results as a data expression.
  This function can be used to incorporate the system level hostname of
  the system the DHCP software is operating on in responses or queries (such
  as including a failover partner's hostname in a dhcp message or binding
  scope, or having a DHCP client send any system hostname in the host-name or
  FQDN options by default).

- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
  for DHCPv4 operation and used independently of the dhcp-lease-time
  calculations.  Invalid renew and rebinding times (e.g., greater than the
  determined lease time) are omitted.

- Processing the DHCP to DNS server transactions in an asyncrhonous fashion.
  The DHCP server or client can now continue with it's processing while
  awaiting replies from the DNS server.

- The 'hardware [ethernet|etc] ...;' parameter in host records has been
  extended to attempt to match DHCPv6 clients by the last octets of a
  DUID-LL or DUID-LLT provided by the client.

                        Changes since 4.1.0 (bug fixes)

- Remove infinite loop in token_print_indent_concat().

- Validate the argument to the -p option.

- The notorious 'option <unknown> ... larger than buffer' log line,
  which is seen in some malformed DHCP client packets, was modified.
  It now logs the universe name, and does not log the length values
  (which are bogus corruption read from the packet anyway).  It also
  carries a hopefully more useful explanation.

- Suppress spurious warnings from configure about --datarootdir

- A bug was fixed that caused the server not to answer some valid Solicit
  and Request packets, if the dynamic range covering any requested addresses
  had been deleted from configuration.

- Update the code to deal with GCC 4.3.  This included two sets of changes.
  The first is to the configuration files to include the use of
  AC_USE_SYSTEM_EXTENSIONS.  The second is to deal with return values that
  were being ignored.

- The db-time-format option was documented in manpages.

- Using reserved leases no longer results in 'lease with binding state
  free not on its queue' error messages, thanks to a patch from Frode
  Nordahl.

- Fix a build error in dhcrelay, using older versions of gcc with
  dhcpv6 disabled.

- Two uninitialized stack structures are now memset to zero, thanks to a
  patch from David Cantrell at Red Hat.

- Fixed a cosmetic bug where pretty-printing valid domain-search options would
  result in an erroneous error log message ('garbage in format string').

- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
  to stop receiving packets is fixed.  The same fix also means that the MAC
  address will no longer appear 'bogus' on DLPI-based systems.
- A bug in select handling was discovered where the results of one select()
  call were discarded, causing the server to process the next select() call
  and use more system calls than required.  This has been repaired - the
  sockets will be handled after the first return from select(), resulting in
  fewer system calls.

- The update-conflict-detection feature would leave an FQDN updated without
  a DHCID (still currently implemented as a TXT RR).  This would cause later
  expiration or release events to fail to remove the domain name.  The feature
  now also inserts the client's up to date DHCID record, so records may safely
  be removed at expiration or release time.  Thanks to a patch submitted by
  Christof Chen.

- Memory leak in the load_balance_mine() function is fixed.  This would
  leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
  and in normal state.

- Various compilation fixes have been included for the memory related
  DEBUG #defines in includes/site.h.

- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
- Fixed setting hostname in Linux hosts that require hostname argument
  to be double-quoted.  Also allow server-provided hostname to
  override hostnames 'localhost' and '(none)'.

- Fixed failover reconnection retry code to continue to retry to reconnect
  rather than restarting the listener.

- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
  been repaired.  Other USE_ overrides should work better.

- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
  that probably still resulted in the correct behaviour (but wouldn't use
  a larger defined value provided by the host OS).

- Fixed a bug where an OMAPI socket disconnection message would not result
  in scheduling a failover reconnection, if the link had not negotiated a
  failover connect yet (e.g.: connection refused, asynch socket connect()
  timeouts).

- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
  in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.  CERT VU#410676 - CVE-2009-0692

- Fixed a bug where relay agent options would never be returned when
  processing a DHCPINFORM.

- Versions 3.0.x syntax with multiple name->code option definitions is now
  supported.  Note that, similarly to 3.0.x, for by-code lookups only the
  last option definition is used.

- Fixed a bug where a time difference of greater than 60 seconds between a
  failover pair could cause the primary to crash on contact with the
  secondary.  Thanks to a patch from Steinar Haug.

- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
  Thanks to patches from Matthew Newton and David Cantrell.

- Secondary servers in a failover pair will now perform ddns removals if
  they had performed ddns updates on a lease that is expiring, or was
  released through the primary.  As part of the same fix, stale binding scopes
  will now be removed if a change in identity of a lease's active client is
  detected, rather than simply if a lease is noticed to have expired (which it
  may have expired without a failover server noticing in some situations).

- A patch supplied by David Cantrell at RedHat was applied that detects
  invalid calling parameters given to the ns_name_ntop() function.
  Specifically, it detects if the caller passed a pointer and size pair
  that causes the pointer to integer-wrap past zero.

! Fixed a fenceposting bug when a client had two host records configured,
  one using 'uid' and the other using 'hardware ethernet'.  CVE-2009-1892

- Fixed the check in the dhcp_interface_signal_handler routine to verify
  the existence of the linked signal handler before calling it.

- Both host and subnet6 configuration groups are now included whether a
  fixed-address6 (DHCPv6) is in use or not.  Host scoped configuration takes
  precedence.  This fixes two bugs, one where host scoped configuration
  would not be included from a non-fixed-address6 host record, and the equal
  and opposite bug where subnet6 scoped configuration would not be used when
  over-riding values were not present in a matching fixed-address6 host
  configuration.

- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
  correcting a compilation failure when using Sun's compiler.

- Modified the handling of a connection to avoid releasing the omapi io
  object for the connection while it is still in use.  One symptom from
  this error was a segfault when a failover secondary attempted to connect
  to the failover primary if their clocks were not synchronized.

- Clean up to allow compilation with gcc 2.95.4 on FreeBSD.  Remove an
  extra semi-colon from common/dns.c and moved setting a variable to NULL
  in server/dhcpv6.c to allow the compiler to decide that the variable
  was always properly set.

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100715/4a6d5428/attachment.bin>