ISC DHCP 4.2.1 is now available for download

Tue Mar 1 23:48:01 UTC 2011

This is the production release of ISC DHCP 4.2.1, a maintenance
release which contains a number of bug fixes including some
for security issues.  The security patches were included in
previous releases of 4.2 (4.2.0-Px and 4.2.1b1)

We have seen the server halt when running in a failover configuration
on Solaris in our internal test bed, we believe this is an
artifact of the testbed but are continuing to investigate.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

     http://www.isc.org/software/dhcp/421

This release, and its OpenPGP-signatures are available now from:

     ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz
     ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha512.asc
     ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha256.asc
     ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

     http://www.isc.org/about/openpgp/

                         Changes since 4.2.1rc1

- None

                         Changes since 4.2.1b1

- Removed the restriction on using IPv6 addresses in IPv4 mode.  This
   allows IPv4 options which contain IPv6 addresses to be specified.  For
   example the 6rd option can be specified and used like this:
   [ISC-Bugs #23039]

         option 6rd code 212 = { integer 8, integer 8,
                                 ip6-address, array of ip-address };
         option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;

- Handle some DDNS corner cases better.  Maintain the DDNS transaction
   information when updating a lease and cancel any existing transactions
   when removing the ddns information.
   [ISC-Bugs #23103]

- Some fixes for LDAP
   [ISC-Bugs #21783] - Include lber library when building ldap
   [ISC-Bugs #22888] - Enable the ldap code when buidling common
   The above fixes are from Jiri Popelka at Red Hat.

- Modify the dlpi code to accept getmsg() returning a positive value.
   [ISC-Bugs #22824]

                         Changes since 4.2.0

- 'get-host-names true;' now also works even if
   'use-host-decl-names true;' was also configured.  The nature of this
   repair also fixes another error; the host-name supplied by a
   client is no longer overridden by a reverse lookup of the lease
   address.  Thanks to a patch from Wilco Baan Hofman supplied to us
   by the Debian package maintenance team.
   [ISC-Bugs #21691] {Debian Bug#509445}

- The .TH tag for the dhcp-options manpage was typo repaired
   thanks to a report from jidanni and the Debian package maintenance
   team.  [ISC-Bugs #21676] {Debian Bug#563613}

- More documentation changes - primarily to put the options in the
   dhclient and dhcpd man pages into the standard form.  Thanks in part
   to a patch from David Cantrell at Red Hat.
   [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes

- Add code to clear the pointer to an object in an OMAPI handle when the
   object is freed due to a dereference.  [ISC-Bugs #21306]

- Fixed a bug that leaks host record references onto lease structures,
   causing the server to apply configuration intended for one host to any
   other innocent clients that come along later.  [ISC-Bugs #22018]

- Minor code fixes
   [ISC-Bugs #19566] When trying to find the zone for a name for ddns
   allow the name to be at the apex of the zone.
   [ISC-Bugs #19617] Restrict length of interface name read from command
   line in dhcpd - based on a patch from David Cantrell at Red Hat.
   [ISC-Bugs #20039] Correct some error messages in dhcpd.c
   [ISC-Bugs #20070] Better range check on values when creating a DHCID.
   [ISC-Bugs #20198] Avoid writing past the end of the field when adding
   overly long file or server names to a packet and add a log message
   if the configuration supplied overly long names for these fields.
   Thanks to Martin Pala.
   [ISC-Bugs #21497] Add a little more randomness to rng seed in client
   thanks to a patch from Jeremiah Jinno.

- Correct error handling in DLPI [ISC-Bugs #20378]

- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
   checked in configure.  [ISC-Bugs #20443]

- Modify how the cmsg header is allocated the v6 send and received
   routines to compile on more compilers.  [ISC-Bugs #20524]

- When parsing a domain name free the memory for the name after we are
   done with it.  [ISC-Bugs #20824]

- Add an elapsed time option to the release message and refactor the
   code to move most of the common code to a single routine.
   [ISC-Bugs #21171].

- Parse date strings more properly - the code now handles semi-colons in
   date strings correctly.  Thanks to a patch from Jiri Popelka at Red
   Hat.
   [ISC-Bugs #21501, #20598]

- Fixes to lease input and output.
   [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
   strftime, paste together the same string using mktime instead.
   [ISC-Bugs #19596] - When parsing iaid values accept printable
   characters.
   [ISC-Bugs #21585] - Always print time values in omshell as hex
   instead of ascii if the values happen to be printable characters.

- Minor changes for scripts, configure.ac and Makefiles
   [ISC-Bugs #19147] Use domain-search instead of domain-name in manual
   and example conf file.  Thanks to a patch from David Cantrell
   at Red Hat.
   [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
   [ISC-Bugs #19945] Properly close the quote on some arguments.
   [ISC-Bugs #20952] Add 64 bit types to configure.ac
   [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable

- Update the code to parse dhcpv6 lease files to accept a semi-colon at
   the end of the max-life and preferred-life clauses.  In order to be
   backwards compatible with older lease files not finding a semi-colon
   is also accepted.  [ISC-Bugs #22303].

! Handle a relay forward message with an unspecified address in the
   link address field.  Previously such a message would cause the
   server to crash.  Thanks to a report from John Gibbons.
   [ISC-Bugs #21992]
   CERT: VU#102047 CVE: CVE-2010-3611

- ./configure on longer searches for -lcrypto to explicitly link
   against.  This fixes a bug where 'dhclient' would have shared library
   dependencies on '/usr/lib'.  [ISC-Bugs #21967]

- Handle pipe failures more gracefully.  Some OSes pass a SIGPIPE
   signal to a process and will kill the process if the signal isn't
   caught.  This patch adds code to turn off the SIGPIPE signal via
   a setsockopt() call.  The signal is already being ignored as part
   of the ISC library.  [ISC-Bugs #22269]

- Restore printing of values in omshell to the style pre 21585.  For
   21585 we changed the print routines to always display time values
   as a hex list.  This had a side effect of printing all data strings
   as a hex list.  We shall investigate other ways of displaying time
   values more usefully.  [ISC-Bugs #22626]

! Fix the handling of connection requests on the failover port.
   Previously a connection request from a source that wasn't
   listed as a failover peer would cause the server to become
   non-responsive.  Thanks to a report from Brad Bendily,
   brad at bendily.com.
   [ISC-Bugs #22679]
   CERT: VU#159528 CVE: CVE-2010-3616

- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
   Passing it through to the handlers caused the omshell program to fail
   to connect to the server.  [ISC-Bugs #21839]

- Fix the paranthesis in the code to process configuration statements
   beginning with "auth".  The previous arrangement caused
   "auto-partner-down" to be processed incorrectly.  [ISC-Bugs #21854]

- Limit the timeout period allowed in the dispatch code to 2^^32-1
   seconds.  Thanks to a report from Jiri Popelka at Red Hat.
   [ISC-Bugs #22033], [Red Hat Bug #628258]

- When processing the format flags for a given option consume the
   flag indicating an optional value correctly.  A symptom of this
   bug was an infinite loop when trying to parse the slp-service-scope
   option.  Thanks to a patch from Marius Tomaschewski.
   [ISC-Bugs #22055]

- Disable the use of kqueue in the ISC library.  This avoids a problem
   between the fork and socket code that caused the dhcpd process to
   use all available cpu if the program daemonized itself.
   [ISC-Bugs #21911]

! When processing a request in the DHCPv6 server code that specifies
   an address that is tagged as abandoned (meaning we received a
   decline request for it previously) don't attempt to move it from
   the inactive to active pool as doing so can result in the server
   crashing on an assert failure.  Also retag the lease as active
   and reset it's timeout value.
   [ISC-Bugs #21921]