ISC DHCP 4.2.1 is now available for download
Shawn Routhier
sar at isc.org
Tue Mar 1 23:48:01 UTC 2011
This is the production release of ISC DHCP 4.2.1, a maintenance
release which contains a number of bug fixes including some
for security issues. The security patches were included in
previous releases of 4.2 (4.2.0-Px and 4.2.1b1)
We have seen the server halt when running in a failover configuration
on Solaris in our internal test bed, we believe this is an
artifact of the testbed but are continuing to investigate.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
http://www.isc.org/software/dhcp/421
This release, and its OpenPGP-signatures are available now from:
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.1.tar.gz.sha1.asc
ISC's Release Signing Key can be obtained at:
http://www.isc.org/about/openpgp/
Changes since 4.2.1rc1
- None
Changes since 4.2.1b1
- Removed the restriction on using IPv6 addresses in IPv4 mode. This
allows IPv4 options which contain IPv6 addresses to be specified. For
example the 6rd option can be specified and used like this:
[ISC-Bugs #23039]
option 6rd code 212 = { integer 8, integer 8,
ip6-address, array of ip-address };
option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
- Handle some DDNS corner cases better. Maintain the DDNS transaction
information when updating a lease and cancel any existing transactions
when removing the ddns information.
[ISC-Bugs #23103]
- Some fixes for LDAP
[ISC-Bugs #21783] - Include lber library when building ldap
[ISC-Bugs #22888] - Enable the ldap code when buidling common
The above fixes are from Jiri Popelka at Red Hat.
- Modify the dlpi code to accept getmsg() returning a positive value.
[ISC-Bugs #22824]
Changes since 4.2.0
- 'get-host-names true;' now also works even if
'use-host-decl-names true;' was also configured. The nature of this
repair also fixes another error; the host-name supplied by a
client is no longer overridden by a reverse lookup of the lease
address. Thanks to a patch from Wilco Baan Hofman supplied to us
by the Debian package maintenance team.
[ISC-Bugs #21691] {Debian Bug#509445}
- The .TH tag for the dhcp-options manpage was typo repaired
thanks to a report from jidanni and the Debian package maintenance
team. [ISC-Bugs #21676] {Debian Bug#563613}
- More documentation changes - primarily to put the options in the
dhclient and dhcpd man pages into the standard form. Thanks in part
to a patch from David Cantrell at Red Hat.
[ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
- Add code to clear the pointer to an object in an OMAPI handle when the
object is freed due to a dereference. [ISC-Bugs #21306]
- Fixed a bug that leaks host record references onto lease structures,
causing the server to apply configuration intended for one host to any
other innocent clients that come along later. [ISC-Bugs #22018]
- Minor code fixes
[ISC-Bugs #19566] When trying to find the zone for a name for ddns
allow the name to be at the apex of the zone.
[ISC-Bugs #19617] Restrict length of interface name read from command
line in dhcpd - based on a patch from David Cantrell at Red Hat.
[ISC-Bugs #20039] Correct some error messages in dhcpd.c
[ISC-Bugs #20070] Better range check on values when creating a DHCID.
[ISC-Bugs #20198] Avoid writing past the end of the field when adding
overly long file or server names to a packet and add a log message
if the configuration supplied overly long names for these fields.
Thanks to Martin Pala.
[ISC-Bugs #21497] Add a little more randomness to rng seed in client
thanks to a patch from Jeremiah Jinno.
- Correct error handling in DLPI [ISC-Bugs #20378]
- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
checked in configure. [ISC-Bugs #20443]
- Modify how the cmsg header is allocated the v6 send and received
routines to compile on more compilers. [ISC-Bugs #20524]
- When parsing a domain name free the memory for the name after we are
done with it. [ISC-Bugs #20824]
- Add an elapsed time option to the release message and refactor the
code to move most of the common code to a single routine.
[ISC-Bugs #21171].
- Parse date strings more properly - the code now handles semi-colons in
date strings correctly. Thanks to a patch from Jiri Popelka at Red
Hat.
[ISC-Bugs #21501, #20598]
- Fixes to lease input and output.
[ISC-Bugs #20418] - Some systems don't support the "%s" argument to
strftime, paste together the same string using mktime instead.
[ISC-Bugs #19596] - When parsing iaid values accept printable
characters.
[ISC-Bugs #21585] - Always print time values in omshell as hex
instead of ascii if the values happen to be printable characters.
- Minor changes for scripts, configure.ac and Makefiles
[ISC-Bugs #19147] Use domain-search instead of domain-name in manual
and example conf file. Thanks to a patch from David Cantrell
at Red Hat.
[ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
[ISC-Bugs #19945] Properly close the quote on some arguments.
[ISC-Bugs #20952] Add 64 bit types to configure.ac
[ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable
- Update the code to parse dhcpv6 lease files to accept a semi-colon at
the end of the max-life and preferred-life clauses. In order to be
backwards compatible with older lease files not finding a semi-colon
is also accepted. [ISC-Bugs #22303].
! Handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992]
CERT: VU#102047 CVE: CVE-2010-3611
- ./configure on longer searches for -lcrypto to explicitly link
against. This fixes a bug where 'dhclient' would have shared library
dependencies on '/usr/lib'. [ISC-Bugs #21967]
- Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
signal to a process and will kill the process if the signal isn't
caught. This patch adds code to turn off the SIGPIPE signal via
a setsockopt() call. The signal is already being ignored as part
of the ISC library. [ISC-Bugs #22269]
- Restore printing of values in omshell to the style pre 21585. For
21585 we changed the print routines to always display time values
as a hex list. This had a side effect of printing all data strings
as a hex list. We shall investigate other ways of displaying time
values more usefully. [ISC-Bugs #22626]
! Fix the handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. Thanks to a report from Brad Bendily,
brad at bendily.com.
[ISC-Bugs #22679]
CERT: VU#159528 CVE: CVE-2010-3616
- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
Passing it through to the handlers caused the omshell program to fail
to connect to the server. [ISC-Bugs #21839]
- Fix the paranthesis in the code to process configuration statements
beginning with "auth". The previous arrangement caused
"auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
- Limit the timeout period allowed in the dispatch code to 2^^32-1
seconds. Thanks to a report from Jiri Popelka at Red Hat.
[ISC-Bugs #22033], [Red Hat Bug #628258]
- When processing the format flags for a given option consume the
flag indicating an optional value correctly. A symptom of this
bug was an infinite loop when trying to parse the slp-service-scope
option. Thanks to a patch from Marius Tomaschewski.
[ISC-Bugs #22055]
- Disable the use of kqueue in the ISC library. This avoids a problem
between the fork and socket code that caused the dhcpd process to
use all available cpu if the program daemonized itself.
[ISC-Bugs #21911]
! When processing a request in the DHCPv6 server code that specifies
an address that is tagged as abandoned (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crashing on an assert failure. Also retag the lease as active
and reset it's timeout value.
[ISC-Bugs #21921]
More information about the dhcp-users
mailing list