ISC DHCP 3.1.3 is now available!

David W. Hankins dhankins at isc.org
Wed Oct 7 19:13:25 UTC 2009


ISC DHCP 3.1.3 is now available for download.

This is the FINAL RELEASE of ISC DHCP 3.1.3, a maintenance release
which contains several fixes to bugs present in versions 3.1.2 and
prior, but contains no new features.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

    http://oldwww.isc.org/sw/dhcp/dhcp_rel2.php?noframes=1

This release, and its OpenPGP-signatures are available now from:

    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.3.tar.gz
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.3.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.3.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.3.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

    http://www.isc.org/about/openpgp/


                        Changes since 3.1.3rc1

- None.

                        Changes since 3.1.3b1

- None.

                        Changes since 3.1.2

- Remove infinite loop in token_print_indent_concat().

- Validate the argument to the -p option.

- The notorious 'option <unknown> ... larger than buffer' log line,
  which is seen in some malformed DHCP client packets, was modified.
  It now logs the universe name, and does not log the length values
  (which are bogus corruption read from the packet anyway).  It also
  carries a hopefully more useful explanation.

- The db-time-format option was documented in manpages.

- Using reserved leases no longer results in 'lease with binding state
  free not on its queue' error messages, thanks to a patch from Frode
  Nordahl.

- A parser bug was fixed that segfaulted if site-option-space was tried
  to be used interchangeably with vendor-option-space.

- Two uninitialized stack structures are now memset to zero, thanks to
  patch from David Cantrell at Red Hat.

- The update-conflict-detection feature would leave an FQDN updated without
  a DHCID (still currently implemented as a TXT RR).  This would cause later
  expiration or release events to fail to remove the domain name.  The feature
  now also inserts the client's up to date DHCID record, so records may safely
  be removed at expiration or release time.  Thanks to a patch submitted by
  Christof Chen.

- Memory leak in the load_balance_mine() function is fixed.  This would
  leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
  and in normal state.

- Various compilation fixes have been included for the memory related
  DEBUG #defines in includes/site.h.

- Fixed setting hostname in Linux hosts that require hostname argument
  to be double-quoted.  Also allow server-provided hostname to
  override hostnames 'localhost' and '(none)'.

- Added client support for setting interface MTU and metric, thanks to
  Roy "UberLord" Marples <roy at marples.name>.

- Fixed failover reconnection retry code to continue to retry to reconnect
  rather than restarting the listener.

- Fixed a bug where an OMAPI socket disconnection message would not result
  in scheduling a failover reconnection, if the link had not negotiated a
  failover connect yet (e.g.: connection refused, asynch socket connect()
  timeouts).

- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
  in failover state records.

! A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.  CERT VU#410676 - CVE-2009-0692

- Versions 3.0.x syntax with multiple name->code option definitions is now
  supported.  Note that, similarly to 3.0.x, for by-code lookups only the
  last option definition is used.

- Fixed a bug where a time difference of greater than 60 seconds between a
  failover pair could cause the primary to crash on contact with the
  secondary.  Thanks to a patch from Steinar Haug.

- Secondary servers in a failover pair will now perform ddns removals if
  they had performed ddns updates on a lease that is expiring, or was
  released through the primary.  As part of the same fix, stale binding scopes
  will now be removed if a change in identity of a lease's active client is
  detected, rather than simply if a lease is noticed to have expired (which it
  may have expired without a failover server noticing in some situations).

- A patch supplied by David Cantrell at RedHat was applied that detects
  invalid calling parameters given to the ns_name_ntop() function.
  Specifically, it detects if the caller passed a pointer and size pair
  that causes the pointer to integer-wrap past zero.

! Fixed a fenceposting bug when a client had two host records configured,
  one using 'uid' and the other using 'hardware ethernet'.  CVE-2009-1892

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-announce/attachments/20091007/9a6fe8e6/attachment.bin>


More information about the dhcp-announce mailing list