ISC DHCP 4.1.1b2 is now available
sar at isc.org
Tue Aug 11 00:19:58 UTC 2009
ISC DHCP 4.1.1b2 is now available for download.
This is the SECOND BETA of ISC DHCP 4.1.1, a release which contains a
number of bug fixes.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Changes since 4.1.1b1
- Remove infinite loop in token_print_indent_concat().
- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.
- Fixed Linux client script 'unary operator expected' errors with
- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.
- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy at marples.name>.
- Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.
- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.
- A check for the local flavor of IFNAMSIZ had a broken 'else'
condition, that probably still resulted in the correct behaviour (but
wouldn't use a larger defined value provided by the host OS).
- Fixed a bug where an OMAPI socket disconnection message would not
result in scheduling a failover reconnection, if the link had not
negotiated a failover connect yet (e.g.: connection refused, asynch
socket connect() timeouts).
- A bug was fixed that caused the 'conflict-done' state to fail to be
parsed in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Versions 3.0.x syntax with multiple name->code option definitions is
now supported. Note that, similarly to 3.0.x, for by-code lookups
only the last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between
a failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding
scopes will now be removed if a change in identity of a lease's active
client is detected, rather than simply if a lease is noticed to have
expired (which it may have expired without a failover server noticing
in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
- Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware ethernet'.
More information about the dhcp-workers