ISC DHCP 4.2.0 is now available!
David W. Hankins
dhankins at isc.org
Thu Jul 15 21:43:22 UTC 2010
ISC DHCP 4.2.0 is now available for download.
This is the final release of ISC DHCP 4.2.0, a feature release which
contains several new features, as well as current bug fixes. Of note,
DDNS processing is now done asynchronously - so that the DHCP server
can continue to process DHCP packets while DDNS updates are pending,
and the failover protocol has been enhanced with two features that
can improve DHCP server endurance when the partner disconnects.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Changes since 4.2.0rc1
- Documentation cleanup covering multiple tickets
[ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
[ISC-Bugs #20263] add text describing some default values
[ISC-Bugs #20193] single quotes at the start of a line indicate a control
line to nroff, escape them if we actually want a quote.
[ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
Changes since 4.2.0b2
- Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
Changes since 4.2.0b1
- Prohibit including lease time information in a response to a DHCP INFORM.
! Accept a client id of length 0 while hashing. Previously the server would
exit if it attempted to hash a zero length client id, providing attackers
with a simple denial of service attack. [ISC-Bugs #21253]
CERT: VU#541921 - CVE: CVE-2010-2156
- A memory leak in ddns processing was closed. [ISC-Bugs #21377]
- Modify the exception handling for initial context creation. Previously
we would try and clean up before exiting. This could present problems
when the cleanup required part of the context that wasn't available. It
also didn't do much as we exited afterwards anyway. Now we simply log
the error and exit. [ISC-Bugs #21093]
- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
previously allocated (active) lease to a client that has changed subnets,
despite being on different shared networks. Dynamic prefixes specifically
allocated in shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
- Fix the trace code to handle timing events better and to truncate a file
before using instead of overwriting it. [ISC-Bugs #20969]
- Modify the determination of the default TTL to use for DDNS updates.
The user may still configure the ttl via ddns-ttl. The default for
both v4 and v6 is now 1/2 the (preferred) lease time with a limit. The
previous defaults (1/2 lease time without a limit for v4 and a default
value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
- libisc/libdns is now brought up to version 9.7.1rc1. This corrects
three reported flaws in ISC DHCP;
o DHCP processes (dhcpd, dhclient) fail to start if one of either the
IPv4 or IPv6 address families is not present. [ISC-Bugs #21122]
o Assertion failure when attempting to cancel a previously running DDNS
update. [ISC-Bugs #21133]
o Compilation failure of libisc/libdns due to the use of a flexible
array member. [ISC-Bugs #21316]
Changes since 4.2.0a2
- Update the fsync code to work with the changes to the DDNS code. It now
uses a timer instead of noticing if there are no more packets to process.
- When constructing the DNS name structure from a text string append
the root to relative names. This satisfies a requirement in the DNS
library that names be absolute instead of relative and prevents DHCP
from crashing. [ISC-Bugs #21054]
- "The LDAP Patch" that has been circulating for some time, written by
Brian Masney and S.Kalyanasundraram and maintained for application to
the DHCP-4 sources by David Cantrell has been included. Please be
advised that these sources were contributed, and do not yet meet the
high standards we place on production sources we include by default.
As a result, the LDAP features are only included by using a compile-time
option which defaults off, and if you enable it you do so under your
own recognizance. We will be improving this software over time.
Changes since 4.2.0a1
- When using 'ignore client-updates;', the FQDN returned to the client
is no longer truncated to one octet.
- Cleaned up an unused hardware address variable in nak_lease().
- Manpage entries for the ia-pd and ia-prefix options were updated to
reflect support for prefix delegation.
- Cleaned up some compiler warnings
- An optimization described in the failover protocol draft is now included,
which permits a DHCP server operating in communications-interrupted state
to 'rewind' a lease to the state most recently transmitted to its peer,
greatly increasing a server's endurance in communications-interrupted.
This is supported using a new 'rewind state' record on the dhcpd.leases
entry for each lease.
- Fix the trace code which was broken by the changes to the DDNS code.
Changes since 4.1.0 (new features)
- Failover port configuration can now be left to defaults (port 647) as
described in the -12 revision of the Failover draft (and assigned by
IANA). Thanks in part to a patch from David Cantrell at Red Hat.
- If configured, dhclient may now transmit to an anycast MAC address,
rather than using a broadcast address. Thanks to a patch from David
Cantrell at Red Hat.
- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy at marples.name>.
- Added client -D option to specify DUID type to send.
- A new failover configuration parameter has been introduced for those
environments where DHCP servers can be reasonably guaranteed to be
"down" when the failover TCP socket is severed, "auto-partner-down".
This parameter is not generally safe, and by default is disabled, so
please carefully review the documentation of this parameter in the
dhcpd.conf(5) manpage before determining to use it yourself.
- Added a configuration function, 'gethostname()', which calls the system
function of the same name and presents the results as a data expression.
This function can be used to incorporate the system level hostname of
the system the DHCP software is operating on in responses or queries (such
as including a failover partner's hostname in a dhcp message or binding
scope, or having a DHCP client send any system hostname in the host-name or
FQDN options by default).
- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
for DHCPv4 operation and used independently of the dhcp-lease-time
calculations. Invalid renew and rebinding times (e.g., greater than the
determined lease time) are omitted.
- Processing the DHCP to DNS server transactions in an asyncrhonous fashion.
The DHCP server or client can now continue with it's processing while
awaiting replies from the DNS server.
- The 'hardware [ethernet|etc] ...;' parameter in host records has been
extended to attempt to match DHCPv6 clients by the last octets of a
DUID-LL or DUID-LLT provided by the client.
Changes since 4.1.0 (bug fixes)
- Remove infinite loop in token_print_indent_concat().
- Validate the argument to the -p option.
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation.
- Suppress spurious warnings from configure about --datarootdir
- A bug was fixed that caused the server not to answer some valid Solicit
and Request packets, if the dynamic range covering any requested addresses
had been deleted from configuration.
- Update the code to deal with GCC 4.3. This included two sets of changes.
The first is to the configuration files to include the use of
AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
were being ignored.
- The db-time-format option was documented in manpages.
- Using reserved leases no longer results in 'lease with binding state
free not on its queue' error messages, thanks to a patch from Frode
- Fix a build error in dhcrelay, using older versions of gcc with
- Two uninitialized stack structures are now memset to zero, thanks to a
patch from David Cantrell at Red Hat.
- Fixed a cosmetic bug where pretty-printing valid domain-search options would
result in an erroneous error log message ('garbage in format string').
- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
to stop receiving packets is fixed. The same fix also means that the MAC
address will no longer appear 'bogus' on DLPI-based systems.
- A bug in select handling was discovered where the results of one select()
call were discarded, causing the server to process the next select() call
and use more system calls than required. This has been repaired - the
sockets will be handled after the first return from select(), resulting in
fewer system calls.
- The update-conflict-detection feature would leave an FQDN updated without
a DHCID (still currently implemented as a TXT RR). This would cause later
expiration or release events to fail to remove the domain name. The feature
now also inserts the client's up to date DHCID record, so records may safely
be removed at expiration or release time. Thanks to a patch submitted by
- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.
- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.
- Fixed failover reconnection retry code to continue to retry to reconnect
rather than restarting the listener.
- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.
- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
that probably still resulted in the correct behaviour (but wouldn't use
a larger defined value provided by the host OS).
- Fixed a bug where an OMAPI socket disconnection message would not result
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Fixed a bug where relay agent options would never be returned when
processing a DHCPINFORM.
- Versions 3.0.x syntax with multiple name->code option definitions is now
supported. Note that, similarly to 3.0.x, for by-code lookups only the
last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between a
failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
! Fixed a fenceposting bug when a client had two host records configured,
one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
- Fixed the check in the dhcp_interface_signal_handler routine to verify
the existence of the linked signal handler before calling it.
- Both host and subnet6 configuration groups are now included whether a
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding values were not present in a matching fixed-address6 host
- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
correcting a compilation failure when using Sun's compiler.
- Modified the handling of a connection to avoid releasing the omapi io
object for the connection while it is still in use. One symptom from
this error was a segfault when a failover secondary attempted to connect
to the failover primary if their clocks were not synchronized.
- Clean up to allow compilation with gcc 2.95.4 on FreeBSD. Remove an
extra semi-colon from common/dns.c and moved setting a variable to NULL
in server/dhcpv6.c to allow the compiler to decide that the variable
was always properly set.
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the dhcp-workers