ISC DHCP 4.2.4rc1 is now available

Shawn Routhier sar at isc.org
Mon Apr 30 21:50:56 UTC 2012


ISC DHCP 4.2.4rc1 is now available for download.

This is the first release candidate of ISC DHCP 4.2.4, a maintenance release which
contains many bug fixes including some previously released security patches.

This release of ISC DHCP 4.2.4rc1 includes source code from ISC BIND 9.8.2,
which has been recently found to contain a bug that can cause a segmentation 
fault.  (Please see the advisory at: https://kb.isc.org/article/AA-00664 )

The BIND bug does not affect the portions of code used by DHCP, but can 
affect recursive resolvers.  As a result, the copy of BIND provided with 
this distribution of DHCP source should not be used to build standalone
DNS programs but only to produce the server and utilities built by the 
DHCP package.  If you need to build BIND for recursive nameservice purposes,
please download a version from http://www.isc.org/software/bind

ISC is producing a new release to replace BIND 9.8.2 but it was not available
in time to meet the schedule for this release.  We shall release another 
release candidate (rc2) containing the corrected version of BIND when the 
updated BIND tarball is available.

A list of the changes in this release has been appended to the end
of this message.  This release includes changes to the code to
allocate and manage IPv6 addresses, please pay particular attention
to this area in any testing you do.  For a complete list of changes
from any previous release, please consult the RELNOTES file within
the source distribution, or on our website:

  http://www.isc.org/software/dhcp/424rc1

This release, and its OpenPGP-signatures are available now from:

   ftp://ftp.isc.org/isc/dhcp/4.2.4rc1/dhcp-4.2.4rc1.tar.gz
   ftp://ftp.isc.org/isc/dhcp/4.2.4rc1/dhcp-4.2.4rc1.tar.gz.sha512.asc
   ftp://ftp.isc.org/isc/dhcp/4.2.4rc1/dhcp-4.2.4rc1.tar.gz.sha256.asc
   ftp://ftp.isc.org/isc/dhcp/4.2.4rc1/dhcp-4.2.4rc1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

   http://www.isc.org/about/openpgp/

			Changes since 4.2.4b1

- None

			Changes since 4.2.3

! Add a check for a null pointer before calling the regexec function.
 Without this check we could, under some circumstances, pass
 a null pointer to the regexec function causing it to segfault.
 Thanks to a report from BlueCat Networks.
 [ISC-Bugs #26704].
 CVE: CVE-2011-4539

! Modify the DDNS handling code.  In a previous patch we added logging
 code to the DDNS handling.  This code included a bug that caused it
 to attempt to dereference a NULL pointer and eventually segfault.
 While reviewing the code as we addressed this problem, we determined
 that some of the updates to the lease structures would not work as
 planned since the structures being updated were in the process of
 being freed: these updates were removed.  In addition we removed an
 incorrect call to the DDNS removal function that could cause a failure
 during the removal of DDNS information from the DNS server.
 Thanks to Jasper Jongmans for reporting this issue.
 [ISC-Bugs #27078]
 CVE: CVE-2011-4868

- Fixed the code that checks if an address the server is planning
 to hand out is in a reserved range.  This would appear as
 the server being out of addresses in pools with particular ranges.
 [ISC-Bugs #26498]

- In the DDNS code handle error conditions more gracefully and add more
 logging code.  The major change is to handle unexpected cancel events
 from the DNS client code.
 [ISC-Bugs #26287].

- Tidy up the receive calls and eliminate the need for found_pkt
 [ISC-Bugs #25066]

- Add support for Infiniband over sockets to the server and
 relay code.  We've tested this on Solaris and hope to expand
 support for Infiniband in the future.  This patch also corrects
 some issues we found in the socket code.  [ISC-Bugs #24245]

- Add a compile time check for the presence of the noreturn attribute
 and use it for log_fatal if it's available.  This will help code
 checking programs to eliminate false positives.
 [ISC-Bugs #27539]

- Fixed many compilation problems ("set, but not used" warnings) for
 gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]

- Modify the code that determines if an outstanding DDNS request
 should be cancelled.  This patch results in cancelling the
 outstanding request less often.  It fixes the problem caused
 by a client doing a release where  the  txt and ptr records
 weren't removed from the DNS.
 [ISC-BUGS #27858]

- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
 and dhcpv6_packet in several more places.  Thanks to a report from
 Bruno Verstuyft and Vincent Demaertelaere of Excentis.
 [ISC-Bugs #27941]

- Remove outdated note in the bootp keyword about the option not satisfying
 the requirement of failover peers for denying dynamic bootp clients.
 [ISC-bugs #28574]

- Multiple items to clean up IPv6 address processing.
 When processing an IA that we've seen check to see if the
 addresses are usable (not in use by somebody else) before
 handing it out.
 When reading in leases from the file discard expired addresses.
 When picking an address for a client include the IA ID in
 addition to the client ID to generally pick different addresses
 for different IAs.
 [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
 [ISC-Bugs #27684]

- Remove unnecessary checks in the lease query code and clean up
 several compiler issues (some dereferences of NULL and treating
 an int as a boolean).
 [ISC-Bugs #26203]

- Fix the NA and PD allocation code to handle the case where a client
 provides a preference and the server doesn't have any addresses or
 prefixes available.  Previoulsy the server ignored the request with
 this patch it replies with a NoAddrsAvail or NoPrefixAvai respone.
 By default the code performs according to the errata of August 2010
 for RFC 3315 section 17.2.2, to enable the previous style see the
 seciton on RFC3315_PRE_ERRATA_2010_08 in includes/site.h.  This option
 may be removed in the future.
 Thanks to Jiri Popelka at Red Hat for the patch.
 [ISC-Bugs #22676]

- Fix up some issues found by static analysis
 A potential memory leak and NULL dereference in omapi.
 The use of a boolean test instead of a bitwise test in dst.
 [ISC-Bugs #28941]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-workers/attachments/20120430/5d8f2a21/attachment.html>


More information about the dhcp-workers mailing list