2010年1月20日

[installer 2214] ISC dhcp-4.1.1

ISC dhcp-4.1.1 出ています。

☆ ISC dhcp-4.1.1
http://www.isc.org/sw/dhcp
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.1.tar.gz

Changes since 4.1.1rc1

- When using 'ignore client-updates;', the FQDN returned to the client
is no longer truncated to one octet.

Changes since 4.1.1b3

- None.

Changes since 4.1.1b2

- Fix test in dhcp_interface_signal_handler to check that the inner handler
has a signal_handler before calling it.

- Both host and subnet6 configuration groups are now included whether a
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding values were not present in a matching fixed-address6 host
configuration.

- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
correcting a compilation failure when using Sun's compiler.

- Modified the handling of a connection to avoid releasing the omapi io
object for the connection while it is still in use. One symptom from
this error was a segfault when a failover secondary attempted to connect
to the failover primary if their clocks were not synchronized.

Changes since 4.1.1b1

- Remove infinite loop in token_print_indent_concat().

- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.

- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.

- Fixed Linux client script 'unary operator expected' errors with DHCPv6.

- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.

- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy@xxxxx>.

- Fixed failover reconnection retry code to continue to retry to reconnect
rather than restarting the listener.

- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.

- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
that probably still resulted in the correct behaviour (but wouldn't use
a larger defined value provided by the host OS).

- Fixed a bug where an OMAPI socket disconnection message would not result
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
timeouts).

- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
in failover state records.

! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692

- Versions 3.0.x syntax with multiple name->code option definitions is now
supported. Note that, similarly to 3.0.x, for by-code lookups only the
last option definition is used.

- Fixed a bug where a time difference of greater than 60 seconds between a
failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.

- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.

- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).

- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.

! Fixed a fenceposting bug when a client had two host records configured,
one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892

----
こがよういちろう


投稿者 xml-rpc : 2010年1月20日 11:28
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/92497
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。