ISC DHCP 3.0.1 版本信息
时间:2007-06-17 来源:liufirst
Internet Systems Consortium DHCP Distribution
Version 3.0.1
July 14, 2004
版本信息
新特性
新版本(3)包含以下2.0所没有的新特性:
- DHCP 失败恢复协议支持 Protocol support
- OMAPI, 存取或修改DHCP服务端和客户端状态的API
- 条件行为r
- 在leases里存储任意信息
- 可以存取控制的地址池
- 客户类
- 根据客户类进行地址分配
- 中继代理信息选项支持
- 动态DNS更新
- 大量错误修改,性能提升和小的新DHCP协议特性
主要的错误修正是子类分配代码中一个可能导致内存崩溃的修改,使用子类分配的用户都应该尽快升级到3.0.1。
如果使用3.0 beta 1版本并运行动态DNS更新,lease文件不再兼容3.0 最终版,一个脚本文件可以用来转换3.0b1 的lease文件,它是contrib/3.0b1-lease-convert。
关于如何安装、配置、使用软件的信息和文档,参看Readme文件。
The Dynamic DNS Update support is a descendent of an implementation
done by Lans Carstensen and Brian Dols at Rose-Hulman Institute of
Technology, Jim Watt at Applied Biosystems, Irina Goble at Integrated
Measurement Systems, Igor Sharfmesser at Kazakh Telecom, and Brian
Murrell at BC Tel Advanced Communications. I'd like to express my
thanks to all of these good people here, both for working on the code
and for prodding me into improving it.
Changes since 3.0.1rc14
- The global variable 'cur_time' was centralized and is now uniformly of a
type #defined in system-dependent headers. It had previously been defined
in one of many places as a 32-bit value, and this causes mayhem on 64-bit
big endian systems. It probably wasn't too healthy on little endian
systems either.
- A printf format string error introduced in rc14 was repaired.
- AIX system-dependent header file was altered to only define NO_SNPRINTF
if the condition used to #ifdef in vsnprintf in AIX' header files
is false.
- The Alpha/OSF system-dependent header file was altered to define
NO_SNPRINTF on OS revisions older than 4.0G.
- omapip/test.c had string.h added to its includes.
Changes since 3.0.1rc13
! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
in logging messages with excessively long hostnames provided by the
clients. It is highly probable that these could have been used by
attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
release candidates 12 or 13. Special thanks to Gregory Duchemin for
both finding and solving the problem.
! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
in log_*() functions was evidented, on some specific platforms where
vsnprintf() was not believed to be available and calls were wrapped to
sprintf() instead. Again, credit goes to Gregory Duchemin for finding
the problem. Calls to snprintf() are now linked to a distribution-local
snprintf implementation, only in those cases where the architecture is
not known to provide one (see includes/cf/[arch].h). If you experience
linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
is where to look. This vulnerability did not exist in any previously
published version of ISC DHCP.
- Compilation on hpux 11.11 was repaired.
- 'The cross-compile bug fix' was backed out.
Changes since 3.0.1rc12
- Fixed a bug in omapi lease lookup function, to form the hardware
address for the hash lookup correctly, thanks to a patch from
Richard Hirst.
- Fixed a bug where dhcrelay was sending relayed responses back to the
broadcast address, but with the source's unicast mac address. Should
now conform to rfc2131 section 4.1.
- Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
- Fixed a crash bug in dhclient where dhcpd servers that do not provide
renewal times results in an FPE. As a side effect, dhclient can now
properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
to a patch from Burt Silverman.
- The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
and reformatted to correct a compilation error on solaris platforms.
- A patch was applied which fixes a case where leases read from the
leases database do not properly over-ride previously read leases.
- dhcpctl.3 manpage was tweaked.
Changes since 3.0.1rc11
- A patch from Steve Campbell was applied with minor modifications to
permit reverse dns PTR record updates with values containing spaces.
- A patch from Florian Lohoff was applied with some modifications to
dhcrelay. It now discards packets whose hop count exceeds 10 by default,
and a command-line option (-c) can be used to set this threshold.
- A failover bug relating to identifying peers by name length instead of
by name was fixed.
- Delcaring failover configs within shared-network statements should no
longer result in error.
- The -nw command line option to dhclient now works.
- Thanks to a patch from Michael Richardson:
- Some problems with long option processing have been fixed.
- Some fixes to minires so that updates of KEY records will work.
- contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
see contrib/ms2isc/readme.txt for revision notes.
- Dhclient no longer uses shell commands to kill another instance of
itself, it sends the signal directly. Thanks to a patch from Martin
Blapp.
- The FreeBSD dhclient-script was changed so that a failure to write to
/etc/resolv.conf does not prematurely end the script. This keeps dhclient
from looping infinitely when this is the case. Thanks to a patch from
Martin Blapp.
- A patch from Bill Stephens was applied which resolves a problem with lease
expiry times in failover configurations.
- A memory leak in configuration parsing was closed thanks to a patch from
Steve G.
- The function which discovers interfaces will now skip non-broadcast or
point-to-point interfaces, thanks to a patch from David Brownlee.
- Options not yet known by the dhcpd or dhclient have had their names
changed such that they do not contain # symbols, in case they should ever
appear in a lease file. An option that might have been named "#144" is
now "unknown-144".
- Another patch from Bill Stephens which allows the ping-check timeout to
be configured as 'ping-timeout'. Defaults to 1.
Changes since 3.0.1rc10
- Potential buffer overflows in minires repaired.
- A change to the linux client script to use /bin/bash, since /bin/sh may
not be bash.
- Some missing va_end cleanups thanks to a patch from Thomas Klausner.
- A correction of boolean parsing syntax validation - some illegal syntaxes
that worked before are now detected and produce errs, some legal syntaxes
that errored before will now work properly.
- Some search-and-replace errors that caused some options to change their
names was repaired.
- Shu-min Chang of the Intel corporation has contributed a perl script and
module that converts the MS NT4 DHCP configuration to a ISC DHCP3
configuration file.
- Applied the remainder of the dhcpctl memory leak patch provided by Bill
Squier at ReefEdge, Inc. ([email protected]).
- Missing non-optional failover peer configurations will now result in a soft
error rather than a null dereference.
Changes since 3.0.1rc9
- A format string was corrected to fix compiler warnings.
- A number of spelling corrections were made in the man pages.
- The dhclient.conf.5 man page was changed to refer to do-forward-updates
rather than a configuration option that doesn't exist.
- A FreeBSD-specific bug in the interface removal handling was fixed.
- A Linux-specific Token Ring detection problem was fixed.
- Hashes removed from as-yet-unknown agent options, having those options
appear in reality before we know about them will no longer produce
self-corrupting lease databases.
- dhclient will use the proper port numbers now when using the -g option.
- A order-of-operations bug with 2 match clauses in 1 class statement is
fixed thanks to a patch from Andrew Matheson.
- Compilation problems on Solaris were fixed.
- Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
- A fix to the dhcp ack process which makes certain group options will be
included in the first DHCPOFFER message was made thanks to a patch from
Ling Gou.
- A few memory leaks were repaired thanks to patches from Bill Squier at
ReefEdge, Inc. ([email protected]).
- A fix for shared-networks that sometimes give clients options for the
wrong subnets (in particular, 'option routers') was applied, thanks to
Ted Lemon for the patch.
- Omshell's handling of dotted octets as values was changed such that dots
one after the other produce zero values in the integer string.
Changes since 3.0.1rc8
- Fix a format string vulnerability in the server that could lead to a
remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
- Add additional support for NetBSD/sparc64.
- Fix a bug in the command-line parsing of the client. Also, resolve
a memory leak.
- Add better support for shells other than bash in the Linux client
script.
- Various build fixes for modern versions of FreeBSD and Linux.
- Fix a bad bounds check when printing binding state names.
- Clarify documentation about fixed-address and multiple addresses.
- Fix a typo in the authoritative error message.
- Make a log entry when we can't write a billing class.
- Use conversion targets that are the right size on all architectures.
- Increment the hop count when relaying.
- Log a message when lease state is changed through OMAPI.
- Don't rerun the shared_network when evaluating the pool.
- Fix a reversed test in the parser.
- Change the type of rbuf_max.
- Make FTS_LAST a manifest constant to quiet warnings.
Changes since 3.0.1rc7
- Fix two compiler warnings that are generated when compiling on Solaris
with gcc. These stop the build, even though they weren't actually
errors, because we prefer that our builds generate no warnings.
Changes since 3.0.1rc6
- Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
to be renewed.
- Implement lease stealing for cases where the primary has fewer leases
than the secondary, as called for by the standard.
- Add a fudge factor to the lease expiry acceptance code, (suggested
by Kevin Miller of CMU).
- Fix a bug in permit_list_match that made it much too willing to say
that two permit lists matched.
- Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
also more compact) messages about DNS updates.
- Fix a bug in generating wire-format domain names for the FQDN option.
- Fix a bug where the FQDN option would not be returned if the client
requested it, contrary to the standard.
- On Darwin, use the FreeBSD DHCP client script.
- On NetBSD/sparc, don't check for casting warnings.
- Add a flag in the DHCP client to disable updating the client's A
record when sending an FQDN option indicating that the client is
going to update its A record.
- In the client, don't attempt a DNS update until one second after
configuring the new IP address, and if the update times out, keep
trying until a response, positive or negative, is received from the
DNS server.
- Fix an uninitialized memory bug in the DHCP client.
- Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
- Fix a bug in ns_parserr(), where it was returning the wrong sort
of result code in some cases (suggested by Ben Harris of the
NetBSD project).
- Fix a bug in is_identifier(), where it was checking against EOF
instead of the END_OF_FILE token (also suggested by Ben Harris).
- Fix a bug where if an option universe contained no options, the
DHCP server could dump core (Walter Steiner).
- Fix a bug in the handling of encapsulated options.
- Fix a bug that prevented NWIP suboptions from being processed.
- Delete the FTS_BOOTP and FTS_RESERVED states and implement them
as modifier flags to the FTS_ACTIVE state, as called for in the
failover protocol standard.
- Fix bugs in the pool merging code that resulted in references and
dereferences of null pointers. This bug had no impact unless the
POINTER_DEBUG flag was defined.
- In the server, added a do-forward-updates flag that can be used to
disable forward updates in all cases, so that sites that want the
clients to take sole responsibility for updating their A record can
do so.
- Make it possible to disable optimization of PTR record updates.
相关阅读 更多 +
