]> git.ipfire.org Git - thirdparty/dhcp.git/blame - RELNOTES
projects / thirdparty / dhcp.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[master] Auto generated files for 4.3.0rc1
[thirdparty/dhcp.git] / RELNOTES
CommitLineData
98311e4b 1 Internet Systems Consortium DHCP Distribution
71b49b9f
SR		 2 Version 4.3.0rc1
3 27 January 2014
72c7bd79 4
0171be2d 5 Release Notes
72c7bd79 6
0171be2d 7 NEW FEATURES
16449d9c 8
324257e3
SR		 9The major "theme" for ISC DHCP 4.3.x was to update the support for
10DHCPv6 to include several of the features that have been available
11for DHCPv4. These include:
37ec5845 12
324257e3
SR		 13- Support the use of classes
14
15- Support for on_commit, on_expiry and on_release statements
16
4809ef5c 17- Better logging of address assignments
324257e3
SR		 18
19- Support for using DHCPv6 relay options in expressions
20
21This release also adds suppport for the standard DDNS as described in the
22current RFCs as well as enhancing support for dynamically adding and removing
23subclasses via OMAPI.
98bf1607 24
01a54c17
EH		 25There are a number of DHCPv6 limitations and features missing in this
26release, which will be addressed in the future:
98bd7ca0 27
01a54c17 28- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
3a16098f 29
adbef119
DH		 30- DHCPv6 includes human-readable text in status code messages, in
31 English. A method to reconfigure or support other languages would
32 be preferrable.
98bd7ca0
DH		 33
34- The "host-identifier" option is limited to a simple token.
35
98bd7ca0 36- The client and server can only operate DHCPv4 or DHCPv6 at a time,
45d545f0 37 not both. To use both protocols simultaneously, two instances of the
6de1f33e 38 relevant daemon are required, one with the '-6' command line option.
4ff4053b 39
01a54c17
EH		 40For information on how to install, configure and run this software, as
41well as how to find documentation and report bugs, please consult the
42README file.
ca4606b5 43
01a54c17
EH		 44ISC DHCP uses standard GNU configure for installation. Please review the
45output of "./configure --help" to see what options are available.
fe5b0fdd 46
01a54c17
EH		 47The system has only been tested on Linux, FreeBSD, and Solaris, and may not
48work on other platforms. Please report any problems and suggested fixes to
49<dhcp-users@isc.org>.
98bd7ca0 50
fef8c6f0
SR		 51ISC DHCP is open source software maintained by Internet Systems
52Consortium. This product includes cryptographic software written
53by Eric Young (eay@cryptsoft.com).
54
6980ae03 55 Changes since 4.2.0 (new features)
51b8a8a0
SR		 56
57- If a client renews before 'dhcp-cache-threshold' percent of its lease
58 has elapsed (default 25%), the server will reuse the allocated lease
59 (provide a lease within the currently allocated lease-time) rather
60 than extend or renew the lease. This absolves the server of needing
61 to perform an fsync() operation on the lease database before reply,
62 which improves performance. [ISC-Bugs #22228]
8cd88e20
SR		 63 Update this patch to support asynchronous DDNS. If the server is
64 attempting to do DDNS on a lease it should be udpated and written to
4809ef5c 65 disk even if that wouldn't be necessary due to the thresholding.
8cd88e20 66 [ISC-Bugs #26311]
51b8a8a0 67
6980ae03
SR		 68- The 'no available billing' log line now also logs the name of the last
69 matching billing class tried before failing to provide a billing.
70 [ISC-Bugs #21759]
71
32e651c4
SR		 72- A problem with missing get_hw_addr function when --enable-use-sockets
73 was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
74 that use-sockets feature was not tested on those systems. Client and
75 server code no longer use MAX_PATH constant that is not defined on
3cb6f9bb 76 GNU/Hurd systems. [ISC-Bugs #25979]
32e651c4 77
67418698
SR		 78- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
79 can parse v4 lease files and output the lease information in a more
80 human friendly manner. This was written by Christian Hammers with
81 some updates by vom and ISC. This is contributed code and is not
82 supported by ISC; however it may be useful to some users.
83 [ISC-Bugs #20680]
84
a7341359 85- Add support in v6 for on-commit, on-expire and on-release.
4809ef5c 86 [ISC-Bugs #27912]
a7341359 87
01fa619f
SR		 88- Add support for using classes with v6.
89 [ISC-Bugs #26510]
90
d7d9c0c7
SR		 91- Update the DDNS code to current standards and allow for sharing
92 of DDNS entries between v4 and v6 clients. The new code is used
93 if the ddns-update-style is set to "standard", the older code is
94 still available if ddns-update-style is set to "interim". The
95 oldest DDNS code "ad-hoc" has been removed. Thanks to Thomas Pegeot
96 who submitted a patch for this issue. This patch is based on
97 that work with some modifications.
64fb661c 98 [ISC-Bugs #21139]
1534fff7 99
cde11a4c
SR		 100- Add a configuration option to the server to suppress using fsync().
101 Enabling this option will mean that fsync() is never called. This
102 may provide better performance but there is also a risk that a lease
103 will not be properly written to the disk after it has been issued
104 to a client and before the server stops. Using this option is
105 not recommended.
64fb661c 106 [ISC-Bugs #34810]
cde11a4c 107
f88446f1
SR		 108- Add some logging statements to indicate when the server is ready
109 to serve. One statement is emitted after the server has finished
110 reading its files and is about to enter the dispatch loop.
111 This is "Server starting service.".
112 The second is emitted when a server determines that both it and
113 its failover peer are in the normal state.
114 This is "failover peer <name>: Both servers normal."
64fb661c 115 [ISC-Bugs #33208]
f88446f1 116
619304cd
SR		 117- Add support for accessing options from v6 relays. The v6relay
118 statement allows the administrator to choose which relay to
119 use when searching for an option, see the dhcp-options man page
120 for a description. The host-identifer option has also been
121 updated to support the use of relay options see the dhcpd.conf
122 man page for a description.
123 [ISC-Bugs #19598]
124
e54ff84f
SR		 125- When doing DDNS if there isn't an appropriate zone statement attempt
126 to find a reasoanble nameserver via a DNS resolver. This restores
127 some functionality that was lost in the transition to asynchronous
128 DDNS. Due to the lack of security and increase in fragility of the
129 system when using this feature we strongly recommend the use of
130 appropriate zone statements rather than using this functionality.
131 [ISC-Bugs #30461]
132
61ef216b
SR		 133- Add support for specifying the address from which to send
134 DDNS updates on the DHCP server. There are two new options
135 "ddns-local-address4" and "ddns-local-address6" that each take
136 one instance of their respective address types.
137 [ISC-Bugs #34779]
4d079f0e 138
38ee81bd
SR		 139- Add ignore-client-uids option in the server. This option causes
140 the server to not record a client's uid in its lease. This
141 violates the specification but may also be useful when a client
142 can dual boot using different client ids but the same mac address.
08e6dad9 143 Thank you to Brian De Wolf at Cal Ply Pomona for the patch.
38ee81bd
SR		 144 [ISC-Bugs #32427]
145 [ISC-Bugs #35066]
4d079f0e
SR		 146
147- Extend the DHCPINFORM processing to honor the subnet selection option
148 and take host declarations into account.
149 Thanks to Christof Chen for testing and submitting the patch.
150 [ISC-Bugs #35015]
151
fe2ac9e3
SR		 152- Extend the hardware expression to look into the lease structure
153 for a hardware address if there is no packet. This allows the
154 server to find the hardware address during on-expiry processing.
155 [ISC-Bugs #24584]
61ef216b 156
bc30c84e
SR		 157- Add definitions for some options that have been specified by the IETF.
158 [ISC-Bugs #29268]
ccc2a367 159 [ISC-Bugs #35198]
bc30c84e 160
8ee352ee
SR		 161 Changes since 4.3.0b1
162
163- Tidy up receive packet processing.
164 Thanks to Brad Plank of GTA for reporting the issue and suggesting
165 a possible patch.
166 [ISC-Bugs #34447]
167
4889a646
SR		 168 Changes since 4.3.0a1
169
170- Modify the message displayed when a process hits a fatal error.
171 The new message is much shorter and simply points to the README
172 and our website for directions on bug submissions.
173 [ISC-Bugs #24789]
174
7dc4e69c
SR		 175- Handle an absent resolv.conf file better.
176 [ISC-Bugs #35194]
177
c5bc8b1a
SR		 178 Changes since 4.2.5
179
d0a10f6a 180- Address static analysis warnings.
9626483b 181 [ISC-Bugs #33510] [ISC-Bugs #33511]
d0a10f6a 182
dc9d7b08
MA		 183- Silence benign static analysis warnings.
184 [ISC-Bugs #33428]
185
c5bc8b1a 186- Add check for 64-bit package for atf.
a24b9f23
MA		 187 [ISC-Bugs #32206]
188
189- Use newer auto* tool packages and turn on RFC_3542 support on Mac OS.
190 [ISC-Bugs #26303]
c5bc8b1a 191
cc17cbc3
SR		 192- Remove a variable when it isn't being used due to #ifdefs to avoid
193 a compiler warning on Solaris using GCC.
194 [ISC-Bugs #33032]
195
360cc6d9
SR		 196- Add a check for too much whitespace in a config or lease file.
197 Thanks to Paolo Pellegrino for finding the issue and a suggestion
198 for the patch.
199 [ISC-Bugs #33351]
08b2d347
SR		 200
201- Fix several problems with using OMAPI to manipulate class and subclass
202 objects.
203 [ISC-Bugs #27452]
204
ad4001ce
SR		 205- Added a sleep call after killing the old client to allow time
206 for the sockets to be cleaned. This should allow the -r option
207 to work more consistently.
208 [ISC-Bugs #18175]
209
3cb6f9bb
SR		 210- Missing files for ISC DHCP Developer's Guide are now included in
211 the release tarballs. To generate this documentation, please use
212 make devel command in doc directory. [ISC-Bugs #32767]
213
f6dc164f
SR		 214- Update client script for use with openwrt.
215 [ISC-Bugs #29843]
216
4b8251a0
SR		 217- Fix the socket handling for DHCPv6 clients to allow multiple instances
218 of a client on a single machine to work properly. Previously only
219 one client would receive the packets. Thanks to Jiri Popelka at Red Hat
220 for the bug report and a potential patch.
221 [ISC-Bugs #34784]
222
47e8308d 223- Added support for gentle shutdown after signal is received.
0895c955 224 [ISC-Bugs #32692] [ISC-Bugs 34945]
47e8308d 225
d9b5c150
SR		 226- Enhance the DHCPv6 server logging to include the addresses that are assigned
227 to the clients.
228 [ISC-Bugs #26377]
229
c5905ed0 230- Fix an operation in the DDNS code to be a bitwise instead of logical or.
08e6dad9
SR		 231 [ISC-Bugs #35138]
232
9f9265b6
SR		 233 Changes since 4.2.4
234
235- Correct code to calculate timing values in client to compare
236 rebind value to infinity instead of renew value.
237 Thanks to Chenda Huang from H3C Technologies Co., Limited
238 for reporting this issue.
239 [ISC-Bugs #29062]
240
35de6c8c
SR		 241- Fix some issues in the code for parsing and printing options.
242 [ISC-Bugs #22625] - properly print options that have several fields
243 followed by an array of something for example "fIa"
244 [ISC-Bugs #27289] - properly parse options in declarations that have
245 several fields followed by an array of something for example "fIa"
246 [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
247 value in evaluate_numeric_expression (extract-int).
248 [ISC-Bugs #27314] - properly parse a zero length option from
249 a lease file. Thanks to Marius Tomaschewski from SUSE for the report
250 and prototype patch for this ticket as well as ticket 27289.
251
de87ffe3
SR		 252! Previously the server code was relaxed to allow packets with zero
253 length client ids to be processed. Under some situations use of
254 zero length client ids can cause the server to go into an infinite
255 loop. As such ids are not valid according to RFC 2132 section 9.14
256 the server no longer accepts them. Client ids with a length of 1
257 are also invalid but the server still accepts them in order to
258 minimize disruption. The restriction will likely be tightened in
259 the future to disallow ids with a length of 1.
260 Thanks to Markus Hietava of Codenomicon CROSS project for the
261 finding this issue and CERT-FI for vulnerability coordination.
262 [ISC-Bugs #29851]
263 CVE: CVE-2012-3571
264
e563ec2e
SR		 265! When attempting to convert a DUID from a client id option
266 into a hardware address handle unexpected client ids properly.
267 Thanks to Markus Hietava of Codenomicon CROSS project for the
268 finding this issue and CERT-FI for vulnerability coordination.
269 [ISC-Bugs #29852]
270 CVE: CVE-2012-3570
271
3bedb117
SR		 272! A pair of memory leaks were found and fixed. Thanks to
273 Glen Eustace of Massey University, New Zealand for finding
274 this issue.
275 [ISC-Bugs #30024]
df2c355e 276 CVE: CVE-2012-3954
3bedb117 277
18a28679
TM		 278- Existing legacy unit-tests have been migrated to Automated Test
279 Framework (ATF). Several new tests have been developed. To enable
280 unit-tests, please use --with-atf in configure script. A Developer's
281 Guide has been added. To generate it, please use make devel in
282 the doc directory. It is currently in early stages of development,
283 but is expected to grow in the near future. [ISC-Bugs 25901]
284
0b2ec8c9 285! An issue with the use of lease times was found and fixed. Making
03b44855 286 certain changes to the end time of an IPv6 lease could cause the
0b2ec8c9
SR		 287 server to abort. Thanks to Glen Eustace of Massey University,
288 New Zealand for finding this issue.
289 [ISC-Bugs #30281]
290 CVE: CVE-2012-3955
291
67b2cb45
SR		 292- Update the memory leakage debug code to work with v6.
293 [ISC-Bugs #30297]
294
74977c94
SR		 295- Relax the requirements for deleting an A or AAAA record.
296 Previously the DDNS removal code required both the A or AAAA
297 record and the TXT record to exist. This requirement could
298 cause problems if something interrupted the removal leaving
299 the TXT record alone. This relaxation was codified in RFC 4703.
300 [ISC-Bugs #30734]
301
30e42327
SR		 302- Modify the failover code to handle incorrect peer names
303 better. Previously the structure holding the name might
304 have been freed inappropriately in some cases and not
305 freed in other cases.
306 [ISC-Bugs #30320]
307
d5d868e7 308- Add a configure option, enable-secs-byteorder, to deal with
dbd65517
SR		 309 clients that do the byte ordering on the secs field incorrectly.
310 This field should be in network byte order but some clients
311 get it wrong. When this option is enabled the server will examine
312 the secs field and if it looks wrong (high byte non zero and low
313 byte zero) swap the bytes. The default is disabled. This option
314 is only useful when doing load balancing within failover.
315 [ISC-Bugs #26108]
316
0f750c4f
SR		 317- Fix a set of issues that were discovered via a code inspection
318 tool. Thanks to Jiri Popelka and Tomas Hozza Red Hat for the logs
319 and patches.
320 [ISC-Bugs #23833]
321
962d5eab
SR		 322- Parsing unquoted base64 strings improved. Parser now properly handles
323 strings that contain reserved names. [ISC-Bugs #23048]
324
d56788df
SR		 325- Modify the nak_lease function to make some attempts to find a
326 server-identifier option to use for the NAK.
327 [ISC-Bugs #25689]
328
10613724
SR		 329- The client now passes information about the options it requested
330 from the server to the script code via environment variables.
331 These variables are of the form requested_<option_name>=1 with
332 the option name being the same as used in the new_* and old_*
333 variables.
3aa562f8 334 [ISC-Bugs #29068]
10613724 335
f8380d3f
SR		 336- Add support for a simple check that the server id in a request message
337 to a failover peer matches the server id of the server. This support
338 is enabled by editing the file includes/site.h and uncommenting the
339 definition for SERVER_ID_CHECK. The option has several restrictions
340 and issues - please read the comment in the site.h file before
341 enabling it.
342 [ISC-Bugs #31463]
343
d5d868e7 344- Tidy up some compiler issues in the debug code.
0d93c339
SR		 345 [ISC-Bugs #26460]
346
9ff4e0a2
SR		 347- Move the dhcpd.conf exmample file to dhcpd.conf.example to avoid
348 overwriting the dhcpd.conf file when installing a new version of
349 ISC DHCP. The user will now need to manual copy and edit the
350 dhcpd.conf file as desired.
351 [ISC-Bugs #19337]
352
1e2a127b
SR		 353- Check the status value when trying to read from a connection to
354 see if it may have been closed. If it appears closed don't try
355 to read from it again. This avoids a potential busy-wait like
356 loop when the peer names are mismatched.
357 [ISC-Bugs #31231]
358
d5d868e7 359- Remove an unused variable to keep compilers happy.
8acc987b
SR		 360 [ISC-Bugs #31983]
361
b89b8e16
SR		 362- Modify test makefiles to be more similar to standard makefiles
363 and comment out a currently unused test.
56c0e681 364 [ISC-Bugs #32089]
b89b8e16 365
b95f1ee0
SR		 366 Changes since 4.2.3
367
368! Add a check for a null pointer before calling the regexec function.
dc6908b4 369 Without this check we could, under some circumstances, pass
b95f1ee0 370 a null pointer to the regexec function causing it to segfault.
317d1182 371 Thanks to a report from BlueCat Networks.
b95f1ee0 372 [ISC-Bugs #26704].
846af1cd 373 CVE: CVE-2011-4539
b95f1ee0 374
0ef9a46e
SR		 375! Modify the DDNS handling code. In a previous patch we added logging
376 code to the DDNS handling. This code included a bug that caused it
377 to attempt to dereference a NULL pointer and eventually segfault.
378 While reviewing the code as we addressed this problem, we determined
379 that some of the updates to the lease structures would not work as
380 planned since the structures being updated were in the process of
381 being freed: these updates were removed. In addition we removed an
382 incorrect call to the DDNS removal function that could cause a failure
383 during the removal of DDNS information from the DNS server.
384 Thanks to Jasper Jongmans for reporting this issue.
385 [ISC-Bugs #27078]
386 CVE: CVE-2011-4868
387
de6c9af6
SR		 388- Fixed the code that checks if an address the server is planning
389 to hand out is in a reserved range. This would appear as
390 the server being out of addresses in pools with particular ranges.
391 [ISC-Bugs #26498]
392
87132514
SR		 393- In the DDNS code handle error conditions more gracefully and add more
394 logging code. The major change is to handle unexpected cancel events
395 from the DNS client code.
cfc49463 396 [ISC-Bugs #26287]
87132514 397
cfc49463 398- Tidy up the receive calls and eliminate the need for found_pkt.
865afd5e
SR		 399 [ISC-Bugs #25066]
400
b047bd38
SR		 401- Add support for Infiniband over sockets to the server and
402 relay code. We've tested this on Solaris and hope to expand
403 support for Infiniband in the future. This patch also corrects
53394a8d
SR		 404 some issues we found in the socket code.
405 [ISC-Bugs #24245]
b047bd38 406
e3c94800
SR		 407- Add a compile time check for the presence of the noreturn attribute
408 and use it for log_fatal if it's available. This will help code
409 checking programs to eliminate false positives.
d13db163 410 [ISC-Bugs #27539]
e3c94800 411
dd9237c3
TM		 412- Fixed many compilation problems ("set, but not used" warnings) for
413 gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
414
d13db163
SR		 415- Modify the code that determines if an outstanding DDNS request
416 should be cancelled. This patch results in cancelling the
417 outstanding request less often. It fixes the problem caused
cfc49463 418 by a client doing a release where the TXT and PTR records
d13db163
SR		 419 weren't removed from the DNS.
420 [ISC-BUGS #27858]
421
b342f2e7
SR		 422- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
423 and dhcpv6_packet in several more places. Thanks to a report from
424 Bruno Verstuyft and Vincent Demaertelaere of Excentis.
425 [ISC-Bugs #27941]
426
cfc49463
SR		 427- Remove outdated note in the description of the bootp keyword about the
428 option not satisfying the requirement of failover peers for denying
429 dynamic bootp clients.
797aab67
SR		 430 [ISC-bugs #28574]
431
bc7f8b8e
SR		 432- Multiple items to clean up IPv6 address processing.
433 When processing an IA that we've seen check to see if the
434 addresses are usable (not in use by somebody else) before
435 handing it out.
436 When reading in leases from the file discard expired addresses.
437 When picking an address for a client include the IA ID in
438 addition to the client ID to generally pick different addresses
439 for different IAs.
440 [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
441 [ISC-Bugs #27684]
442
d289ee68
SR		 443- Remove unnecessary checks in the lease query code and clean up
444 several compiler issues (some dereferences of NULL and treating
445 an int as a boolean).
446 [ISC-Bugs #26203]
447
d19fa5a1
SR		 448- Fix the NA and PD allocation code to handle the case where a client
449 provides a preference and the server doesn't have any addresses or
cfc49463
SR		 450 prefixes available. Previously the server ignored the request with
451 this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
d19fa5a1 452 By default the code performs according to the errata of August 2010
53394a8d 453 for RFC 3315 section 17.2.2; to enable the previous style see the
cfc49463 454 section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
d19fa5a1
SR		 455 may be removed in the future.
456 Thanks to Jiri Popelka at Red Hat for the patch.
457 [ISC-Bugs #22676]
458
cfc49463 459- Fix up some issues found by static analysis.
bb9189c3
SR		 460 A potential memory leak and NULL dereference in omapi.
461 The use of a boolean test instead of a bitwise test in dst.
462 [ISC-Bugs #28941]
463
cbbd2714
SR		 464- Rotate the lease file when running in v6 mode.
465 Thanks to Christoph Moench-Tegeder at Astaro for the
466 report and the first version of the patch.
467 [ISC-Bugs #24887]
468
d208bb04
SR		 469 Changes since 4.2.2
470
471- Fix the code that checks for an existing DDNS transaction to cancel
472 when removing DDNS information, so that we will continue with the
473 processing if we have a lease even if it doesn't have an outstanding
474 transaction. [ISC-Bugs #24682]
475
25f664a6
SR		 476- Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
477 configuration files. [ISC-Bugs #24107]
478
d424157d
SR		 479- Add support for passing DDNS information to a DNS server over
480 an IPv6 address. [ISC-Bugs #22647]
481
3221151b
SR		 482- Enhanced patch for 23595 to handle IPv4 fixed addresses more
483 cleanly. [ISC-Bugs #23595]
484
bea17697
SR		 485 Changes since 4.2.1
486
487! In dhclient check the data for some string options for
488 reasonableness before passing it along to the script that
489 interfaces with the OS.
490 [ISC-Bugs #23722]
491 CVE: CVE-2011-0997
c7aa4dd4
TM		 492
493- DHCPv6 server now responds properly if client asks for a prefix that
494 is already assigned to a different client. [ISC-Bugs #23948]
4a5bfeac
SR		 495
496- Add the option "--no-pid" to the client, relay and server code,
497 to disable writing a pid file. Add the option "-pf pidfile"
498 to the relay to allow the user to supply the pidfile name at
499 runtime. Add the "with-relay6-pid-file" option to configure
500 to allow the user to supply the pidfile name for the relay
501 in v6 mode at configure time.
502 [ISC-Bugs #23351] [ISC-Bugs #17541]
5d082abd
TM		 503
504- 'dhclient' no longer waits a random interval after first starting up to
505 begin in the INIT state. This conforms to RFC 2131, but elects not to
506 implement a 'SHOULD' direction in section 4.1. The goal of this change
73c83820 507 is to start up faster. [ISC-Bugs #19660]
5d082abd
TM		 508
509- Added 'initial-delay' parameter that specifies maximum amount of time
510 before client goes to the INIT state. The default value is 0. In previous
511 versions of the code client could wait up to 5 seconds. The old behavior
512 may be restored by using 'initial-delay 5;' in the client config file.
73c83820 513 [ISC-Bugs #19660]
5d082abd
TM		 514
515- ICMP ping-check should now sit closer to precisely the number of seconds
516 configured (or default 1), due to making use of the new microsecond
517 scale timer internally to dhcpd. This corrects a bug where the server
518 may immediately timeout an ICMP ping-check if it was made late in the
73c83820 519 current second. [ISC-Bugs #19660]
5d082abd
TM		 520
521- The DHCP client will schedule renewal and rebinding events in
522 microseconds if the DHCP server provided a lease-time that would result
523 in sub-1-second timers. This corrects a bug where a 2-second or lower
524 lease-time would cause the DHCP client to enter an infinite loop by
73c83820 525 scheduling renewal at zero seconds. [ISC-Bugs #19660]
5d082abd
TM		 526
527- Client lease records are recorded at most once every 15 seconds. This
528 keeps the client from filling the lease database disk quickly on very small
73c83820 529 lease times. [ISC-Bugs #19660]
5d082abd
TM		 530
531- To defend against RFC 2131 non-compliant DHCP servers which fail to
532 advertise a lease-time (either mangled, or zero in value) the DHCP
533 client now adds the server to the reject list ACL and returns to INIT
534 state to hopefully find an RFC 2131 compliant server (or retry in INIT
73c83820 535 forever). [ISC-Bugs #19660]
023fbaa0
TM		 536
537- Parameters configured to evaluate from user defined function calls can
538 now be correctly written to dhcpd.leases (as on 'on events' or dynamic
539 host records inserted via OMAPI). [ISC-Bugs #22266]
540
541- If a 'next-server' parameter is configured in a dynamic host record via
542 OMAPI as a domain name, the syntax written to disk is now correctly parsed
543 upon restart. [ISC-Bugs #22266]
656b1ece
TM		 544
545- The DHCP server now responds to DHCPLEASEQUERY messages from agents using
546 IP addresses not covered by a subnet in configuration. Whether or not to
547 respond to such an agent is still governed by the 'allow leasequery;'
548 configuration parameter, in the case of an agent not covered by a configured
549 subnet the root configuration area is examined. Server now also returns
550 vendor-class-id option, if client sent it. [ISC-Bugs #21094]
bea17697 551
fc06ee4f
SR		 552- Documentation fixes
553 [ISC-Bugs #17959] add text to AIX section describing how to have it send
554 responses to the all-ones address.
555 [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
556 [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
557
1185c766
TM		 558- Relay no longer crashes, when DHCP packet is received over interface without
559 any IPv4 address assigned. Also extended logging message about discarding
560 packets with invalid hlen with information about relevant interface name.
561 [ISC-Bugs #22409]
562
c6455252
TM		 563- Relay now properly logs that packet was received over interface without
564 global IPv6 address [ISC-Bugs #24070]
565
9369bdc1
TM		 566- Linux Packet Filter interface improvement. sockaddr_pkt structure is used,
567 rather than sockaddr. Packet ethertype is now forced to ETH_P_IP.
568 [ISC-Bugs #18975]
569
fb30f3fc
SR		 570- Minor code cleanups - but note port change for #23196
571 [ISC-Bugs #23470] - Modify when an ignore return macro is defined to
572 handle unsed error return warnings for more versions of gcc.
573 [ISC-Bugs #23196] - Modify the reply handling in the server code to
574 send to a specified port rather than to the source port for the incoming
575 message. Sending to the source port was test code that should have
576 been removed. The previous functionality may be restored by defining
577 REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
578 enable this except for testing purposes.
579 [ISC-Bugs #22695] - Close a file descriptor in an error path.
580 [ISC-Bugs #19368] - Tidy up variable types in validate_port.
581
c616de4f
TM		 582- Code cleanup: remove obsolete PROTO, KandR, INLINE and ANSI_DECL macros
583 [ISC-Bugs #13151]
584
585- Compilation problem with gcc4.5 and omshell.c resolved. [ISC-Bugs #23831]
a34feb7d 586
4f55e11b
SR		 587- Client Script fixes
588 [ISC-Bugs #23045] Typos in client/scripts/openbsd
589 [ISC-Bugs #23565] In the client scripts add a zone id (interface id) if
590 the domain search address is link local.
591 [ISC-Bugs #1277] In some of the client scripts add code to handle the
592 case of the default router information being changed without the address
593 being changed.
594
802fdea1
TM		 595- Documentation cleanup
596 [ISC-Bugs #23326] Updated References document, several man page updates
597
1b601efa
TM		 598- Server no longer complains about NULL pointer when configured
599 server-identifier expression fails to evaluate. [ISC-Bugs #24547]
600
199f0b8a
SR		 601- Convert ISC_R_INPROGRESS status to ISC_R_SUCCESS when called from other
602 than the dispatch handler. This fixes an issue where omshell, when
603 run from the same platform as the server, would appear to fail to
604 connect. This is a companion to #21839. [ISC-Bugs #23592]
605
786f2e79
SR		 606- Enlarge the buffer size used by the Omshell code and some of the
607 print routines to allow for greater than 60 characters or, when
608 printing as hex strings, 20 characters. [ISC-Bugs #22743]
609
7cfeb916
SR		 610- In Solaris 11 switch to using sockets instead of DLPI, thanks
611 to a patch form Oracle. [ISC-Bugs #24634].
612
d15aa964
TM		 613- Strict checks for content of domain-name DHCPv4 option can now be
614 configured during compilation time. Even though RFC2132 does not allow
615 to store more than one domain in domain-name option, such behavior is
616 now enabled by default, but this may change some time in the future.
617 See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
618 [ISC-Bugs #24167]
619
beaed73f
SR		 620- DNS Update fix. A misconfigured server could crash during DNS update
621 processing if the configuration included overlapping pools or
622 multiple fixed-address entries for a single address. This issue
623 affected both IPv4 and IPv6. The fix allows a server to detect such
624 conditions, provides the user with extra information and recommended
625 steps to fix the problem. If the user enables the appropriate option
626 in site.h then server will be terminated
627 [ISC-Bugs #23595]
628
8bd96ccb
SR		 629! Two packets were found that cause a server to halt. The code
630 has been updated to properly process or reject the packets as
631 appropriate. Thanks to David Zych at University of Illinois
632 for reporting this issue. [ISC-Bugs #24960]
633 One CVE number for each class of packet.
634 CVE-2011-2748
635 CVE-2011-2749
636
5a38e43f
SR		 637 Changes since 4.2.0
638
639- Documentation cleanup covering multiple tickets
640 [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
641 [ISC-Bugs #20263] add text describing some default values
642 [ISC-Bugs #20193] single quotes at the start of a line indicate a control
643 line to nroff, escape them if we actually want a quote.
644 [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
645
524705e5
DH		 646- 'get-host-names true;' now also works even if 'use-host-decl-names true;'
647 was also configured. The nature of this repair also fixes another
648 error; the host-name supplied by a client is no longer overridden by a
649 reverse lookup of the lease address. Thanks to a patch from Wilco Baan
650 Hofman supplied to us by the Debian package maintenance team.
651 [ISC-Bugs #21691] {Debian Bug#509445}
652
f07d0fb5
DH		 653- The .TH tag for the dhcp-options manpage was typo repaired
654 thanks to a report from jidanni and the Debian package maintenance
655 team. [ISC-Bugs #21676] {Debian Bug#563613}
656
d6645f56
SR		 657- More documentation changes - primarily to put the options in the dhclient
658 and dhcpd man pages into the standard form. Thanks in part to a patch
659 from David Cantrell at Red Hat.
660 [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
661
4a5098e9
SR		 662- Add code to clear the pointer to an object in an OMAPI handle when the
663 object is freed due to a dereference. [ISC-Bugs #21306]
664
ea75d544
DH		 665- Fixed a bug that leaks host record references onto lease structures,
666 causing the server to apply configuration intended for one host to any
667 other innocent clients that come along later. [ISC-Bugs #22018]
668
66be0ad1
SR		 669- Minor code fixes
670 [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
671 the name to be at the apex of the zone.
672 [ISC-Bugs #19617] Restrict length of interface name read from command line
673 in dhcpd - based on a patch from David Cantrell at Red Hat.
674 [ISC-Bugs #20039] Correct some error messages in dhcpd.c
675 [ISC-Bugs #20070] Better range check on values when creating a DHCID.
676 [ISC-Bugs #20198] Avoid writing past the end of the field when adding
677 overly long file or server names to a packet and add a log message
678 if the configuration supplied overly long names for these fields.
679 Thanks to Martin Pala.
680 [ISC-Bugs #21497] Add a little more randomness to rng seed in client
681 thanks to a patch from Jeremiah Jinno.
682
57fbc772
SR		 683- Correct error handling in DLPI [ISC-Bugs #20378]
684
685- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
686 checked in configure. [ISC-Bugs #20443]
687
688- Modify how the cmsg header is allocated the v6 send and received routines
689 to compile on more compilers. [ISC-Bugs #20524]
690
691- When parsing a domain name free the memory for the name after we are
692 done with it. [ISC-Bugs #20824]
693
197c917e
SR		 694- Add an elapsed time option to the release message and refactor the
695 code to move most of the common code to a single routine.
696 [ISC-Bugs #21171].
697
8bd445a1
DH		 698- Two identical log messages for commit_leases() have been disambiguated.
699 [ISC-Bugs #18915]
700
83d409ae
SR		 701- Parse date strings more properly - the code now handles semi-colons in
702 date strings correctly. Thanks to a patch from Jiri Popelka at Red Hat.
703 [ISC-Bugs #21501, #20598]
704
6aaaf6a4
SR		 705- Fixes to lease input and output.
706 [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
707 strftime, paste together the same string using mktime instead.
708 [ISC-Bugs #19596] - When parsing iaid values accept printable
709 characters.
710 [ISC-Bugs #21585] - Always print time values in omshell as hex
711 instead of ascii if the values happen to be printable characters.
712
4e0997c6
SR		 713- Minor changes for scripts, configure.ac and Makefiles
714 [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
715 example conf file. Thanks to a patch from David Cantrell
716 at Red Hat.
717 [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
718 [ISC-Bugs #19945] Properly close the quote on some arguments.
719 [ISC-Bugs #20952] Add 64 bit types to configure.ac
720 [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH envrionment variable
721
ad59838e
SR		 722- Update the code to parse dhcpv6 lease files to accept a semi-colon at
723 the end of the max-life and preferred-life clauses. In order to be
724 backwards compatible with older lease files not finding a semi-colon
725 is also accepted. [ISC-Bugs #22303].
726
4dc5a6b1
SR		 727! Handle a relay forward message with an unspecified address in the
728 link address field. Previously such a message would cause the
f33dc722
SR		 729 server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992]
730 CERT: VU#102047 CVE: CVE-2010-3611
731
8d50c721
DH		 732- ./configure on longer searches for -lcrypto to explicitly link against.
733 This fixes a bug where 'dhclient' would have shared library dependencies
734 on '/usr/lib'. [ISC-Bugs #21967]
4dc5a6b1 735
3004baba
SR		 736- Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
737 signal to a process and will kill the process if the signal isn't
738 caught. This patch adds code to turn off the SIGPIPE signal via
739 a setsockopt() call. The signal is already being ignored as part
740 of the ISC library. [ISC-Bugs #22269]
741
42cbff63
SR		 742- Restore printing of values in omshell to the style pre 21585. For
743 21585 we changed the print routines to always display time values
39196512
SR		 744 as a hex list. This had a side effect of printing all data strings
745 as a hex list. We shall investigate other ways of displaying time
746 values more usefully. [ISC-Bugs #22626]
3004baba 747
9d97e644
SR		 748! Fix the handling of connection requests on the failover port.
749 Previously a connection request from a source that wasn't
750 listed as a failover peer would cause the server to become
dbaa902c
SR		 751 non-responsive. Thanks to a report from Brad Bendily, brad@bendily.com.
752 [ISC-Bugs #22679]
9d97e644
SR		 753 CERT: VU#159528 CVE: CVE-2010-3616
754
23d39ae2
SR		 755- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
756 Passing it through to the handlers caused the omshell program to fail
757 to connect to the server. [ISC-Bugs #21839]
758
759- Fix the paranthesis in the code to process configuration statements
760 beginning with "auth". The previous arrangement caused
761 "auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
762
0c9d3a81
SR		 763- Limit the timeout period allowed in the dispatch code to 2^^32-1 seconds.
764 Thanks to a report from Jiri Popelka at Red Hat.
765 [ISC-Bugs #22033], [Red Hat Bug #628258]
766
e1a40211
SR		 767- When processing the format flags for a given option consume the
768 flag indicating an optional value correctly. A symptom of this
769 bug was an infinite loop when trying to parse the slp-service-scope
770 option. Thanks to a patch from Marius Tomaschewski.
771 [ISC-Bugs #22055]
772
e7e17397
SR		 773- Disable the use of kqueue in the ISC library. This avoids a problem
774 between the fork and socket code that caused the dhcpd process to
775 use all available cpu if the program daemonized itself.
776 [ISC-Bugs #21911]
777
c8b189f1 778! When processing a request in the DHCPv6 server code that specifies
45918d36 779 an address that is tagged as abandoned (meaning we received a
c8b189f1
SR		 780 decline request for it previously) don't attempt to move it from
781 the inactive to active pool as doing so can result in the server
e8f330a1 782 crashing on an assert failure. Also retag the lease as active
09afca0d 783 and reset its timeout value.
c8b189f1
SR		 784 [ISC-Bugs #21921]
785
ef86959b
SR		 786- Removed the restriction on using IPv6 addresses in IPv4 mode. This
787 allows IPv4 options which contain IPv6 addresses to be specified. For
788 example the 6rd option can be specified and used like this:
789 [ISC-Bugs #23039]
790
791 option 6rd code 212 = { integer 8, integer 8,
792 ip6-address, array of ip-address };
793 option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
794
919f1407
SR		 795- Handle some DDNS corner cases better. Maintain the DDNS transaction
796 information when updating a lease and cancel any existing transactions
797 when removing the ddns information.
798 [ISC-Bugs #23103]
799
8a0d9ca4
SR		 800- Some fixes for LDAP
801 [ISC-Bugs #21783] - Include lber library when building ldap
802 [ISC-Bugs #22888] - Enable the ldap code when buidling common
803 The above fixes are from Jiri Popelka at Red Hat.
804
17a8f0e2
SR		 805- Modify the dlpi code to accept getmsg() returning a positive value.
806 [ISC-Bugs #22824]
807
badc999d
SR		 808 Changes since 4.2.0b2
809
810- Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
0d8c3d6e 811
1e05d095
SR		 812 Changes since 4.2.0b1
813
d122accf
SR		 814- Prohibit including lease time information in a response to a DHCP INFORM.
815 [ISC-Bugs #21092]
1e05d095 816
1943bbf8
SR		 817! Accept a client id of length 0 while hashing. Previously the server would
818 exit if it attempted to hash a zero length client id, providing attackers
d122accf 819 with a simple denial of service attack. [ISC-Bugs #21253]
63ff896a 820 CERT: VU#541921 - CVE: CVE-2010-2156
1943bbf8 821
8a513c43
DH		 822- A memory leak in ddns processing was closed. [ISC-Bugs #21377]
823
d122accf
SR		 824- Modify the exception handling for initial context creation. Previously
825 we would try and clean up before exiting. This could present problems
826 when the cleanup required part of the context that wasn't available. It
827 also didn't do much as we exited afterwards anyway. Now we simply log
828 the error and exit. [ISC-Bugs #21093]
829
0d8c3d6e
DH		 830- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
831 previously allocated (active) lease to a client that has changed subnets,
832 despite being on different shared networks. Dynamic prefixes specifically
833 allocated in shared networks also now are not offered if the client has
834 moved. [ISC-Bugs #21152]
835
590298e7
SR		 836- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
837
600ee619 838- Fix the trace code to handle timing events better and to truncate a file
2b58b865
SR		 839 before using instead of overwriting it. [ISC-Bugs #20969]
840
841- Modify the determination of the default TTL to use for DDNS updates.
842 The user may still configure the ttl via ddns-ttl. The default for
843 both v4 and v6 is now 1/2 the (preferred) lease time with a limit. The
844 previous defaults (1/2 lease time without a limit for v4 and a default
845 value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
846 [ISC-Bugs #21126]
600ee619 847
a5c7bf77
DH		 848- libisc/libdns is now brought up to version 9.7.1rc1. This corrects
849 three reported flaws in ISC DHCP;
850
851 o DHCP processes (dhcpd, dhclient) fail to start if one of either the
852 IPv4 or IPv6 address families is not present. [ISC-Bugs #21122]
853
854 o Assertion failure when attempting to cancel a previously running DDNS
855 update. [ISC-Bugs #21133]
856
857 o Compilation failure of libisc/libdns due to the use of a flexible
858 array member. [ISC-Bugs #21316]
859
0585235c
SR		 860 Changes since 4.2.0a2
861
862- Update the fsync code to work with the changes to the DDNS code. It now
863 uses a timer instead of noticing if there are no more packets to process.
864
f4bc8261
SR		 865- When constructing the DNS name structure from a text string append
866 the root to relative names. This satisfies a requirement in the DNS
867 library that names be absolute instead of relative and prevents DHCP
d122accf 868 from crashing. [ISC-Bugs #21054]
f4bc8261 869
33692791
DH		 870- "The LDAP Patch" that has been circulating for some time, written by
871 Brian Masney and S.Kalyanasundraram and maintained for application to
872 the DHCP-4 sources by David Cantrell has been included. Please be
873 advised that these sources were contributed, and do not yet meet the
874 high standards we place on production sources we include by default.
875 As a result, the LDAP features are only included by using a compile-time
876 option which defaults off, and if you enable it you do so under your
877 own recognizance. We will be improving this software over time.
878 [ISC-Bugs #17741]
879
3c941d42 880 Changes since 4.2.0a1
928618dd
DH		 881
882- When using 'ignore client-updates;', the FQDN returned to the client
883 is no longer truncated to one octet.
884
3c941d42
DH		 885- Cleaned up an unused hardware address variable in nak_lease().
886
bdd8e747
DH		 887- Manpage entries for the ia-pd and ia-prefix options were updated to
888 reflect support for prefix delegation.
889
3da71461
SR		 890- Cleaned up some compiler warnings
891
fdfebedf
DH		 892- An optimization described in the failover protocol draft is now included,
893 which permits a DHCP server operating in communications-interrupted state
894 to 'rewind' a lease to the state most recently transmitted to its peer,
895 greatly increasing a server's endurance in communications-interrupted.
896 This is supported using a new 'rewind state' record on the dhcpd.leases
897 entry for each lease.
898
7aa153b8
SR		 899- Fix the trace code which was broken by the changes to the DDNS code.
900
adbef119
DH		 901 Changes since 4.1.0 (new features)
902
d340bc24
DH		 903- Failover port configuration can now be left to defaults (port 647) as
904 described in the -12 revision of the Failover draft (and assigned by
4b97eaff 905 IANA). Thanks in part to a patch from David Cantrell at Red Hat.
adbef119 906
0829d595
DH		 907- If configured, dhclient may now transmit to an anycast MAC address,
908 rather than using a broadcast address. Thanks to a patch from David
909 Cantrell at Red Hat.
910
8a3c1e33
PS		 911- Added client support for setting interface MTU and metric, thanks to
912 Roy "UberLord" Marples <roy@marples.name>.
913
a41d7a25
PS		 914- Added client -D option to specify DUID type to send.
915
9e3eb22a
DH		 916- A new failover configuration parameter has been introduced for those
917 environments where DHCP servers can be reasonably guaranteed to be
918 "down" when the failover TCP socket is severed, "auto-partner-down".
919 This parameter is not generally safe, and by default is disabled, so
920 please carefully review the documentation of this parameter in the
921 dhcpd.conf(5) manpage before determining to use it yourself.
922
33ea4622
DH		 923- Added a configuration function, 'gethostname()', which calls the system
924 function of the same name and presents the results as a data expression.
925 This function can be used to incorporate the system level hostname of
926 the system the DHCP software is operating on in responses or queries (such
927 as including a failover partner's hostname in a dhcp message or binding
928 scope, or having a DHCP client send any system hostname in the host-name or
929 FQDN options by default).
930
5a671e87
DH		 931- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
932 for DHCPv4 operation and used independently of the dhcp-lease-time
933 calculations. Invalid renew and rebinding times (e.g., greater than the
934 determined lease time) are omitted.
935
98bf1607 936- Processing the DHCP to DNS server transactions in an asyncrhonous fashion.
09afca0d 937 The DHCP server or client can now continue with its processing while
98bf1607 938 awaiting replies from the DNS server.
c900c5b2
DH		 939
940- The 'hardware [ethernet|etc] ...;' parameter in host records has been
941 extended to attempt to match DHCPv6 clients by the last octets of a
942 DUID-LL or DUID-LLT provided by the client.
943
59112e84
SR		 944 Changes since 4.1.0 (bug fixes)
945
62f6843d
MA		 946- Remove infinite loop in token_print_indent_concat().
947
59112e84
SR		 948- Validate the argument to the -p option.
949
47e6eb82
DH		 950- The notorious 'option <unknown> ... larger than buffer' log line,
951 which is seen in some malformed DHCP client packets, was modified.
952 It now logs the universe name, and does not log the length values
953 (which are bogus corruption read from the packet anyway). It also
954 carries a hopefully more useful explanation.
955
159c89d7
EH		 956- Suppress spurious warnings from configure about --datarootdir
957
1aa0fe5e
DH		 958- A bug was fixed that caused the server not to answer some valid Solicit
959 and Request packets, if the dynamic range covering any requested addresses
960 had been deleted from configuration.
961
cd51403d
SR		 962- Update the code to deal with GCC 4.3. This included two sets of changes.
963 The first is to the configuration files to include the use of
571c38b0 964 AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
cd51403d
SR		 965 were being ignored.
966
64e1823d
DH		 967- The db-time-format option was documented in manpages.
968
26e59ee9
DH		 969- Using reserved leases no longer results in 'lease with binding state
970 free not on its queue' error messages, thanks to a patch from Frode
971 Nordahl.
972
70ea9345
PS		 973- Fix a build error in dhcrelay, using older versions of gcc with
974 dhcpv6 disabled.
975
8d7dca58 976- Two uninitialized stack structures are now memset to zero, thanks to a
4b97eaff 977 patch from David Cantrell at Red Hat.
819186b7 978
f4534b17
DH		 979- Fixed a cosmetic bug where pretty-printing valid domain-search options would
980 result in an erroneous error log message ('garbage in format string').
981
f9453d21
DH		 982- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
983 to stop receiving packets is fixed. The same fix also means that the MAC
984 address will no longer appear 'bogus' on DLPI-based systems.
985
986- A bug in select handling was discovered where the results of one select()
987 call were discarded, causing the server to process the next select() call
988 and use more system calls than required. This has been repaired - the
989 sockets will be handled after the first return from select(), resulting in
990 fewer system calls.
991
a3dcc0b1
DH		 992- The update-conflict-detection feature would leave an FQDN updated without
993 a DHCID (still currently implemented as a TXT RR). This would cause later
994 expiration or release events to fail to remove the domain name. The feature
995 now also inserts the client's up to date DHCID record, so records may safely
996 be removed at expiration or release time. Thanks to a patch submitted by
997 Christof Chen.
998
95fd7038
DH		 999- Memory leak in the load_balance_mine() function is fixed. This would
1000 leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
1001 and in normal state.
1002
1003- Various compilation fixes have been included for the memory related
1004 DEBUG #defines in includes/site.h.
1005
8a3c1e33
PS		 1006- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
1007
1008- Fixed setting hostname in Linux hosts that require hostname argument
1009 to be double-quoted. Also allow server-provided hostname to
1010 override hostnames 'localhost' and '(none)'.
1011
dedde1ba
DH		 1012- Fixed failover reconnection retry code to continue to retry to reconnect
1013 rather than restarting the listener.
1014
a57df74a
DH		 1015- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
1016 been repaired. Other USE_ overrides should work better.
1017
1018- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
1019 that probably still resulted in the correct behaviour (but wouldn't use
1020 a larger defined value provided by the host OS).
1021
350576c5
DH		 1022- Fixed a bug where an OMAPI socket disconnection message would not result
1023 in scheduling a failover reconnection, if the link had not negotiated a
1024 failover connect yet (e.g.: connection refused, asynch socket connect()
1025 timeouts).
1026
792156a9
DH		 1027- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
1028 in failover state records.
1029
8a4e543b
DH		 1030! A stack overflow vulnerability was fixed in dhclient that could allow
1031 remote attackers to execute arbitrary commands as root on the system,
1032 or simply terminate the client, by providing an over-long subnet-mask
1b12d999 1033 option. CERT VU#410676 - CVE-2009-0692
8a4e543b 1034
a1308b64
DH		 1035- Fixed a bug where relay agent options would never be returned when
1036 processing a DHCPINFORM.
1037
1b12d999
DH		 1038- Versions 3.0.x syntax with multiple name->code option definitions is now
1039 supported. Note that, similarly to 3.0.x, for by-code lookups only the
1040 last option definition is used.
1041
d453265f
PS		 1042- Fixed a bug where a time difference of greater than 60 seconds between a
1043 failover pair could cause the primary to crash on contact with the
1044 secondary. Thanks to a patch from Steinar Haug.
1045
3e29af1e
PS		 1046- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
1047 Thanks to patches from Matthew Newton and David Cantrell.
1048
b8d45c67
DH		 1049- Secondary servers in a failover pair will now perform ddns removals if
1050 they had performed ddns updates on a lease that is expiring, or was
1051 released through the primary. As part of the same fix, stale binding scopes
1052 will now be removed if a change in identity of a lease's active client is
1053 detected, rather than simply if a lease is noticed to have expired (which it
1054 may have expired without a failover server noticing in some situations).
1055
583c1c16
DH		 1056- A patch supplied by David Cantrell at RedHat was applied that detects
1057 invalid calling parameters given to the ns_name_ntop() function.
1058 Specifically, it detects if the caller passed a pointer and size pair
1059 that causes the pointer to integer-wrap past zero.
1060
e4e3a2ab
DH		 1061! Fixed a fenceposting bug when a client had two host records configured,
1062 one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
95f5d38c 1063
875e99dc
SR		 1064- Fixed the check in the dhcp_interface_signal_handler routine to verify
1065 the existence of the linked signal handler before calling it.
1066
2267da84
DH		 1067- Both host and subnet6 configuration groups are now included whether a
1068 fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
1069 precedence. This fixes two bugs, one where host scoped configuration
1070 would not be included from a non-fixed-address6 host record, and the equal
1071 and opposite bug where subnet6 scoped configuration would not be used when
571c38b0 1072 over-riding values were not present in a matching fixed-address6 host
2267da84
DH		 1073 configuration.
1074
cd3f0b9b
DH		 1075- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
1076 correcting a compilation failure when using Sun's compiler.
1077
0493fdca
SR		 1078- Modified the handling of a connection to avoid releasing the omapi io
1079 object for the connection while it is still in use. One symptom from
1080 this error was a segfault when a failover secondary attempted to connect
1081 to the failover primary if their clocks were not synchronized.
1082
95bba8b6
SR		 1083- Clean up to allow compilation with gcc 2.95.4 on FreeBSD. Remove an
1084 extra semi-colon from common/dns.c and moved setting a variable to NULL
1085 in server/dhcpv6.c to allow the compiler to decide that the variable
1086 was always properly set.
1087
adbef119 1088 Changes since 4.1.0b1
ebf076fe
EH		 1089
1090- A missing "else" in dhcrelay.c could have caused an interface not to
1091 be recognized.
61d75ea2 1092
a4ffedd1
DH		 1093 Changes since 4.1.0a2
1094
1095- A cosmetic bug in DHCPDECLINE processing was fixed which caused all
1096 successful DHCPDECLINEs to be logged as "not found" rather than
1097 "abandoned".
1098
6ff3b26d
FD		 1099- Added configuration file examples for DHCPv6.
1100
1387545f
DH		 1101- Some failover debugging #defines have been better defined and some
1102 high frequency messages moved to a deeper debugging symbol.
1103
1104- The CLTT parameter in failover is now only updated by client activity,
1105 and not by failover binding updates (taking on the peer's CLTT).
1106
1107- Failover BNDUPD messages are now discarded if they conflict with an
d7ac7a27 1108 update that has been transmitted, but not acknowledged.
1387545f 1109
399d3dbe
DH		 1110- A bug cleaning up unknown-xxx temporary option definitions was fixed.
1111
fbcee149
DH		 1112- Delayed-ack is now a compile-time option, compiled out by default.
1113 This feature is simply too experimental for right now, and causes
1114 some problems to some failover installations. We will revisit this
1115 in future releases.
1116
f1672d89
DH		 1117- The !inet_pton() call in res_mkupdrec was adjusted to '<= 0' as
1118 inet_pton returns either 1, 0, or -1.
1119
236d3a99
DH		 1120- A dhclient-script for MacOS X has been included, which enables
1121 'dhclient -6' support.
1122
efa5e6b9
DH		 1123- DDNS removal routines were updated so that the DHCID is not removed until
1124 the client has been deprived of all A and AAAA records (not only the last
1125 one of either of those). This resolves a bug where dual stack clients
1126 would not be able to regain their names after either expiration event.
1127
7d6180be 1128 Changes since 4.1.0a1
edcb5c46
EH		 1129
1130- Corrected list of failover state values in dhcpd man page.
1131
51e7687f
EH		 1132- Fixed a bug that caused some request types to be logged incorrectly.
1133
20210a7b
EH		 1134- Clients that sent a parameter request list containing the
1135 routers option before the subnet mask option were receiving
1136 only the latter. Fixed.
1137
535485df
EH		 1138- The server wasn't always sending the FQDN option when it should.
1139
8fbb55ff
DH		 1140- A partner-down failover server no longer emits 'peer holds all free leases'
1141 if it is able to newly-allocate one of the peer's leases.
1142
61220a00
EH		 1143- Fixed a coredump when adding a class via OMAPI.
1144
c40e954c
EH		 1145- Check whether files are zero length before trying to parse them.
1146
63971a83
DH		 1147- Ari Edelkind's PARANOIA patch has been included and may be compiled in
1148 via two ./configure parameters, --enable-paranoia and
1149 --enable-early-chroot.
1150
66cebfcb
DH		 1151- ./configure was extended to cover many optional build features, such
1152 as failover, server tracing, debugging, and the execute() command.
1153
f8cbf390
DH		 1154- There is now a default 1/4 of a second scheduled delay between delayed
1155 fsync()'s, it can be configured by the max-ack-delay configuration
1156 parameter.
1157
8269561d
DH		 1158- A bug was fixed where the length of a hostname was miscalculated, so that
1159 hosts were given odd-looking domain names ("foo.bar.ba.example.com").
1160
b445a411
DH		 1161- Shared network selection should be done from the innermost relay
1162 valid link-address field, rather than the outermost.
1163
bd72740e
FD		 1164- Prefix pools are attached to shared network scopes.
1165
9322442f
FD		 1166- Merged IA_XX related structures.
1167
8dea7ba7
FD		 1168- Add DHCPv6 files in configure.
1169
4619c0a2
DH		 1170- A memory leak when using omapi has been fixed.
1171
9ac4206a
DH		 1172- DHCPv6 vendor-class options (VSIO) are now only sent when they appear
1173 on the DHCPv6 ORO. This resolves a bug where VSIO options were placed
1174 in IA_NA encapsulated options fields.
1175
420d8b3f
FD		 1176- Integrated client with stateless, temporary address and prefix delegation
1177 support.
1178
40ec5f38
DH		 1179- A double-dereference in dhclient transmission of DHCPDECLINEs was
1180 repaired.
1181
80097764
FD		 1182- Fix handling of format code 'Z'.
1183
ffbaa880
FD		 1184- Support "-1" argument in DHCPv6.
1185
7de20a95
EH		 1186- Merge DHCPv6-only "dhcrelay6" into general-purpose "dhcrelay" (use
1187 "-6" option to select DHCPv6 mode).
1188
d352732e
EH		 1189- Fix handling of -A and -a flags in dhcrelay; it was failing to expand
1190 packet size as needed to add relay agent options.
1191
7d6180be
DH		 1192- A bug in subnet6 parsing where options contained in subnet6 clauses would
1193 not be applied to clients addressed within that network was repaired.
1194
1195- When configuring a "subnet {}" or "subnet6 {}" without an explicit
1196 shared-network enclosing it, the DHCP software would synthesize a
1197 shared-network to contain the subnet. However, all configuration
1198 parameters within the subnet more intuitively belong "to any client
1199 on that interface", or rather the synthesized shared-network. So,
1200 when a shared-network is synthesized, it is used to contain the
1201 configuration present inside the subnet {} clause. This means that
1202 the configuration will be valid for all clients on that network, not
1203 just those addressed out of the stated subnet. If you intended the
1204 opposite, the workaround is to explicitly configure an empty
1205 shared-network.
1206
1207- A bug was fixed where Information-Request processing was not sourcing
1208 configured option values.
1209
1210- A warning was added since the DHCPv6 processing software does not yet
1211 support class statements.
1212
dd484ced
DH		 1213- Compliation warnings on GCC 4.3 relating to bootp source address
1214 selection were repaired.
1215
ecddae64
DH		 1216- The v6 BSD socket method was updated to use a single UDP BSD socket
1217 no matter how many interfaces are involved, differentiating the
1218 interfaces the packets were received on by the interface index supplied
1219 by the OS.
1220
1221- The relay agent no longer listens to the All DHCP Servers Multicast
1222 address.
1223
1224- A bug was fixed in data_string_sprintfa() where va_start was only called
1225 once for two invocations of vsprintf() variants.
1226
d104d45b
DH		 1227- ERO (RFC 4994) server support.
1228
1229- Basic and partial DHCPv6 leasequery support.
1230
1231- Reliable DHCPv6 release (previous behavior, send release and exit, is
1232 still available with dhclient -6 -1 -r).
1233
01a54c17 1234 Changes since 4.0.0 (new features)
3c12f746 1235
6d7f9584
FD		 1236- Added DHCPv6 rapid commit support.
1237
4cafb815 1238- Added explicit parser support for zero-length DHCP options, such as
6d7f9584 1239 rapid-commit, via format code 'Z'.
4cafb815 1240
022fe95e
EH		 1241- It's now possible to update the "ends" field of a lease with OMAPI.
1242 This is useful if you want not only to release a lease, but also make
1243 it available for reuse right away. Hat tip to Christof Chen.
1244
1dcc3612
SK		 1245- Fixed definition of the iaaddr hash functions to use the correct
1246 functions when referencing and dereferencing memory.
1247
aabfa4de
FD		 1248- Some definitions not in phase with the IANA registry were updated.
1249
0674055a
FD		 1250- Allocated interface IDs are better controlled ('u' bit set to zero,
1251 reserved IDs avoided).
1252
b51c785f
FD		 1253- Unicast options are taken into account only for RENEWs.
1254
900405e9
FD		 1255- NoAddrsAvail answers to SOLICITs are always ADVERTISEs even when a SOLICIT
1256 carries a rapid-commit option.
1257
96b620e5
FD		 1258- Return in place of raise an impossible condition when one tries to release
1259 an empty active lease.
1260
be62cf06
FD		 1261- Timer granularity is now 1/100s in the DHCPv6 client.
1262
01a54c17
EH		 1263- The dhclient-script was updated to create a host route for the default
1264 gateway if the supplied subnet mask for an IPv4 address was a /32. This
1265 allows the client to work in 'captive' network environments, where the
1266 operator does not want clients to crosstalk directly.
1267
1268- MINUS tokens should be parseable again.
1269
1270- Multiple (up to "delayed-ack x;" maximum) DHCPv4 packets are now queued and
1271 released in bursts after single fsync() events when the upper limit is
1272 reached or if the receiving sockets go dry. The practical upshot is
1273 that fsync-coupled server performance is now multiplicitively increased.
1274 The default delayed ack limit is 28. Thanks entirely to a patch from
1275 Christof Chen.
1276
1277 Changes since 4.0.0 (bug fixes)
1278
1279- DHCP now builds on AIX.
1280
1281- Exit with warning when DHCPv6-specific statements are used in the
1282 config file but -6 is not specified.
1283
1284- Fixed "--version" flag in dhcrelay
1285
1286- The 'min-secs' configuration parameter's log message has been updated to
1287 be more helpful.
1288
1289- The warning logged when an address range doesn't fit in the subnets
1290 they were declared has been updated to be more helpful and identify the
1291 typo in configuration that created the spanning addresses.
1292
1293- A bug in failover pool rebalancing that caused POOLREQ message ping-pongs
1294 was repaired.
1295
1296- A flaw in failover pool rebalancing that could cause POOLREQ messages to
1297 be sent outside of the min-balance/max-balance scheduled intervals has
1298 been repaired.
1299
1300- A cosmetic bug during potential-conflict recovery that caused the peer's
1301 'conflict-done' state message to be logged as 'unknown-state' has been
1302 repaired. It is now logged correctly.
1303
49f61135
DH		 1304- A bug was fixed where the 'giaddr' may be used to find the client's subnet
1305 rather than its own 'ciaddr'.
1306
41d4652f
DH		 1307- A log message was introduced to clarify the situation where a failover
1308 'address' parameter (the server's local address) did not resolve to an
1309 IPv4 address.
1310
2c9bf1f4
DH		 1311- The minimum site code value was set to 224 in 3.1.0 to track RFC3942. This
1312 broke a lot of legacy site local configurations. The new code in place will
1313 track site local space minimum option codes and logs a warning to encourage
1314 updates and exploration of site local code migration problems. Option
1315 codes less than 128 in site local spaces remain inaccessible.
1316
1317- A possible relay agent option bug was repaired where random server
1318 initialization state may have been used to signal the relay agent
1319 information options sub-option code for the 'END' of the option space.
1320
cff9b78f
SK		 1321- Fixes to allow code to compile and run on Solaris 9.
1322
c4d29896
SK		 1323- Fixes to allow code to compile on Mac OS X Leopard (10.5).
1324
57fcb8d9
SK		 1325- When server is configured with options that it overrides, a warning is
1326 issued when the configuration file is read, rather than at the time the
1327 option is overridden. This was important, because the warning was given
1328 every time the option was overridden, which could create a lot of
1329 unnecessary logging.
1330
219a65eb
DH		 1331- Fixed a compilation problems on platforms that define a value for FDDI,
1332 which conflicts with a dhcp configuration syntax token by the same name.
1333
ffdf3c8c
DH		 1334- When a failover server suspects it has encountered a peer running a
1335 version 3.0.x failover server, a warning that the failover wire protocol
1336 is incompatible is printed.
1337
1338- The failover server no longer issues a floating point error if it encounters
1339 a previously undefined option code.
1340
00a002fc
MA		 1341- Fix startup error messages to report a missing "subnet6 declaration", rather
1342 than a missing "subnet declaration", when running as a DHCPv6 server.
1343
7e9f7a1b
FD		 1344- DHCPv6 client timestamp in DUID was based on the year 1970 rather
1345 than the year 2000.
1346
e2cfde76
FD		 1347- Warn when attempting to use a hardware parameter in DHCPv6.
1348
cabdb9b1
FD		 1349- DHCPv6 released resources are now marked as released by the client.
1350
5d89d60f
FD		 1351- 'Soft' bindings have no more side-effects.
1352
61d75ea2
DH		 1353 Changes since 4.0.0b3
1354
1355- The reverse dns name for PTR updates on IPv6 addresses has been fixed to
1356 use ip6.arpa. rather than default to in-addr.arpa and require user
1357 configuration.
76db44f9 1358
e32529a5
EH		 1359- dhc6_lease_destroy() and dhc6_ia_destroy() now set lease and IA pointers
1360 to NULL after freeing, to prevent subsequent accesses to freed memory.
1361
76db44f9
SK		 1362- The DHCPv6 server would not send the preference option unless the
1363 client requested it, via the ORO. This has been fixed, so the DHCPv6
1364 server will always send the preference value if it is configured.
e4a6be15 1365
6f76de58
SK		 1366- When addresses were passed as hints to the server in an IA, they were
1367 incorrectly handled, sometimes being treated as an error. Now the
1368 server will treat these as hints and ignore them if it cannot supply
1369 a requested address.
1370
703873ab
DH		 1371- If the client had multiple addresses, and one expired (was not renewed
1372 by the server), the client would continue to attempt to renew the same
1373 old address over and over. Now, the client will omit any expired
1374 addresses from future Confirm, Renew, or Rebind messages.
1375
1376- dhclient -6 will now select renew/rebind timers based upon the longest
1377 address expiration time rather than the shortest expiration time, in
1378 order to avoid cascading renewals in the event a server elects not to
1379 extend one of multiple IAADDR leases.
1380
b024480e
DH		 1381- The server now limits clients that request multiple addresses to one
1382 address per IA by default, which can be adjusted through the
1383 "limit-addrs-per-ia" configuration option.
1384
c0216cb7
DH		 1385- The DHCPv6 client now issues fresh transaction IDs on Renew and Rebind
1386 message exchanges, rather than using the most recent ID.
1387
1ac57173
FD		 1388- The DHCPv6 server now replies to Information-Request messages.
1389
83835822
DH		 1390- A bug was fixed in the dhclient-script for BSDs to correctly carry error
1391 codes through some conditions.
1392
c54db708
FD		 1393- The parsing of some options in the dhclient lease file, in particular
1394 the success DHCPv6 status-code, was fixed.
1395
e5d83524
DH		 1396- A bug was fixed that caused the DHCPv6 ORO option to be corrupted with
1397 seemingly random values.
1398
821f2dda
DH		 1399- A reference overleak in DHCPv6 shared network processing was repaired.
1400
f8b3c6f4
DH		 1401- ./configure now autodetects local database locations rather than trying
1402 to put dhcpd.leases and dhclient.leases in /usr/local/var/db, which no
1403 one ever has.
1404
b9137d42
SK		 1405- Regression fix for bug where server advertised a IPv6 address in
1406 response to a SOLICIT but would not return the address in response
1407 to a REQUEST.
1408
9f1d5a2f
DH		 1409- A bug was fixed where the DHCPv6 server puts the NoAddrsAvail status
1410 code in the IA_NA was fixed. The status code now appears in the root
1411 level.
1412
e4a6be15
DH		 1413 Changes since 4.0.0b2
1414
65cf86d7
EH		 1415- Clarified error message when lease limit exceeded
1416
b1d3778c
DH		 1417- Relative time may now be used as a qualifier for 'allow' and 'deny' access
1418 control lists. These directives may be used to assist in re-addressing
1419 address pools without having to constantly reconfigure the server. Please
1420 see 'man dhcpd.conf' for more information on allow/deny 'after time' syntax.
1421 Thanks to a patch from Christof Chen.
1422
bead14ea
DH		 1423- The server will now include multiple IA_NA's and multiple IAADDRs within
1424 them, if advertised by the client. It still only seeks to allocate one
1425 new address.
1426
f765ec36
SK		 1427 Changes since 4.0.0b1
1428
75135a3f
EH		 1429- Use different paths for PID and lease files when running in DHCPv4
1430 or DHCPv6 mode, so that servers for both protcols can be run
1431 simultaneously on a single interface.
1432
5c2d55c7
EH		 1433- Fixed a buffer overflow error which could have allowed a denial
1434 of service under unusual server configurations
1435
1436- Eliminated a spurious error message from the client
1437
f765ec36
SK		 1438- A number of bugs with the internal handling of lease state on the
1439 server have been fixed. Some of these could cause server crashes.
fa9b593d 1440
edb1283e
DH		 1441- The peer_wants_leases() changes pulled up from 3.1.0 were corrected,
1442 'never used' leases will no longer consistently shift between servers
1443 on every pool rebalance run.
1444
c71c6399
DH		 1445- sendmsg()/recvmsg() control buffers are now declared in such a way to
1446 ensure they are correctly aligned on all (esp. 64-bit) architectures.
1447
5279b8f3
DH		 1448- The client leasing subsystem was streamlined and corrected to account
1449 more closely for changes in client link attachment selection.
1450
ab3a540f 1451 Changes since 4.0.0a3
763cba6b 1452
884a458f
SK		 1453- The DHCP server no longer requires a "ddns-update-style" statement,
1454 and now defaults to "none", which means DNS updates are disabled.
1455
fa9b593d
DH		 1456- Log messages when failover peer names mismatch have been improved to
1457 point out the problem.
1458
1b5053b5
SK		 1459- Bug where server advertised a IPv6 address in response to a SOLICIT
1460 but would not return the address in response to a REQUEST. Thanks to
1461 Dennis Kou for finding the bug.
1462
c886c298
SK		 1463- Fixed an error causing the server to lock up on lease expiration,
1464 reported independently by Jothilingam Vasu and Dennis Kou.
1465
eaf7eb17
DH		 1466- Fixed a ./configure bug where compile tests were failing due to
1467 "-Werror" (unused variable) rather than the actual test failure. Lead
1468 to inconsistent and unworkable auto-configurations.
1469
109e00db
DH		 1470- Compilation with DLPI and -Werror has been repaired.
1471
3ad9d48f
SK		 1472- Error in decoding IA_NA option if multiple interfaces are present
1473 fixed by Marcus Goller.
1474
8eab95f2
DH		 1475- DHCPv6 server Confirm message processing has been enhanced - it no
1476 longer replies only to clients with host {} records, it now replies
1477 as directed in RFC3315 section 18.2.2 - that is, to all clients
1478 regardless of the existence of bindings.
1479
07b9a351
DH		 1480- A core dump during expired lease cleanup has been repaired.
1481
7285af30
DH		 1482- DDNS updates state information are now stored in 'binding scopes' that
1483 follow the leases through their lifecycles. This enables DDNS teardowns
1484 on leases that are assigned and expired inbetween a server restart (the
1485 state is recovered from dhcpd.leases). Arbitrary user-specified binding
1486 scopes ('set var = "value";') are not yet supported.
1487
2394b26b
DH		 1488- Additional compilation problems on HP/UX have been repaired.
1489
ab3a540f
SK		 1490 Changes since 4.0.0a2
1491
97050349
SK		 1492- Fix for startup where there are no IPv4 addresses on an interface.
1493 Thanks to Marcus Goller for reporting the bug.
1494
763cba6b 1495- Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
e889ded1 1496
237f8d3a
SK		 1497- Bug in server configuration parser caused server to get stuck on
1498 startup for certain bad pool declarations. Thanks to Guillaume
1499 Knispel for the bug report and fix.
1500
28868515
SK		 1501- Code cleaned to remove warnings reported by "gcc -Wall".
1502
d00d373a
SK		 1503- DHCPv6 is now the default. You can disable DHCPv6 support using the
1504 "--disable-dhcpv6" flag when you run the configure script.
1505
8dfd5744
DH		 1506- An internal database inconsistency bug was repaired where the server
1507 would segfault if a client attempted to renew a lease that had been
1508 loaded from persistent storage.
1509
45d545f0 1510- 'request' and 'also request' syntaxes have been added to accommodate
0c20eab3
DH		 1511 the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
1512 necessary.
1513
f800f4f6
SK		 1514- Bug fixed where configuration file parsing did not work with
1515 zero-length options; this made it impossible to set the
1516 rapid-commit option.
1517
845e9677
DH		 1518- Bogus messages about host records with IPv4 fixed-addresses being of
1519 non-128-bits in length were removed.
1520
76c944da
SK		 1521 Changes since 4.0.0a1
1522
71765b58
SK		 1523- Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
1524 and fix.
1525
847e7000
SK		 1526- Autoconf now supplies proper flags for Solaris DHCPv6 builds.
1527
bda33169
SK		 1528- Fix for parsing error on some IPv6 addresses.
1529
9b21e73e
SK		 1530- Invalid CIDR representation for IPv6 subnets or ranges now checked
1531 for when loading configuration.
1532
8da06bb1
DH		 1533- Compilation on HP/UX has been repaired. The changes should generally
1534 apply to any architecture that supplies SIOCGLIFCONF but does not
1535 use 'struct lifconf' structures to pass values.
1536
dd328225
DH		 1537- Two new operators, ~= and ~~, have been integrated to implement
1538 boolean matches by regular expression (such as may be used in
1539 class matching statements). Thanks to a patch by Alexandr S.
1540 Agranovsky, which underwent slight modification.
1541
76c944da
SK		 1542- Fix for icmp packets on 64-bit systems (bug introduced in 4.0).
1543
f796f70a
DH		 1544- A bug was fixed in interface discovery wherein an error identifying
1545 a server-configured interface with no IPv4 addresses would SEGV.
76c944da 1546
c11f349d
EH		 1547- Fixed a bug in which write_lease() might report a failure incorrectly
1548
af5fa176
EH		 1549- Added support for DHCPv6 Release messages
1550
1551- Added -x option to dhclient, which triggers dhclient processes
1552 to exit gracefully without releasing leases first
1553
a546f2a7
EH		 1554- All binaries (client, server, relay) now change directories
1555 to / before going into daemon mode, so as not to hold $CWD open
1556
b55d0d5f
EH		 1557- Fixed a bug parsing DHCPv6 client-id's in host-identifier statements
1558
26be82af
DH		 1559- Fixed a bug with the 'ddns-updates' boolean server configuration
1560 parameter, which caused the server to fail.
1561
98bd7ca0
DH		 1562 Changes since 4.0.0-20070413
1563
d9b43370
SK		 1564- Old (expired) leases are now cleaned.
1565
8c1752d2
DH		 1566- IPv6 subnets now have support for arbitrary allocation ranges via
1567 a new 'range6' configuration directive.
1568
98bd7ca0
DH		 1569- An obviated option code hash lookup to find D6O_CLIENTID was removed.
1570
a512d11b
DH		 1571- Corrected some situations where variables might be used without being
1572 initialized.
1573
1574- Silenced several other compiler warnings.
1575
1576- Include the more standard sys/uio.h rather than rely upon other
f66f02cc
DH		 1577 header files to include it (fixes a BSD 4.2 compile failure).
1578
1579- Duplicate dhclient-script updates for DHCPv6 to all provided scripts.
a512d11b 1580
4ba58919
DH		 1581- DHCPv4 I/O methods that failed to sense hardware address were corrected.
1582
1583- DHCPv4 is now the default (as documented) rather than DHCPv6. The default
1584 was set to DHCPv6 to facilitate ease early development, and forgotten.
1585
1586- Corrected a segmentation violation in DHCPv4 socket processing.
1587
8ea19a71 1588- dhclient will now fork() into the background once it binds to an
45d545f0 1589 IPv6 address, or immediately if the -n flag is supplied.
8ea19a71
DH		 1590
1591- -q is now the default behaviour on dhclient, with -d or -v enabling
1592 non-quiet (stderr logging) mode.
1593
2cf8d0bd
DH		 1594- Fix documentation of the domain-search atom (quoted, with commas).
1595
1596- Document DHCPv6 options presently in the default table.
1597
fe5b0fdd
DH		 1598- Replaced ./configure shellscripting with GNU Autoconf.
1599
98bd7ca0
DH		 1600 Changes since 3.1.0 (NEW FEATURES)
1601
1602- DHCPv6 Client and Server protocol support. Use '-6' to run the daemons
1603 as v6-only. Use '-4' to run the daemons as v4-only (default. There is
1604 no support currently for both.
1605
1606- Server support for multiple IA_NA options, containing at most one
1607 IAADDR option.
1608
1609- Client support for one IA_NA option, containing any number of IAADDR
1610 options.
1611
1612- Server support for the DHCPv6 Information-request message.
1613
1614- Inappropriate unicast DHCPv6 messages sent to the server are now
1615 discarded, and this has rearchitected the IO system slightly.
1616
1617- The DHCPv6 server DUID defaults to type 1, is persistently stored in
1618 the leases database, and can be over-ridden (either completely, or by
1619 specifying type 1 or type 2).
1620
1621- The server only uses Rapid-Commit if it has been configured with the
1622 Rapid-Commit option and the client requests it.
1623
1624- DDNS support. We now update AAAA records in the same place we would
1625 update A records, if we have an IPv6 address. We also generate IP6.ARPA
1626 style names for PTR records if we're dealing with an IPv6 address. Both
1627 A and AAAA updates are done using the same 'fqdn.' virtual option space
1628 (although the DHCPv4 FQDN and DHCPv6 FQDN options are formatted
1629 differently, they both use the same code here).
1630
1631- The Linux dhclient-script attempts to set and remove assigned addresses,
1632 and to configure /etc/resolv.conf from nameserver and domain name
1633 configurations. It can be extended to configure other parameters.
1634
1635- Initial DHCPv6 lease support.
1636
1637- The IO system now tracks all local IP addresses, so that the DHCP
1638 applications (particularly the dhcrelay) can discern between what frames
1639 were transmitted to it, and what frames are being carried through it which
1640 it should not intercept.
1641
1418fd11
DH		 1642 Changes since 3.1.0 (Maintenance)
1643
1644- A bug was repaired where MAC Address Affinity for virgin leases always
1645 mapped to the primary. Virgin leases now have an interleaved preference
1646 between primary and secondary.
1647
1648- A bug was repaired where MAC Address Affinity for clients with no client
1649 identifier was sometimes mishashed to the peer. Load balancing during
1650 runtime and pool rebalancing were opposing.
1651
aa3e348e
DH		 1652- An assertion in lease counting relating to reserved leases was repaired.
1653
e9c59645
DH		 1654- The subnet-mask option inclusion now conforms with RFC2132 section 3.3;
1655 it will only appear prior to the routers option if it is present on the
1656 Parameter-Request-List. The subnet-mask option will also only be
1657 included by default (if it is not on the PRL) in response to DISCOVER
1658 or REQUEST messages.
1659
1660- The FQDN option is only supplied if the client supplied an FQDN option or
1661 if the FQDN option was explicitly requested on the PRL.
1662
c104546d
DH		 1663- Dynamic BOOTP leases are now load balanced in failover.
1664
b9d0cc05
DH		 1665 Changes since 3.1.0rc1
1666
1667- The parse warning that 'deny dyanmic bootp;' must be configured for
1668 failover protected subnets was removed.
1669
a512cc3a
DH		 1670 Changes since 3.1.0b2
1671
1672- Failover rebalance events no longer play ping pong with round errors
1673 (moving leases between free and back to backup where there are an
1674 odd number of leases).
1675
1676- The 'pool' log line has been split into two messages, one before the
1677 rebalance run, and one after.
1678
1679- Any queued BNDACKs are transmitted before transmitting new BNDUPDs.
1680 This enforces the correct sequence of events for the remote server
1681 processing these messages.
1682
fe5b0fdd 1683 Changes since 3.1.0b1
27837f95 1684
74dc3e0b
EH		 1685- Fixed a bug that caused OMAPI clients to freeze when opening lease
1686 objects.
1687
1ba87b37
EH		 1688- A new server config option "fqdn-reply" specifies whether the server
1689 should send out option 81 (FQDN). Defaults to "on". If set to "off",
1690 the FQDN option is not sent, even if the client requested it. This is
1691 needed because some clients misbehave otherwise. Thanks to Christof Chen
1692 at Allianz.
1693
a58da042
EH		 1694- Allow trace output files (-tf option) to be overwritten, rather than
1695 crashing dhcpd if the file already exists
1696
61252edf
EH		 1697- A bug was fixed that caused dhcpd to segfault if a pool was declared
1698 outside the scope of a subnet in dhcpd.conf.
1699
27837f95
DH		 1700- Some uninitialized values were repaired in dhcpleasequery.c that
1701 caused the server to abort.
1702
4d2eaafb
DH		 1703- A new server config option, 'do-reverse-updates', has been added
1704 which causes the server to abstain from performing updates on PTR
1705 records. Thanks to a patch from Christof Chen at Allianz.
1706
06211b40
DH		 1707- A bug was repaired in subencapsulation support, where spaces separated
1708 by empty spaces would not get included.
1709
d6614ea2
DH		 1710- A bug in dhclient was repaired which caused it to send parameter request
1711 lists of 55 bytes in length no matter how long the declared PRL was.
1712
132d38f2
DH		 1713- 'dhcp.c(3953): non-null pointer' has been repaired. This fixes a flaw
1714 wherein the DHCPv4 server may ignore a configured server-identifier.
1715
fc3b9c90
DH		 1716- A flaw in failover startup sequences was repaired that sometimes left
1717 the primary DHCP server's pool rebalance schedules unscheduled.
1718
c9feb859
DH		 1719- Corrected a flaw that broke encapsulated spaces included due to presence
1720 on the parameter request list.
1721
c57db45c
SK		 1722 Changes since 3.1.0a3
1723
1724- Some spelling fixes.
98311e4b 1725
bd2bc2fa
DH		 1726 Changes since 3.1.0a2
1727
1728- A bug was fixed where attempting to permit leasequeries results in a
1729 fatal internal error, "Unable to find server option 49".
1730
85edef5c
DH		 1731- A bug was fixed in dhclient rendering the textual output form of the
1732 domain-search option syntax.
1733
bdddcb7d
DH		 1734 Changes since 3.1.0a1
1735
1736- A bug in the FQDN universe that added FQDN codes to the NWIP universe's
1737 hash table was repaired.
1738
616d67cb
DH		 1739- The servers now try harder to transmit pending binding updates when
1740 entering normal state.
1741
1742- UPDREQ/UPDREQALL handling was optimized - it no longer dequeues and
1743 requeues all pending updates. This should reduce the number of spurious
66c8f734
DH		 1744 'xid mismatch' log messages.
1745
1746- An option definition referencing leak was fixed, which resulted in early
1747 termination of dhclient upon the renewal event.
616d67cb 1748
6708d944
DH		 1749- Some default hash table sizes were tweaked, some upwards, some downwards.
1750 3.1.0a1's tables resulted in a reduction in default server memory use.
1751 The new selected values provide more of a zero sum (increasing the size
1752 of tables likely to be populated, decreasing the size of tables unlikely).
1753
45d545f0 1754- Lease structures appear in three separate hashes: by IP address, by UID,
6708d944
DH		 1755 and by hardware address. One type of table was used for all three, and
1756 improvements to IP address hashing were applied to all three (so UID and
1757 hardware addresses were treated like 4-byte integers). There are now two
1758 types of tables, and the uid/hw hashes use functions more appropriate
1759 to their needs.
1760
1761- The max-lease-misbalance percentage no longer causes scheduled rebalance
1762 runs to be skipped: it still governs the schedule, but every scheduled
1763 run will attempt balance.
1764
a7ee93fe
DH		 1765- A segfault bug in recursive encapsulation support has been corrected.
1766
98311e4b
DH		 1767 Changes since 3.0 (New Features)
1768
1769- A workaround for certain STSN servers that send a mangled domain-name
1770 option was introduced for dhclient. The client will now accept corrupted
1771 server responses, if they contain a valid DHCP_MESSAGE_TYPE (OFFER, ACK,
1772 or NAK). The server will continue to not accept corrupt client packets.
1773
98bd7ca0 1774- Support for 'reserved' (pseudo-static) and BOOTP leases via failover
a55ccdd0 1775 was introduced.
98311e4b
DH		 1776
1777- Support for adding, removing, and managing class and subclass statements
1778 via OMAPI.
1779
a55ccdd0
DH		 1780- The failover implementation was updated to comply with revision 12 of
1781 the protocol draft.
1782
98311e4b
DH		 1783- 'make install' now creates the initial zero-length dhcpd.leases file if
1784 one does not already exist on the system.
1785
b43c87ad 1786- RFC3942 compliance, site-local option spaces start at 224 now, not 128.
b43c87ad 1787
0b17f049
DH		 1788- The Load Balance Algorithm was misimplemented. The current implementation
1789 matches RFC 3074.
1790
2727c1cf
DH		 1791- lcase() and ucase() configuration expressions have been added which adjust
1792 their arguments from upper to lower and lower to upper cases respectively.
2714a8ef 1793 Thanks to a patch from Albert Herranz.
2727c1cf 1794
febbd402
DH		 1795- The dhclient 'reject ...;' statement, which rejects leases given by named
1796 server-identifiers, now permits address ranges to be specified in CIDR
7d7073e7 1797 notation. Thanks to a patch from David Boyce.
febbd402 1798
ee912528
DH		 1799- The subnet-mask option is now supplied by default, but at lowest
1800 priority. This helps a small minority of clients that provide parameter
1801 request lists, but do not list the subnet-mask option because they were
1802 designed to interoperate with a server that behaves in this manner.
1803
1804- The FQDN option is similarly supplied even if it does not appear on the
1805 parameter request list, but not to the exclusion of options that do
1806 appear at the parameter request list. Up until now it had ultimate
1807 priority over the client's parameter request list.
1808
f7fdb216 1809- Varying option space code and length bit widths (8/16/32) are now
51202707 1810 supported. This is a milestone in achieving RFC 3925 "VIVSO" and
f7fdb216
DH		 1811 DHCPv6 support.
1812
5e864416
DH		 1813- A new common (server or client) option, 'db-time-format local;', has
1814 been added which prints the local time in /var/db/dhcpd.leases rather
1815 than UTC. Thanks to a patch from Ken Lalonde.
1816
b500bd4c
DH		 1817- Some patches to improve DHCP Server startup speed from Andrew Matheson
1818 have been incorporated.
1819
2426234f
DH		 1820- Failover pairs now implement 'MAC Affinity' on leases moving from the
1821 active to free states. Leases that belonged to the failover secondary
1822 are moved to BACKUP state rather than FREE upon exiting EXPIRED state.
1823 If lease rebalancing must move leases, it tries first to move leases
1824 that belong to the peer in need.
1825
1826- The server no longer sends POOLREQ messages unless the pool is severely
1827 misbalanced in the peer's favor (see 'man dhcpd.conf' for more details).
1828
1829- Pool rebalance events no longer happen upon successfully allocating a
1830 lease. Instead, they happen on a schedule. See 'man dhcpd.conf' for the
1831 min-balance and max-balance statements for more information.
1832
334bf491
DH		 1833- The DHCP Relay Agent Information Option / Link Selection Sub-Option
1834 is now supported. (See RFC3527 for details).
1835
3004bebf
DH		 1836- A new DDNS related server option, update-conflict-detection, has been
1837 added. If this option is enabled, dhcpd will perform normal DHCID
1838 conflict resolution (the default). If this option is disabled, it will
1839 instead trust the assigned name implicitly (removing any other bindings
1840 on that name). This option has not been made available in dhclient.
1841
567e8561
DH		 1842- In those cases where the DHCP software manufactures an IP header (to
1843 transmit via bpf, lpf, etc), the IP TTL the software selects has been
1844 increased from 16 to 128. This is intended to match Microsoft Windows
1845 DHCP Client behaviour, to increase compatibility.
1846
a396d25f
DH		 1847- 'ignore client-updates;' now has behaviour that is different from
1848 'deny client-updates;'. The client's request is not truly ignored,
1849 rather it is encouraged. Should this value be configured, the server
1850 updates DNS as though client-updates were set to 'deny'. That is, it
1851 enters into DNS whatever it is configured to do already, provided it is
1852 configured to. Then it sends a response to the client that lets the
1853 client believe it is performing client updates (which it will), probably
1854 for a different name. In essence, this lets the client do as it will,
1855 ignoring this aspect of their request.
1856
dba5803b
DH		 1857- Support for compressed 'domain name list' style DHCP option contents, and
1858 in particular the domain search option (#119) was added.
1859
41e45067 1860- The DHCP LEASEQUERY protocol as defined in RFC4388 is now implemented.
6d103865
SK		 1861 LEASEQUERY lets you query the DHCP server for information about a lease,
1862 using either an IP address, MAC address, or client identifier. Thanks
1863 to a patch from Justin Haddad.
1864
41e45067
DH		 1865- DHCPD is now RFC2131 section 4.1 compliant (broadcast to all-ones ip and
1866 ethernet mac address) on the SCO platform specifically without any strange
1867 ifconfig hacks. Many thanks go to the Kroger Co. for donating the
1868 hardware and funding the development.
6d103865 1869
b543fea9
DH		 1870- A new common configuration executable statement, execute(), has been
1871 added. This permits dhcpd or dhclient to execute a named external
1872 program with command line arguments specified from other configuration
1873 language. Thanks to a patch written by Mattias Ronnblom, gotten to us
1874 via Robin Breathe.
1875
b22de500
DH		 1876- A new dhcp server option 'adaptive-lease-time-threshold' has been added
1877 which causes the server to substantially reduce lease-times if there are
1878 few (configured percentage) remaining leases. Thanks to a patch submitted
1879 from Christof Chen.
1880
96bbe8c5
SK		 1881- Encapsulated option spaces within encapsulated option spaces is now
1882 formally supported.
1883
b8221d95
DH		 1884 Changes since 3.0.6rc1
1885
1886- supersede_lease() now requeues leases in their respective hardware
1887 address hash bucket. This mirrors client identifier behaviour.
1888
c1e6c832
DH		 1889 Changes since 3.0.5
1890
f546c28b
DH		 1891- Assorted fixes for broken network devices: Packet length is now
1892 determined from the IP header length field to finally calculate the
1893 UDP payload length, because some NIC drivers return more data than
5a22eb63 1894 they actually received.
f546c28b
DH		 1895
1896- UDP packets are now stored in aligned data structures.
1897
c1e6c832
DH		 1898- A logic error in omapi interface code was repaired that might result in
1899 incorrectly indicating 'up' state when any flags were set, rather than
23e10d37
DH		 1900 specifically the INTERFACE_REQUESTED flag. Thanks to a patch from
1901 Jochen Voss which got to us via Andrew Pollock at Debian.
c1e6c832 1902
75ab3070
DH		 1903- A reference leak on binding scopes set by ddns updates was repaired.
1904
d69fb6a8 1905- A memory leak in the minires_nsendsigned() function call was repaired.
23e10d37 1906 Effectively, this leaked ~176 bytes per DDNS update.
d69fb6a8 1907
02428754
DH		 1908- In the case where an "L2" DHCP Relay Agent (one that does not set giaddr)
1909 was directly attached to the same broadcast domain as the DHCP server,
1910 the RFC3046 relay agent information option was not being returned to the
1911 relay in the server's replies. This was fixed; the dhcp server no longer
1912 requires the giaddr to reply with relay agent information. Note that
1913 this also improves compatibility with L2 devices that "intercept" DHCP
1914 packets and expect relay agent information even in unicast (renewal)
23e10d37
DH		 1915 replies. Thanks to a patch from Pekka Silvonen.
1916
1917- A bug was fixed where the BOOTP header 'sname' field had a value, the
1918 copy written to persistent storage was actually the contents of the
1919 'file' field.
02428754 1920
ecde99a3
DH		 1921- A bug was fixed where the nwip virtual option space was referencing
1922 the fqdn option's virtual option space's option cache.
1923
67674ffb
DH		 1924- Timestamp parsing errors that indicated missing "minutes" fields rather
1925 than the actually missing "seconds" fields have been repaired thanks to
1926 a patch from Kevin Steves.
1927
830ebc4c
DH		 1928- A grammar error in the dhclient.8 manpage was repaired thanks to a patch
1929 from Chris Wagner.
1930
c759db75
DH		 1931- Several spelling typos were repaired, and some cross-references to other
1932 relevant documents were included in the manpages, thanks to a patch
1933 by Andrew Pollock which got to us via Tomas Pospisek.
1934
9aa3f3a5
DH		 1935- Some bugs were fixed in the 'emergency relay agent options hologram'
1936 which is used to retain relay agent option contents from when the
1937 client was in INIT or REBIND states. This should solve problems where
1938 relay agent options were not echoed from the server, even when giaddr
1939 was set.
1940
3d0c598a
DH		 1941- dhclient now closes its descriptor to dhclient.leases prior to executing
1942 dhclient-script. Thanks to a patch from Tomas Pospisek.
1943
d5b6835f
DH		 1944- The server's "by client-id" and "by hardware address" hash table lists
1945 are now sorted according to the preference to re-allocate that lease to
1946 returning clients. This should eliminate pool starvation problems
1947 arising when "INIT" clients were given new leases rather than presently
1948 active ones.
1949
02428754 1950 Changes since 3.0.5rc1
0a73b7b6 1951
901306d5 1952- A bug was repaired in fixes to the dhclient, which sought to run the
0a73b7b6
SK		 1953 dhclient-script with the 'EXPIRE' state should it receive a NAK in
1954 response to a REQUEST. The client now iterates the PREINIT state
1955 after the EXPIRE state, so that interfaces that might be configured
1956 'down' can be brought back 'up' and initialized.
1957
87a08ccc
DH		 1958- DHCPINFORM handling for clients that properly set ciaddr and come to the
1959 server via a relay aget has been repaired.
1960
6da113fb
DH		 1961 Changes since 3.0.4
1962
1963- A warning that host statements declared within subnet or shared-network
1964 scopes are actually global has been added.
1965
1966- The default minimum lease time (if min-lease-time was not specified)
1967 was raised from 0 to 300. 0 is not thought to be sensible, and is
1968 known to be damaging.
1969
1970- Added additional fatal error sanity checks surrounding lease binding
1971 state count calculations (free/active counts used for failover pool
1972 balancing).
1973
dcc557db
DH		 1974- Some time value size fixes in 3.0.4 brought on from FreeBSD /usr/ports were
1975 misapplied to server values rather than client values. The server no longer
1976 advertises 8-byte lease-time options when on 64-bit platforms.
1977
1b2ab55f
DH		 1978- A bug where leases not in ACTIVE state would get billed to billed classes
1979 (classes with lease limitations) was fixed. Non-active leases OFFERed
1980 to clients are no longer billed (but billing is checked before offering).
1981
e48891e8
DH		 1982- The dhcpd.conf.5 manpage was updated in regard to the ddns-domainname
1983 configuration option - the default configuration and results should be
1984 more clear now.
1985
6cbc6629
DH		 1986- If the dhclient were to receive a DHCPNAK while it was in the RENEW
1987 state (and consequently, had an active, 'bound' address and related
1988 configuration options), it would fail to 'tear down' this information
1989 before proceeding into INIT state. dhclient now iterates the dhclient-
1990 script with the 'EXPIRE' action to cause these teardowns prior to entering
1d3bfb17 1991 INIT state. Thanks to a patch from Chris Zimmerman.
6cbc6629 1992
c5fec5fa
DH		 1993- The omapi.1 manpage had some formatting errors repaired thanks to a patch
1994 from Yoshihiko Sarumaru.
1995
33e1cb2b
DH		 1996- A few lines of code that were failover-specific were moved within
1997 #if defined() clauses so that compilation without failover could be
1998 made possible.
1999
2bddf829
DH		 2000- The log message emitted when the 'leased-address' value was not available
2001 in dhcpd.conf "executable statements" has been updated to be more helpful.
2002 Manpage information for this value has also been updated.
2003
87578987
DH		 2004- Abandoned or dissociated (err condition) leases now remove any related
2005 dynamic dns bindings. Thanks to a patch from Patrick Schoo.
2006
e77c575f
DH		 2007- Attempting to write a new lease file to replace a corrupt (due to
2008 encountering non-retryable errors during writing) lease file should
2009 no longer result in an infinite recursion.
2010
2178df03
DH		 2011- Host declaration hardware addresses and client identifiers may only be
2012 configured once. dhcpd will now fail to load config files that specify
2013 multiple identifiers (previous versions would silently over-ride the
2014 value with the later configured value).
2015
d5341d9b
SK		 2016- Several option codes that have been allocated since our last release
2017 have been named and documented.
2018
2019- Option names of the form "unknown-123" have been removed from the in-
2020 memory hash tables. In order to support options of these names that
2021 may appear in dhclient.leases or similar in previous versions, the
2022 parser will now find the new option code definition, or mock up a
2023 generic option code definition. This should result in a smooth
2024 transition from one name to the other, as the new name is used to
2025 write new output.
2026
6da113fb
DH		 2027 Changes since 3.0.4rc1
2028
2029- The dhcp-options.5 manpage was updated to correct indentation errors
2030 thanks to a patch from Jean Delvare.
2031
2032 Changes since 3.0.4b3
2033
2034- Some manual pages were clarified pursuant to discussion on the dhcp-server
2035 mailing list.
2036
88cd8aca
DH		 2037 Changes since 3.0.4b2
2038
45d545f0 2039- Null-termination sensing for certain clients that unfortunately require
88cd8aca
DH		 2040 it in DHCPINFORM processing was repaired.
2041
2042- The host-name option and a few others were moved from "X" format to "t"
2043 format to be compatible with new NULL handling functions.
2044
2045- DHCPINFORM processing is a little more careful about return addressing
2046 its responses, or if responding via a relay. The INFORM related
2047 messages also log the 'effective client ip address' rather than the
2048 client's supplied ciaddr (since some clients produce null ciaddrs).
2049
2050- The server was inappropriately sending leases to the RESET state in the
2051 event that multiple active leases were found to match a singly-identified
2052 client. This was changed to RELEASED (by accepting a different, ACTIVE
2053 binding, the client is implicitly releasing its lease). This repairs a
2054 bug wherein secondary servers in failover pairs detecting this condition
2055 move leases to RESET, and primaries refuse to accept that state
2056 transition (properly).
2057
2058- The memset-after-dmalloc() changes made in 3.0.4b1 have been backed out.
2059
2060 Changes since 3.0.4b1
2061
2062- Command line parsing in omshell was repaired - it no longer closes
2063 STDIN after reading one line.
2064
2065- The resolver library no longer closes the /etc/resolv.conf file
2066 descriptor it opened twice.
2067
2068- Changes to trailing NULL removal in 't' option-atoms has been rethought,
2069 it now includes 'd' (domain name) types, and tries hard not to rewind an
2070 option beyond the start of the text field it is un-terminating.
2071
2072 Changes since 3.0.3
2073
2074- A DDNS update handling function was misusing the DNS error codes, rather
2075 than the internal generic result enumeration. The result is a confusing
2076 syslog line, logging the wrong condition.
2077
2078- The DHCP Server was not checking pool balance in the case where it brought
2079 a non-ACTIVE lease out of storage for a client that was returning to use
2080 a lease it once had long ago, and had since expired.
2081
2082- Failover peers no longer bother to look for free leases to allocate when
2083 they already found the client's ACTIVE lease. DISCOVERs are load balanced
98bd7ca0 2084 whether freely-allocated or not, unless the server doubts the peer has
88cd8aca
DH		 2085 leases to allocate.
2086
2087- Fixed a bug in dhcrelay agent addition code that suppressed trailing
45d545f0 2088 PAD options - it was suppressing only one trailing PAD option, rather
88cd8aca
DH		 2089 than the entire block of them.
2090
3a16098f
DH		 2091! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
2092 option addition and stripping code. Added a few sanity checks. Although
2093 highly improbable, due to requiring the reception of a DHCP datagram well
2094 in excess of all known to be used physical MTU limitations, it is possible
2095 this may have been used in a stack overflow security vulnerability. Thanks
2096 to a patch from infamous42md.
2097
2098! Added some sanity checks to OMAPI connection/authentication code.
2099 Although highly improbable, due to having to deliver in excess of 2^32
2100 bytes of data via the OMAPI channel, not to mention requiring dhcpd to
2101 be able to malloc() a memory region 2^32 bytes in size, it was possible
2102 this might have resulted in a heap overflow security vulnerability.
2103 Thanks to a patch from infamous42md.
88cd8aca
DH		 2104
2105- dmalloc() memset()'s the non-debug (data) portion of the allocated
2106 memory to zero. Code that memset()'s the result returned by dmalloc() to
2107 zero is redundant. These redundancies were removed.
2108
2109- Some type declaration corrections to u_int16_t were made in common/tr.c
4b97eaff 2110 (Token Ring support) thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 2111
2112- A failover bug that was allowing leases that EXPIRED or were RELEASED
2113 where tsfp and tstp are identical timestamps to languish in these
2114 transitional states has been repaired. As a side effect, lease
2115 databases should be kept more consistent overall, not just for these
2116 transitional states.
2117
2118- If the lease db is deleted out from under the daemon, and it moves to rewrite
2119 the db, it will go ahead with the operation and move the new db into place
2120 once it detects the old db does not exist.
2121
2122- dhclient now ignores IRDA, SIT, and IEEE1394 network interfaces, as it
2123 is either nonsensical or (in the case of IEEE1394) is not known to support
2124 these interfaces. Thanks to Marius Gedminas and Andrew Pollock of Debian.
2125
2126- Some previously undocumented reasons for dhclient-script invoking has
45d545f0 2127 been documented in the dhclient-script.8 manpage.
88cd8aca
DH		 2128
2129- Failover potential expiry calculations (TSTP) have been corrected. Results
2130 should be substantially more consistent, and proper given the constraints.
2131
2132- Adjusted lease state validation checks in potential-conflict, to
2133 account for possible clock skew similarly to normal state, and several
2134 previously illegal transitions were made legal (ex: active->released).
2135
2136- An impossible sanity check was removed from omapi/buffer.c, thanks to a
2137 patch from 'infamous42md'.
2138
2139- An OMAPI host/network byte order problem in lease time values has been
2140 repaired.
2141
2142- Several minor bugs, largely relating to treating 8-byte time values as
2143 4-byte entities, have been repaired after careful review of the FreeBSD
2144 ports collection's patch set. Thanks to the nameless entities who have
2145 contributed to the FreeBSD ports.
2146
2147- When writing a trace file, the file is now created with permissions 0600,
2148 to help administrators avoid accidentally publicising sensitive config
2149 data.
2150
2151- The calculation of the maximum size of DHCP packets no longer includes
2152 Ethernet framing overhead. The result is that the 'Maximum Message
2153 Size' option advertised by clients, or the default value 576, is no
2154 longer reduced by 14 bytes, and instead directly reflects the IP level
2155 MTU (and the default, minimum allowed IP MTU of 576).
2156
2157- The special status of RELEASED/EXPIRED/RESET leases when a server
2158 is operating in partner-down was fixed. It no longer requires a
2159 lease be twice the MCLT beyond STOS to 'reallocate', and the expiry
2160 event to turn these into FREE leases without peer acknowledgement
2161 (after STOS+MCLT) has been repaired.
2162
2163- Compilation on older Solaris systems (lacking /usr/include/sys/int_types.h)
2164 has been repaired.
2165
2166- "append"ing a string onto the end of a "t" type option (such as the
2167 domain-name field) that had been improperly NULL-terminated by the
2168 DHCP server will no longer result in a truncated string containing
2169 only the option from the server, and not the expected appended value.
4b97eaff 2170 Thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 2171
2172- File handlers on configuration state (config files and lease dbs) should
98bd7ca0 2173 be treated consistently, regardless of whether TRACING is defined or not.
88cd8aca 2174
45d545f0 2175- The Linux build environment has had some minor improvements - better
88cd8aca
DH		 2176 sensing of 64-bit pointer sizes (only used for establishing an icmp_id),
2177 and corrections to #if operators regarding LINUX_MAJOR should it ever
2178 move to 3.[01].x.
2179
2180- The server now tries harder to survive the condition where it is unable
2181 to open a new lease file to rewrite the lease state database.
2182
c75473d8
DH		 2183 Changes since 3.0.3b3
2184
2185- dhclient.conf documentation for interface {} was updated to reflect recent
2186 discussion on the dhcp-hackers mailing list.
2187
2188- In response to reports that the software does not compile on GCC 4.0.0,
2189 -Werror was removed from Makefile.conf for all platforms that used it.
2190 We will address the true problem in a future release; this is a temporary
2191 workaround.
2192
2193 Changes since 3.0.3b2
2194
2195- An error in code changes introduced in 3.0.3b2 was corrected, which caused
2196 static BOOTP clients to receive random addresses.
2197
2198 Changes since 3.0.3b1
2199
2200- A bug was fixed in BOOTPREQUEST handling code wherein stale references to
2201 host records would be left behind on leases that were not allocated to the
2202 client currently booting (eg in the case where the host was denied booting).
2203
2204- The dhcpd.conf.5 manpage was updated to be more clear in regards to
2205 multiple host declarations (thanks to Vincent McIntyre). 'Interim' style
2206 dynamic updates were also retouched.
2207
98311e4b
DH		 2208 Changes since 3.0.2
2209
2210- A bug was fixed where a server might load balance a DHCP REQUEST to its
45d545f0 2211 peer after already choosing not to load balance the preceding DISCOVER.
98311e4b
DH		 2212 The peer cannot allocate the originating server's lease.
2213
2214- In the case where a secondary server lost its stable storage while the
2215 primary was still in communications-interrupted, and came back online,
2216 the lease databases would not be fully transferred to the secondary.
2217 This was due to the secondary errantly sending an extra UPDREQ message
2218 when the primary made its state transition to PARTNER-DOWN known.
2219
2220- The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
2221 lease structures will be 9 bytes smaller on all platforms. Thanks to
4b97eaff 2222 Jason Vas Dias at Red Hat.
98311e4b
DH		 2223
2224- Interface discovery code in DISCOVER_UNCONFIGURED mode is now
2225 properly restricted to only detecting broadcast interfaces. Thanks
4b97eaff 2226 to a patch from Jason Vas Dias at Red Hat.
98311e4b
DH		 2227
2228- decode_udp_ip_header was changed so that the IP address was copied out
2229 to a variable, rather than referenced by a pointer. This enforces 4-byte
2230 alignment of the 32-bit IP address value. Thanks to a patch from Dr.
2231 Peter Poeml.
2232
2233- An incorrect log message was corrected thanks to a patch from
2234 Dr. Peter Poeml.
2235
2236- A bug in DDNS was repaired, where if the server's first DDNS action was
2237 a DDNS removal rather than a DDNS update, the resolver library's
2238 retransmit timer and retry timer was set to the default, implying a
2239 15 second timeout interval. Which is a little excessive in a synchronous,
2240 single-threaded system. In all cases, ISC DHCP should now hold fast to
2241 a 1-second timeout, trying only once.
2242
2243- The siaddr field was being improperly set to the server-identifier when
2244 responding to DHCP messages. RFC2131 clarified the siaddr field as
2245 meaning the 'next server in the bootstrap process', eg a tftp server.
2246 The siaddr field is now left zeroed unless next-server is configured.
2247
2248- mockup_lease() could have returned in an error condition (or in the
2249 condition where no fixed-address was found matching the shared
2250 network) with stale references to a host record. This is probably not
2251 a memory leak since host records generally never die anyway.
2252
2253- A bug was repaired where failover servers would let stale client identifiers
2254 persist on leases that were reallocated to new clients not sending an id.
2255
2256- Binding scopes ("set var = value;") are now removed from leases allocated
2257 by failover peers if the lease had expired. This should help reduce the
2258 number of stale binding scopes on leases.
2259
2260- A small memory leak was closed involving client identifiers larger than
2261 7 bytes, and failover.
2262
2263- Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
2264 cause an internal function to overflow heap. Thanks to Jason Vas Dias
4b97eaff 2265 at Red Hat.
98311e4b
DH		 2266
2267- Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
2268 or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
2269 should work better.
2270
2271- In several cases, parse warnings were being issued before the lexical
2272 token had been advanced to the token whose value was causing an error...
2273 causing parse warnings to claim the problem is on the wrong token.
2274
2275- Host declarations matching on client identifier for dynamic leases will
2276 no longer match fixed-address host declarations (this is now identical
2277 to behaviour for host records matching on hardware address).
2278
2279 Changes since 3.0.2rc3
2280
2281- A previously undocumented configuration directive, 'local-address',
2282 was documented in the dhcpd.conf manpage.
2283
2284 Changes since 3.0.2rc2
2285
45d545f0 2286- Two variables introduced in 3.0.2b1 were used without being initialized
98311e4b
DH		 2287 in the case where neither the FILE nor SNAME fields were available for
2288 overloading. This was repaired.
2289
2290- A heretofore believed to be impossible corner case of the option
2291 overloading implementation turned out to be possible ("Unable to sort
2292 overloaded options after 10 tries."). The implementation was reworked
2293 to consider the case of an option so large it would require more than
2294 three chunks to fit.
2295
2296- Many other instances of variables being used without being initialized
2297 were repaired.
2298
2299- An uninitialized variable in omapi_io_destroy() led to the discovery
2300 that this function may result in orphaned pointers (and hence, a memory
2301 leak).
2302
2303 Changes since 3.0.2rc1
2304
2305- allocate_lease() was rewritten to repair a bug in which the server would
2306 try to allocate an ABANDONED lease when FREE leases were available.
2307
2308 Changes since 3.0.2b1
2309
2310- Some dhcp-eval.5 manpage formatting was repaired.
2311
2312 Changes since 3.0.1
2313
2314- A bug was fixed in the server's 'option overloading' implementation,
2315 where options loaded into the 'file' and 'sname' packet fields were
2316 not aligned precisely as rfc2131 dictates.
2317
2318- The FreeBSD client script was changed to support the case where a domain
2319 name was not provided by the server.
2320
2321- A memory leak in 'omshell' per each command line parsed was
2322 repaired, thanks to a patch from Jarkko Torppa.
2323
2324- Log functions writing to stderr were adjusted to use the STDERR_FILENO
2325 system definition rather than '2'. This is a no-op for 90% of platforms.
2326
2327- One call to trace_write_packet_iov() counted the number of io vectors
2328 incorrectly, causing inconsistent tracefiles. This was fixed.
2329
2330- Some expression parse failure memory leaks were closed.
2331
2332- A host byte order problem in tracefiles was repaired.
2333
2334- Pools configured in DHCPD for failover possessing permission lists that
2335 previously were assumed to not include dyanmic bootp clients are now
2336 a little more pessimistic. The result is, dhcpd will nag you about just
2337 about most pools that possess a 'allow' statement with no 'deny' that
2338 would definitely match a dynamic bootp client.
2339
2340- The 'ddns-update-style' configuration warning bit now insists that
2341 the configuration be globally scoped.
2342
2343- Two memory leaks in dhclient were closed thanks to a patch from Felix
2344 Farkas.
2345
2346- Some minor but excellently pedantic documentation errors were fixed
2347 thanks to a patch from Thomas Klausner.
2348
2349- Bugs in operator precedence in executable statements have been repaired
2350 once again. More legal syntaxes should be parsed legally.
2351
2352- Failing to initialize a tracefile for any reason if a tracefile was
2353 specified is now a fatal error. Thanks to a patch from Albert Herranz.
2354
2355- Corrected a bug in which the number of leases transferred as calculated
2356 by the failover primary and sent to peers in POOLRESP responses may be
2357 incorrect. This value is not believed to be used by other failover
2358 implementations, excepting perhaps as logged information.
2359
2360- Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
2361 sending POOLREQ messages instead of POOLRESP mesasges. This message
2362 was essentially ignored since failover secondaries effectively do not
2363 respond to POOLREQ messages.
2364
2365- Type definitions for various bitwidths of integers in the sunos5-5
2366 build of ISC DHCP have been fixed. It should compile and run more
2367 easily when built in 64-bit for this platform.
2368
2369- "allow known-clients;" is now a legal syntax, to avoid confusion.
2370
2371- If one dhcp server chooses to 'load balance' a request to its failover
2372 peer, it first checks to see if it believes said peer has a free
2373 lease to allocate before ignoring the DISCOVER.
2374
2375- log() was logging a work buffer, rather than the value returned by
2376 executing the statements configured by the user. In some cases,
2377 the work buffer and the intended results were the same. In some other
2378 cases, they were not. This was fixed thanks to a patch from Gunnar
2379 Fjone and directconnect.no.
2380
2381- Compiler warnings for some string type conversions was fixed, thanks
2382 to Andreas Gustafsson.
2383
2384- The netbsd build environments were simplified to one, in which
2385 -Wconversion is not used, thanks to Andreas Gustafsson.
2386
2387- How randomness in the backoff-cutoff dhclient configuration variable
2388 is implemented was better documented in the manpage, and the behaviour
2389 of dhclient in REQUEST timeout handling was changed to match that of
2390 DISCOVER timeout handling.
2391
2392- Omapi was hardened against clients that pass in null values, thanks
2393 to a patch from Mark Jason Dominus.
2394
2395- A bug was fixed in dhclient that kept it from doing client-side
2396 ddns updates. Thanks to a patch from Andreas Gustafsson, which
2397 underwent some modification after review by Jason Vas Dias.
2398
2399- Failover implementations disconnected due to the network between
2400 them (rather than one of the two shutting down) will now try to
2401 re-establish the failover connection every 5 seconds, rather than
2402 to simply try once and give up until one of them is restarted.
2403 Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
2404 by Greger V. Teigre which led to an enhancement to it.
2405
2406- A problem that kept DHCP Failover secondaries from tearing down
2407 ddns records was repaired. Thanks to a patch from Ulf Ekberg from
2408 Infoblox.
2409
2410- 64bit pointer sizes are detected properly on FreeBSD now.
2411
2412- A bug was repaired where the DHCP server would leave stale references
2413 to host records on leases it once thought about offering to certain
2414 clients. The result would be to apply host and 'known' scopes to the
2415 wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
2416 that was being circulated as a workaround is not the way this bug was
2417 fixed. If you were a victim of this bug in 3.0.1, you are cautioned
2418 to proceed carefully and see if it fixes your problem.
2419
2420- A bug was repaired in the server's DHCPINFORM handling, where it
2421 tried to divine the client's address from the source packet and
2422 would get it wrong. Thanks to Anshuman Singh Rawat.
2423
2424- A log message was introduced to help illuminate the case where the
2425 server was unable to find a lease to assign to any BOOTP client.
2426 Thanks to Daniel Baker.
2427
2428- A minor dhcpd.conf.5 manpage error was fixed.
2429
2430 Changes since 3.0.1rc14
2431
2432- The global variable 'cur_time' was centralized and is now uniformly of a
2433 type #defined in system-dependent headers. It had previously been defined
2434 in one of many places as a 32-bit value, and this causes mayhem on 64-bit
2435 big endian systems. It probably wasn't too healthy on little endian
2436 systems either.
2437
2438- A printf format string error introduced in rc14 was repaired.
2439
2440- AIX system-dependent header file was altered to only define NO_SNPRINTF
2441 if the condition used to #ifdef in vsnprintf in AIX' header files
2442 is false.
2443
2444- The Alpha/OSF system-dependent header file was altered to define
2445 NO_SNPRINTF on OS revisions older than 4.0G.
2446
2447- omapip/test.c had string.h added to its includes.
2448
2449 Changes since 3.0.1rc13
2450
2451! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
2452 in logging messages with excessively long hostnames provided by the
2453 clients. It is highly probable that these could have been used by
2454 attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
2455 release candidates 12 or 13. Special thanks to Gregory Duchemin for
2456 both finding and solving the problem.
2457
2458! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
45d545f0 2459 in log_*() functions was evidenced, on some specific platforms where
98311e4b
DH		 2460 vsnprintf() was not believed to be available and calls were wrapped to
2461 sprintf() instead. Again, credit goes to Gregory Duchemin for finding
2462 the problem. Calls to snprintf() are now linked to a distribution-local
2463 snprintf implementation, only in those cases where the architecture is
2464 not known to provide one (see includes/cf/[arch].h). If you experience
2465 linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
2466 is where to look. This vulnerability did not exist in any previously
2467 published version of ISC DHCP.
2468
2469- Compilation on hpux 11.11 was repaired.
2470
2471- 'The cross-compile bug fix' was backed out.
2472
2473 Changes since 3.0.1rc12
2474
2475- Fixed a bug in omapi lease lookup function, to form the hardware
2476 address for the hash lookup correctly, thanks to a patch from
2477 Richard Hirst.
2478
2479- Fixed a bug where dhcrelay was sending relayed responses back to the
2480 broadcast address, but with the source's unicast mac address. Should
2481 now conform to rfc2131 section 4.1.
2482
2483- Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
2484
2485- Fixed a crash bug in dhclient where dhcpd servers that do not provide
2486 renewal times results in an FPE. As a side effect, dhclient can now
2487 properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
2488 to a patch from Burt Silverman.
2489
2490- The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
45d545f0 2491 and reformatted to correct a compilation error on Solaris platforms.
98311e4b
DH		 2492
2493- A patch was applied which fixes a case where leases read from the
2494 leases database do not properly over-ride previously read leases.
2495
2496- dhcpctl.3 manpage was tweaked.
2497
2498 Changes since 3.0.1rc11
2499
2500- A patch from Steve Campbell was applied with minor modifications to
2501 permit reverse dns PTR record updates with values containing spaces.
2502
2503- A patch from Florian Lohoff was applied with some modifications to
2504 dhcrelay. It now discards packets whose hop count exceeds 10 by default,
2505 and a command-line option (-c) can be used to set this threshold.
2506
2507- A failover bug relating to identifying peers by name length instead of
2508 by name was fixed.
2509
45d545f0 2510- Declaring failover configs within shared-network statements should no
98311e4b
DH		 2511 longer result in error.
2512
2513- The -nw command line option to dhclient now works.
2514
2515- Thanks to a patch from Michael Richardson:
2516 - Some problems with long option processing have been fixed.
2517 - Some fixes to minires so that updates of KEY records will work.
2518
2519- contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
2520 see contrib/ms2isc/readme.txt for revision notes.
2521
2522- Dhclient no longer uses shell commands to kill another instance of
2523 itself, it sends the signal directly. Thanks to a patch from Martin
2524 Blapp.
2525
2526- The FreeBSD dhclient-script was changed so that a failure to write to
2527 /etc/resolv.conf does not prematurely end the script. This keeps dhclient
2528 from looping infinitely when this is the case. Thanks to a patch from
2529 Martin Blapp.
2530
2531- A patch from Bill Stephens was applied which resolves a problem with lease
2532 expiry times in failover configurations.
2533
2534- A memory leak in configuration parsing was closed thanks to a patch from
2535 Steve G.
2536
2537- The function which discovers interfaces will now skip non-broadcast or
2538 point-to-point interfaces, thanks to a patch from David Brownlee.
2539
2540- Options not yet known by the dhcpd or dhclient have had their names
2541 changed such that they do not contain # symbols, in case they should ever
2542 appear in a lease file. An option that might have been named "#144" is
2543 now "unknown-144".
2544
2545- Another patch from Bill Stephens which allows the ping-check timeout to
2546 be configured as 'ping-timeout'. Defaults to 1.
2547
2548 Changes since 3.0.1rc10
2549
2550- Potential buffer overflows in minires repaired.
2551
2552- A change to the linux client script to use /bin/bash, since /bin/sh may
2553 not be bash.
2554
2555- Some missing va_end cleanups thanks to a patch from Thomas Klausner.
2556
2557- A correction of boolean parsing syntax validation - some illegal syntaxes
2558 that worked before are now detected and produce errs, some legal syntaxes
2559 that errored before will now work properly.
2560
2561- Some search-and-replace errors that caused some options to change their
2562 names was repaired.
2563
2564- Shu-min Chang of the Intel corporation has contributed a perl script and
2565 module that converts the MS NT4 DHCP configuration to a ISC DHCP3
2566 configuration file.
2567
2568- Applied the remainder of the dhcpctl memory leak patch provided by Bill
2569 Squier at ReefEdge, Inc. (groo@reefedge.com).
2570
2571- Missing non-optional failover peer configurations will now result in a soft
2572 error rather than a null dereference.
2573
2574 Changes since 3.0.1rc9
2575
2576- A format string was corrected to fix compiler warnings.
2577
2578- A number of spelling corrections were made in the man pages.
2579
2580- The dhclient.conf.5 man page was changed to refer to do-forward-updates
2581 rather than a configuration option that doesn't exist.
2582
2583- A FreeBSD-specific bug in the interface removal handling was fixed.
2584
2585- A Linux-specific Token Ring detection problem was fixed.
2586
2587- Hashes removed from as-yet-unknown agent options, having those options
2588 appear in reality before we know about them will no longer produce
2589 self-corrupting lease databases.
2590
2591- dhclient will use the proper port numbers now when using the -g option.
2592
2593- A order-of-operations bug with 2 match clauses in 1 class statement is
2594 fixed thanks to a patch from Andrew Matheson.
2595
2596- Compilation problems on Solaris were fixed.
2597
2598- Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
2599
2600- A fix to the dhcp ack process which makes certain group options will be
2601 included in the first DHCPOFFER message was made thanks to a patch from
2602 Ling Gou.
2603
2604- A few memory leaks were repaired thanks to patches from Bill Squier at
2605 ReefEdge, Inc. (groo@reefedge.com).
2606
2607- A fix for shared-networks that sometimes give clients options for the
2608 wrong subnets (in particular, 'option routers') was applied, thanks to
2609 Ted Lemon for the patch.
2610
2611- Omshell's handling of dotted octets as values was changed such that dots
2612 one after the other produce zero values in the integer string.
2613
2614 Changes since 3.0.1rc8
2615
2616- Fix a format string vulnerability in the server that could lead to a
2617 remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
2618
2619- Add additional support for NetBSD/sparc64.
2620
2621- Fix a bug in the command-line parsing of the client. Also, resolve
2622 a memory leak.
2623
2624- Add better support for shells other than bash in the Linux client
2625 script.
2626
2627- Various build fixes for modern versions of FreeBSD and Linux.
2628
2629- Fix a bad bounds check when printing binding state names.
2630
2631- Clarify documentation about fixed-address and multiple addresses.
2632
2633- Fix a typo in the authoritative error message.
2634
2635- Make a log entry when we can't write a billing class.
2636
2637- Use conversion targets that are the right size on all architectures.
2638
2639- Increment the hop count when relaying.
2640
2641- Log a message when lease state is changed through OMAPI.
2642
2643- Don't rerun the shared_network when evaluating the pool.
2644
2645- Fix a reversed test in the parser.
2646
2647- Change the type of rbuf_max.
2648
2649- Make FTS_LAST a manifest constant to quiet warnings.
2650
2651 Changes since 3.0.1rc7
2652
2653- Fix two compiler warnings that are generated when compiling on Solaris
2654 with gcc. These stop the build, even though they weren't actually
2655 errors, because we prefer that our builds generate no warnings.
2656
2657 Changes since 3.0.1rc6
2658
2659- Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
2660 to be renewed.
2661
2662- Implement lease stealing for cases where the primary has fewer leases
2663 than the secondary, as called for by the standard.
2664
2665- Add a fudge factor to the lease expiry acceptance code, (suggested
2666 by Kevin Miller of CMU).
2667
2668- Fix a bug in permit_list_match that made it much too willing to say
2669 that two permit lists matched.
2670
2671- Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
2672 also more compact) messages about DNS updates.
2673
2674- Fix a bug in generating wire-format domain names for the FQDN option.
2675
2676- Fix a bug where the FQDN option would not be returned if the client
2677 requested it, contrary to the standard.
2678
2679- On Darwin, use the FreeBSD DHCP client script.
2680
2681- On NetBSD/sparc, don't check for casting warnings.
2682
2683- Add a flag in the DHCP client to disable updating the client's A
2684 record when sending an FQDN option indicating that the client is
2685 going to update its A record.
2686
2687- In the client, don't attempt a DNS update until one second after
2688 configuring the new IP address, and if the update times out, keep
2689 trying until a response, positive or negative, is received from the
2690 DNS server.
2691
2692- Fix an uninitialized memory bug in the DHCP client.
2693
2694- Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
2695
2696- Fix a bug in ns_parserr(), where it was returning the wrong sort
2697 of result code in some cases (suggested by Ben Harris of the
2698 NetBSD project).
2699
2700- Fix a bug in is_identifier(), where it was checking against EOF
2701 instead of the END_OF_FILE token (also suggested by Ben Harris).
2702
2703- Fix a bug where if an option universe contained no options, the
2704 DHCP server could dump core (Walter Steiner).
2705
2706- Fix a bug in the handling of encapsulated options.
2707
2708- Fix a bug that prevented NWIP suboptions from being processed.
2709
2710- Delete the FTS_BOOTP and FTS_RESERVED states and implement them
2711 as modifier flags to the FTS_ACTIVE state, as called for in the
2712 failover protocol standard.
2713
2714- Fix bugs in the pool merging code that resulted in references and
2715 dereferences of null pointers. This bug had no impact unless the
2716 POINTER_DEBUG flag was defined.
2717
2718- In the server, added a do-forward-updates flag that can be used to
2719 disable forward updates in all cases, so that sites that want the
2720 clients to take sole responsibility for updating their A record can
2721 do so.
2722
2723- Make it possible to disable optimization of PTR record updates.
2724
2725 Changes since 3.0.1rc5
2726
2727- Include some new documentation and changes provided by Karl Auer.
2728
2729- Add a workaround for some Lexmark printers that send a double-NUL-
2730 terminated host-name option, which would break DNS updates.
2731
2732- Fix an off-by-one error in the MAC-address checking code for
2733 DHCPRELEASE that was added in 3.0.1rc5.
2734
2735- Fix a bug where client-specific information was not being discarded
2736 from the lease when it expired or was released, resulting in
2737 problems if the lease was reallocated to a different client.
2738
2739- If more than one allocation pool is specified that has the same set
2740 of constraints as another allocation pool on the same shared
2741 network, merge the two pools.
2742
2743- Don't print an error in fallback_discard, since this just causes
2744 confusion and does not appear to be helping to encourage anyone to
2745 fix this bug.
2746
2747 Changes since 3.0.1rc4
2748
2749- Fix a bug that would cause the DHCP server to spin if asked to parse
2750 a certain kind of incorrect statement.
2751
2752- Fix a related bug that would prevent an error from being reported in
2753 the same case.
2754
2755- Additional documentation.
2756
2757- Make sure that the hardware address matches the lease when
2758 processing a DHCPRELEASE message.
2759
2760 Changes since 3.0.1rc3
2761
2762- A minor bug fix in the arguments to a logging function call.
2763- Documentation update for dhcpd.conf.
2764
adbef119 2765 Changes since 3.0.1rc2
98311e4b
DH		 2766
2767- Allow the primary to send a POOLREQ message. This isn't what the current
2768 failover draft says to do, so we may have to back it out if I can't get the
2769 authors to relent, but the scheme for balancing that's specified in the
2770 current draft seems needlessly hairy, so I'm floating a trial balloon.
2771 The rc1 code did not implement the method described in the draft either.
2772
adbef119 2773 Changes since 3.0.1rc1
98311e4b
DH		 2774
2775- Treat NXDOMAIN and NXRRSET as success when we are trying to delete a
2776 domain or RRSET. This allows the DHCP server to forget about a name
2777 it added to the DNS once it's been removed, even if the DHCP server
2778 wasn't the one that removed it.
2779
2780- Install defaults for failover maximum outstanding updates and maximum
2781 silent time. This prevents problems that might occur if these values
2782 were not configured.
2783
2784- Don't do DDNS deletes if ddns-update-style is none.
2785
2786- Return relay agent information options in DHCPNAK. This prevents DHCPNAK
2787 messages from being dropped when the relay agent information option contains
2788 routing information.
2789
2790- Fix a problem where coming up in recover wouldn't result in an update
2791 request being sent.
2792
2793- Add some more chatty messages when we start a recovery update and when it's
2794 done.
2795
2796- Fix a possible problem where some state might have been left around
2797 after the peer lost contact and regained contact about how many updates
2798 were pending.
2799
2800- Don't nix a lease update because of a lease conflict. This test has
2801 never (as far as I know) prevented a mistake, and it appears to cause
2802 problems with failover.
2803
2804- Add support in rc history code for keeping a selective history, rather
2805 than a history of all references and dereferences. This code is only used
2806 when extensive additional debugging is enabled.
2807
adbef119 2808 Changes since 3.0
98311e4b
DH		 2809
2810- Make allocators for hash tables. As a side effect, this fixes a memory
2811 smash in the subclass allocation code.
2812
2813- Fix a small bug in omshell where if you try to close an object when
2814 no object is open, it dumps core.
2815
2816- Fix an obscure coredump that could occur on shutdown.
2817
2818- Fix a bug in the recording of host declaration rubouts in the lease file.
2819
2820- Fix two potential spins in the host deletion code.
2821
2822- Fix a core dump that would happen if an application tried to update
2823 a host object attribute with a null value.
2824
2825 Changes since 3.0 Release Candidate 12
2826
2827- Fix a memory leak in the evaluation code.
2828
2829- Fix an obscure core dump.
2830
2831- Print a couple of new warnings when parsing the configuration file
2832 when crucial information is left out.
2833
2834- Log "no free leases" as an error.
2835
2836- Documentation updates.
2837
2838 Changes since 3.0 Release Candidate 11
2839
2840- Always return a subnet selection option if one is sent.
2841
2842- Fix a warning that was being printed because an automatic data
2843 structure wasn't zeroed.
2844
2845- Fix some failover state transitions that were being handled
2846 incorrectly.
2847
2848- When supersede_lease is called on a lease whose end time has already
2849 expired, but for which a state transition has not yet been done, do
2850 a state transition. This fixes the case where if the secondary
2851 allocated a lease to a client and the lease "expired" while the
2852 secondary was in partner-down, no expiry event would actually
2853 happen, so the lease would remain active until the primary was
2854 restarted.
2855
2856 Changes since 3.0 Release Candidate 10
2857
2858- Fix a bug that was preventing released leases from changing state
2859 in failover-enabled pools.
2860
2861- Fix a core dump in the client identifier finder code (for host
2862 declarations).
2863
2864- Finish fixing a bug where bogus data would sometimes get logged to
2865 the dhclient.leases file because it was opened as descriptor 2.
2866
2867- Fix the Linux dhclient-script according to suggestions made by
2868 several people on the dhcp-client mailing list.
2869
2870- Log successful DNS updates at LOG_INFO, not LOG_ERROR.
2871
2872- Print an error message and refuse to run if a failover peer is
2873 defined but not referenced by any pools.
2874
2875- Correct a confusing error message in failover.
2876
eaf0b302
TL		 2877 Changes since 3.0 Release Candidate 9
2878
2879- Fix a bug in lease allocation for Dynamic BOOTP clients.
2880
0db87765
TL		 2881 Changes since 3.0 Release Candidate 8 Patchlevel 2
2882
2883- Fix a bug that prevented update-static-leases from working.
2884
2885- Document failover-state OMAPI object.
2886
2887- Fix a compilation error on SunOS 4.
2888
d758ad8c
TL		 2889 Changes since 3.0 Release Candidate 8 Patchlevel 1
2890
2891- Fix a parsing bug that broke dns updates (both interim and ad-hoc).
2892 This was introduced in rc8pl1 as an unintended result of the memory
2893 leakage fixes that were in pl1.
2894
2895- Fix a long-standing bug where the server would record that an update
2896 had been done for a client with no name, even though no update had
2897 been done, and then when the client's lease expired the deletion of
2898 that nonexistant record would time out because the name was the null
2899 string.
2900
2901- Clean up the omshell, dhcpctl and omapi man pages a bit.
2902
d758ad8c
TL		 2903 Changes since 3.0 Release Candidate 8
2904
2905- Fix a bug that could cause the DHCP server to spin if
2906 one-lease-per-client was enabled.
2907
2908- Fix a bug that was causing core dumps on BSD/os in the presence of
2909 malformed packets.
2910
2911- In partner-down state, don't restrict lease lengths to MCLT.
2912
2913- On the failover secondary, record the MCLT received from the primary
2914 so that if we come up without a connection to the primary we don't
2915 wind up giving out zero-length leases.
2916
2917- Fix some compilation problems on BSD/os.
2918
2919- Fix a bunch of memory leaks.
2920
2921- Fix a couple of bugs in the option printer.
2922
2923- Fix an obscure error reporting bug in the dns update code, and also
2924 make the message clearer when a key algorithm isn't supported.
2925
2926- Fix a bug in the tracing code that prevented trace runs that used
2927 tcp connections from being played back.
2928
2929- Add some additional debugging capability for catching memory leaks
2930 on exit.
2931
2932- Make the client release the lease correctly on shutdown.
2933
2934- Add some configurability to the build system.
2935
2936- Install omshell manual page in man1, not man8.
2937
2938- Craig Gwydir sent in a patch that fixes a long-standing bug in the
2939 DHCP client that could cause core dumps, but that for some reason
2940 hadn't been noticed until now.
2941
2942 Changes since 3.0 Release Candidate 7
2943
2944- Fix a bug in failover where we weren't sending updates after a
2945 transition from communications-interrupted to normal.
2946
2947- Handle expired/released/reset -> free transition according to the
2948 protocol specification (this works - the other way not only wasn't
2949 conformant, but also didn't work).
2950
2951- Add a control object in both client and server that allows either
2952 daemon to be shut down cleanly.
2953
2954- When writing a lease, if we run out of disk space, shut down the
2955 output file and insist on writing a new one before proceeding.
2956
2957- In the server, if the OMAPI listener port is occupied, keep trying
2958 to get it, rather than simply giving up and exiting.
2959
2960- Support fetching variables from leases and also updating and adding
2961 variables to leases via OMAPI.
2962
2963- If two failover peers have wildly different clocks, refuse to start
2964 doing failover.
2965
2966- Fix a bug in the DNS update code that could cause core dumps when
2967 running on alpha processors.
2968
2969- Fixed a bug in ddns updates for static lease entries, thanks to a
2970 patch from Andrey M Linkevitch.
2971
2972- Add support for Darwin/MacOS X
2973
2974- Install omshell (including new documentation).
2975
2976- Support DNS updates in the client (this is a very obscure feature
2977 that most DHCP client users probably will not be able to use).
2978
2979- Somewhat cleaner status logging in the client.
2980
2981- Make OMAPI key naming syntax compatible with the way keys are
2982 actually named (key names are domain names).
2983
2984- Fix a bug in the lease file writer.
2985
2986- Install DHCP ISC headers in a different place than BIND 9 ISC
2987 headers, to avoid causing trouble in BIND 9 builds.
2988
2989- Don't send updates for attributes on an object when the attributes
2990 haven't changed. Support deleting attributes on remote objects.
2991
2992- Fix a number of bugs in omshell, and add the unset and refresh
2993 statements.
2994
2995- Handle disconnects in OMAPI a little bit more intelligently (so that
2996 the caller gets ECONNRESET instead of EINVAL).
2997
2998- Fix a bunch of bugs in the handling of clients that have existing
2999 leases when the try to renew their leases while failover is
3000 operating.
3001
eaf0b302
TL		 3002 Changes since 3.0 Release Candidate 6
3003
3004- Fix a core dump that could happen when processing a DHCPREQUEST from
3005 a client that had a host declaration that contained both a
3006 fixed-address declaration and a dhcp-client-identifier option
3007 declaration, if the client identifier was longer than nine bytes.
3008
3009- Fix a memory leak that could happen in certain obscure cases when
3010 using omapi to manipulate leases.
3011
3012- Fix some bugs and omissions in omshell.
3013
eaf0b302
TL		 3014 Changes since 3.0 Release Candidate 5
3015
3016- Fix a bug in omapi_object_dereference that prevented objects in
3017 chains from having their reference counts decreased on dereference.
3018
3019- Fix a bug in omapi_object_dereference that would prevent object
3020 chains from being freed upon removal of the last reference external
3021 to the chain.
3022
3023- Fix a number of other memory leaks in the OMAPI protocol subsystem.
3024
3025- Add code in the OMAPI protocol handler to trace memory leakage.
3026
3027- Clean up the memory allocation/reference history printer.
3028
98311e4b 3029- Support input of dotted quads and colon-separated hex lists as
eaf0b302
TL		 3030 attribute values in omshell.
3031
98311e4b 3032- Fix a typo in the Linux interface discovery code.
eaf0b302
TL		 3033
3034- Conditionalize a piece of trace code that wasn't conditional.
3035
3036 Changes since 3.0 Release Candidate 4
3037
3038- Fix a bug that would prevent leases from being abandoned properly on
3039 DHCPDECLINE.
3040
3041- Fix failover peer OMAPI support.
3042
3043- In failover, correctly handle expiration of leases. Previously,
3044 leases would never be reclaimed because they couldn't make the
3045 transition from EXPIRED to FREE.
3046
3047- Fix some broken failover state transitions.
3048
3049- Documentation fixes.
3050
3051- Take out an unnecessary check in DHCP relay agent information option
3052 stashing code that was preventing REBINDING clients from rebinding.
3053
3054- Prevent failover peers from allocating leases in DHCPREQUEST
3055 processing if the lease belongs to the other server.
3056
3057- Record server version in lease file introductory comment.
3058
3059- Correctly report connection errors in OMAPI and failover.
3060
3061- Make authentication signature algorithm name comparisons in OMAPI
3062 case-insensitive.
3063
3064- Fix compile problem on SunOS 4.x
3065
98311e4b 3066- If a signature algorithm is not terminated with '.', terminate it so
eaf0b302
TL		 3067 that comparisons between fully-qualified names will work
3068 consistently.
3069
3070- Different SIOCGIFCONF probe code, may "fix" problem on some Linux
3071 systems with the probe not working correctly.
3072
3073- Don't allow user to type omapi key on command line of omshell.
3074
0596b051
TL		 3075 Changes since 3.0 Release Candidate 3
3076
3077- Do lease billing on startup in a way that I *think* will finally do
3078 the billing correctly - the previous method could overbill as a
3079 result of duplicate leases.
3080
3081- Document OMAPI server objects.
3082
892fe689
TL		 3083 Changes since 3.0 Release Candidate 2 Patchlevel 1
3084
3085- Fix some problems in the DDNS update code. Thanks to Albert
3086 Herranz for figuring out the main problem.
3087
3088- Fix some reference counting errors on host entries that were causing
3089 core dumps.
3090
3091- Fix a byte-swap bug in the token ring code, thanks to Jochen
3092 Friedrich.
3093
3094- Fix a bug in lease billing, thanks to Jonas Bulow.
3095
3096 Changes since 3.0 Release Candidate 2
3097
3098- Change the conditions under which a DHCPRELEASE is actually
3099 committed to be consistent with lease binding states rather than
98311e4b 3100 using the lease end time. This may fix some problems with the
892fe689
TL		 3101 billing class code.
3102
3103- Fix a bug where lease updates would fail on Digital Unix (and maybe
3104 others) because malloc was called with a size of zero.
3105
3106- Fix a core dump that happens when the DHCP server can't create its
3107 trace file.
3108
79ea3de8 3109 Changes since 3.0 Release Candidate 1 Patchlevel 1
87784777 3110
79ea3de8
TL		 3111- Fix the dhcp_failover_put_message to not attempt to allocate a
3112 zero-length buffer. Some versions of malloc() fail if you try to
3113 allocate a zero-length buffer, and this was causing problems on,
3114 e.g., Digital Unix.
3115
3116- Fix a case where the failover code was printing an error message
3117 when no error had occurred.
3118
3119- Fix a problem where when a server went down and back up again, the
3120 peer would not see a state transition and so would stay in the
3121 non-communicating state.
3122
3123- Be smart about going into recover_wait.
3124
3125- Fix a problem in the failover implementation where peers would fail
3126 to come into sync if interrupted in the RECOVER state. This could
3127 have been the cause of some problems people have reported recently.
3128
3129- Fix a problem with billing classes where they would not be unbilled
3130 when the client lease expired.
3131
3132- If select fails, figure out which descriptor is bad, and cut it out
3133 of the I/O loop. This prevents a potentially nasty spin. I
3134 haven't heard any report it in a while, but it came up consistently
3135 in testing.
3136
3137- Fix a bug in the relay agent where if you specified interfaces on
3138 the command line, it would fail.
3139
3140- Fix a couple of small bugs in the omapi connection object (no known
3141 user impact).
3142
3143- Add the missing 3.0 Beta 1 lease conversion script.
3144
3145- Read dhcp client script hooks if they exist, rather than only if
3146 they're executable.
3147
3148 Changes since 3.0 Release Candidate 1
87784777
TL		 3149
3150- Fix a memory smash that happens when fixed-address leases are used.
3151 ANY SITE AT WHICH FIXED-ADDRESS STATEMENTS ARE BEING USED SHOULD
3152 UPGRADE IMMEDIATELY. This has been a long-standing bug - thanks to
3153 Alvise Nobile for discovering it and helping me to find it!
3154
79ea3de8
TL		 3155- Fix a small bug in binary-to-ascii, thanks to H. Peter Anvin of
3156 Transmeta.
3157
87784777
TL		 3158- There is a known problem with the DHCP server doing failover on
3159 Compaq Alpha systems. This patchlevel is not a release candidate
3160 because of this bug. The bug should be straightforward to fix, so
3161 a new release candidate is expected shortly.
3162
3163- There is a known problem in the DDNS update code that is probably a
3164 bug, and is not, as far as we know, fixed in this patchlevel.
3165
6d779c72
TL		 3166 Changes since 3.0 Beta 2 Patchlevel 24
3167
3168- Went over problematic failover state transitions and made them all
3169 work, so that failover should now much less fragile.
3170
3171- Add some dhcpctl and omapi documentation
3172
3173- Fix compile errors when compiling with unusual predefines.
3174
3175- Make Token Ring work on Linux 2.4
3176
3177- Fix the Digital Unix BPF_WORDALIGN bug.
3178
3179- Fix some dhcp client documentation errors.
3180
3181- Update some parts of the README file.
3182
3183- Support GCC on SCO.
3184
adbef119 3185 Changes since 3.0 Beta 2 Patchlevel 23
de57e64b
TL		 3186
3187- Fix a bug in the DNS update code where a status code was not being
3188 checked. This may have been causing core dumps.
3189
3190- When parsing the lease file, if a lease declaration includes a
3191 billing class statement, and the lease already has a billing class,
3192 unbill the old class.
3193
3194- When processing failover transactions, where acks will be deferred,
3195 process the state transition immediately.
3196
3197- Don't try to use the new SIOCGIFCONF buffer size detection code on
3198 Linux 2.0, which doesn't provide this functionality.
3199
3200- Apply a patch suggested by Tuan Uong for a problem in dlpi.c.
3201
3202- Fix a problem in using the which command in the configure script.
3203
3204- Fix a parse error in the client when setting up an omapi listener.
3205
3206- Document the -n and -g flags to the client.
3207
3208- Make sure there is always a stdin and stdout on startup. This
3209 prevents shell scripts from accidentally writing error messages into
3210 configuration files that happen to be opened as stderr.
3211
3212- If an interface is removed, the client will now notice that it is
3213 gone rather than spinning. This has only been tested on NetBSD.
3214
3215- The client will attempt to get an address even if it can't create a
3216 lease file.
3217
3218- Don't overwrite tracefiles.
3219
3220- Fix some memory allocation bugs in failover.
2aa36519 3221
adbef119 3222 Changes since 3.0 Beta 2 Patchlevel 22
140158d3
TL		 3223
3224- Apply some patches suggested by Cyrille Lefevre, who is maintaining
3225 the FreeBSD ISC DHCP Distribution port.
3226
3227- Fix a core dump in DHCPRELEASE.
3228
adbef119 3229 Changes since 3.0 Beta 2 Patchlevel 21
3a395e60
TL		 3230
3231- This time for sure: fix the spin described in the changes for pl20.
3232
adbef119 3233 Changes since 3.0 Beta 2 Patchlevel 20
fc74dd0c
TL		 3234
3235- Fix a problem with Linux detecting large numbers of interfaces (Ben)
3236
3237- Fix a memory smash in the quotify code, which was introduced in
3238 pl19.
3239
3240- Actually fix the spin described in the changes for pl20. The
3241 previous fix only partially fixed the problem - enough to get it
3242 past the regression test.
3243
adbef119 3244 Changes since 3.0 Beta 2 Patchlevel 19
ed5ee591
TL		 3245
3246- Fix a bug that could cause the server to abort if compiled with
3247 POINTER_DEBUG enabled.
3248
3249- Fix a bug that could cause the server to spin when responding to a
3250 DHCPREQUEST.
3251
3252- Apply Joost Mulders' suggested patches for DLPI on x86.
3253
3254- Support NUL characters in quoted strings.
3255
3256- Install unformatted man pages on SunOS.
3257
adbef119 3258 Changes since 3.0 Beta 2 Patchlevel 18
b3fad8ac 3259
3350f5b7
TL		 3260- Allow the server to be placed in partner-down state using OMAPI.
3261 (Damien Neil)
3262
3263- Implement omshell, which can be used to do arbitrary things to the
3264 server (in theory). (Damien Neil)
3265
3266- Fix a case where if a client had two different leases the server could
3267 actually dereference the second one when it hadn't been referenced,
3268 leading to memory corruption and a core dump. (James Brister)
3269
3270- Fix a case where a client could request the address of another client's
3271 lease, but find_lease wouldn't detect that the other client had it, and
3272 would attempt to allocate it to the client, resulting in a lease conflict
3273 message.
3274
3275- Fix a case where a client with more than one client identifier could be
3276 given a lease where the hardware address was correct but the client
3277 identifier was not, resulting in a lease conflict message.
3278
98311e4b 3279- Fix a problem where the server could write out a colon-separated
3350f5b7
TL		 3280 hex list as a value for a variable, which would then not parse.
3281 The fix is to always write strings as quoted strings, with any
3282 non-printable characters quoted as octal escape sequences. So
3283 a file written the old way still won't work, but new files written
3284 this way will work.
3285
b3fad8ac
TL		 3286- Fix documentation for sending non-standard options.
3287
3288- Use unparsable names for unknown options. WARNING: this will
3289 break any configuration files that use the option-nnn convention.
3290 If you want to continue to use this convention for some options,
3291 please be sure to write a definition, like this:
3292
3293 option option-nnn code nnn = string;
3294
3295 You can use a descriptive name instead of option-nnn if you like.
3296
3297- Fix a problem where we would see a DHCPDISCOVER/DHCPOFFER/
3298 DHCPREQUEST/DHCPACK/DHCPREQUEST/DHCPNAK sequence. This was the
3299 result of a deceptively silly bug in supersede_lease.
3300
3301- Fix client script exit status check, according to a fix supplied by
3302 Hermann Lauer.
3303
3304- Fix an endianness bug in the tracefile support, regarding ICMP
3305 messages.
3306
3350f5b7
TL		 3307- Fix a bug in the client where the medium would not work correctly if
3308 it contained quoted strings.
3309
b3fad8ac
TL		 3310 ** there was no pl17 **
3311
adbef119 3312 Changes since 3.0 Beta 2 Patchlevel 16
e6d30fd6 3313
6da9db9d
TL		 3314- Add support for transaction tracing. This allows the state of the
3315 DHCP server on startup, and all the subsequent transactions, to be
3316 recorded in a file which can then be played back to reproduce the
3317 behaviour of the DHCP server. This can be used to quickly
3318 reproduce bugs that cause core dumps or corruption, and also for
3319 tracking down memory leaks.
3320
3321- Incorporate some bug fixes provided by Joost Mulders for the DLPI
3322 package which should clear up problems people have been seeing on
3323 Solaris.
3324
3325- Fix bugs in the handling of options stored as linked lists (agent
3326 options, fqdn options and nwip options) that could cause memory
3327 corruption and core dumps.
3328
3329- Fix a bug in DHCPREQUEST handling that resulted in DHCPNAK messages
3330 not being send in some cases when they were needed.
3331
3332- Make the lease structure somewhat more compact.
3333
3334- Make initial failover startup *much* faster. This was researched
3335 and implemented by Damien Neil.
3336
3337- Add a --version flag to all executables, which prints the program
3338 name and version to standard output.
3339
3340- Don't rewrite the lease file every thousand leases.
3341
e6d30fd6
TL		 3342- A bug in nit.c for older SunOS machines was fixed by a patch sent in
3343 by Takeshi Hagiwara.
3344
6da9db9d
TL		 3345- Fix a memory corruption bug in the DHCP client.
3346
3347- Lots of documentation updates.
3348
3349- Add a feature allowing environment variables to be passed to the
3350 DHCP client script on the DHCP client command line.
3351
3352- Fix client medium support, which had been broken for some time.
3353
3354- Fix a bug in the DHCP client initial startup backoff interval, which
3355 would cause two DHCPDISCOVERS to be sent back-to-back on startup.
3356
adbef119 3357 Changes since 3.0 Beta 2 Patchlevel 15
af49fdff
TL		 3358
3359- Some documentation tweaks.
3360
3361- Maybe fix a problem in the DLPI code.
3362
3363- Fix some error code space inconsistencies in ddns update code.
3364
3365- Support relay agents that intercept unicast DHCP messages to stuff
3366 agent options into them.
3367
3368- Fix a small memory leak in the relay agent option support code.
3369
c5b569f8
TL		 3370- Fix a core dump that would occur if a packet was sent with no
3371 options.
3372
adbef119 3373 Changes since 3.0 Beta 2 Patchlevel 14
754ae3e9
TL		 3374
3375- Finish fixing a long-standing bug in the agent options code. This
3376 was causing core dumps and failing to operate correctly - in
3377 particular, agent option stashing wasn't working. Agent option
3378 stashing should now be working, meaning that agent options can be
3379 used in class statements to control address allocation.
3380
3381- Fix up documentation.
3382
3383- Fix a couple of small memory leaks that would have added up
3384 significantly in a high-demand situation.
3385
3386- Add a log-facility configuration parameter.
3387
3388- Fix a compile error on some older operating systems.
3389
3390- Add the ability in the client to execute certain statements before
3391 transmitting packets to the server. Handy for debugging; not much
3392 practical use otherwise.
3393
3394- Don't send faked-out giaddr when renewing or bound - again, useful
3395 for debugging.
3396
adbef119 3397 Changes since 3.0 Beta 2 Patchlevel 13
2f2e7960
TL		 3398
3399- Fixed a problem where the fqdn decoder would sometimes try to store
3400 an option with an (unsigned) negative length, resulting in a core
3401 dump on some systems.
3402
3403- Work around the Win98 DHCP client, which NUL-terminates the FQDN
3404 option.
3405
3406- Work around Win98 and Win2k clients that will claim they want to do
3407 the update even when they don't have any way to do it.
3408
3409- Fix some log messages that can be printed when failover is operating
3410 that were not printing enough information.
3411
3412- It was possible for a DHCPDISCOVER to get an allocation even when
3413 the state machine said the server shouldn't be responding.
3414
3415- Don't load balance DHCPREQUESTs from clients in RENEWING and
3416 REBINDING, since in RENEWING, if we heard it, it's for us, and in
3417 REBINDING, the client wouldn't have got to REBINDING if its primary
3418 were answering.
3419
3420- When we get a bogus state lease binding state transition, don't do
3421 the transition.
3422
3423
adbef119 3424 Changes since 3.0 Beta 2 Patchlevel 12
66e98927
TL		 3425
3426- Fixed a couple of silly compile errors.
3427
a1e2e3d6
TL		 3428 Changes since 3.0 Beta 2 Patchlevel 11
3429
3430- Albert Herranz tracked down and fixed a subtle bug in the base64
3431 decoder that would prevent any key with an 'x' in its base64
3432 representation from working correctly.
3433
3434- Thanks to Chris Cheney and Michael Sanders, we have a fix for the
3435 hang that they both spotted in the DHCP server - when
3436 one-lease-per-client was set, the code to release the "other" lease
3437 could spin.
3438
3439- Fix a problem with alignment of the input buffer in bpf in cases
3440 where two packets arrive in the same bpf read.
3441
3442- Fix a problem where the relay agent would crash if you specified an
3443 interface name on the command line.
3444
3445- Add the ability to conditionalize client behaviour based on the
3446 client state.
3447
3448- Add support for the FQDN option, and added support for a new way of
3449 doing ddns updates (ddns update style interim) that allows more than
3450 one DHCP server to update the DNS for the same network(s). This
3451 was implemented by Damien Neil with some additional functionality
3452 added by Ted Lemon.
3453
3454- Damien added a "log" statement, so that the configuration file can
3455 be made to log debugging information and other information.
3456
3457- Fixed a bug that caused option buffers not to be terminated with an
3458 end option.
3459
3460- Fixed a long-standing bug in the support for option spaces where the
3461 options are stored as an ordered list rather than in a hash table,
3462 which could theoretically result in memory pool corruption.
3463
3464- Prevent hardware declarations with no actual hardware address from
3465 being written as something unparsable, and behave correctly in the
3466 face of a null hardware address on input.
3467
3468- Allow key names to be FQDNs, and qualify the algorithm name if it is
3469 specified unqualified.
3470
3471- Modify the DDNS update code so that it never prints the "resolver
3472 failed" message, but instead says *why* the resolver failed.
3473
3474- Officially support the subnet selection option, which now has an
3475 RFC.
3476
3477- Fix a build bug on MacOS X.
3478
3479- Allow administrator to disable ping checking.
3480
3481- Clean up dhcpd.conf documentation and add more information about how
3482 it works.
3483
6c68ec36
TL		 3484 Changes since 3.0 Beta 2 Patchlevel 10
3485
3486- Fix a bug introduced during debugging (!) and accidentally committed
3487 to CVS.
3488
9fd337e7
TL		 3489 Changes since 3.0 Beta 2 Patchlevel 9
3490
3491- Fix DHCP client handling of vendor encapsulated options.
3492
3493- Fix a bug in the handling of relay agent information options introduced
3494 in patchlevel 9.
3495
3496- Stash agent options on client leases by default, and use the stashed
3497 options at renewal time.
3498
3499- Add the ability to test the client's binding state in the client
3500 configuration language.
3501
3502- Fix a core dump in the DNS update code.
3503
3504- Fix some expression evaluation bugs that were causing updates to be
3505 done when no client hostname was received.
3506
3507- Fix expression evaluation debugging printfs.
3508
3509- Teach pretty_print_option to print options in option spaces other than
3510 the DHCP option space.
3511
3512- Add a warning message if the RHS of a not is not boolean.
3513
3514- Never select for more than a day, because some implementations of
3515 select will just fail if the timeout is too long (!).
3516
3517- Fix a case where a DHCPDISCOVER from an unknown network would be
3518 silently dropped.
3519
3520- Fix a bug where if a client requested an IP address for which a different
3521 client had the lease, the DHCP server would reallocate it anyway.
3522
3523- Fix the DNS update code so that if the client changes its name, the DNS
3524 will be correctly updated.
3525
3922772a
TL		 3526 Changes since 3.0 Beta 2 Patchlevel 8
3527
3528- Oops, there was another subtle math error in the header-length
3529 bounds-checking.
3530
3531 Changes since 3.0 Beta 2 Patchlevel 7
848c2547
TL		 3532
3533- Oops, forgot to byte-swap udp header length before bounds-checking it.
3534
3922772a 3535 Changes since 3.0 Beta 2 Patchlevel 6
0f6045f8 3536
f8572308
TL		 3537- Fix a possible DoS attack where a client could cause the checksummer
3538 to dump core. This was a read, not a write, so it shouldn't be
3539 possible to exploit it any further than that.
3540
3541- Implement client- and server-side support for using the Client FQDN
3542 option.
3543
3544- Support for other option spaces in the client has been added. This
3545 means that it is now possible to define a vendor option space on the
3546 client, request options in that space from the server (which must
3547 define the same option space), and then use those options in the
3548 client. This also allows NWIP and Client FQDN options to be used
3549 meaningfully.
3550
3551- Add object initializer support. This means that objects can now be
3552 initialized to something other than all-zeros when allocated, which
3553 makes, e.g., the interface object support code a little more robust.
3554
3555- Fix an off-by-one bug in the host stuffer. This was causing host
3556 deletes not the work, and may also have been causing OMAPI
3557 connections to get dropped. Thanks to James Brister for tracking
3558 this one down!
3559
3560- Fixed a core dump in the interface discovery code that is triggered
3561 when there is no subnet declaration for an interface, but the server
3562 decides to continue running. Thanks to Shane Kerr for tracking
3563 down and fixing this problem.
3564
3565 Changes since 3.0 Beta 2 Patchlevel 5
3566
0f6045f8
TL		 3567- Fix a bug in the recent enhancement to the interface discovery code
3568 to support arbitrary-length interface lists.
3569
3570- Support NUL-terminated DHCP options when initializing client-script
3571 environment.
3572
3573- Fix suffix operator.
3574
3575- Fix NetWare/IP option parsing.
3576
3577- Better error/status checking in dhcpctl initialization and omapi
3578 connection code.
3579
3580- Fix a potential memory smash in dhcpctl code.
3581
3582- Fix SunOS4 and (maybe) Ultrix builds.
3583
3584- Fix a bug where a certain sort of incoming packet could cause a core
3585 dump on Solaris (and probably elsewhere).
3586
3587- Add some more safety checks in error logging code.
3588
3589- Add support for ISC_R_INCOMPLETE in OMAPI protocol connection code.
3590
3591- Fix relay agent so that if an interface is specified on the command
3592 line, the relay agent does not dump core.
3593
3594- Fix class matching so that match if can be combined with match or
3595 spawn with.
3596
3597- Do not allow spurious leases in the lease database to introduce
3598 potentially bogus leases into the in-memory database.
3599
3600- Fix a byte-order problem in the client hardware address type code
3601 for OMAPI.
3602
3603- Be slightly less picky about what sort of hardware addresses OMAPI
3604 can install in host declarations.
3605
801de092
TL		 3606 Changes since 3.0 Beta 2 Patchlevel 4
3607
3608- Incorporated Peter Marschall's proposed change to array/record
3609 parsing, which allows things like the slp-agent option to be encoded
3610 correctly. Thanks very much to Peter for taking the initiative to
3611 do this, and for doing such a careful job of it (e.g., updating the
3612 comments)!
3613
3614- Added an encoding for the slp-agent option. :')
3615
6ed7a93d
TL		 3616- Fixed SunOS 4 build. Thanks to Robert Elz for responding to my
3617 request for help on this with patches!
3618
3619- Incorporated a change that should fix a problem reported by Philippe
3620 Jumelle where when the network connection between two servers is
3621 lost, they never reconnect.
3622
3623- Fix client script files other than that for NetBSD to actually use
3624 make_resolv_conf as documented in the manual page.
3625
3626- Fix a bug in the packet handling code that could result in a core
3627 dump.
3628
3629- Fix a bug in the bootp code where responses on the local net would
3630 be sent to the wrong MAC address. Thanks to Jerry Schave for
3631 catching this one.
3632
490eb5e7
TL		 3633 Changes since 3.0 Beta 2 Patchlevel 3
3634
3635- In the DHCP client, execute client statements prior to using the values
45d545f0 3636 of options, so that the client configuration can overridden, e.g., the
490eb5e7
TL		 3637 lease renewal time.
3638
3639- Fix a reference counting error that would result in very reproducible
3640 failures in updates, as well as occasional core dumps, if a zone was
3641 declared without a key.
3642
3643- Fix some Linux 2.0 compilation problems.
3644
3645- Fix a bug in scope evaluation during execution of "on" statements that
3646 caused values not to be recorded on leases.
3647
3648- If the dhcp-max-message-size option is specified in scope, and the
3649 client didn't send this option, use the one specified in scope to
3650 determine the maximum size of the response.
3651
592d8153
TL		 3652 Changes since 3.0 Beta 2 Patchlevel 2
3653
359b023e
TL		 3654- Fix a case where spawning subclasses were being allocated
3655 incorrectly, resulting in a core dump.
3656
592d8153
TL		 3657- Fix a case where the DHCP server might inappropriately NAK a
3658 RENEWING client.
3659
3660- Fix a place dhcprequest() where static leases could leak.
3661
3662- Include memory.h in omapip_p.h so that we don't get warnings about
3663 using memcmp().
3664
2aa36519
TL		 3665 Changes since 3.0 Beta 2 Patchlevel 1
3666
3667- Notice when SIOCFIGCONF returns more data than fit in the buffer -
3668 allocate a larger buffer, and retry. Thanks to Greg Fausak for
3669 pointing this out.
3670
3671- In the server, if no interfaces were configured, report an error and
3672 exit.
3673
3674- Don't ever record a state of 'startup'.
3675
3676- Don't try to evaluate the local failover binding address if none was
3677 specified. Thanks to Joseph Breu for finding this.
Mirror of https://github.com/isc-projects/dhcp.git