]> git.ipfire.org Git - thirdparty/dhcp.git/blame - RELNOTES
Fixed server option code point conflict
[thirdparty/dhcp.git] / RELNOTES
CommitLineData
5ddbe8e4 1 Internet Systems Consortium DHCP Distribution
6c2b1ea5
TM
2 Version 4.4.1
3 28 February 2018
72c7bd79 4
5ddbe8e4 5 Release Notes
72c7bd79 6
5ddbe8e4 7 NEW FEATURES
16449d9c 8
397599cb
TM
9Please note that that ISC DHCP is now licensed under the Mozilla Public License,
10MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
11license terms.
37ec5845 12
b12d9105 13The areas of focus for ISC DHCP 4.4 were:
397599cb
TM
14
151. Dynamic DNS additions
162. dhclient improvements
173. Support for dynamic shared libraries
18
19Dynamic DNS Improvements:
20
21- We added three new server configuration parameters which influence DDNS
22 conflict resolution:
23
24 1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
25 to mitigate issues with non-compliant clients in dual stack environments.
26
27 2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
28 requirement of DNS conflict resolution.
29
30 3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
31 allow unguarded DNS entries to be overwritten in certain cases
32
33- The server now honors update-static-leases parameter for static DHCPv6
34 hosts.
35
36dhclient Improvements:
37
a804fcc0 38 - We've added three command line parameters to dhclient:
397599cb
TM
39
40 1. --prefix-len-hint - directs dhclient to use the given length as
41 the prefix length hint when requesting prefixes
42
a804fcc0 43 2. --decline-wait-time - instructs the client to wait the given number
397599cb
TM
44 of seconds after declining an IPv4 address before issuing a discover
45
a804fcc0
TM
46 3. --address-prefix-len - specifies the prefix length passed by dhclient
47 into the client script (via the environment variable ip6_prefixlen) with
48 each IPv6 address. We added this parameter because we have changed the
49 default value from 64 to 128 in order to be compliant with RFC3315bis
50 draft (-09, page 64) and RFC5942, Section 4, point 1.
51 **WARNING**: The new default value of 128 may not be backwardly compatible
52 with your environment. If you are operating without a router, such as
7932503f 53 between VMs on a host, you may find they cannot see each other with prefix
a804fcc0
TM
54 length of 128. In such cases, you'll need to either provide routing or use
55 the command line parameter to set the value to 64. Alternatively you may
56 change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
57 in includes/site.h.
58
397599cb
TM
59 - dhclient will now generate a DHCPv6 DECLINE message when the client script
60 indicates a DAD failure
61
62Dynamic shared library support:
63
64 Configure script, configure.ac+lt, which supports libtool is now provided
65 with the source tar ball. This script can be used to configure ISC DHCP
9de870cc 66 to build with libtool and thus use dynamic shared libraries.
4ff4053b 67
4aa6129a
TM
68Other Highlights:
69
70 - The server now supports dhcp-cache-threshold for DHCPv6 operations
71 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
72 - Experimental support for alternate relay port in the both the server
73 and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
74
01a54c17
EH
75For information on how to install, configure and run this software, as
76well as how to find documentation and report bugs, please consult the
77README file.
ca4606b5 78
01a54c17
EH
79ISC DHCP uses standard GNU configure for installation. Please review the
80output of "./configure --help" to see what options are available.
fe5b0fdd 81
01a54c17
EH
82The system has only been tested on Linux, FreeBSD, and Solaris, and may not
83work on other platforms. Please report any problems and suggested fixes to
84<dhcp-users@isc.org>.
98bd7ca0 85
fef8c6f0
SR
86ISC DHCP is open source software maintained by Internet Systems
87Consortium. This product includes cryptographic software written
88by Eric Young (eay@cryptsoft.com).
89
cce04313 90 Changes since 4.4.1 (New Features)
a5b21e16
TM
91
92- A new configuration parameter, ping-cltt-secs (v4 operation only), has
93 been added to allow the user to specify the number of seconds that must
94 elapse since CLTT before a ping check is conducted. Prior to this, the
95 value was hard coded at 60 seconds. Please see the server man pages for
96 a more detailed discussion.
97 [ISC-Bugs #36283]
cce04313
TM
98
99 Changes since 4.4.1 (Bug Fixes)
100
101- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
102 carried out over TCP rather than UDP. The coding error was exposed by
103 migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
104 reporting the issue.
105 [ISC-Bugs #47757]
106
107 Changes since 4.4.0 (New Features)
108- none
cce04313 109 Changes since 4.4.0 (Bug Fixes)
6826003b
TM
110
111- A delayed-ack value of 0 (the default), now correctly disables the delayed
112 feature. A change in 4.4.0 prohibited lease updates marking leases active
113 from be written to the lease file when delayed-ack is 0. This in turn,
114 caused servers to lose active lease assignments upon restart.
115 [ISC-Bugs #47141]
116
197b26f2
TM
117! Option reference count was not correctly decremented in error path
118 when parsing buffer for options. Reported by Felix Wilhelm, Google
119 Security Team.
120 [ISC-Bugs #47140]
c5931725
TM
121 CVE: CVE-2018-5733
122
123! Corrected an issue where large sized 'X/x' format options were causing
124 option handling logic to overwrite memory when expanding them to human
125 readable form. Reported by Felix Wilhelm, Google Security Team.
126 [ISC-Bugs #47139]
127 CVE: CVE-2018-5732
197b26f2 128
d5118758
TM
129- Added use of new Bind9 compatibility header files, that are now necessary
130 to supply type definitions for primitive data types, removed from Bind9
131 proper. Altered util/bind.sh to pull from Bind9 repo on gitlab.
132 [ISC-Bugs #48072]
133 [ISC-Bugs #48071]
134
d394b602
TM
135 Changes since 4.4.0b1 (New Features)
136
137- Duplicate address detection when binding to a new IPv6 address was added
138 to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
139 The scripts will check for DAD errors after binding to a new IPv6 address
140 for at most --dad-wait-time seconds. If a DAD error is detected the script
141 will exit with a value of 3, instructing dhclient to decline the address. If
142 dad-wait-time is zero (the default), DAD error checking is not peformed.
143 [ISC-Bugs 46805]
144
efd3b1e2
TM
145- Support for sending and receiving additional DHCP4 options has been added
146 to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97
147 (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071).
148 Beyond configuring, sending, requesting, and receiving these options neither
149 server nor client apply any additional logic based on their values.
150 Thanks to Peter Lewis for requesting this change.
151 [ISC-Bugs 47062]
152
d638452e
TM
153 Changes since 4.4.0b1 (Bug Fixes)
154
155- Added clarifying text to dhcpd.conf.5 explaining the class match expressions
156 cannot rely on the results of executable statements.
157 [ISC-Bugs #45451]
158
db4e4aa2
TM
159- Fixed a bug which causes dhcpd and dhclient to crash on certain
160 systems when given relative path names for lease or pid files on
161 the command line. Affected systems are those on which the C library
162 function, realpath() does not support a second parameter value of
163 NULL (see manpages for realpath(3)).
164 [ISC-Bugs #46957]
165
b94669fa
TM
166- Fixed a build issue when building with embedded BIND9 under OpenBSD that
167 was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
168 [ISC-Bugs #46971]
169
de964f22
TM
170- Added <dhcp>/m4/README to the distribution tarball. Some versions of
171 ac_local() treat the absence of the m4 subdirectory as error rather than
172 warning. This was causing the call to autoreconf, necessary for building
173 with libtool, to fail.
174 [ISC-Bugs #47075]
175
4aa6129a 176 Changes since 4.4.0a1 (New Features)
7512d88b 177
4aa6129a
TM
178- Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
179 feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be
180 enabled at compile time via --enable-relay-port and is fully backward
181 compatible (i.e. works with previous implementations of servers and relays
182 using the standard ports). A new --rp <relay-port> command line option
183 specifies to dhcrelay an alternate source port for upstream (i.e. toward
184 the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco
185 systems for submitting these patches.
186 [ISC-Bugs #44535]
187
188- Added --release-on-roam to dhcpd server. When enabled and the server detects
189 that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
190 the pre-existing leases on the old network and emit a log statement similar
191 to the following:
192
193 "Client: <id> roamed to new network, releasing lease: <address>"
194
195 The server will carry out all of the same steps that would normally occur
196 when a client explicitly releases a lease. This behavior is disabled by
197 default and may only be specified globally. Prior to this the server renders
198 the leases unavailable until they expire or the server is restarted. Clients
199 that need leases in multiple networks must supply a unique IAID in each IA.
200 When release-on-roam is disabled (the default) the server maintains the
201 prior behavior of making such leases unavailable until they expire or the
202 server is restarted. Clients that need leases in multiple networks must
203 supply a unique IAID in each IA. This parameter may only be specified at
204 the global level. Thanks to Fernando Soto from BlueCat Networks for
205 suggesting this change.
206 [ISC-Bugs #44576]
207 [ISC-Bugs #46849]
208
209- Support for delayed-ack is now compiled in by default. Prior to this
210 it had to be enabled at compile time via --enable-delayed-acks. The
211 default value for delayed-ack, however, has been changed from 28 to 0
212 (i.e. disabled). This was done to minimize the impact on users not
213 currently using the feature. Please note that the delayed-ack feature
214 is not currently compatible with support for DHPCv4-over-DHCPv6 so
215 when a 4to6 port command line argument enables this in the server the
216 delayed-ack value is reset to 0.
217 [ISC-Bugs #42446]
218
219- The server (-6) now honors the parameter, update-static-leases, for static
220 (fixed-address6) DHCPv6 leases. It is worth noting that because stateful
221 data is not retained by the server for static leases, each time a client
222 requests or renews a static lease, the server will perform DDNS updates for
223 it. This may have significant performance implications for environments
224 with many clients that request or renew static leases often. Similarly,
225 the DNS entries will not be removed by server when a client issues a RELEASE
226 nor if the lease is deleted from the configuration. In such cases the DNS
227 entries must be removed manually. This feature is disabled by default.
228 Thanks to both Bill Shirley and dgutier-at-cern-dot-ch for requesting
229 this change.
230 [ISC-Bugs #34097]
231 [ISC-Bugs #41054]
232 [ISC-Bugs #41450]
233
234- Added to the server (-6) a new statement, local-address6, which specifies
235 the source address of packets sent by the server. An additional flag,
236 bind-local-address6, disabled by default, binds the service socket to
237 to local-address6. Note that bind-local-address does not work with direct
238 clients: a relay has to forward packets to the server using the
239 local-address6 destination.
240 [ISC-Bugs #46084]
241
242 Changes since 4.4.0a1 (Bugs)
243
244- The server now recognizes environment variables PATH_DHCPD_DB and
245 PATH_DHCPD_PID. These had been incorrectly compiled out of the code
246 unless DHCPv6 support was disabled. Additionally, the server man
247 pages were corrected to accurately reflect how the server chooses
248 file names (see lease-file-name and pid-file-name statements). Thanks
7932503f
TM
249 to Fernando Soto at Bluecat Networks for bringing this matter to our
250 attention.
4aa6129a
TM
251 [ISC-Bugs #46859]
252
253- Removed an "Impossible condition" error upon exit in the dhcpd server that
254 has been shutdown via OMAPI. This condition was only apparent under Solaris
255 when building with --enable-use-sockets and --enable-ipv4-pktinfo.
256 [ISC-Bugs #36118]
257
65eed5c1 258- Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
4aa6129a
TM
259 [ISC-Bugs #46836]
260
261- Added missing text to dhclient.8 and expanded release note coverage
262 for --address-prefix-len changes.
7512d88b 263
0e76cb91 264 Changes since 4.3.6 (New Features)
3210786b 265
f9741514
FD
266- Added --enable-bind-install to install embedded bind includes and
267 libraries. Default is to not install them (it was the previous
268 behavior). If you'd like to change the includedir and/or libdir
5a67b030
FD
269 installation directories to something different than for ISC DHCP
270 you must pass them using the --with-bind-extra-config configuration
271 arguments.
f9741514
FD
272 [ISC-Bugs #39318]
273
007ba82a
FD
274- Added support of dynamic shared libraries with libtool. A new
275 --enable-libtool configuration parameter is available but
276 should not be used directly: *please* read the build configuration
277 section in the README file for the recommended procedure.
278 [ISC-Bugs #29402]
279
417b7b4a
TM
280- IPv6 operation now supports an EUI-64 based address allocation which will
281 calculate addresses for clients with EUI-64 DUIDs based on those DUIDs when
282 enabled by setting use-eui-64 true. The parameter may defined down to the
283 pool scope. Note this feature must be compiled in by defining EUI_64 in
284 includes/site.h. This flag is undefined by default.
285 [ISC-Bugs #43927]
286
b3e6fd51
TM
287- The directory includes/isc-dhcp and it's only occupant, dst.h, have
288 been removed from the source tree. They are obsolete for branches
289 other than v4_1_esv.
290 [ISC-bugs #45541]
291
7512d88b
TM
292- Replaced ISC licensing with Mozilla Public License, MPL 2.0 licensing
293 throughout. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read
294 the MPL 2.0 license terms.
295 [ISC-Bugs #45541]
296
3e985dbf
TM
297- Load balancing for failover peers can now be disabled by setting
298 "load balance max secs" to 0. Doing so for both peers means both
299 servers will respond to all DHCPDISCOVERs or DHCPREQUESTs as soon as
300 they are received.
301 [ISC-Bugs #39669]
302
c0e9661e
TM
303- Added a new dhclient command line parameter, --prefix-len-hint <length>.
304 When used in conjunction with -P, it directs dhclient to use the given
d8805cee
TM
305 length as the prefix length hint when requesting prefixes. Thanks to both
306 Indy, of the FireballISO open source project and H. Peter Anvin for
307 suggesting this change.
308 [ISC-Bugs #43792]
309 [ISC-Bugs #35112]
310 [ISC-Bugs #32228]
311 [ISC-Bugs #29470]
3e88222f
TM
312
313- dhclient will now wait for 10 seconds after declining an IPv4 address
314 before issuing a discover. This is in keeping with RFC 2131, section 3.1.5.
315 Prior to this dhclient did not wait at all. The amount of time dhclient
316 waits can be specified via a new command line parameter:
317 --decline-wait-time <seconds>. A value of zero equates to no wait at all.
ecf9f77b 318 Thanks to Pavel Kankovsky for bringing this matter to our attention.
9de870cc 319 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
3e88222f 320 [ISC-Bugs #45457]
c0e9661e 321
35e86889
TM
322- dhclient will now include the lease address when logging DHCPOFFERs,
323 DHCPREQUESTs, DHCPACKs, DHCPRELEASEs, and DHCPDECLINEs. Additionally,
324 DHCPOFFERs will be logged before their corresponding DHCPREQUESTs are
325 sent and logged.
326 [ISC-Bugs #2729]
327
d6057334
TM
328- When given the -T command line argument, in addition to reading the
329 current lease file, the server will write the leases to a temporary
330 lease file. This can help detect issues in server configuration that
331 only surface when leases are written to the file. The current lease
332 file will not be modified and the temporary lease file is removed upon
333 completion of the test.
334 [ISC-Bugs #22267]
335
0f69ff73
TM
336- dhclient will now generate a DHCPv6 DECLINE message containing all IA_NA
337 addresses which for which the client script indicates a DAD failure. After
338 receiving the DECLINE reply, dhclient will restart the solicit process.
339 Note, the client script must exit with a value of 3 to signify that the
340 address failed DAD. Thanks to Jiri Popelka of Red Hat for submitting the
341 patch that was the foundation for this change.
9de870cc 342 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
1aca5897
TM
343 [ISC-Bugs #21237]
344 [ISC-Bugs #23357]
f0f3555e 345 [ISC-Bugs #36966]
0f69ff73 346
30593241
TM
347- Replaced compilation option, enable-secs-byteorder, with a run-time, server
348 configuration parameter, check-secs-byte-order. When enabled, the
349 server will check for clients that do the byte ordering on the secs field
350 incorrectly. This field should be in network byte order but some clients
351 get it wrong. When this parameter is enabled the server will examine the
352 secs field and if it looks wrong (high byte non zero and low byte zero) swap
353 the bytes. The default is disabled. This parameter is only useful when
354 doing load balancing within failover.
355 [ISC-Bugs #45364]
356
b53ba157
TM
357- The default value for server (-6) parameter, prefix-length-mode, has been
358 changed from "exact" to "prefer". In "prefer" mode the server will offer
359 the first available prefix with the same length as that requested by the
360 client. If none are found then it will offer the first available prefix of
361 any length. This is more in line with with RFC 8168 and should improve
362 the out-of-the-box user experience.
9de870cc 363 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
b53ba157
TM
364 [ISC-Bugs #45615]
365
bbdac71d
TM
366- Added support for 'dhcp-cache-threshold' to IPv6 operation: If a client
367 renews before 'dhcp-cache-threshold' percent of its lease has elapsed
368 (default 25%), the server will reuse the allocated lease (provide a
369 lease within the currently allocated lease-time) rather than extend or
370 renew the lease. This allows the server to reply without needlessly
371 writing leases to disk. The preferred and valid lease lifetimes
372 sent to the client will be reduced by the age of the lease. The option
373 may be specified down to the pool level and is supported for all three
374 pool types: NA, TA, and PD.
375 [ISC-Bugs #45292]
376
905c58b9
TM
377- Added three new server configuration parameters which influence DDNS:
378 1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
379 to mitigate issues with non-compliant clients in dual stack environments.
380
381 2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
382 requirement of DNS conflict resolution.
383
2f3eca17 384 3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
905c58b9
TM
385 allow unguarded DNS entries to be overwritten in certain cases
386 [ISC-Bugs #42620]
25e4af8b
TM
387 [ISC-Bugs #42621]
388 [ISC-Bugs #44753]
905c58b9 389
e6ffc27f
TM
390- A "key-algorithm <algorithm>" statement has been added to omshell to
391 allow the specification of the key algorithm to use during transaction
392 authentication. Prior to this it was hard-coded to be hmac-md5. It now
393 supports all of the same algorithms as the dhcpd server: hmac-md5 (the
394 default), hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and hmac-sha512.
395 [ISC-Bugs #46771]
396
c2e5ee28
TM
397- Added a server configuration parameter, persist-eui-64-leases, which
398 determines whether or not EUI-64 based leases are written to the
399 leases file. Default is true.
400 [ISC-Bugs #45046]
401
140612c8 402- Changed the default value of the prefix length passed by dhclient into the
a804fcc0
TM
403 client script for each IPv6 address from 64 to 128. This was done to comply
404 with RFC3315bis draft (-09, page 64) and RFC5942, Section 4, point 1.
405 In addition, dhclient now supports a command line argument,
406 --address-prefix-len, which may be used to override the default value.
407 **WARNING**: This change may not be backwardly compatible with your
408 environment. If you are operating without a router, such as between VMs on
409 a host, you may find they cannot see each with prefix length of 128. In
410 such cases, you'll need to either provide routing or use the command line
411 parameter to set the value to 64. Alternatively you may change the default
412 at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN in includes/site.h.
140612c8 413 [ISC-Bugs #23252]
fa6c4c08 414 [ISC-Bugs #37221]
140612c8 415
f1fc5ede 416- Modified dhclient (-6) to bypass sending a confirm (INIT REBOOT) when it has
a804fcc0 417 only expired address associations. Thanks to Jiri Popelka at Red Hat for
f1fc5ede
TM
418 raising the issue and submitting the patch.
419 [ISC-Bugs #22675]
0e76cb91 420 Changes since 4.3.6 (Bugs):
0b0a1399 421
0e76cb91
TM
422- Corrected an issue where the server would return a client's previously
423 released prefix lease even when the client provides a prefix length
424 hint that does not match the prior lease. Now the server will only
425 return the previous lease if it exactly matches the hint. If not
426 it will attempt to allocate a new prefix based on the hint and the
427 prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications
428 for pointing out the error of our ways.
429 [ISC-bugs #45780]
d1489a35 430
a804fcc0 431- Added explicit include of BIND9 isc/util.h to adapt to revisions
0e76cb91
TM
432 in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing
433 with implicit function declarations errors for POST() and INSIST().
434 [ISC-bugs #46332]
d1489a35 435
0e76cb91
TM
436- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132
437 states the option cannot be empty, some clients are apparently capable of
438 sending it. Prior to this the server was attempting to use it and store it
439 in the lease file causing issues with DDNS and so forth.
440 [ISC-bugs #43786]
d1489a35 441
9de870cc
TM
442- Corrected dhclient command line parsing for --dad-wait-time that causes
443 even valid values to fail as invalid on some environments.
444 [ISC-Bugs #46535]
445
0e76cb91
TM
446- Replaced iasubopt::heap_index with separate values for active and inactive
447 heaps: iasubopt::active_index and iasubopt::inactive_index. This was done
a804fcc0 448 to accommodate a change in behavior in BIND9 isc_heap_delete().
0e76cb91 449 [ISC-bugs #46719]
e105afa1 450
0e76cb91
TM
451! Plugged a socket descriptor leak in OMAPI, that can occur when there is
452 data pending to be written to an OMAPI connection, when the connection
453 is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
454 this issue to our attention and whose patch helped guide us in the right
455 direction.
456 [ISC-Bugs #46767]
4f553fea 457
9de870cc
TM
458- The ability of the server to send back dhcp6.vendor-opts values has been
459 restored. A change in 4.3.5 (see #29246) which enabled it to send back the
460 FQDN option unfortunately broke its ability send back dhcp6.vendor-opts.
461 Thanks to Sumant Gupta (sumantgupta at gmail dot com) of Landis+Gry for
462 bringing this issue to our attention.
463 [ISC-Bugs #46427]
464
0e76cb91 465 Changes since 4.3.6b1
09dccd03 466
0e76cb91 467- None
eb2d84b6 468
0e76cb91 469 Changes since 4.3.5
76a7db2c 470
0e76cb91
TM
471- The server now allows the client identifier (option 61) to own leases
472 in more than one subnet concurrently. Prior to this the server would
473 incorrectly release an existing lease in one subnet prior to assigning
474 a lease in another subnet. Note that the prior behavior can be still
475 be achieved by enabling one-lease-per-client. Thanks to both David Zych at
476 the University of Illinois and Norm Proffitt of Infoblox for reporting
477 the issue; and Norm for suggesting a solution.
478 [ISC-Bugs #41358]
ad06e7ba 479
0e76cb91
TM
480- When replying to a DHCPINFORM, the server will now include options specified
481 at the pool scope, provided the ciaddr field of the DHCPINFORM is populated.
482 Prior to this the server only evaluated options down to the subnet scope.
483 Thanks to Fernando Soto at BlueCat Networks for reporting the issue.
484 [ISC-Bugs #43219]
485 [ISC-Bugs #45051]
a5252220 486
0e76cb91
TM
487- When memory allocation fails in a repeated way the process writes
488 "Run out of memory." on the standard error and exists with status 1.
489 [ISC-Bugs #32744]
b7bfb2c7 490
0e76cb91
TM
491- The new lmdb (Lightning Memory DataBase) bind9 configure option is
492 now disabled by default to avoid the presence of this library to be
493 detected which can lead to a link failure.
494 [ISC-Bugs #45069]
841d9a18 495
0e76cb91
TM
496- The linux interface discovery code has been modified to use getifaddrs()
497 as is done for BSD and OS-X. Prior to this the code would only recognize
498 the first address on an interface and thereby omit vlans.
499 Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei
500 Kong at Novell, who all submitted patches.
501 [ISC-Bugs #28761]
502 [ISC-Bugs #31992]
503 [ISC-Bugs #25428]
504 [ISC-Bugs #31940]
505 [ISC-Bugs #32935]
3abc5708 506
0e76cb91
TM
507- Fixed a bug in OMAPI that causes omshell to crash when a name-value
508 pair with a zero length value is shipped in an object. Thanks to
509 Fernando Soto at BlueCat Networks for reporting the issue and
510 supplying the patch.
511 [ISC-Bugs #29108]
10b7683e 512
0e76cb91
TM
513- On 64-bit platforms, dhclient now generates the correct value for the
514 script environment variable, "expiry", the lease expiry value exceeds
515 0x7FFFFFFF. Prior to this such values would produce negative values
516 for expiry in the script environment.
517 [ISC-Bugs #43326]
21f3982a 518
0e76cb91
TM
519- Common timer logic was modified to cap the maximum timeout values at
520 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of
521 range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for
522 reporting the issue.
523 [ISC-Bugs #28038]
33dca28a 524
0e76cb91
TM
525- DHCP6 FQDN option unpacking code now correctly handles values that contain
526 spaces, special, or non-printable characters. Prior to this the buffer
527 size needed was underestimated causing a conversion error message to
528 be logged and DNS updates to be skipped. Thanks to Fernando Soto at
529 BlueCat Networks for bringing the matter to our attention.
530 [ISC-Bugs #43592]
33dca28a 531
0e76cb91
TM
532- When running in -6 mode, dhclient can enforce the require option statement
533 and will discard offered leases that do not contain all the required
534 options specified in the client configuration. If not enabled the client
535 will still consider such leases. This must be enabled at compile time
536 (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to
537 Mritunjaykumar Dubey at Nokia for reporting the issue.
538 [ISC-Bugs #41473]
7da1ac2b 539
0e76cb91
TM
540- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit
541 OS systems when using -1 or large values for default-lease-time. Rollover
542 values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally
543 short expiration times being handed out when infinite lease times (-1) in
544 conjunction with failover. Our thanks to Alessandro Gherardi for bringing
545 the issue to our attention.
546 [ISC-Bugs #41976]
e82906fc 547
0e76cb91
TM
548- Added new compile time option --with-srv-conf-file which specifies a
549 default location of the server configuration file.
550 [ISC-Bugs #44765]
20931f53 551
0e76cb91
TM
552- Added --dad-wait-time parameter to dhclient. It specifies the maximum time,
553 in seconds, that the client process should wait for the duplicate address
554 detection to complete before initiating DHCP requests. This value is
555 propagated to the dhclient script and the script is responsible for waiting
556 the specified amount of time or until DAD has completed. If the script does
557 not support it, specifying this parameter has no effect. The default value
558 is 0 which specifies that the script should not wait for DAD. With this
559 change the following scripts have been modified to support the new parameter:
560 freebsd, linux, macos, netbsd, openbsd.
561 [ISC-Bugs #36169]
5cc6f201 562
0e76cb91
TM
563- The server nows checks both the address and length of a prefix delegation
564 when attempting to match it to a prefix pool. This ensures the server
565 responds properly when pool configurations change such that once valid,
566 "in-pool" delegations are now treated as being invalid. During lease
567 file loading at startup, the server will discard any PD leases that
568 are deemed "out-of-pool" either by address or mis-matched prefix length.
569 Clients seeking to renew or rebind such leases will get a response of
570 No Binding in the case of the former, and the prefix delegation with
571 lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo
572 at TDS Telecom for reporting this issue.
573 [ISC-Bugs #35378]
88c3ff5d 574
0e76cb91
TM
575- Modified DDNS support initialization such that DNS related ports will only be
576 opened by the server (dhcpd) at startup if ddns-update-style is not "none";
577 by dhclient only if and when the it first attempts an update; and never by
578 dhcrelay. Prior to this all three always did the initialization at startup
579 which causes them to always open on and listen for traffic on two random
580 ports. Thanks to Rodney Beede for reporting this issue.
581 [ISC-Bugs #45290]
582 [ISC-Bugs #33377]
f10cbbfa 583
0e76cb91
TM
584- Added error logging to two memory allocation failure checks. Thanks to Bill
585 Parker (wp02855 at gmail dot com) for reporting the issue.
586 [ISC-Bugs #41185]
5fc79cfd 587
0e76cb91
TM
588- Corrected a dhclient -6 issue that caused the client to crash with an
589 "Impossible condition" error after de-preferencing its only IA binding.
590 The crash occurred when server configuration changes rendered the existing
591 binding out-of-range and no other leases were available to offer. Thanks
592 to Pierre Clerissi for bringing this issue to our attention.
593 [ISC-Bugs #44373]
555093da 594
0e76cb91
TM
595- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will
596 now call the script with reason set to FAIL when run with -1 (one try) and
597 there are no server responses. This applies to IPv4 mode only. Thanks for a
598 patch by Martin Pitt which got to us via Andrew Pollock.
599 [ISC-bugs #18183]
646acb59 600
0e76cb91
TM
601- The server now detects failover peers that are not referenced in at least
602 one pool when run with the command line option for test mode, -T. Prior to
603 this the check was performed too far down stream to be detected in test mode.
604 [ISC-Bugs #29892]
18ba0ff3 605
0e76cb91
TM
606- Linux script updated. The script is now based on Debian version. It uses
607 ip tool from iproute2 package and ifconfig is no longer used. This also
608 addresses an issue of calling arping with inappropriate parameter.
609 [ISC-bugs #19430]
610 [ISC-bugs #18111]
ce29e695 611
0e76cb91
TM
612- Changed severity of the log message indicating UDP checksum errors in
613 the received packets from 'info' to 'debug' to avoid logging excessive
614 number of false positives when UDP checksum offloading is enabled.
615 [ISC-bugs #41757]
d1d1da8f 616
0e76cb91
TM
617- The directory minires has been removed from the source tree. It has
618 long been obsolete for branches other than v4_1_esv. Additionally,
619 includes/minires.h was renamed includes/ns_name.h.
620 [ISC-bugs #45471]
c88dfebd 621
0e76cb91
TM
622- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias"
623 for IPv6 mode in the client scripts, netbsd and openbsd. This was
624 preventing IPv6 addresses from being added or removed from interfaces.
625 Thanks to Tim Dean for reporting this issue.
626 [ISC-bugs #31573]
4ce21cb6 627
0e76cb91 628 Changes since 4.3.5b1
b2cb745b 629
0e76cb91
TM
630- Corrected a bug which could cause the server to sporadically crash while
631 loading lease files with the lease-id-format is set to "hex". Our thanks
632 to Jay Ford, University of Iowa for reporting the issue.
633 [ISC-Bugs #43185]
4ced250f 634
0e76cb91
TM
635- Eliminated a noisy, but otherwise harmless debug log statment that may
636 appear during server startup when building with --enable-binary-leases
637 and configuring multiple pools in a shared network. Thanks to Fernando
638 Soto from BlueCat Networks for reporting the issue and supplying a patch.
639 [ISC-Bugs #43262]
a3471269 640
0e76cb91 641 Changes since 4.3.4
3e3b5257 642
0e76cb91
TM
643- Fixed util/bindvar.sh error handling.
644 [ISC-Bugs #41973]
ba4c704d 645
0e76cb91
TM
646- Correct error message in relay to use remote id length instead
647 of circuit id length.
648 [ISC-Bugs #42556]
b1eea858 649
0e76cb91
TM
650- Add logic to test directory Makefiles to avoid copying Attfile(s)
651 when building within the source tree. This eliminates a noisy but
652 otherwise harmless error message when running "make check".
653 [ISC-Bugs #41883]
36c4a037 654
0e76cb91
TM
655- Leases are now scrubbed of certain prior use information when pool
656 re-balancing reassigns them from one FO peer to the other. This
657 corrects an issue where leases that were offered but not used
658 by the client retained the client hostname from the original
659 client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
660 for reporting the issue.
661 [ISC-Bugs #42008]
41b5a1a6 662
0e76cb91
TM
663- In the LDAP code and schema add some missing '6' characters to use
664 the v6 instead of the v4 versions. Thanks to Denis Taranushin for
665 reporting this issue and supplying its patch.
666 [ISC-Bugs #42666]
62a9eb91 667
0e76cb91
TM
668- Correct how the pick-first-value expression is written to a lease
669 file. Previously it was written as a concat expression due to
670 a cut and paste error.
671 [ISC-Bugs #42253]
b7311aae 672
0e76cb91
TM
673- Modify the DDNS code to clean up the PTR record even if there
674 are issues while cleaning up the A or AAAA records.
675 [ISC-Bugs #23954]
1bfdeaae 676
0e76cb91
TM
677- Added global configuration parameter, abandon-lease-time, which determines
678 the amount of time a lease remains abandoned. The default is 84600 seconds.
679 Additionaly, the server now conducts a ping check (if ping checks are
680 enabled) prior to offering an abandoned lease to client. Our thanks to
681 David Zych at University of Illinois for reporting the issue and working
682 with us to produce a viable solution.
683 [ISC-Bugs #41815]
1d3fc4d0 684
0e76cb91
TM
685- Correct handling of interface names during interface discovery. This
686 addresses an issue where interface names of 15 characters in length
687 could lead to crashes or interface recognition errors during startup
688 of dhcpd, dhclient, and dhcrelay.
689 [ISC-Bugs #42226]
68b5d395 690
0e76cb91
TM
691- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
692 The updates are: looking for the lease file in more places and skipping
693 the "processing complete" output when creating machine readable
694 output. Thanks to Cameron Paine (cbp at null dot net) for the
695 patch.
696 [ISC-Bugs #42113]
f704712e 697
0e76cb91
TM
698- When reusing a lease for dhcp-cache-threshold return the hostname
699 to the original lease. Also if the host pointer, UID or hardware address
700 change don't allow reuse of the lease.
701 Thanks to Michael Vincent for reporting this and helping us
702 verify the problem and fix.
703 [ISC-Bugs #42849]
6e7e6637 704
0e76cb91
TM
705- Change dmalloc to use a size_t as the length argument to bring it
706 in line with the call it will make to malloc().
707 [ISC-Bugs #40843]
dce576b8 708
0e76cb91
TM
709- If the failover socket can't be bound, close it. Otherwise if the
710 user configures an incorrect address in the failover stanza the
711 server will continue to open new sockets every 90 seconds until
712 it runs out.
713 [ISC-Bugs #42452]
45086eef 714
0e76cb91
TM
715- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
716 allow interfaces to be upstream or downstream respectively. Upstream
717 interfaces will accept and forward only BOOTP replies, while downstream
718 interfaces will accept and forward only BOOTP requests.
719 [ISC-Bugs #41547]
785c1a51 720
0e76cb91
TM
721- Clean up some memory references in the vendor-class construct.
722 [ISC-Bugs #42984]
0f1a34e9 723
0e76cb91 724 Changes since 4.3.4b1
84ee63a0 725
0e76cb91 726- None
cc1bd34e 727
0e76cb91 728 Changes since 4.3.3
0b209ea5 729
0e76cb91
TM
730- Corrected a static analyzer warning in common/execute.c
731 [ISC-Bugs #40374]
ba4c704d 732
0e76cb91
TM
733- ISC DHCP now follows the common convention to use the base name a
734 program is invoked with (aka argv[0], vs. a builtin name) for
735 logs. This should help differentiate syslog entries for DHCPv4 and
736 DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
737 keep the previous behavior.
738 [ISC-Bugs #38692]
6067cd48 739
d618ba48
SR
740- The Linux packet filter code now correctly treats only the least significant
741 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
742 Prior to this it was using the entire 16 bit value as the VLAN id and
743 incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
744 reporting this issue and supplying its patch.
745 [ISC-Bugs #40591]
21d30347 746
d618ba48
SR
747- Fixed several static analysis issues such as potential null
748 references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
749 gmail dot com) who identified these issues and supplied patches to
750 address them.
751 [ISC-Bugs #40754]
752 [ISC-Bugs #40823]
d9b2a590 753
d618ba48
SR
754- Corrected compilation errors that prohibited building the server
755 and its ATF unit tests when failover is disabled.
756 [ISC-Bugs #40372]
d9b2a590 757
d618ba48
SR
758- Added the lease address to the end of the debug level log message
759 emitted when an existing lease is renewed within the dhcp-cache-threshold.
760 Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
761 [ISC-Bugs #40598]
d9b2a590 762
d618ba48
SR
763- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
764 section of the configure script output. Additionally, all of the
765 features reported on will now always show either a "yes" or "no"
766 value. Prior to this features left to their default setting would
767 not show a value.
768 [ISC-Bugs #40381]
f3a44c10 769
d618ba48
SR
770- Added a parameter, authoring-byte-order, to the lease file. This value
771 is automatically added to the top of new lease files by the server and
772 indicates the internal byte order (big endian or little endian) of the
773 server. This permits lease files generated on a server with one form of
774 byte order to be used on a server with the opposite form. Our thanks to
775 Timothe Litt for calling this to our attention and for the suggestions
776 he provided.
777 [ISC-Bugs #38396]
04daf4fe 778
d618ba48
SR
779- Fixed a small memory leak in the DHCPv6 version of the client code.
780 This is unlikely to cause significant issues in actual use.
781 [ISC-Bugs #40990]
7116a34f 782
d618ba48
SR
783- Corrected a few minor memory leaks in omapi's dereferencing of
784 host objects. Thanks to Jiri Popelka at Red Hat for reporting
785 the issue and supplying the patches.
786 [ISC-Bugs #33990]
787 [ISC-Bugs #41325]
2775bd62 788
d618ba48
SR
789- Cleaned up some of the Make infrastructure to make --with-libbind
790 work better. Though it still only works with an absolute path.
791 [ISC-Bugs #39210]
dd9738aa 792
d618ba48
SR
793- Made the embedded bind libraries able to be cross compiled
794 (please refer to the bind9 documentation to learn how to cross
795 compile DHCP and its bind library dependency).
796 [ISC-Bugs #38836]
491bf4a2 797
d618ba48
SR
798- Update the client code to better support getting IA_NAs and IA_PDs
799 in the same packet, see RFC7550 for some discussion.
800 [ISC-Bugs #40190]
992dc765 801
d618ba48
SR
802! Update the bounds checking when receiving a packet.
803 Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
804 patch.
805 [ISC-Bugs #41267]
806 CVE: CVE-2015-8605
cb8c997e 807
d618ba48
SR
808- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
809 print out a specific error message about the first error in addition
810 to the usage string. This may be disabled by editing includes/site.h.
811 [ISC-Bugs #40321]
812 [ISC-Bugs #41454]
acbecb2e 813
d618ba48
SR
814- The configure script will now exit with an error message if it cannot find
815 a GNU-style make tool (needed when building BIND libraries) or pkg-config
816 (needed to locate ATF used for building unit tests). Prior to this the
817 script would exit indicating success causing subsequent attempts to build
818 the software to fail.
819 [ISC-Bugs #40371]
fb98e02e 820
d618ba48
SR
821- Properly terminate strings before passing them to regex and fix
822 a boundary error when creating certain new data strings.
823 Thanks to Andrey Jr. Melnikov for the bug report.
824 [ISC-Bugs #41217]
1a006ff6 825
d618ba48
SR
826- Option expressions, such as prepend and append, are now supported when
827 running dhclient for IPv6. Prior to this such statements in the
828 client configuration file would be parsed but have no affect. Thanks
829 to Jiri Popelka at Red Hat for reporting the issue.
830 [ISC-Bugs #39952]
45adf35c 831
d618ba48
SR
832- A failover primary server will now accept a binding status update from the
833 secondary which transitions a lease from ACTIVE to ABANDONED. This accounts
834 for instances in which a client declines a lease and only the secondary
835 server receives it. Prior to this the primary server would reject such an
836 update as an "invalid state transition".
837 [ISC_BUGS #25189]
7d9dd306 838
d618ba48
SR
839- Properly allocate memory for a bpf filter.
840 Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue.
841 [ISC-Bugs #41485]
7d9dd306 842
d618ba48
SR
843- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better
844 and to print out the hostnames a bit better.
845 Thanks to Antoine Beaupré from Debian for the suggested patch.
846 [ISC-Bugs #41288]
29c6b4f1 847
d618ba48
SR
848- The DHCPv6 server now handles long valid and preferred lease times better.
849 Values that would cause the internal end time of the lease to wrap are
850 modified to work as infinite.
851 [ISC-Bugs #40773]
01a44a77 852
d618ba48
SR
853- Updated support for cross compiling by allowing the library archiver
854 to be set at configure time via the environment variable 'AR'.
855 [ISC-Bugs #41536]
01a44a77 856
d618ba48
SR
857- The server will now match DHCPv6 relayed clients to host declarations
858 which include the "hardware" statement, if the relay connected to the
859 client supplies the client's hardware address via client-linklayer-address
860 option as per RFC 6939.
861 [ISC-Bugs #40334]
fc48033a 862
d618ba48
SR
863- Allow a filename to be specified instead of /dev/random during
864 configuration. This is passed to the BIND configuration to allow
865 for cross compilation.
866 [ISC-Bugs #33835]
db3f7799 867
d618ba48
SR
868- Add more option definitions.
869 [ISC-Bugs #40562]
0da37b4c 870
d618ba48
SR
871- Correct outputting of long lines in the lease file when writing
872 a lease that includes long strings in an execute statement.
873 [ISC-Bugs #40994]
158a34fb 874
d618ba48
SR
875- The server will now correctly treat a lease as reserved when the client
876 requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved"
877 is enabled. Prior to this the server would halt. In addition, corrections
878 were made to the server to allow a lease's flags field to be set via omapi.
879 Prior to this, the server, depending on the host architecture, would
880 incorrectly parse the new flags value from the omapi message.
881 [ISC-Bugs #31179]
dceef873 882
d618ba48
SR
883- ISC DHCP can now be configured and built from a directory other than
884 the top level source directory. Note that "make distcheck" uses this
885 feature.
886 [ISC-Bugs #39262]
1be2ba15 887
d618ba48
SR
888- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument,
889 "-U <interface>" enables the addition of a RFC 3527 compliant link selection
890 suboption to the agent option added for clients directly connected to the
891 relay.
892 [ISC-Bugs #34875]
893 [ISC-Bugs #41708]
388cba45 894
d618ba48
SR
895- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled
896 instructs the server to calculate T1 and T2 as recommended in RFC 3315,
897 Section 22.4.
898 [ISC-Bugs #25687]
388cba45 899
d618ba48
SR
900- Corrected minor Coverity issues.
901 [ISC-Bugs #35144]
b6ab3f6c 902
d618ba48
SR
903- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration
904 option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support
905 and is not compatible with delayed-ack. Both client and server use 2
906 processes which communicate over UDP on a pair of sockets. The new
907 "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support
908 and specifies the consecutive ports to use for inter-process communication.
909 Please look at doc/DHCPv4-over-DHCPv6 for more details.
910 [ISC-Bugs #35711]
f950de77 911
d618ba48
SR
912- Correct interface name formation when using DLPI under Solaris 11. As of
913 Solaris 11, ethernet device files are located in "/dev/net". The configure
914 script has been modified to detect this situation and adjust the directory
915 used accordingly. Thanks to Jarkko Torppa for reporting this issue and
86bda88b 916 submitting a patch
d618ba48
SR
917 [ISC-Bugs #37954]
918 [ISC-Bugs #40752]
02b0bdc3 919
d618ba48
SR
920- Add a dereference call when handling an error condition while
921 decoding a packet.
922 [ISC-Bugs #41774]
d8c7c34e 923
d618ba48
SR
924- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The
925 parameter controls the format in which certain values are written to lease
926 files. Formats supported are octal - quoted string containing octal
927 escapes, and hex - unquoted, colon separated hex digits. Thanks to
928 Jay Ford, University of Iowa for bringing the issue to our attention.
929 [ISC-Bugs #26378]
00e9af8e 930
d618ba48
SR
931! Add an option in site.h to limit the number of failover and control
932 connections the server will accept. By default this is 200.
933 [ISC-Bugs #41845]
934 CVE: CVE-2016-2774
9279a3d7 935
0e76cb91 936 Changes since 4.3.3b1
59a351d6 937
0e76cb91 938- None
0ab4a716 939
0e76cb91 940 Changes since 4.3.2
250f7134 941
0e76cb91
TM
942- The server now does a better check to see if it can allocate the memory
943 for large blocks of v4 leases and should provide a slightly better error
944 message. Note well: the server pre-allocates v4 addresses, if you use
945 a large range, such as a /8, the server will attempt to use a large
946 amount of memory and may not start if there either isn't enough memory
947 or the size exceeds what the code supports.
948 [ISC-Bugs #38637]
b05e05b7 949
0e76cb91
TM
950- The server will now reject unicast Request, Renew, Decline, and Release
951 messages from a client unless the server would have sent that client the
952 dhcp6.unicast option. This behavior is in compliance with paragraph 1 in
953 each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
954 to this, the server would simply accept the messages. Now, in order for
955 the server to accept such a message, the server configuration must include
956 the dhcp6.unicast option either globally or within the shared network to
957 which the requested lease belongs. In other words, the server will map
958 the first IA_XX address found within the client message to a shared-network
959 and look for the presence of the unicast option there and then globally.
960 Thanks to Jiri Popelka at Red Hat for this issue and his patch which
961 inspired the fix.
962 [ISC-Bugs #21235]
ad80055f 963
0e76cb91
TM
964- The ATF (Automated Testing Framework) tools used for optional unit tests
965 can now be built from its embedded sources in bind, solving the
966 atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
967 The new configuration option is "./configure --with-atf=bind".
968 [ISC-Bugs #38754, #39300]
e9326fd0 969
0e76cb91
TM
970- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
971 On older linuxes that do not include the tpacket_auxdata structure don't
972 bother allocating the cmsgbuf as it isn't necessary and we don't have
973 a proper length for it.
974 [ISC-Bugs #39209]
01a44a77 975
0e76cb91
TM
976- Remove the dst directory. This was replaced in 4.2.0 with the dst
977 code from the Bind libraries but we continued to include it for
978 backwards compatibility. As we have now released 4.3.x it seems
979 reasonable to remove it.
980 [ISC-Buts #39019]
981
982- Write out the DUID server id on startup in all cases, previously if it
983 was read in from server-duid option in the config or lease files for
984 DHCPv4 it would not be written to the new lease file.
985 [ISC-Bugs #37791]
986
987- When parsing dates for leases convert dates past 2038 to "never".
988 This avoids problems with integer overflows in the date and time
989 handling code for people that decide to use very large lease times
990 or add a lease entry with a date far in the future.
991 [ISC-Bugs #33056]
992
993- Leave the siaddr field clear when sending a NACK as per RFC 2131
994 table 3.
995 [ISC-Bugs #38769]
996
997- In the client don't send expired addresses to the script as part of
998 the binding process. Thanks to Sven Trenkel at Google for reporting
999 the issue and suggesting the patch.
1000 [ISC-Bugs #38631]
1001
1002- While parsing IPv6 addresses treat "add" as part of the address instead
1003 of as a token.
1004 [ISC-Bugs #39529]
1005
1006- Add support for accessing the v4 lease queues (active, free etc) in a
1007 binary fashion instead of needing to walk through a linear list to
1008 insert, find or remove an entry from the queues. In addition add a
1009 compile time option "--enable-binary-leases" to enable the new code
1010 or to continue using the old code. The old code is the default.
1011 Thanks to Fernando Soto from BlueCat Networks for the patch.
1012 [ISC-Bugs #39078]
1013
1014- Delayed-ack now works properly with Failover. Prior to this, bind updates
1015 post startup were being queued but never delivered. Among other things, this
1016 was causing leases to not transition from expired or released to free.
1017 [ISC-Bugs #31474]
1018
1019- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
1020 lease file is corrupt in certain ways.
1021 [ISC-Bugs #39760]
1022
1023- Corrected a crash in dhclient that occurs during lease renewal if the
1024 client is performing its own DNS updates. Thanks to Jiri Popelka at Red Hat
1025 for the bug report.
1026 [ISC-Bugs #38639]
1027
1028- Corrected an issue in v6 lease file parsing. Prior to this, when encountering
1029 a lease with an address for which no configured pool exists, the server was
1030 declaring the lease file corrupt and incorrectly skipping over the subsequent
1031 entry in the file. The server will now emit a log message indicating that
1032 no pool was found for the address (or prefix) and correctly resume parsing
1033 with the next entry in the lease file. Our thanks to Michal Žejdl for
1034 reporting the issue.
1035 [ISC-Bugs #39314]
1036
1037- Be more liberal in finding a subnet group associated with a static
1038 prefix. When we added the class matching code for v6 we also added
1039 a requirement that the static prefix must be within a subnet the
1040 client was in, in order to find the proper statements. We now
1041 look for a subnet based on the prefix, failing that on the static
1042 address for the client and failing that on the shared network
1043 itself.
1044 [ISC-Bugs #38329]
1045
1046- Add a new action expression "parse_vendor_options", which can be used
1047 to parse a vendor-encapsualted-option received by the server based on
1048 the encoding specified by the vendor-option-space statement.
1049 [ISC-Bugs #36449]
1050
1051- Enhance the PARANOIA patch to include fchown() the lease file to
1052 allow it to be manipulated after the server does a chown().
1053 Thanks to Jiri Popelka at Red Hat for the patch.
1054 [ISC-Bugs #36978]
1055
1056- Relax the requirement that prefix pools must be within the subnet.
1057 This was added in as part of #32453 in order to avoid configuration
1058 mistakes but is being removed as prefixes aren't required to be
1059 within the same subnet and many people configure them in that fashion.
1060 [ISC-Bugs #40077]
1061
1062- Fixed a server crash that could occur when the server attempts to remove
1063 the billing class from the last lease billed to a dynamic class after said
1064 class has been deleted. Our thanks to Lasse Pesonen for reporting the
1065 issue.
1066 [ISC-Bugs #39978]
1067
1068- LDAP Patches - Numerous small patches submitted by contributors have
1069 been applied to the contributed code which supplies LDAP support.
1070 In addition, two larger submissions have also been included. The
1071 first adds support for IPv6 configuration and the second provides
1072 GSSAPI authentication. We would like to thank the following for their
1073 contributions (alphabetically):
1074 Alex Novak at SUSE
1075 Bill Parker (wp02855 at gmail dot com)
1076 Jiri Popelka at Red Hat
1077 Marius Tomaschewski at SUSE
1078 (william at adelaide.edu.au), The University of Adelaide
1079 [ISC-Bugs #39056]
1080 [ISC-Bugs #22742]
1081 [ISC-Bugs #24449]
1082 [ISC-Bugs #28545]
1083 [ISC-Bugs #29873]
1084 [ISC-Bugs #30183]
1085 [ISC-Bugs #30402]
1086 [ISC-Bugs #32217]
1087 [ISC-Bugs #32240]
1088 [ISC-Bugs #33176]
1089 [ISC-Bugs #33178]
1090 [ISC-Bugs #36409]
1091 [ISC-Bugs #36774]
1092 [ISC-Bugs #37876]
1093
1094- Handle an out of memory condition in the client a bit better.
1095 Thanks to Frédéric Perrin from Brocade for finding the issue
1096 and suggesting a patch.
1097 [ISC-Bugs #39279]
1098
1099 Changes since 4.3.2rc2
1100- None
1101
1102 Changes since 4.3.2rc1
1103
1104- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
1105 The error occurs on Linux variants that do not support VLAN tag information
1106 in packet auxiliary data. The configure script now only enables inclusion
1107 of the VLAN tag-based logic if it is supported by the underlying OS.
1108 [ISC-Bugs #38677]
1109
1110 Changes since 4.3.2b1
1111
1112- Specifying the option, --disable-debug, on the configure script command line
1113 now disables debug features. Prior to this, specifying --disable-debug
1114 incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
1115 the issue.
1116 [ISC-Bugs #37780]
1117
1118- Unit test execution now uses a path augmented during configuration
1119 processing of the --with-atf option to locate ATF runtime tools, atf-run
1120 and atf-report. For most installations of ATF, this should alleviate the
1121 need to manually include them in the PATH, as was formerly required.
1122 If the configure script cannot locate the tools it will emit a warning,
1123 informing the user that the tools must be in the PATH when running unit
1124 tests.
1125 Secondly, please note that "make check" will now exit with a failure status
1126 code (non-zero) if one or more unit tests fail. This means that invoking
1127 "make check" from an upper level directory will cause the make process to
1128 STOP after the first test subdirectory with failed test(s). To force all
1129 tests in all subdirectories to run, regardless of individual test outcome,
1130 use the command "make -k check".
1131 [ISC-Bugs #38619]
1132
1133 Changes since 4.3.1
1134
1135- Corrected parser's right brace matching when a statement contains an error.
1136 [ISC-Bugs #36021]
1137
1138- TSIG-authenticated dynamic DNS updates now support the use of these
1139 additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
1140 and hmac-sha512
1141 [ISC-Bugs #36947]
1142
1143- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
1144 working with the OpenBSD project who spotted the issue and provided the
1145 patch.
1146 [ISC-Bugs #36653]
1147
1148- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
1149 Stoeckmann working with the OpenBSD project who spotted the issue and
1150 provided the patch.
1151 [ISC-Bugs #36897]
1152
1153- Log statements depicting what files will be used by the server now occur
1154 after the configuration file has been processed.
1155 [ISC-Bugs #36671]
1156
1157- Addressed Coverity issues reported as of 07-31-2014:
1158 [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
1159 [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
1160 [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
1161 compilers that was introduced by #36712
1162
1163- Server now supports a failover split value of 256.
1164 [ISC-Bugs] #36664]
1165
1166- Remove unneeded error #defines. These defines were included in case
1167 external programs required the older versions of the macro. They
1168 have been #ifdeffed for now and will be removed at a future date.
1169 See site.h for the #define to include them again, but you should
1170 switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
1171 Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
1172 [ISC-Bugs #37128]
1173
1174- Added checks in range6 and prefix6 statement parsing to ensure addresses
1175 are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
1176 bug report and patch.
1177 [ISC-Bugs #32453]
1178 [ISC-Bugs #17766]
1179 [ISC-Bugs #18510]
1180 [ISC-Bugs #23698]
1181 [ISC-Bugs #28883]
1182
1183- Addressed checksum issues:
1184 Added checksum readiness check to Linux packet filtering which eliminates
1185 invalid packet drops due to checksum errors when checksum offloading is
1186 in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
1187 [ISC-Bugs #22806]
1188 [ISC-Bugs #15902]
1189 [ISC-Bugs #17739]
1190 [ISC-Bugs #18010]
1191 [ISC-Bugs #22556]
1192 [ISC-Bugs #29769]
1193 Inbound packets with UDP checksums of 0xffff now validate correctly rather
1194 than being dropped.
1195 [ISC-Bugs #24216]
1196 [ISC-Bugs #25587]
1197
1198- Added the echo-client-id configuration parameter to the server configuration.
1199 The server now supports RFC 6842 compliant behavior by setting a new
1200 configuration parameter, echo-client-id. When enabled, the server will
1201 include the client identifier option (Option code 61) if received, in its
1202 responses. The server identifier returned in NAKs (if enabled) will now
1203 be the globally defined value (if one) if the server cannot attribute the
1204 inbound request to a known subnet.
1205 [ISC-Bugs #35958]
1206 [ISC-Bugs #32545]
1207
1208- Added support of the configuration parameter, use-host-decl-names, to
1209 BOOTP request handling.
1210 [ISC-Bugs #36233]
1211
1212- Added logic to ignore the signal, SIGPIPE, which ensures write failures
1213 will be delivered as errors rather than as SIGPIPE signals on all OSs.
1214 Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
1215 the patch upon which the fix is based.
1216 [ISC-Bugs #32222]
1217
1218- In the failover code, handle the case of communications being interrupted
1219 when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
1220 the primary to accept the secondary moving from POTENTIAL-CONFLICT to
1221 RESOLUTION-INTERRUPTED as well as handling the bind update process better.
1222 In addition the code to resend update or update all requests has been
1223 modified to send requests more often.
1224 [ISC-Bugs #36810]
1225 [ISC-Bugs #20352]
1226
1227- By default, the server will now choose the value to use in the forward DNS
1228 name from the following in order of preference:
1229
1230 1. FQDN option if provided by the client
1231 2. Host name option if provided by the client
1232 3. Configured option host-name if defined
1233
1234 As before, this may be overridden by defining ddns-hostname to the desired
1235 value (or expression). In addition, the server logic has been extended to
1236 use the value of the host name declaration if use-host-decl-names is enabled
1237 and no other value is available.
1238 [ISC-Bugs #21323]
1239
1240- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
1241 the existing lease and the forward DNS name had not changed. This has been
1242 corrected.
1243 [ISC-Bugs #37368]
1244 [ISC-Bugs #38636]
1245
1246- Corrected an issue which caused dhclient to incorrectly form the result when
1247 prepending or appending to the IPv4 domain-search option, received from the
1248 server, when either of the values being combined contain compressed
1249 components.
1250 [ISC-Bugs #20558]
1251
1252- Added the server-id-check parameter to the server configuration.
1253 This parameter allows run-time control over whether or not a server,
1254 participating in failover, verifies the dhcp-server-identifier option in
1255 DHCP REQUESTs against the server's id before processing the request.
1256 Formerly, enabling this behavior was done at compilation time through
1257 the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
1258 The functionality is now only available through the new runtime parameter.
1259 [ISC-Bugs #37551]
1260
1261- During startup, when the server encounters a lease whose binding state is
1262 FTS_BACKUP but whose pool has no configured failover peer, it will reset the
1263 lease's binding state to FTS_FREE. This allows the leases to be reclaimed
1264 by the server after a pool's configuration has changed from failover to
1265 standalone. Prior to this such leases would remain stuck in the backup state
1266 making them unavailable for assignment. Note this conversion will occur
1267 whether or not the server is compiled for failover.
1268 [ISC-Bugs #36960]
1269
1270- Fixed a small issue in the treatment of hosts in the inform processing
1271 that could cause the response to an inform to include information from
1272 the wrong scope. The two examples we've heard of are getting subnet
1273 instead of group information associated with a host entry, or getting
1274 global information instead of subnet if the host entry was built via
1275 omapi. Thanks to Julien Soula at University of Lille for finding the
1276 bug and supplying a patch.
1277 [ISC-Bugs #35712]
1278
1279- Avoid calling pool_timer() recursively from supersede_lease(). This could
1280 result in leases changing state incorrectly or delaying the running of the
1281 leae expiration code.
1282 [ISC-Bugs #38002]
1283
1284- Move the check for a PID file and process to be before we rewrite the
1285 lease file. This avoids the possibility of starting a second instance
1286 of a server which changes the current lease file confusing the first
1287 instance. This check is only included if the admin hasn't disabled PID
1288 files.
1289 [ISC-Bugs #38078]
1290 [ISC-Bugs #38143]
1291
1292- In the client code change the way preferred_life and max_life are printed
1293 for environment variables to be unsigned rather than signed.
1294 Thanks to Jiri Popelka at Red Hat for the bug report and patch.
1295 [ISC-Bugs #37084]
1296
1297- Modified Linux packet handling such that packets received via VLAN are now
1298 seen only by the VLAN interface. Prior to this, such packets were seen by
1299 both the VLAN interface and its parent (physical) interface, causing the
1300 server to respond to both. Note this remains an issue for non-Linux OSs.
1301 Thanks to Jiri Popelka at Red Hat for the patch.
1302 [ISC-Bugs #37415]
1303 [ISC-Bugs #37133]
1304 [ISC-Bugs #36668]
1305 [ISC-Bugs #36652]
1306
1307- Log content has been changed to more directly suggest that admins should
1308 check for multiple IPv6 clients attempting to use the same DUID when only
1309 abandoned addresses are available. Debug level logging will now emit counts
1310 of the total number of, in-use, and abandoned addresses in a shared subnet
1311 when the server finds no addresses available for a given DUID. Lastly,
1312 threshold logging is now automatically disabled for shared subnets whose
1313 total number of possible addresses exceeds (2^64)-1.
1314 [ISC-Bugs #26376]
1315 [ISC-Bugs #38131]
1316
1317- Added a global parameter, prefix-length-mode, which may be used to determine
1318 how the server uses a non-zero value for prefix-length supplied by clients
1319 when soliciting DHCPv6 prefixes. The server supports selection modes of:
1320 ignore, prefer, exact, minimum and maximum which are described in detail in
1321 the server man pages. The prior behavior of the server was to only offer a
1322 prefix whose length exactly matched the prefix-length value requested. If
1323 no such prefixes were available, the server returned a status of none
1324 available. Note the default mode, "exact", provides this same behavior.
1325 [ISC-Bugs #36780]
1326 [ISC-Bugs #32228]
1327
1328- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
1329 limit such that it now sets it to 32 when the upstream address is a multicast
1330 address per RFC 3315 Section 20. Prior to this if the -u argument preceded
1331 the -l argument on the command line or if the same interface was specified
1332 for both; the logic to set the hop limit count for the upper interface was
1333 skipped. This caused the hop count limit to be set to the default value
1334 (typically 1) in the outbound upstream packets.
1335 [ISC-Bugs #37426]
1336
1337 Changes since 4.3.1b1
1338
1339- Modify the linux and openwrt dhclient scripts to process information
1340 from a stateless request. Thanks to Jiri Popelka at Red Hat for the
1341 bug report and patch.
1342 [ISC-Bugs #36102]
01a44a77 1343
0e76cb91
TM
1344- Remove more unused RCSID tags. These weren't noticed in 4.3 as
1345 the code isn't used anymore but we remove them here to keep the
1346 code consistent across versions.
1347 [ISC-Bugs #36451]
01a44a77 1348
0e76cb91 1349 Changes since 4.3.0
01a44a77 1350
0e76cb91
TM
1351- Tidy up several small tickets.
1352 Correct parsing of DUID from config file, previously the LL type
1353 was put in the wrong place in the DUID string.
1354 [ISC-Bugs #20962]
1355 Add code to parse "do-forward-updates" as well as "do-forward-update"
1356 Thanks to Jiri Popelka at Red Hat.
1357 [ISC-Bugs #31328]
1358 Remove log_priority as it isn't currently used.
1359 [ISC-Bugs #33397]
1360 Increase the size of the buffer used for reading interface information.
1361 [ISC-Bugs #34858]
01a44a77 1362
0e76cb91
TM
1363- Remove an extra set of the msg_controllen variable.
1364 [ISC-Bugs #21035]
01a44a77 1365
0e76cb91
TM
1366- Add a more understandable error message if a configuration attempts
1367 to add multiple keys for a single zone. Thanks to a patch from Jiri
1368 Popelka at Red Hat.
1369 [ISC-Bugs #31892]
f2e70402 1370
0e76cb91
TM
1371- Fix some minor issues in the dst code.
1372 [ISC-Bugs #34172]
51ce5995 1373
0e76cb91
TM
1374- Properly #ifdef functions so that the code can compile without NSUPDATE.
1375 [ISC-Bugs #35058]
9b7d458d 1376
0e76cb91
TM
1377- Update the partner's stos (start time of state, basically when we last
1378 heard from this partner) field when updating the state in failover.
1379 [ISC-Bugs #35549]
9b7d458d 1380
0e76cb91
TM
1381- Modify the overload processing to allow space for the remote agent ID.
1382 [ISC-Bugs #35569]
1383 Handle the ordering of the SUBNET_MASK option even if it is the last
1384 option in the list.
1385 [ISC-Bugs #24580]
9b7d458d 1386
0e76cb91
TM
1387- Remove the code that allows a server to follow RFC3315 instead of
1388 the subsequent errata from August 2010 when determining which IAs
1389 to include if no addresses will be assigned.
1390 [ISC-Bugs #28938]
2c8a396a 1391
0e76cb91
TM
1392- Remove unused RCSID tags.
1393 [ISC-Bugs #35846]
9b7d458d 1394
0e76cb91
TM
1395- Correct the v6 client timing code. When doing the timing backoff
1396 for MRT limit it to MRD.
1397 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1398 [ISC-Bugs #21238
66e80033 1399
0e76cb91
TM
1400- Add a log entry when killing a client and remove the PID files
1401 when a server, relay or client are killed.
1402 [ISC-Bugs #16970]
1403 [ISC-Bugs #17258]
9b7d458d 1404
0e76cb91
TM
1405- Some minor cleanups in the client code.
1406 In addition to checking for dhcpc check for bootpc in the services list.
1407 [ISC-Bugs #18933]
1408 Correct the client code to only try to get a lease once when the
1409 given the "-1" argument.
1410 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1411 [ISC-Bugs #26735]
1412 When asked for the version don't send the output to syslog.
1413 [ISC-Bugs #29772]
1414 Add the next server information to the environment variables for
1415 use by the client script. In order to avoid changing the client
1416 lease file the next server information isn't written to it.
1417 Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
1418 [ISC-Bugs #33098]
e191f1e8 1419
0e76cb91
TM
1420- Several updates to the dhcp server code.
1421 When not in quiet mode print out the files being used.
1422 [ISC-Bugs #17551]
1423 As accessing some pid files may require privileges move the dropping
1424 of permission bits due to the paranoia patch to be after the pid code.
1425 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1426 [ISC-Bugs #25806]
1427 When processing a "--version" request don't output the version information
1428 to syslog.
9b7d458d 1429
0e76cb91
TM
1430- Add the "enable-log-pid" build option to the configure script. When enabled
1431 this causes the client, server and relay programs to include the PID
1432 number in syslog messages.
1433 Thanks to Marius Tomaschewski for the suggestion and proto-patch.
1434 [ISC-Bugs #29713]
9b7d458d 1435
0e76cb91
TM
1436- Add a #define to specify the prefix length used when a client attempts
1437 to configure an address. This can be modified by editing includes/site.h.
1438 By default it is set to 64. While 128 might be a better choice it would
1439 also be a change for currently running systems, so we have left it at 64.
1440 [ISC-Bugs #DHCP-2]
9b7d458d 1441
0e76cb91
TM
1442- Add a run time option to the client "-df" to allow the administrator to
1443 point to a second lease file the client can search for a DUID. This can
1444 be used to allow a v4 and a v6 instance of the client to share a DUID.
1445 The second file will only be searched if there isn't a DUID in the main
1446 lease file and the DUID will be written out to the main lease file.
1447 [ISC-Bugs #34886]
9b7d458d 1448
0e76cb91
TM
1449- Have the client fsync the lease file to avoid lease corruption if the
1450 client hibernates or otherwise shuts down.
1451 [ISC-Bugs #35894]
9b7d458d 1452
0e76cb91
TM
1453- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
1454 Thanks to Steinar Haug for the suggestion.
1455 [ISC-Bugs #36033]
ece2d9da 1456
0e76cb91
TM
1457- Modify the handling of the resolv.conf file to allow the DHCP
1458 process to start up even if the resolv.conf file has problems.
1459 [ISC-Bugs #35989]
ab777749 1460
0e76cb91
TM
1461- Add threshold logging functionality. Two new options,
1462 log-threshold-low and log-threshold-high, indicate to the
1463 server if and when it should log an error message as addresses
1464 in a pool are used.
1465 [ISC-Bugs #34487]
6ec59010 1466
0e76cb91
TM
1467- Add code to properly dereference a pointer in the dhclient code
1468 on an error condition.
1469 [ISC-Bugs #36194]
63ccfbb0 1470
0e76cb91
TM
1471- Add code to help clean up soft leases.
1472 [ISC-Bugs #36304]
babe4149 1473
0e76cb91
TM
1474- Disable the gentle shutdown functionality until we can determine
1475 the best way to present it to remove or reduce the side effects.
1476 [ISC-Bugs #36066]
d1489a35 1477
0e76cb91 1478 Changes since 4.3.0rc1
e39b4193 1479
0e76cb91
TM
1480- None
1481 Changes since 4.3.0b1
2d542e1e 1482
0e76cb91
TM
1483- Tidy up receive packet processing.
1484 Thanks to Brad Plank of GTA for reporting the issue and suggesting
1485 a possible patch.
1486 [ISC-Bugs #34447]
abacf8ad 1487
0e76cb91
TM
1488 Changes since 4.3.0a1
1489
1490- Modify the message displayed when a process hits a fatal error.
1491 The new message is much shorter and simply points to the README
1492 and our website for directions on bug submissions.
1493 [ISC-Bugs #24789]
1a6b62fe 1494
6980ae03 1495 Changes since 4.2.0 (new features)
51b8a8a0
SR
1496
1497- If a client renews before 'dhcp-cache-threshold' percent of its lease
1498 has elapsed (default 25%), the server will reuse the allocated lease
1499 (provide a lease within the currently allocated lease-time) rather
1500 than extend or renew the lease. This absolves the server of needing
1501 to perform an fsync() operation on the lease database before reply,
1502 which improves performance. [ISC-Bugs #22228]
80778e94 1503 Updated this patch to support asynchronous DDNS. If the server is
adb95d23 1504 attempting to do DDNS on a lease it should be updated and written to
4809ef5c 1505 disk even if that wouldn't be necessary due to the thresholding.
8cd88e20 1506 [ISC-Bugs #26311]
51b8a8a0 1507
6980ae03
SR
1508- The 'no available billing' log line now also logs the name of the last
1509 matching billing class tried before failing to provide a billing.
1510 [ISC-Bugs #21759]
1511
32e651c4
SR
1512- A problem with missing get_hw_addr function when --enable-use-sockets
1513 was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
1514 that use-sockets feature was not tested on those systems. Client and
1515 server code no longer use MAX_PATH constant that is not defined on
3cb6f9bb 1516 GNU/Hurd systems. [ISC-Bugs #25979]
32e651c4 1517
67418698
SR
1518- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
1519 can parse v4 lease files and output the lease information in a more
1520 human friendly manner. This was written by Christian Hammers with
1521 some updates by vom and ISC. This is contributed code and is not
1522 supported by ISC; however it may be useful to some users.
1523 [ISC-Bugs #20680]
1524
a7341359 1525- Add support in v6 for on-commit, on-expire and on-release.
4809ef5c 1526 [ISC-Bugs #27912]
a7341359 1527
01fa619f
SR
1528- Add support for using classes with v6.
1529 [ISC-Bugs #26510]
1530
d7d9c0c7
SR
1531- Update the DDNS code to current standards and allow for sharing
1532 of DDNS entries between v4 and v6 clients. The new code is used
1533 if the ddns-update-style is set to "standard", the older code is
1534 still available if ddns-update-style is set to "interim". The
1535 oldest DDNS code "ad-hoc" has been removed. Thanks to Thomas Pegeot
1536 who submitted a patch for this issue. This patch is based on
1537 that work with some modifications.
64fb661c 1538 [ISC-Bugs #21139]
1534fff7 1539
cde11a4c
SR
1540- Add a configuration option to the server to suppress using fsync().
1541 Enabling this option will mean that fsync() is never called. This
1542 may provide better performance but there is also a risk that a lease
1543 will not be properly written to the disk after it has been issued
1544 to a client and before the server stops. Using this option is
1545 not recommended.
64fb661c 1546 [ISC-Bugs #34810]
cde11a4c 1547
f88446f1
SR
1548- Add some logging statements to indicate when the server is ready
1549 to serve. One statement is emitted after the server has finished
1550 reading its files and is about to enter the dispatch loop.
1551 This is "Server starting service.".
1552 The second is emitted when a server determines that both it and
1553 its failover peer are in the normal state.
1554 This is "failover peer <name>: Both servers normal."
64fb661c 1555 [ISC-Bugs #33208]
f88446f1 1556
619304cd
SR
1557- Add support for accessing options from v6 relays. The v6relay
1558 statement allows the administrator to choose which relay to
1559 use when searching for an option, see the dhcp-options man page
6b9c9f87
SR
1560 for a description. The host-identifier option has also been
1561 updated to support the use of relay options, see the dhcpd.conf
619304cd
SR
1562 man page for a description.
1563 [ISC-Bugs #19598]
1564
e54ff84f 1565- When doing DDNS if there isn't an appropriate zone statement attempt
80778e94 1566 to find a reasonable nameserver via a DNS resolver. This restores
e54ff84f
SR
1567 some functionality that was lost in the transition to asynchronous
1568 DDNS. Due to the lack of security and increase in fragility of the
1569 system when using this feature we strongly recommend the use of
1570 appropriate zone statements rather than using this functionality.
1571 [ISC-Bugs #30461]
1572
61ef216b
SR
1573- Add support for specifying the address from which to send
1574 DDNS updates on the DHCP server. There are two new options
1575 "ddns-local-address4" and "ddns-local-address6" that each take
1576 one instance of their respective address types.
1577 [ISC-Bugs #34779]
4d079f0e 1578
38ee81bd
SR
1579- Add ignore-client-uids option in the server. This option causes
1580 the server to not record a client's uid in its lease. This
1581 violates the specification but may also be useful when a client
1582 can dual boot using different client ids but the same mac address.
6b9c9f87 1583 Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
38ee81bd
SR
1584 [ISC-Bugs #32427]
1585 [ISC-Bugs #35066]
4d079f0e
SR
1586
1587- Extend the DHCPINFORM processing to honor the subnet selection option
1588 and take host declarations into account.
1589 Thanks to Christof Chen for testing and submitting the patch.
1590 [ISC-Bugs #35015]
1591
fe2ac9e3
SR
1592- Extend the hardware expression to look into the lease structure
1593 for a hardware address if there is no packet. This allows the
1594 server to find the hardware address during on-expiry processing.
1595 [ISC-Bugs #24584]
61ef216b 1596
bc30c84e
SR
1597- Add definitions for some options that have been specified by the IETF.
1598 [ISC-Bugs #29268]
ccc2a367 1599 [ISC-Bugs #35198]
bc30c84e 1600
01a44a77 1601 Changes since 4.2.0 (bug fixes)
8ee352ee 1602
01a44a77
SR
1603- When using 'ignore client-updates;', the FQDN returned to the client
1604 is no longer truncated to one octet.
8ee352ee 1605
01a44a77 1606- Cleaned up an unused hardware address variable in nak_lease().
4889a646 1607
01a44a77
SR
1608- Manpage entries for the ia-pd and ia-prefix options were updated to
1609 reflect support for prefix delegation.
4889a646 1610
01a44a77 1611- Cleaned up some compiler warnings
7dc4e69c 1612
01a44a77
SR
1613- An optimization described in the failover protocol draft is now included,
1614 which permits a DHCP server operating in communications-interrupted state
1615 to 'rewind' a lease to the state most recently transmitted to its peer,
1616 greatly increasing a server's endurance in communications-interrupted.
1617 This is supported using a new 'rewind state' record on the dhcpd.leases
1618 entry for each lease.
c5bc8b1a 1619
01a44a77 1620- Fix the trace code which was broken by the changes to the DDNS code.
d0a10f6a 1621
01a44a77
SR
1622- Update the fsync code to work with the changes to the DDNS code. It now
1623 uses a timer instead of noticing if there are no more packets to process.
dc9d7b08 1624
01a44a77
SR
1625- When constructing the DNS name structure from a text string append
1626 the root to relative names. This satisfies a requirement in the DNS
1627 library that names be absolute instead of relative and prevents DHCP
1628 from crashing. [ISC-Bugs #21054]
a24b9f23 1629
01a44a77
SR
1630- "The LDAP Patch" that has been circulating for some time, written by
1631 Brian Masney and S.Kalyanasundraram and maintained for application to
1632 the DHCP-4 sources by David Cantrell has been included. Please be
1633 advised that these sources were contributed, and do not yet meet the
1634 high standards we place on production sources we include by default.
1635 As a result, the LDAP features are only included by using a compile-time
1636 option which defaults off, and if you enable it you do so under your
1637 own recognizance. We will be improving this software over time.
1638 [ISC-Bugs #17741]
c5bc8b1a 1639
01a44a77
SR
1640- Prohibit including lease time information in a response to a DHCP INFORM.
1641 [ISC-Bugs #21092]
cc17cbc3 1642
01a44a77
SR
1643! Accept a client id of length 0 while hashing. Previously the server would
1644 exit if it attempted to hash a zero length client id, providing attackers
1645 with a simple denial of service attack. [ISC-Bugs #21253]
1646 CERT: VU#541921 - CVE: CVE-2010-2156
08b2d347 1647
01a44a77 1648- A memory leak in ddns processing was closed. [ISC-Bugs #21377]
08b2d347 1649
01a44a77
SR
1650- Modify the exception handling for initial context creation. Previously
1651 we would try and clean up before exiting. This could present problems
1652 when the cleanup required part of the context that wasn't available. It
1653 also didn't do much as we exited afterwards anyway. Now we simply log
1654 the error and exit. [ISC-Bugs #21093]
ad4001ce 1655
01a44a77
SR
1656- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
1657 previously allocated (active) lease to a client that has changed subnets,
1658 despite being on different shared networks. Dynamic prefixes specifically
1659 allocated in shared networks also now are not offered if the client has
1660 moved. [ISC-Bugs #21152]
3cb6f9bb 1661
01a44a77 1662- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
f6dc164f 1663
01a44a77
SR
1664- Fix the trace code to handle timing events better and to truncate a file
1665 before using instead of overwriting it. [ISC-Bugs #20969]
4b8251a0 1666
01a44a77
SR
1667- Modify the determination of the default TTL to use for DDNS updates.
1668 The user may still configure the ttl via ddns-ttl. The default for
1669 both v4 and v6 is now 1/2 the (preferred) lease time with a limit. The
1670 previous defaults (1/2 lease time without a limit for v4 and a default
1671 value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
1672 [ISC-Bugs #21126]
47e8308d 1673
01a44a77
SR
1674- libisc/libdns is now brought up to version 9.7.1rc1. This corrects
1675 three reported flaws in ISC DHCP;
d9b5c150 1676
01a44a77
SR
1677 o DHCP processes (dhcpd, dhclient) fail to start if one of either the
1678 IPv4 or IPv6 address families is not present. [ISC-Bugs #21122]
08e6dad9 1679
01a44a77
SR
1680 o Assertion failure when attempting to cancel a previously running DDNS
1681 update. [ISC-Bugs #21133]
9f9265b6 1682
01a44a77
SR
1683 o Compilation failure of libisc/libdns due to the use of a flexible
1684 array member. [ISC-Bugs #21316]
9f9265b6 1685
01a44a77 1686- Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
35de6c8c 1687
01a44a77
SR
1688- Documentation cleanup covering multiple tickets
1689 [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
1690 [ISC-Bugs #20263] add text describing some default values
1691 [ISC-Bugs #20193] single quotes at the start of a line indicate a control
1692 line to nroff, escape them if we actually want a quote.
1693 [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
de87ffe3 1694
01a44a77
SR
1695- 'get-host-names true;' now also works even if 'use-host-decl-names true;'
1696 was also configured. The nature of this repair also fixes another
1697 error; the host-name supplied by a client is no longer overridden by a
1698 reverse lookup of the lease address. Thanks to a patch from Wilco Baan
1699 Hofman supplied to us by the Debian package maintenance team.
1700 [ISC-Bugs #21691] {Debian Bug#509445}
e563ec2e 1701
01a44a77
SR
1702- The .TH tag for the dhcp-options manpage was typo repaired
1703 thanks to a report from jidanni and the Debian package maintenance
1704 team. [ISC-Bugs #21676] {Debian Bug#563613}
3bedb117 1705
01a44a77
SR
1706- More documentation changes - primarily to put the options in the dhclient
1707 and dhcpd man pages into the standard form. Thanks in part to a patch
1708 from David Cantrell at Red Hat.
1709 [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
18a28679 1710
01a44a77
SR
1711- Add code to clear the pointer to an object in an OMAPI handle when the
1712 object is freed due to a dereference. [ISC-Bugs #21306]
0b2ec8c9 1713
01a44a77
SR
1714- Fixed a bug that leaks host record references onto lease structures,
1715 causing the server to apply configuration intended for one host to any
1716 other innocent clients that come along later. [ISC-Bugs #22018]
67b2cb45 1717
01a44a77
SR
1718- Minor code fixes
1719 [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
1720 the name to be at the apex of the zone.
1721 [ISC-Bugs #19617] Restrict length of interface name read from command line
1722 in dhcpd - based on a patch from David Cantrell at Red Hat.
1723 [ISC-Bugs #20039] Correct some error messages in dhcpd.c
1724 [ISC-Bugs #20070] Better range check on values when creating a DHCID.
9a111ee8 1725 [ISC-Bugs #20198] Avoid writing past the end of the field when adding
01a44a77
SR
1726 overly long file or server names to a packet and add a log message
1727 if the configuration supplied overly long names for these fields.
1728 Thanks to Martin Pala.
1729 [ISC-Bugs #21497] Add a little more randomness to rng seed in client
1730 thanks to a patch from Jeremiah Jinno.
74977c94 1731
01a44a77 1732- Correct error handling in DLPI [ISC-Bugs #20378]
30e42327 1733
01a44a77
SR
1734- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
1735 checked in configure. [ISC-Bugs #20443]
dbd65517 1736
01a44a77
SR
1737- Modify how the cmsg header is allocated the v6 send and received routines
1738 to compile on more compilers. [ISC-Bugs #20524]
0f750c4f 1739
01a44a77
SR
1740- When parsing a domain name free the memory for the name after we are
1741 done with it. [ISC-Bugs #20824]
b95f1ee0 1742
01a44a77
SR
1743- Add an elapsed time option to the release message and refactor the
1744 code to move most of the common code to a single routine.
1745 [ISC-Bugs #21171].
b95f1ee0 1746
01a44a77
SR
1747- Two identical log messages for commit_leases() have been disambiguated.
1748 [ISC-Bugs #18915]
0ef9a46e 1749
01a44a77
SR
1750- Parse date strings more properly - the code now handles semi-colons in
1751 date strings correctly. Thanks to a patch from Jiri Popelka at Red Hat.
1752 [ISC-Bugs #21501, #20598]
de6c9af6 1753
01a44a77
SR
1754- Fixes to lease input and output.
1755 [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
1756 strftime, paste together the same string using mktime instead.
1757 [ISC-Bugs #19596] - When parsing iaid values accept printable
1758 characters.
1759 [ISC-Bugs #21585] - Always print time values in omshell as hex
1760 instead of ascii if the values happen to be printable characters.
87132514 1761
01a44a77
SR
1762- Minor changes for scripts, configure.ac and Makefiles
1763 [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
1764 example conf file. Thanks to a patch from David Cantrell
1765 at Red Hat.
1766 [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
1767 [ISC-Bugs #19945] Properly close the quote on some arguments.
1768 [ISC-Bugs #20952] Add 64 bit types to configure.ac
adb95d23 1769 [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable
b047bd38 1770
01a44a77
SR
1771- Update the code to parse dhcpv6 lease files to accept a semi-colon at
1772 the end of the max-life and preferred-life clauses. In order to be
1773 backwards compatible with older lease files not finding a semi-colon
1774 is also accepted. [ISC-Bugs #22303].
e3c94800 1775
01a44a77
SR
1776! Handle a relay forward message with an unspecified address in the
1777 link address field. Previously such a message would cause the
e675b663 1778 server to crash. Thanks to a report from John Gibbins. [ISC-Bugs #21992]
01a44a77 1779 CERT: VU#102047 CVE: CVE-2010-3611
dd9237c3 1780
01a44a77
SR
1781- ./configure on longer searches for -lcrypto to explicitly link against.
1782 This fixes a bug where 'dhclient' would have shared library dependencies
1783 on '/usr/lib'. [ISC-Bugs #21967]
d13db163 1784
01a44a77
SR
1785- Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
1786 signal to a process and will kill the process if the signal isn't
1787 caught. This patch adds code to turn off the SIGPIPE signal via
1788 a setsockopt() call. The signal is already being ignored as part
1789 of the ISC library. [ISC-Bugs #22269]
b342f2e7 1790
01a44a77
SR
1791- Restore printing of values in omshell to the style pre 21585. For
1792 21585 we changed the print routines to always display time values
1793 as a hex list. This had a side effect of printing all data strings
1794 as a hex list. We shall investigate other ways of displaying time
1795 values more usefully. [ISC-Bugs #22626]
797aab67 1796
01a44a77
SR
1797! Fix the handling of connection requests on the failover port.
1798 Previously a connection request from a source that wasn't
1799 listed as a failover peer would cause the server to become
1800 non-responsive. Thanks to a report from Brad Bendily, brad@bendily.com.
1801 [ISC-Bugs #22679]
9a111ee8 1802 CERT: VU#159528 CVE: CVE-2010-3616
bc7f8b8e 1803
01a44a77
SR
1804- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
1805 Passing it through to the handlers caused the omshell program to fail
1806 to connect to the server. [ISC-Bugs #21839]
d289ee68 1807
adb95d23 1808- Fix the parenthesis in the code to process configuration statements
01a44a77
SR
1809 beginning with "auth". The previous arrangement caused
1810 "auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
d19fa5a1 1811
01a44a77
SR
1812- Limit the timeout period allowed in the dispatch code to 2^^32-1 seconds.
1813 Thanks to a report from Jiri Popelka at Red Hat.
1814 [ISC-Bugs #22033], [Red Hat Bug #628258]
bb9189c3 1815
01a44a77
SR
1816- When processing the format flags for a given option consume the
1817 flag indicating an optional value correctly. A symptom of this
1818 bug was an infinite loop when trying to parse the slp-service-scope
1819 option. Thanks to a patch from Marius Tomaschewski.
1820 [ISC-Bugs #22055]
cbbd2714 1821
01a44a77
SR
1822- Disable the use of kqueue in the ISC library. This avoids a problem
1823 between the fork and socket code that caused the dhcpd process to
1824 use all available cpu if the program daemonized itself.
1825 [ISC-Bugs #21911]
d208bb04 1826
01a44a77
SR
1827! When processing a request in the DHCPv6 server code that specifies
1828 an address that is tagged as abandoned (meaning we received a
1829 decline request for it previously) don't attempt to move it from
1830 the inactive to active pool as doing so can result in the server
1831 crashing on an assert failure. Also retag the lease as active
1832 and reset its timeout value.
1833 [ISC-Bugs #21921]
9a111ee8 1834
01a44a77
SR
1835- Removed the restriction on using IPv6 addresses in IPv4 mode. This
1836 allows IPv4 options which contain IPv6 addresses to be specified. For
1837 example the 6rd option can be specified and used like this:
1838 [ISC-Bugs #23039]
d208bb04 1839
01a44a77
SR
1840 option 6rd code 212 = { integer 8, integer 8,
1841 ip6-address, array of ip-address };
1842 option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
25f664a6 1843
01a44a77
SR
1844- Handle some DDNS corner cases better. Maintain the DDNS transaction
1845 information when updating a lease and cancel any existing transactions
9a111ee8 1846 when removing the ddns information.
01a44a77 1847 [ISC-Bugs #23103]
d424157d 1848
01a44a77
SR
1849- Some fixes for LDAP
1850 [ISC-Bugs #21783] - Include lber library when building ldap
1851 [ISC-Bugs #22888] - Enable the ldap code when buidling common
1852 The above fixes are from Jiri Popelka at Red Hat.
3221151b 1853
01a44a77
SR
1854- Modify the dlpi code to accept getmsg() returning a positive value.
1855 [ISC-Bugs #22824]
bea17697
SR
1856
1857! In dhclient check the data for some string options for
1858 reasonableness before passing it along to the script that
1859 interfaces with the OS.
1860 [ISC-Bugs #23722]
1861 CVE: CVE-2011-0997
c7aa4dd4
TM
1862
1863- DHCPv6 server now responds properly if client asks for a prefix that
1864 is already assigned to a different client. [ISC-Bugs #23948]
4a5bfeac
SR
1865
1866- Add the option "--no-pid" to the client, relay and server code,
1867 to disable writing a pid file. Add the option "-pf pidfile"
1868 to the relay to allow the user to supply the pidfile name at
1869 runtime. Add the "with-relay6-pid-file" option to configure
1870 to allow the user to supply the pidfile name for the relay
1871 in v6 mode at configure time.
1872 [ISC-Bugs #23351] [ISC-Bugs #17541]
5d082abd
TM
1873
1874- 'dhclient' no longer waits a random interval after first starting up to
1875 begin in the INIT state. This conforms to RFC 2131, but elects not to
9a111ee8 1876 implement a 'SHOULD' direction in section 4.1. The goal of this change
73c83820 1877 is to start up faster. [ISC-Bugs #19660]
9a111ee8
TM
1878
1879- Added 'initial-delay' parameter that specifies maximum amount of time
1880 before client goes to the INIT state. The default value is 0. In previous
1881 versions of the code client could wait up to 5 seconds. The old behavior
5d082abd 1882 may be restored by using 'initial-delay 5;' in the client config file.
73c83820 1883 [ISC-Bugs #19660]
5d082abd
TM
1884
1885- ICMP ping-check should now sit closer to precisely the number of seconds
1886 configured (or default 1), due to making use of the new microsecond
1887 scale timer internally to dhcpd. This corrects a bug where the server
1888 may immediately timeout an ICMP ping-check if it was made late in the
73c83820 1889 current second. [ISC-Bugs #19660]
5d082abd
TM
1890
1891- The DHCP client will schedule renewal and rebinding events in
1892 microseconds if the DHCP server provided a lease-time that would result
1893 in sub-1-second timers. This corrects a bug where a 2-second or lower
1894 lease-time would cause the DHCP client to enter an infinite loop by
73c83820 1895 scheduling renewal at zero seconds. [ISC-Bugs #19660]
5d082abd
TM
1896
1897- Client lease records are recorded at most once every 15 seconds. This
1898 keeps the client from filling the lease database disk quickly on very small
73c83820 1899 lease times. [ISC-Bugs #19660]
5d082abd
TM
1900
1901- To defend against RFC 2131 non-compliant DHCP servers which fail to
1902 advertise a lease-time (either mangled, or zero in value) the DHCP
1903 client now adds the server to the reject list ACL and returns to INIT
1904 state to hopefully find an RFC 2131 compliant server (or retry in INIT
73c83820 1905 forever). [ISC-Bugs #19660]
023fbaa0
TM
1906
1907- Parameters configured to evaluate from user defined function calls can
1908 now be correctly written to dhcpd.leases (as on 'on events' or dynamic
1909 host records inserted via OMAPI). [ISC-Bugs #22266]
1910
1911- If a 'next-server' parameter is configured in a dynamic host record via
1912 OMAPI as a domain name, the syntax written to disk is now correctly parsed
1913 upon restart. [ISC-Bugs #22266]
656b1ece
TM
1914
1915- The DHCP server now responds to DHCPLEASEQUERY messages from agents using
1916 IP addresses not covered by a subnet in configuration. Whether or not to
1917 respond to such an agent is still governed by the 'allow leasequery;'
1918 configuration parameter, in the case of an agent not covered by a configured
1919 subnet the root configuration area is examined. Server now also returns
1920 vendor-class-id option, if client sent it. [ISC-Bugs #21094]
9a111ee8 1921
fc06ee4f
SR
1922- Documentation fixes
1923 [ISC-Bugs #17959] add text to AIX section describing how to have it send
1924 responses to the all-ones address.
1925 [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
1926 [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
1927
1185c766
TM
1928- Relay no longer crashes, when DHCP packet is received over interface without
1929 any IPv4 address assigned. Also extended logging message about discarding
1930 packets with invalid hlen with information about relevant interface name.
1931 [ISC-Bugs #22409]
1932
c6455252
TM
1933- Relay now properly logs that packet was received over interface without
1934 global IPv6 address [ISC-Bugs #24070]
1935
9a111ee8
TM
1936- Linux Packet Filter interface improvement. sockaddr_pkt structure is used,
1937 rather than sockaddr. Packet ethertype is now forced to ETH_P_IP.
9369bdc1
TM
1938 [ISC-Bugs #18975]
1939
fb30f3fc
SR
1940- Minor code cleanups - but note port change for #23196
1941 [ISC-Bugs #23470] - Modify when an ignore return macro is defined to
1942 handle unsed error return warnings for more versions of gcc.
1943 [ISC-Bugs #23196] - Modify the reply handling in the server code to
1944 send to a specified port rather than to the source port for the incoming
1945 message. Sending to the source port was test code that should have
1946 been removed. The previous functionality may be restored by defining
1947 REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
1948 enable this except for testing purposes.
1949 [ISC-Bugs #22695] - Close a file descriptor in an error path.
1950 [ISC-Bugs #19368] - Tidy up variable types in validate_port.
1951
c616de4f 1952- Code cleanup: remove obsolete PROTO, KandR, INLINE and ANSI_DECL macros
9a111ee8 1953 [ISC-Bugs #13151]
c616de4f
TM
1954
1955- Compilation problem with gcc4.5 and omshell.c resolved. [ISC-Bugs #23831]
a34feb7d 1956
4f55e11b
SR
1957- Client Script fixes
1958 [ISC-Bugs #23045] Typos in client/scripts/openbsd
1959 [ISC-Bugs #23565] In the client scripts add a zone id (interface id) if
1960 the domain search address is link local.
1961 [ISC-Bugs #1277] In some of the client scripts add code to handle the
1962 case of the default router information being changed without the address
1963 being changed.
1964
802fdea1
TM
1965- Documentation cleanup
1966 [ISC-Bugs #23326] Updated References document, several man page updates
1967
9a111ee8 1968- Server no longer complains about NULL pointer when configured
1b601efa
TM
1969 server-identifier expression fails to evaluate. [ISC-Bugs #24547]
1970
199f0b8a
SR
1971- Convert ISC_R_INPROGRESS status to ISC_R_SUCCESS when called from other
1972 than the dispatch handler. This fixes an issue where omshell, when
1973 run from the same platform as the server, would appear to fail to
1974 connect. This is a companion to #21839. [ISC-Bugs #23592]
1975
786f2e79
SR
1976- Enlarge the buffer size used by the Omshell code and some of the
1977 print routines to allow for greater than 60 characters or, when
1978 printing as hex strings, 20 characters. [ISC-Bugs #22743]
1979
7cfeb916
SR
1980- In Solaris 11 switch to using sockets instead of DLPI, thanks
1981 to a patch form Oracle. [ISC-Bugs #24634].
1982
9a111ee8
TM
1983- Strict checks for content of domain-name DHCPv4 option can now be
1984 configured during compilation time. Even though RFC2132 does not allow
1985 to store more than one domain in domain-name option, such behavior is
d15aa964
TM
1986 now enabled by default, but this may change some time in the future.
1987 See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
1988 [ISC-Bugs #24167]
1989
beaed73f
SR
1990- DNS Update fix. A misconfigured server could crash during DNS update
1991 processing if the configuration included overlapping pools or
1992 multiple fixed-address entries for a single address. This issue
1993 affected both IPv4 and IPv6. The fix allows a server to detect such
1994 conditions, provides the user with extra information and recommended
1995 steps to fix the problem. If the user enables the appropriate option
1996 in site.h then server will be terminated
1997 [ISC-Bugs #23595]
1998
8bd96ccb
SR
1999! Two packets were found that cause a server to halt. The code
2000 has been updated to properly process or reject the packets as
2001 appropriate. Thanks to David Zych at University of Illinois
2002 for reporting this issue. [ISC-Bugs #24960]
2003 One CVE number for each class of packet.
2004 CVE-2011-2748
2005 CVE-2011-2749
2006
01a44a77
SR
2007- Fix the code that checks for an existing DDNS transaction to cancel
2008 when removing DDNS information, so that we will continue with the
2009 processing if we have a lease even if it doesn't have an outstanding
2010 transaction. [ISC-Bugs #24682]
5a38e43f 2011
01a44a77
SR
2012- Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
2013 configuration files. [ISC-Bugs #24107]
5a38e43f 2014
01a44a77
SR
2015- Add support for passing DDNS information to a DNS server over
2016 an IPv6 address. [ISC-Bugs #22647]
524705e5 2017
01a44a77
SR
2018- Enhanced patch for 23595 to handle IPv4 fixed addresses more
2019 cleanly. [ISC-Bugs #23595]
66be0ad1 2020
01a44a77
SR
2021! Add a check for a null pointer before calling the regexec function.
2022 Without this check we could, under some circumstances, pass
2023 a null pointer to the regexec function causing it to segfault.
2024 Thanks to a report from BlueCat Networks.
2025 [ISC-Bugs #26704].
2026 CVE: CVE-2011-4539
57fbc772 2027
01a44a77
SR
2028! Modify the DDNS handling code. In a previous patch we added logging
2029 code to the DDNS handling. This code included a bug that caused it
2030 to attempt to dereference a NULL pointer and eventually segfault.
2031 While reviewing the code as we addressed this problem, we determined
2032 that some of the updates to the lease structures would not work as
2033 planned since the structures being updated were in the process of
2034 being freed: these updates were removed. In addition we removed an
2035 incorrect call to the DDNS removal function that could cause a failure
2036 during the removal of DDNS information from the DNS server.
2037 Thanks to Jasper Jongmans for reporting this issue.
2038 [ISC-Bugs #27078]
2039 CVE: CVE-2011-4868
57fbc772 2040
01a44a77
SR
2041- Fixed the code that checks if an address the server is planning
2042 to hand out is in a reserved range. This would appear as
2043 the server being out of addresses in pools with particular ranges.
2044 [ISC-Bugs #26498]
57fbc772 2045
01a44a77
SR
2046- In the DDNS code handle error conditions more gracefully and add more
2047 logging code. The major change is to handle unexpected cancel events
2048 from the DNS client code.
2049 [ISC-Bugs #26287]
57fbc772 2050
01a44a77
SR
2051- Tidy up the receive calls and eliminate the need for found_pkt.
2052 [ISC-Bugs #25066]
9a111ee8 2053
01a44a77
SR
2054- Add support for Infiniband over sockets to the server and
2055 relay code. We've tested this on Solaris and hope to expand
2056 support for Infiniband in the future. This patch also corrects
2057 some issues we found in the socket code.
2058 [ISC-Bugs #24245]
197c917e 2059
01a44a77
SR
2060- Add a compile time check for the presence of the noreturn attribute
2061 and use it for log_fatal if it's available. This will help code
2062 checking programs to eliminate false positives.
2063 [ISC-Bugs #27539]
8bd445a1 2064
01a44a77
SR
2065- Fixed many compilation problems ("set, but not used" warnings) for
2066 gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
83d409ae 2067
01a44a77
SR
2068- Modify the code that determines if an outstanding DDNS request
2069 should be cancelled. This patch results in cancelling the
2070 outstanding request less often. It fixes the problem caused
2071 by a client doing a release where the TXT and PTR records
2072 weren't removed from the DNS.
2073 [ISC-BUGS #27858]
6aaaf6a4 2074
01a44a77
SR
2075- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
2076 and dhcpv6_packet in several more places. Thanks to a report from
2077 Bruno Verstuyft and Vincent Demaertelaere of Excentis.
2078 [ISC-Bugs #27941]
4e0997c6 2079
01a44a77
SR
2080- Remove outdated note in the description of the bootp keyword about the
2081 option not satisfying the requirement of failover peers for denying
2082 dynamic bootp clients.
2083 [ISC-bugs #28574]
ad59838e 2084
01a44a77
SR
2085- Multiple items to clean up IPv6 address processing.
2086 When processing an IA that we've seen check to see if the
2087 addresses are usable (not in use by somebody else) before
2088 handing it out.
2089 When reading in leases from the file discard expired addresses.
2090 When picking an address for a client include the IA ID in
2091 addition to the client ID to generally pick different addresses
2092 for different IAs.
2093 [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
2094 [ISC-Bugs #27684]
f33dc722 2095
01a44a77
SR
2096- Remove unnecessary checks in the lease query code and clean up
2097 several compiler issues (some dereferences of NULL and treating
2098 an int as a boolean).
2099 [ISC-Bugs #26203]
4dc5a6b1 2100
01a44a77
SR
2101- Fix the NA and PD allocation code to handle the case where a client
2102 provides a preference and the server doesn't have any addresses or
2103 prefixes available. Previously the server ignored the request with
2104 this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
2105 By default the code performs according to the errata of August 2010
2106 for RFC 3315 section 17.2.2; to enable the previous style see the
2107 section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
2108 may be removed in the future.
2109 Thanks to Jiri Popelka at Red Hat for the patch.
2110 [ISC-Bugs #22676]
3004baba 2111
01a44a77
SR
2112- Fix up some issues found by static analysis.
2113 A potential memory leak and NULL dereference in omapi.
2114 The use of a boolean test instead of a bitwise test in dst.
2115 [ISC-Bugs #28941]
3004baba 2116
01a44a77
SR
2117- Rotate the lease file when running in v6 mode.
2118 Thanks to Christoph Moench-Tegeder at Astaro for the
2119 report and the first version of the patch.
2120 [ISC-Bugs #24887]
9d97e644 2121
01a44a77
SR
2122- Correct code to calculate timing values in client to compare
2123 rebind value to infinity instead of renew value.
2124 Thanks to Chenda Huang from H3C Technologies Co., Limited
2125 for reporting this issue.
2126 [ISC-Bugs #29062]
23d39ae2 2127
01a44a77
SR
2128- Fix some issues in the code for parsing and printing options.
2129 [ISC-Bugs #22625] - properly print options that have several fields
2130 followed by an array of something for example "fIa"
2131 [ISC-Bugs #27289] - properly parse options in declarations that have
2132 several fields followed by an array of something for example "fIa"
2133 [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
2134 value in evaluate_numeric_expression (extract-int).
2135 [ISC-Bugs #27314] - properly parse a zero length option from
2136 a lease file. Thanks to Marius Tomaschewski from SUSE for the report
2137 and prototype patch for this ticket as well as ticket 27289.
23d39ae2 2138
01a44a77
SR
2139! Previously the server code was relaxed to allow packets with zero
2140 length client ids to be processed. Under some situations use of
2141 zero length client ids can cause the server to go into an infinite
2142 loop. As such ids are not valid according to RFC 2132 section 9.14
2143 the server no longer accepts them. Client ids with a length of 1
2144 are also invalid but the server still accepts them in order to
2145 minimize disruption. The restriction will likely be tightened in
2146 the future to disallow ids with a length of 1.
2147 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 2148 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR
2149 [ISC-Bugs #29851]
2150 CVE: CVE-2012-3571
0c9d3a81 2151
01a44a77
SR
2152! When attempting to convert a DUID from a client id option
2153 into a hardware address handle unexpected client ids properly.
2154 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 2155 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR
2156 [ISC-Bugs #29852]
2157 CVE: CVE-2012-3570
e1a40211 2158
01a44a77
SR
2159! A pair of memory leaks were found and fixed. Thanks to
2160 Glen Eustace of Massey University, New Zealand for finding
2161 this issue.
2162 [ISC-Bugs #30024]
2163 CVE: CVE-2012-3954
e7e17397 2164
01a44a77
SR
2165- Existing legacy unit-tests have been migrated to Automated Test
2166 Framework (ATF). Several new tests have been developed. To enable
2167 unit-tests, please use --with-atf in configure script. A Developer's
2168 Guide has been added. To generate it, please use make devel in
2169 the doc directory. It is currently in early stages of development,
2170 but is expected to grow in the near future. [ISC-Bugs 25901]
ef86959b 2171
01a44a77
SR
2172! An issue with the use of lease times was found and fixed. Making
2173 certain changes to the end time of an IPv6 lease could cause the
2174 server to abort. Thanks to Glen Eustace of Massey University,
2175 New Zealand for finding this issue.
2176 [ISC-Bugs #30281]
2177 CVE: CVE-2012-3955
ef86959b 2178
01a44a77
SR
2179- Update the memory leakage debug code to work with v6.
2180 [ISC-Bugs #30297]
919f1407 2181
01a44a77
SR
2182- Relax the requirements for deleting an A or AAAA record.
2183 Previously the DDNS removal code required both the A or AAAA
2184 record and the TXT record to exist. This requirement could
2185 cause problems if something interrupted the removal leaving
2186 the TXT record alone. This relaxation was codified in RFC 4703.
2187 [ISC-Bugs #30734]
8a0d9ca4 2188
01a44a77
SR
2189- Modify the failover code to handle incorrect peer names
2190 better. Previously the structure holding the name might
2191 have been freed inappropriately in some cases and not
2192 freed in other cases.
2193 [ISC-Bugs #30320]
17a8f0e2 2194
01a44a77
SR
2195- Add a configure option, enable-secs-byteorder, to deal with
2196 clients that do the byte ordering on the secs field incorrectly.
2197 This field should be in network byte order but some clients
2198 get it wrong. When this option is enabled the server will examine
2199 the secs field and if it looks wrong (high byte non zero and low
2200 byte zero) swap the bytes. The default is disabled. This option
2201 is only useful when doing load balancing within failover.
2202 [ISC-Bugs #26108]
badc999d 2203
01a44a77
SR
2204- Fix a set of issues that were discovered via a code inspection
2205 tool. Thanks to Jiri Popelka and Tomas Hozza Red Hat for the logs
2206 and patches.
2207 [ISC-Bugs #23833]
0d8c3d6e 2208
9a111ee8 2209- Parsing unquoted base64 strings improved. Parser now properly handles
01a44a77 2210 strings that contain reserved names. [ISC-Bugs #23048]
1e05d095 2211
01a44a77
SR
2212- Modify the nak_lease function to make some attempts to find a
2213 server-identifier option to use for the NAK.
2214 [ISC-Bugs #25689]
1e05d095 2215
01a44a77
SR
2216- The client now passes information about the options it requested
2217 from the server to the script code via environment variables.
2218 These variables are of the form requested_<option_name>=1 with
2219 the option name being the same as used in the new_* and old_*
2220 variables.
2221 [ISC-Bugs #29068]
1943bbf8 2222
01a44a77
SR
2223- Add support for a simple check that the server id in a request message
2224 to a failover peer matches the server id of the server. This support
2225 is enabled by editing the file includes/site.h and uncommenting the
2226 definition for SERVER_ID_CHECK. The option has several restrictions
2227 and issues - please read the comment in the site.h file before
2228 enabling it.
2229 [ISC-Bugs #31463]
8a513c43 2230
01a44a77
SR
2231- Tidy up some compiler issues in the debug code.
2232 [ISC-Bugs #26460]
d122accf 2233
adb95d23 2234- Move the dhcpd.conf example file to dhcpd.conf.example to avoid
01a44a77
SR
2235 overwriting the dhcpd.conf file when installing a new version of
2236 ISC DHCP. The user will now need to manual copy and edit the
2237 dhcpd.conf file as desired.
2238 [ISC-Bugs #19337]
0d8c3d6e 2239
01a44a77
SR
2240- Check the status value when trying to read from a connection to
2241 see if it may have been closed. If it appears closed don't try
2242 to read from it again. This avoids a potential busy-wait like
2243 loop when the peer names are mismatched.
2244 [ISC-Bugs #31231]
590298e7 2245
01a44a77
SR
2246- Remove an unused variable to keep compilers happy.
2247 [ISC-Bugs #31983]
2b58b865 2248
01a44a77
SR
2249- Modify test makefiles to be more similar to standard makefiles
2250 and comment out a currently unused test.
2251 [ISC-Bugs #32089]
600ee619 2252
01a44a77
SR
2253- Address static analysis warnings.
2254 [ISC-Bugs #33510] [ISC-Bugs #33511]
a5c7bf77 2255
01a44a77
SR
2256- Silence benign static analysis warnings.
2257 [ISC-Bugs #33428]
a5c7bf77 2258
01a44a77
SR
2259- Add check for 64-bit package for atf.
2260 [ISC-Bugs #32206]
a5c7bf77 2261
01a44a77
SR
2262- Use newer auto* tool packages and turn on RFC_3542 support on Mac OS.
2263 [ISC-Bugs #26303]
a5c7bf77 2264
01a44a77
SR
2265- Remove a variable when it isn't being used due to #ifdefs to avoid
2266 a compiler warning on Solaris using GCC.
2267 [ISC-Bugs #33032]
0585235c 2268
01a44a77
SR
2269- Add a check for too much whitespace in a config or lease file.
2270 Thanks to Paolo Pellegrino for finding the issue and a suggestion
2271 for the patch.
2272 [ISC-Bugs #33351]
0585235c 2273
01a44a77
SR
2274- Fix several problems with using OMAPI to manipulate class and subclass
2275 objects.
2276 [ISC-Bugs #27452]
f4bc8261 2277
01a44a77
SR
2278- Added a sleep call after killing the old client to allow time
2279 for the sockets to be cleaned. This should allow the -r option
2280 to work more consistently.
2281 [ISC-Bugs #18175]
33692791 2282
01a44a77
SR
2283- Missing files for ISC DHCP Developer's Guide are now included in
2284 the release tarballs. To generate this documentation, please use
2285 make devel command in doc directory. [ISC-Bugs #32767]
928618dd 2286
01a44a77
SR
2287- Update client script for use with openwrt.
2288 [ISC-Bugs #29843]
928618dd 2289
01a44a77
SR
2290- Fix the socket handling for DHCPv6 clients to allow multiple instances
2291 of a client on a single machine to work properly. Previously only
2292 one client would receive the packets. Thanks to Jiri Popelka at Red Hat
2293 for the bug report and a potential patch.
2294 [ISC-Bugs #34784]
3c941d42 2295
01a44a77
SR
2296- Added support for gentle shutdown after signal is received.
2297 [ISC-Bugs #32692] [ISC-Bugs 34945]
bdd8e747 2298
01a44a77
SR
2299- Enhance the DHCPv6 server logging to include the addresses that are assigned
2300 to the clients.
2301 [ISC-Bugs #26377]
3da71461 2302
01a44a77
SR
2303- Fix an operation in the DDNS code to be a bitwise instead of logical or.
2304 [ISC-Bugs #35138]
fdfebedf 2305
7aa153b8 2306
adbef119
DH
2307 Changes since 4.1.0 (new features)
2308
d340bc24
DH
2309- Failover port configuration can now be left to defaults (port 647) as
2310 described in the -12 revision of the Failover draft (and assigned by
4b97eaff 2311 IANA). Thanks in part to a patch from David Cantrell at Red Hat.
adbef119 2312
0829d595
DH
2313- If configured, dhclient may now transmit to an anycast MAC address,
2314 rather than using a broadcast address. Thanks to a patch from David
2315 Cantrell at Red Hat.
2316
8a3c1e33
PS
2317- Added client support for setting interface MTU and metric, thanks to
2318 Roy "UberLord" Marples <roy@marples.name>.
2319
a41d7a25
PS
2320- Added client -D option to specify DUID type to send.
2321
9e3eb22a
DH
2322- A new failover configuration parameter has been introduced for those
2323 environments where DHCP servers can be reasonably guaranteed to be
2324 "down" when the failover TCP socket is severed, "auto-partner-down".
2325 This parameter is not generally safe, and by default is disabled, so
2326 please carefully review the documentation of this parameter in the
2327 dhcpd.conf(5) manpage before determining to use it yourself.
2328
33ea4622
DH
2329- Added a configuration function, 'gethostname()', which calls the system
2330 function of the same name and presents the results as a data expression.
2331 This function can be used to incorporate the system level hostname of
2332 the system the DHCP software is operating on in responses or queries (such
2333 as including a failover partner's hostname in a dhcp message or binding
2334 scope, or having a DHCP client send any system hostname in the host-name or
2335 FQDN options by default).
2336
5a671e87
DH
2337- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
2338 for DHCPv4 operation and used independently of the dhcp-lease-time
2339 calculations. Invalid renew and rebinding times (e.g., greater than the
2340 determined lease time) are omitted.
2341
adb95d23 2342- Processing the DHCP to DNS server transactions in an asynchronous fashion,
45adf35c 2343 the DHCP server or client can now continue with its processing while
98bf1607 2344 awaiting replies from the DNS server.
c900c5b2
DH
2345
2346- The 'hardware [ethernet|etc] ...;' parameter in host records has been
2347 extended to attempt to match DHCPv6 clients by the last octets of a
2348 DUID-LL or DUID-LLT provided by the client.
2349
59112e84
SR
2350 Changes since 4.1.0 (bug fixes)
2351
62f6843d
MA
2352- Remove infinite loop in token_print_indent_concat().
2353
59112e84
SR
2354- Validate the argument to the -p option.
2355
47e6eb82
DH
2356- The notorious 'option <unknown> ... larger than buffer' log line,
2357 which is seen in some malformed DHCP client packets, was modified.
2358 It now logs the universe name, and does not log the length values
2359 (which are bogus corruption read from the packet anyway). It also
2360 carries a hopefully more useful explanation.
2361
159c89d7
EH
2362- Suppress spurious warnings from configure about --datarootdir
2363
1aa0fe5e
DH
2364- A bug was fixed that caused the server not to answer some valid Solicit
2365 and Request packets, if the dynamic range covering any requested addresses
2366 had been deleted from configuration.
2367
cd51403d
SR
2368- Update the code to deal with GCC 4.3. This included two sets of changes.
2369 The first is to the configuration files to include the use of
571c38b0 2370 AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
cd51403d
SR
2371 were being ignored.
2372
64e1823d
DH
2373- The db-time-format option was documented in manpages.
2374
26e59ee9
DH
2375- Using reserved leases no longer results in 'lease with binding state
2376 free not on its queue' error messages, thanks to a patch from Frode
2377 Nordahl.
2378
70ea9345
PS
2379- Fix a build error in dhcrelay, using older versions of gcc with
2380 dhcpv6 disabled.
2381
8d7dca58 2382- Two uninitialized stack structures are now memset to zero, thanks to a
4b97eaff 2383 patch from David Cantrell at Red Hat.
819186b7 2384
f4534b17
DH
2385- Fixed a cosmetic bug where pretty-printing valid domain-search options would
2386 result in an erroneous error log message ('garbage in format string').
2387
f9453d21
DH
2388- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
2389 to stop receiving packets is fixed. The same fix also means that the MAC
2390 address will no longer appear 'bogus' on DLPI-based systems.
2391
2392- A bug in select handling was discovered where the results of one select()
2393 call were discarded, causing the server to process the next select() call
2394 and use more system calls than required. This has been repaired - the
2395 sockets will be handled after the first return from select(), resulting in
2396 fewer system calls.
2397
a3dcc0b1
DH
2398- The update-conflict-detection feature would leave an FQDN updated without
2399 a DHCID (still currently implemented as a TXT RR). This would cause later
2400 expiration or release events to fail to remove the domain name. The feature
2401 now also inserts the client's up to date DHCID record, so records may safely
2402 be removed at expiration or release time. Thanks to a patch submitted by
2403 Christof Chen.
2404
95fd7038
DH
2405- Memory leak in the load_balance_mine() function is fixed. This would
2406 leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
2407 and in normal state.
2408
2409- Various compilation fixes have been included for the memory related
2410 DEBUG #defines in includes/site.h.
2411
8a3c1e33
PS
2412- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
2413
2414- Fixed setting hostname in Linux hosts that require hostname argument
2415 to be double-quoted. Also allow server-provided hostname to
2416 override hostnames 'localhost' and '(none)'.
2417
dedde1ba
DH
2418- Fixed failover reconnection retry code to continue to retry to reconnect
2419 rather than restarting the listener.
2420
a57df74a
DH
2421- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
2422 been repaired. Other USE_ overrides should work better.
2423
2424- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
2425 that probably still resulted in the correct behaviour (but wouldn't use
2426 a larger defined value provided by the host OS).
2427
350576c5
DH
2428- Fixed a bug where an OMAPI socket disconnection message would not result
2429 in scheduling a failover reconnection, if the link had not negotiated a
2430 failover connect yet (e.g.: connection refused, asynch socket connect()
2431 timeouts).
2432
792156a9
DH
2433- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
2434 in failover state records.
2435
8a4e543b
DH
2436! A stack overflow vulnerability was fixed in dhclient that could allow
2437 remote attackers to execute arbitrary commands as root on the system,
2438 or simply terminate the client, by providing an over-long subnet-mask
1b12d999 2439 option. CERT VU#410676 - CVE-2009-0692
8a4e543b 2440
a1308b64
DH
2441- Fixed a bug where relay agent options would never be returned when
2442 processing a DHCPINFORM.
2443
1b12d999
DH
2444- Versions 3.0.x syntax with multiple name->code option definitions is now
2445 supported. Note that, similarly to 3.0.x, for by-code lookups only the
2446 last option definition is used.
2447
d453265f
PS
2448- Fixed a bug where a time difference of greater than 60 seconds between a
2449 failover pair could cause the primary to crash on contact with the
2450 secondary. Thanks to a patch from Steinar Haug.
2451
3e29af1e
PS
2452- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
2453 Thanks to patches from Matthew Newton and David Cantrell.
2454
b8d45c67
DH
2455- Secondary servers in a failover pair will now perform ddns removals if
2456 they had performed ddns updates on a lease that is expiring, or was
2457 released through the primary. As part of the same fix, stale binding scopes
2458 will now be removed if a change in identity of a lease's active client is
2459 detected, rather than simply if a lease is noticed to have expired (which it
2460 may have expired without a failover server noticing in some situations).
2461
583c1c16
DH
2462- A patch supplied by David Cantrell at RedHat was applied that detects
2463 invalid calling parameters given to the ns_name_ntop() function.
2464 Specifically, it detects if the caller passed a pointer and size pair
2465 that causes the pointer to integer-wrap past zero.
2466
e4e3a2ab
DH
2467! Fixed a fenceposting bug when a client had two host records configured,
2468 one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
95f5d38c 2469
875e99dc
SR
2470- Fixed the check in the dhcp_interface_signal_handler routine to verify
2471 the existence of the linked signal handler before calling it.
2472
2267da84
DH
2473- Both host and subnet6 configuration groups are now included whether a
2474 fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
2475 precedence. This fixes two bugs, one where host scoped configuration
2476 would not be included from a non-fixed-address6 host record, and the equal
2477 and opposite bug where subnet6 scoped configuration would not be used when
571c38b0 2478 over-riding values were not present in a matching fixed-address6 host
2267da84
DH
2479 configuration.
2480
cd3f0b9b
DH
2481- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
2482 correcting a compilation failure when using Sun's compiler.
2483
0493fdca
SR
2484- Modified the handling of a connection to avoid releasing the omapi io
2485 object for the connection while it is still in use. One symptom from
2486 this error was a segfault when a failover secondary attempted to connect
2487 to the failover primary if their clocks were not synchronized.
2488
95bba8b6
SR
2489- Clean up to allow compilation with gcc 2.95.4 on FreeBSD. Remove an
2490 extra semi-colon from common/dns.c and moved setting a variable to NULL
2491 in server/dhcpv6.c to allow the compiler to decide that the variable
9a111ee8 2492 was always properly set.
95bba8b6 2493
adbef119 2494 Changes since 4.1.0b1
ebf076fe
EH
2495
2496- A missing "else" in dhcrelay.c could have caused an interface not to
2497 be recognized.
61d75ea2 2498
a4ffedd1
DH
2499 Changes since 4.1.0a2
2500
2501- A cosmetic bug in DHCPDECLINE processing was fixed which caused all
2502 successful DHCPDECLINEs to be logged as "not found" rather than
2503 "abandoned".
2504
6ff3b26d
FD
2505- Added configuration file examples for DHCPv6.
2506
1387545f
DH
2507- Some failover debugging #defines have been better defined and some
2508 high frequency messages moved to a deeper debugging symbol.
2509
2510- The CLTT parameter in failover is now only updated by client activity,
2511 and not by failover binding updates (taking on the peer's CLTT).
2512
2513- Failover BNDUPD messages are now discarded if they conflict with an
d7ac7a27 2514 update that has been transmitted, but not acknowledged.
1387545f 2515
399d3dbe
DH
2516- A bug cleaning up unknown-xxx temporary option definitions was fixed.
2517
fbcee149
DH
2518- Delayed-ack is now a compile-time option, compiled out by default.
2519 This feature is simply too experimental for right now, and causes
2520 some problems to some failover installations. We will revisit this
2521 in future releases.
2522
f1672d89
DH
2523- The !inet_pton() call in res_mkupdrec was adjusted to '<= 0' as
2524 inet_pton returns either 1, 0, or -1.
2525
236d3a99
DH
2526- A dhclient-script for MacOS X has been included, which enables
2527 'dhclient -6' support.
2528
efa5e6b9
DH
2529- DDNS removal routines were updated so that the DHCID is not removed until
2530 the client has been deprived of all A and AAAA records (not only the last
2531 one of either of those). This resolves a bug where dual stack clients
2532 would not be able to regain their names after either expiration event.
2533
7d6180be 2534 Changes since 4.1.0a1
edcb5c46
EH
2535
2536- Corrected list of failover state values in dhcpd man page.
2537
51e7687f
EH
2538- Fixed a bug that caused some request types to be logged incorrectly.
2539
20210a7b
EH
2540- Clients that sent a parameter request list containing the
2541 routers option before the subnet mask option were receiving
2542 only the latter. Fixed.
2543
535485df
EH
2544- The server wasn't always sending the FQDN option when it should.
2545
8fbb55ff
DH
2546- A partner-down failover server no longer emits 'peer holds all free leases'
2547 if it is able to newly-allocate one of the peer's leases.
2548
61220a00
EH
2549- Fixed a coredump when adding a class via OMAPI.
2550
c40e954c
EH
2551- Check whether files are zero length before trying to parse them.
2552
63971a83
DH
2553- Ari Edelkind's PARANOIA patch has been included and may be compiled in
2554 via two ./configure parameters, --enable-paranoia and
2555 --enable-early-chroot.
2556
66cebfcb
DH
2557- ./configure was extended to cover many optional build features, such
2558 as failover, server tracing, debugging, and the execute() command.
2559
f8cbf390
DH
2560- There is now a default 1/4 of a second scheduled delay between delayed
2561 fsync()'s, it can be configured by the max-ack-delay configuration
2562 parameter.
2563
8269561d
DH
2564- A bug was fixed where the length of a hostname was miscalculated, so that
2565 hosts were given odd-looking domain names ("foo.bar.ba.example.com").
2566
b445a411
DH
2567- Shared network selection should be done from the innermost relay
2568 valid link-address field, rather than the outermost.
2569
bd72740e
FD
2570- Prefix pools are attached to shared network scopes.
2571
9322442f
FD
2572- Merged IA_XX related structures.
2573
8dea7ba7
FD
2574- Add DHCPv6 files in configure.
2575
4619c0a2
DH
2576- A memory leak when using omapi has been fixed.
2577
9ac4206a
DH
2578- DHCPv6 vendor-class options (VSIO) are now only sent when they appear
2579 on the DHCPv6 ORO. This resolves a bug where VSIO options were placed
2580 in IA_NA encapsulated options fields.
2581
420d8b3f
FD
2582- Integrated client with stateless, temporary address and prefix delegation
2583 support.
2584
40ec5f38
DH
2585- A double-dereference in dhclient transmission of DHCPDECLINEs was
2586 repaired.
2587
80097764
FD
2588- Fix handling of format code 'Z'.
2589
ffbaa880
FD
2590- Support "-1" argument in DHCPv6.
2591
7de20a95
EH
2592- Merge DHCPv6-only "dhcrelay6" into general-purpose "dhcrelay" (use
2593 "-6" option to select DHCPv6 mode).
2594
d352732e
EH
2595- Fix handling of -A and -a flags in dhcrelay; it was failing to expand
2596 packet size as needed to add relay agent options.
2597
7d6180be
DH
2598- A bug in subnet6 parsing where options contained in subnet6 clauses would
2599 not be applied to clients addressed within that network was repaired.
2600
2601- When configuring a "subnet {}" or "subnet6 {}" without an explicit
2602 shared-network enclosing it, the DHCP software would synthesize a
2603 shared-network to contain the subnet. However, all configuration
2604 parameters within the subnet more intuitively belong "to any client
2605 on that interface", or rather the synthesized shared-network. So,
2606 when a shared-network is synthesized, it is used to contain the
2607 configuration present inside the subnet {} clause. This means that
2608 the configuration will be valid for all clients on that network, not
2609 just those addressed out of the stated subnet. If you intended the
2610 opposite, the workaround is to explicitly configure an empty
2611 shared-network.
2612
2613- A bug was fixed where Information-Request processing was not sourcing
2614 configured option values.
2615
2616- A warning was added since the DHCPv6 processing software does not yet
2617 support class statements.
2618
adb95d23 2619- Compilation warnings on GCC 4.3 relating to bootp source address
dd484ced
DH
2620 selection were repaired.
2621
ecddae64
DH
2622- The v6 BSD socket method was updated to use a single UDP BSD socket
2623 no matter how many interfaces are involved, differentiating the
2624 interfaces the packets were received on by the interface index supplied
2625 by the OS.
2626
2627- The relay agent no longer listens to the All DHCP Servers Multicast
2628 address.
2629
2630- A bug was fixed in data_string_sprintfa() where va_start was only called
2631 once for two invocations of vsprintf() variants.
2632
d104d45b
DH
2633- ERO (RFC 4994) server support.
2634
2635- Basic and partial DHCPv6 leasequery support.
2636
2637- Reliable DHCPv6 release (previous behavior, send release and exit, is
2638 still available with dhclient -6 -1 -r).
2639
01a54c17 2640 Changes since 4.0.0 (new features)
3c12f746 2641
6d7f9584
FD
2642- Added DHCPv6 rapid commit support.
2643
4cafb815 2644- Added explicit parser support for zero-length DHCP options, such as
6d7f9584 2645 rapid-commit, via format code 'Z'.
4cafb815 2646
022fe95e
EH
2647- It's now possible to update the "ends" field of a lease with OMAPI.
2648 This is useful if you want not only to release a lease, but also make
2649 it available for reuse right away. Hat tip to Christof Chen.
2650
9a111ee8 2651- Fixed definition of the iaaddr hash functions to use the correct
1dcc3612
SK
2652 functions when referencing and dereferencing memory.
2653
aabfa4de
FD
2654- Some definitions not in phase with the IANA registry were updated.
2655
0674055a
FD
2656- Allocated interface IDs are better controlled ('u' bit set to zero,
2657 reserved IDs avoided).
2658
b51c785f
FD
2659- Unicast options are taken into account only for RENEWs.
2660
900405e9
FD
2661- NoAddrsAvail answers to SOLICITs are always ADVERTISEs even when a SOLICIT
2662 carries a rapid-commit option.
2663
96b620e5
FD
2664- Return in place of raise an impossible condition when one tries to release
2665 an empty active lease.
2666
be62cf06
FD
2667- Timer granularity is now 1/100s in the DHCPv6 client.
2668
01a54c17
EH
2669- The dhclient-script was updated to create a host route for the default
2670 gateway if the supplied subnet mask for an IPv4 address was a /32. This
2671 allows the client to work in 'captive' network environments, where the
2672 operator does not want clients to crosstalk directly.
2673
adb95d23 2674- MINUS tokens should be parsable again.
01a54c17
EH
2675
2676- Multiple (up to "delayed-ack x;" maximum) DHCPv4 packets are now queued and
2677 released in bursts after single fsync() events when the upper limit is
2678 reached or if the receiving sockets go dry. The practical upshot is
2679 that fsync-coupled server performance is now multiplicitively increased.
2680 The default delayed ack limit is 28. Thanks entirely to a patch from
2681 Christof Chen.
2682
2683 Changes since 4.0.0 (bug fixes)
2684
2685- DHCP now builds on AIX.
2686
2687- Exit with warning when DHCPv6-specific statements are used in the
2688 config file but -6 is not specified.
2689
2690- Fixed "--version" flag in dhcrelay
2691
2692- The 'min-secs' configuration parameter's log message has been updated to
2693 be more helpful.
2694
2695- The warning logged when an address range doesn't fit in the subnets
2696 they were declared has been updated to be more helpful and identify the
2697 typo in configuration that created the spanning addresses.
2698
2699- A bug in failover pool rebalancing that caused POOLREQ message ping-pongs
2700 was repaired.
2701
2702- A flaw in failover pool rebalancing that could cause POOLREQ messages to
2703 be sent outside of the min-balance/max-balance scheduled intervals has
2704 been repaired.
2705
2706- A cosmetic bug during potential-conflict recovery that caused the peer's
2707 'conflict-done' state message to be logged as 'unknown-state' has been
2708 repaired. It is now logged correctly.
2709
49f61135
DH
2710- A bug was fixed where the 'giaddr' may be used to find the client's subnet
2711 rather than its own 'ciaddr'.
2712
41d4652f
DH
2713- A log message was introduced to clarify the situation where a failover
2714 'address' parameter (the server's local address) did not resolve to an
2715 IPv4 address.
2716
2c9bf1f4
DH
2717- The minimum site code value was set to 224 in 3.1.0 to track RFC3942. This
2718 broke a lot of legacy site local configurations. The new code in place will
2719 track site local space minimum option codes and logs a warning to encourage
2720 updates and exploration of site local code migration problems. Option
2721 codes less than 128 in site local spaces remain inaccessible.
2722
2723- A possible relay agent option bug was repaired where random server
2724 initialization state may have been used to signal the relay agent
2725 information options sub-option code for the 'END' of the option space.
2726
cff9b78f
SK
2727- Fixes to allow code to compile and run on Solaris 9.
2728
c4d29896
SK
2729- Fixes to allow code to compile on Mac OS X Leopard (10.5).
2730
57fcb8d9
SK
2731- When server is configured with options that it overrides, a warning is
2732 issued when the configuration file is read, rather than at the time the
2733 option is overridden. This was important, because the warning was given
9a111ee8 2734 every time the option was overridden, which could create a lot of
57fcb8d9
SK
2735 unnecessary logging.
2736
219a65eb
DH
2737- Fixed a compilation problems on platforms that define a value for FDDI,
2738 which conflicts with a dhcp configuration syntax token by the same name.
2739
ffdf3c8c
DH
2740- When a failover server suspects it has encountered a peer running a
2741 version 3.0.x failover server, a warning that the failover wire protocol
2742 is incompatible is printed.
2743
2744- The failover server no longer issues a floating point error if it encounters
2745 a previously undefined option code.
2746
00a002fc
MA
2747- Fix startup error messages to report a missing "subnet6 declaration", rather
2748 than a missing "subnet declaration", when running as a DHCPv6 server.
2749
9a111ee8 2750- DHCPv6 client timestamp in DUID was based on the year 1970 rather
7e9f7a1b
FD
2751 than the year 2000.
2752
e2cfde76
FD
2753- Warn when attempting to use a hardware parameter in DHCPv6.
2754
cabdb9b1
FD
2755- DHCPv6 released resources are now marked as released by the client.
2756
5d89d60f
FD
2757- 'Soft' bindings have no more side-effects.
2758
61d75ea2
DH
2759 Changes since 4.0.0b3
2760
2761- The reverse dns name for PTR updates on IPv6 addresses has been fixed to
2762 use ip6.arpa. rather than default to in-addr.arpa and require user
2763 configuration.
76db44f9 2764
e32529a5
EH
2765- dhc6_lease_destroy() and dhc6_ia_destroy() now set lease and IA pointers
2766 to NULL after freeing, to prevent subsequent accesses to freed memory.
2767
9a111ee8 2768- The DHCPv6 server would not send the preference option unless the
76db44f9
SK
2769 client requested it, via the ORO. This has been fixed, so the DHCPv6
2770 server will always send the preference value if it is configured.
e4a6be15 2771
9a111ee8
TM
2772- When addresses were passed as hints to the server in an IA, they were
2773 incorrectly handled, sometimes being treated as an error. Now the
6f76de58
SK
2774 server will treat these as hints and ignore them if it cannot supply
2775 a requested address.
2776
703873ab
DH
2777- If the client had multiple addresses, and one expired (was not renewed
2778 by the server), the client would continue to attempt to renew the same
2779 old address over and over. Now, the client will omit any expired
2780 addresses from future Confirm, Renew, or Rebind messages.
2781
2782- dhclient -6 will now select renew/rebind timers based upon the longest
2783 address expiration time rather than the shortest expiration time, in
2784 order to avoid cascading renewals in the event a server elects not to
2785 extend one of multiple IAADDR leases.
2786
b024480e
DH
2787- The server now limits clients that request multiple addresses to one
2788 address per IA by default, which can be adjusted through the
2789 "limit-addrs-per-ia" configuration option.
2790
c0216cb7
DH
2791- The DHCPv6 client now issues fresh transaction IDs on Renew and Rebind
2792 message exchanges, rather than using the most recent ID.
2793
1ac57173
FD
2794- The DHCPv6 server now replies to Information-Request messages.
2795
83835822
DH
2796- A bug was fixed in the dhclient-script for BSDs to correctly carry error
2797 codes through some conditions.
2798
c54db708
FD
2799- The parsing of some options in the dhclient lease file, in particular
2800 the success DHCPv6 status-code, was fixed.
2801
e5d83524
DH
2802- A bug was fixed that caused the DHCPv6 ORO option to be corrupted with
2803 seemingly random values.
2804
821f2dda
DH
2805- A reference overleak in DHCPv6 shared network processing was repaired.
2806
f8b3c6f4
DH
2807- ./configure now autodetects local database locations rather than trying
2808 to put dhcpd.leases and dhclient.leases in /usr/local/var/db, which no
2809 one ever has.
2810
9a111ee8
TM
2811- Regression fix for bug where server advertised a IPv6 address in
2812 response to a SOLICIT but would not return the address in response
b9137d42
SK
2813 to a REQUEST.
2814
9f1d5a2f
DH
2815- A bug was fixed where the DHCPv6 server puts the NoAddrsAvail status
2816 code in the IA_NA was fixed. The status code now appears in the root
2817 level.
2818
e4a6be15
DH
2819 Changes since 4.0.0b2
2820
65cf86d7
EH
2821- Clarified error message when lease limit exceeded
2822
b1d3778c
DH
2823- Relative time may now be used as a qualifier for 'allow' and 'deny' access
2824 control lists. These directives may be used to assist in re-addressing
2825 address pools without having to constantly reconfigure the server. Please
2826 see 'man dhcpd.conf' for more information on allow/deny 'after time' syntax.
2827 Thanks to a patch from Christof Chen.
2828
bead14ea
DH
2829- The server will now include multiple IA_NA's and multiple IAADDRs within
2830 them, if advertised by the client. It still only seeks to allocate one
2831 new address.
2832
f765ec36
SK
2833 Changes since 4.0.0b1
2834
75135a3f 2835- Use different paths for PID and lease files when running in DHCPv4
adb95d23 2836 or DHCPv6 mode, so that servers for both protocols can be run
75135a3f
EH
2837 simultaneously on a single interface.
2838
5c2d55c7
EH
2839- Fixed a buffer overflow error which could have allowed a denial
2840 of service under unusual server configurations
2841
2842- Eliminated a spurious error message from the client
2843
9a111ee8 2844- A number of bugs with the internal handling of lease state on the
f765ec36 2845 server have been fixed. Some of these could cause server crashes.
fa9b593d 2846
edb1283e
DH
2847- The peer_wants_leases() changes pulled up from 3.1.0 were corrected,
2848 'never used' leases will no longer consistently shift between servers
2849 on every pool rebalance run.
2850
c71c6399
DH
2851- sendmsg()/recvmsg() control buffers are now declared in such a way to
2852 ensure they are correctly aligned on all (esp. 64-bit) architectures.
2853
5279b8f3
DH
2854- The client leasing subsystem was streamlined and corrected to account
2855 more closely for changes in client link attachment selection.
2856
ab3a540f 2857 Changes since 4.0.0a3
763cba6b 2858
9a111ee8 2859- The DHCP server no longer requires a "ddns-update-style" statement,
884a458f
SK
2860 and now defaults to "none", which means DNS updates are disabled.
2861
fa9b593d
DH
2862- Log messages when failover peer names mismatch have been improved to
2863 point out the problem.
2864
9a111ee8 2865- Bug where server advertised a IPv6 address in response to a SOLICIT
1b5053b5
SK
2866 but would not return the address in response to a REQUEST. Thanks to
2867 Dennis Kou for finding the bug.
2868
c886c298
SK
2869- Fixed an error causing the server to lock up on lease expiration,
2870 reported independently by Jothilingam Vasu and Dennis Kou.
2871
eaf7eb17
DH
2872- Fixed a ./configure bug where compile tests were failing due to
2873 "-Werror" (unused variable) rather than the actual test failure. Lead
2874 to inconsistent and unworkable auto-configurations.
2875
109e00db
DH
2876- Compilation with DLPI and -Werror has been repaired.
2877
9a111ee8 2878- Error in decoding IA_NA option if multiple interfaces are present
3ad9d48f
SK
2879 fixed by Marcus Goller.
2880
8eab95f2
DH
2881- DHCPv6 server Confirm message processing has been enhanced - it no
2882 longer replies only to clients with host {} records, it now replies
2883 as directed in RFC3315 section 18.2.2 - that is, to all clients
2884 regardless of the existence of bindings.
2885
07b9a351
DH
2886- A core dump during expired lease cleanup has been repaired.
2887
7285af30
DH
2888- DDNS updates state information are now stored in 'binding scopes' that
2889 follow the leases through their lifecycles. This enables DDNS teardowns
2890 on leases that are assigned and expired inbetween a server restart (the
2891 state is recovered from dhcpd.leases). Arbitrary user-specified binding
2892 scopes ('set var = "value";') are not yet supported.
2893
2394b26b
DH
2894- Additional compilation problems on HP/UX have been repaired.
2895
ab3a540f
SK
2896 Changes since 4.0.0a2
2897
97050349
SK
2898- Fix for startup where there are no IPv4 addresses on an interface.
2899 Thanks to Marcus Goller for reporting the bug.
2900
763cba6b 2901- Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
e889ded1 2902
237f8d3a 2903- Bug in server configuration parser caused server to get stuck on
9a111ee8 2904 startup for certain bad pool declarations. Thanks to Guillaume
237f8d3a
SK
2905 Knispel for the bug report and fix.
2906
28868515
SK
2907- Code cleaned to remove warnings reported by "gcc -Wall".
2908
d00d373a
SK
2909- DHCPv6 is now the default. You can disable DHCPv6 support using the
2910 "--disable-dhcpv6" flag when you run the configure script.
2911
8dfd5744
DH
2912- An internal database inconsistency bug was repaired where the server
2913 would segfault if a client attempted to renew a lease that had been
2914 loaded from persistent storage.
2915
45d545f0 2916- 'request' and 'also request' syntaxes have been added to accommodate
0c20eab3
DH
2917 the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
2918 necessary.
2919
9a111ee8
TM
2920- Bug fixed where configuration file parsing did not work with
2921 zero-length options; this made it impossible to set the
f800f4f6
SK
2922 rapid-commit option.
2923
845e9677
DH
2924- Bogus messages about host records with IPv4 fixed-addresses being of
2925 non-128-bits in length were removed.
2926
76c944da
SK
2927 Changes since 4.0.0a1
2928
71765b58
SK
2929- Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
2930 and fix.
2931
847e7000
SK
2932- Autoconf now supplies proper flags for Solaris DHCPv6 builds.
2933
bda33169
SK
2934- Fix for parsing error on some IPv6 addresses.
2935
9b21e73e
SK
2936- Invalid CIDR representation for IPv6 subnets or ranges now checked
2937 for when loading configuration.
2938
8da06bb1
DH
2939- Compilation on HP/UX has been repaired. The changes should generally
2940 apply to any architecture that supplies SIOCGLIFCONF but does not
2941 use 'struct lifconf' structures to pass values.
2942
dd328225
DH
2943- Two new operators, ~= and ~~, have been integrated to implement
2944 boolean matches by regular expression (such as may be used in
2945 class matching statements). Thanks to a patch by Alexandr S.
2946 Agranovsky, which underwent slight modification.
2947
76c944da
SK
2948- Fix for icmp packets on 64-bit systems (bug introduced in 4.0).
2949
f796f70a
DH
2950- A bug was fixed in interface discovery wherein an error identifying
2951 a server-configured interface with no IPv4 addresses would SEGV.
76c944da 2952
c11f349d
EH
2953- Fixed a bug in which write_lease() might report a failure incorrectly
2954
af5fa176
EH
2955- Added support for DHCPv6 Release messages
2956
2957- Added -x option to dhclient, which triggers dhclient processes
2958 to exit gracefully without releasing leases first
2959
a546f2a7
EH
2960- All binaries (client, server, relay) now change directories
2961 to / before going into daemon mode, so as not to hold $CWD open
2962
b55d0d5f
EH
2963- Fixed a bug parsing DHCPv6 client-id's in host-identifier statements
2964
26be82af
DH
2965- Fixed a bug with the 'ddns-updates' boolean server configuration
2966 parameter, which caused the server to fail.
2967
98bd7ca0
DH
2968 Changes since 4.0.0-20070413
2969
d9b43370
SK
2970- Old (expired) leases are now cleaned.
2971
8c1752d2
DH
2972- IPv6 subnets now have support for arbitrary allocation ranges via
2973 a new 'range6' configuration directive.
2974
98bd7ca0
DH
2975- An obviated option code hash lookup to find D6O_CLIENTID was removed.
2976
a512d11b
DH
2977- Corrected some situations where variables might be used without being
2978 initialized.
2979
2980- Silenced several other compiler warnings.
2981
2982- Include the more standard sys/uio.h rather than rely upon other
f66f02cc
DH
2983 header files to include it (fixes a BSD 4.2 compile failure).
2984
2985- Duplicate dhclient-script updates for DHCPv6 to all provided scripts.
a512d11b 2986
4ba58919
DH
2987- DHCPv4 I/O methods that failed to sense hardware address were corrected.
2988
2989- DHCPv4 is now the default (as documented) rather than DHCPv6. The default
2990 was set to DHCPv6 to facilitate ease early development, and forgotten.
2991
2992- Corrected a segmentation violation in DHCPv4 socket processing.
2993
8ea19a71 2994- dhclient will now fork() into the background once it binds to an
45d545f0 2995 IPv6 address, or immediately if the -n flag is supplied.
8ea19a71
DH
2996
2997- -q is now the default behaviour on dhclient, with -d or -v enabling
2998 non-quiet (stderr logging) mode.
2999
2cf8d0bd
DH
3000- Fix documentation of the domain-search atom (quoted, with commas).
3001
3002- Document DHCPv6 options presently in the default table.
3003
fe5b0fdd
DH
3004- Replaced ./configure shellscripting with GNU Autoconf.
3005
98bd7ca0
DH
3006 Changes since 3.1.0 (NEW FEATURES)
3007
3008- DHCPv6 Client and Server protocol support. Use '-6' to run the daemons
3009 as v6-only. Use '-4' to run the daemons as v4-only (default. There is
3010 no support currently for both.
3011
3012- Server support for multiple IA_NA options, containing at most one
3013 IAADDR option.
3014
3015- Client support for one IA_NA option, containing any number of IAADDR
3016 options.
3017
3018- Server support for the DHCPv6 Information-request message.
3019
3020- Inappropriate unicast DHCPv6 messages sent to the server are now
3021 discarded, and this has rearchitected the IO system slightly.
3022
3023- The DHCPv6 server DUID defaults to type 1, is persistently stored in
3024 the leases database, and can be over-ridden (either completely, or by
3025 specifying type 1 or type 2).
3026
3027- The server only uses Rapid-Commit if it has been configured with the
3028 Rapid-Commit option and the client requests it.
3029
3030- DDNS support. We now update AAAA records in the same place we would
3031 update A records, if we have an IPv6 address. We also generate IP6.ARPA
3032 style names for PTR records if we're dealing with an IPv6 address. Both
3033 A and AAAA updates are done using the same 'fqdn.' virtual option space
3034 (although the DHCPv4 FQDN and DHCPv6 FQDN options are formatted
3035 differently, they both use the same code here).
3036
3037- The Linux dhclient-script attempts to set and remove assigned addresses,
3038 and to configure /etc/resolv.conf from nameserver and domain name
3039 configurations. It can be extended to configure other parameters.
3040
3041- Initial DHCPv6 lease support.
3042
3043- The IO system now tracks all local IP addresses, so that the DHCP
3044 applications (particularly the dhcrelay) can discern between what frames
3045 were transmitted to it, and what frames are being carried through it which
3046 it should not intercept.
3047
1418fd11
DH
3048 Changes since 3.1.0 (Maintenance)
3049
3050- A bug was repaired where MAC Address Affinity for virgin leases always
3051 mapped to the primary. Virgin leases now have an interleaved preference
3052 between primary and secondary.
3053
3054- A bug was repaired where MAC Address Affinity for clients with no client
3055 identifier was sometimes mishashed to the peer. Load balancing during
3056 runtime and pool rebalancing were opposing.
3057
aa3e348e
DH
3058- An assertion in lease counting relating to reserved leases was repaired.
3059
e9c59645
DH
3060- The subnet-mask option inclusion now conforms with RFC2132 section 3.3;
3061 it will only appear prior to the routers option if it is present on the
3062 Parameter-Request-List. The subnet-mask option will also only be
3063 included by default (if it is not on the PRL) in response to DISCOVER
3064 or REQUEST messages.
3065
3066- The FQDN option is only supplied if the client supplied an FQDN option or
3067 if the FQDN option was explicitly requested on the PRL.
3068
c104546d
DH
3069- Dynamic BOOTP leases are now load balanced in failover.
3070
b9d0cc05
DH
3071 Changes since 3.1.0rc1
3072
adb95d23 3073- The parse warning that 'deny dynamic bootp;' must be configured for
b9d0cc05
DH
3074 failover protected subnets was removed.
3075
a512cc3a
DH
3076 Changes since 3.1.0b2
3077
3078- Failover rebalance events no longer play ping pong with round errors
3079 (moving leases between free and back to backup where there are an
3080 odd number of leases).
3081
3082- The 'pool' log line has been split into two messages, one before the
3083 rebalance run, and one after.
3084
3085- Any queued BNDACKs are transmitted before transmitting new BNDUPDs.
3086 This enforces the correct sequence of events for the remote server
3087 processing these messages.
3088
fe5b0fdd 3089 Changes since 3.1.0b1
27837f95 3090
74dc3e0b
EH
3091- Fixed a bug that caused OMAPI clients to freeze when opening lease
3092 objects.
3093
1ba87b37
EH
3094- A new server config option "fqdn-reply" specifies whether the server
3095 should send out option 81 (FQDN). Defaults to "on". If set to "off",
3096 the FQDN option is not sent, even if the client requested it. This is
3097 needed because some clients misbehave otherwise. Thanks to Christof Chen
3098 at Allianz.
3099
a58da042
EH
3100- Allow trace output files (-tf option) to be overwritten, rather than
3101 crashing dhcpd if the file already exists
3102
61252edf
EH
3103- A bug was fixed that caused dhcpd to segfault if a pool was declared
3104 outside the scope of a subnet in dhcpd.conf.
3105
27837f95
DH
3106- Some uninitialized values were repaired in dhcpleasequery.c that
3107 caused the server to abort.
3108
4d2eaafb
DH
3109- A new server config option, 'do-reverse-updates', has been added
3110 which causes the server to abstain from performing updates on PTR
3111 records. Thanks to a patch from Christof Chen at Allianz.
3112
06211b40
DH
3113- A bug was repaired in subencapsulation support, where spaces separated
3114 by empty spaces would not get included.
3115
d6614ea2
DH
3116- A bug in dhclient was repaired which caused it to send parameter request
3117 lists of 55 bytes in length no matter how long the declared PRL was.
3118
132d38f2
DH
3119- 'dhcp.c(3953): non-null pointer' has been repaired. This fixes a flaw
3120 wherein the DHCPv4 server may ignore a configured server-identifier.
3121
fc3b9c90
DH
3122- A flaw in failover startup sequences was repaired that sometimes left
3123 the primary DHCP server's pool rebalance schedules unscheduled.
3124
c9feb859
DH
3125- Corrected a flaw that broke encapsulated spaces included due to presence
3126 on the parameter request list.
3127
c57db45c
SK
3128 Changes since 3.1.0a3
3129
3130- Some spelling fixes.
98311e4b 3131
bd2bc2fa
DH
3132 Changes since 3.1.0a2
3133
3134- A bug was fixed where attempting to permit leasequeries results in a
3135 fatal internal error, "Unable to find server option 49".
3136
85edef5c
DH
3137- A bug was fixed in dhclient rendering the textual output form of the
3138 domain-search option syntax.
3139
bdddcb7d
DH
3140 Changes since 3.1.0a1
3141
3142- A bug in the FQDN universe that added FQDN codes to the NWIP universe's
3143 hash table was repaired.
3144
616d67cb
DH
3145- The servers now try harder to transmit pending binding updates when
3146 entering normal state.
3147
3148- UPDREQ/UPDREQALL handling was optimized - it no longer dequeues and
3149 requeues all pending updates. This should reduce the number of spurious
66c8f734
DH
3150 'xid mismatch' log messages.
3151
3152- An option definition referencing leak was fixed, which resulted in early
3153 termination of dhclient upon the renewal event.
616d67cb 3154
6708d944
DH
3155- Some default hash table sizes were tweaked, some upwards, some downwards.
3156 3.1.0a1's tables resulted in a reduction in default server memory use.
3157 The new selected values provide more of a zero sum (increasing the size
3158 of tables likely to be populated, decreasing the size of tables unlikely).
3159
45d545f0 3160- Lease structures appear in three separate hashes: by IP address, by UID,
6708d944
DH
3161 and by hardware address. One type of table was used for all three, and
3162 improvements to IP address hashing were applied to all three (so UID and
3163 hardware addresses were treated like 4-byte integers). There are now two
3164 types of tables, and the uid/hw hashes use functions more appropriate
3165 to their needs.
3166
3167- The max-lease-misbalance percentage no longer causes scheduled rebalance
3168 runs to be skipped: it still governs the schedule, but every scheduled
3169 run will attempt balance.
3170
a7ee93fe
DH
3171- A segfault bug in recursive encapsulation support has been corrected.
3172
98311e4b
DH
3173 Changes since 3.0 (New Features)
3174
3175- A workaround for certain STSN servers that send a mangled domain-name
3176 option was introduced for dhclient. The client will now accept corrupted
3177 server responses, if they contain a valid DHCP_MESSAGE_TYPE (OFFER, ACK,
3178 or NAK). The server will continue to not accept corrupt client packets.
3179
98bd7ca0 3180- Support for 'reserved' (pseudo-static) and BOOTP leases via failover
a55ccdd0 3181 was introduced.
98311e4b
DH
3182
3183- Support for adding, removing, and managing class and subclass statements
3184 via OMAPI.
3185
a55ccdd0
DH
3186- The failover implementation was updated to comply with revision 12 of
3187 the protocol draft.
3188
98311e4b
DH
3189- 'make install' now creates the initial zero-length dhcpd.leases file if
3190 one does not already exist on the system.
3191
b43c87ad 3192- RFC3942 compliance, site-local option spaces start at 224 now, not 128.
b43c87ad 3193
0b17f049
DH
3194- The Load Balance Algorithm was misimplemented. The current implementation
3195 matches RFC 3074.
3196
2727c1cf
DH
3197- lcase() and ucase() configuration expressions have been added which adjust
3198 their arguments from upper to lower and lower to upper cases respectively.
2714a8ef 3199 Thanks to a patch from Albert Herranz.
2727c1cf 3200
febbd402
DH
3201- The dhclient 'reject ...;' statement, which rejects leases given by named
3202 server-identifiers, now permits address ranges to be specified in CIDR
7d7073e7 3203 notation. Thanks to a patch from David Boyce.
febbd402 3204
ee912528
DH
3205- The subnet-mask option is now supplied by default, but at lowest
3206 priority. This helps a small minority of clients that provide parameter
3207 request lists, but do not list the subnet-mask option because they were
3208 designed to interoperate with a server that behaves in this manner.
3209
3210- The FQDN option is similarly supplied even if it does not appear on the
3211 parameter request list, but not to the exclusion of options that do
3212 appear at the parameter request list. Up until now it had ultimate
3213 priority over the client's parameter request list.
3214
f7fdb216 3215- Varying option space code and length bit widths (8/16/32) are now
51202707 3216 supported. This is a milestone in achieving RFC 3925 "VIVSO" and
f7fdb216
DH
3217 DHCPv6 support.
3218
5e864416
DH
3219- A new common (server or client) option, 'db-time-format local;', has
3220 been added which prints the local time in /var/db/dhcpd.leases rather
3221 than UTC. Thanks to a patch from Ken Lalonde.
3222
b500bd4c
DH
3223- Some patches to improve DHCP Server startup speed from Andrew Matheson
3224 have been incorporated.
3225
2426234f
DH
3226- Failover pairs now implement 'MAC Affinity' on leases moving from the
3227 active to free states. Leases that belonged to the failover secondary
3228 are moved to BACKUP state rather than FREE upon exiting EXPIRED state.
3229 If lease rebalancing must move leases, it tries first to move leases
3230 that belong to the peer in need.
3231
3232- The server no longer sends POOLREQ messages unless the pool is severely
3233 misbalanced in the peer's favor (see 'man dhcpd.conf' for more details).
3234
3235- Pool rebalance events no longer happen upon successfully allocating a
3236 lease. Instead, they happen on a schedule. See 'man dhcpd.conf' for the
3237 min-balance and max-balance statements for more information.
3238
334bf491
DH
3239- The DHCP Relay Agent Information Option / Link Selection Sub-Option
3240 is now supported. (See RFC3527 for details).
3241
3004bebf
DH
3242- A new DDNS related server option, update-conflict-detection, has been
3243 added. If this option is enabled, dhcpd will perform normal DHCID
3244 conflict resolution (the default). If this option is disabled, it will
3245 instead trust the assigned name implicitly (removing any other bindings
3246 on that name). This option has not been made available in dhclient.
3247
567e8561
DH
3248- In those cases where the DHCP software manufactures an IP header (to
3249 transmit via bpf, lpf, etc), the IP TTL the software selects has been
3250 increased from 16 to 128. This is intended to match Microsoft Windows
3251 DHCP Client behaviour, to increase compatibility.
3252
a396d25f
DH
3253- 'ignore client-updates;' now has behaviour that is different from
3254 'deny client-updates;'. The client's request is not truly ignored,
3255 rather it is encouraged. Should this value be configured, the server
3256 updates DNS as though client-updates were set to 'deny'. That is, it
3257 enters into DNS whatever it is configured to do already, provided it is
3258 configured to. Then it sends a response to the client that lets the
3259 client believe it is performing client updates (which it will), probably
3260 for a different name. In essence, this lets the client do as it will,
3261 ignoring this aspect of their request.
3262
dba5803b
DH
3263- Support for compressed 'domain name list' style DHCP option contents, and
3264 in particular the domain search option (#119) was added.
3265
41e45067 3266- The DHCP LEASEQUERY protocol as defined in RFC4388 is now implemented.
6d103865
SK
3267 LEASEQUERY lets you query the DHCP server for information about a lease,
3268 using either an IP address, MAC address, or client identifier. Thanks
3269 to a patch from Justin Haddad.
3270
41e45067
DH
3271- DHCPD is now RFC2131 section 4.1 compliant (broadcast to all-ones ip and
3272 ethernet mac address) on the SCO platform specifically without any strange
3273 ifconfig hacks. Many thanks go to the Kroger Co. for donating the
3274 hardware and funding the development.
6d103865 3275
b543fea9
DH
3276- A new common configuration executable statement, execute(), has been
3277 added. This permits dhcpd or dhclient to execute a named external
3278 program with command line arguments specified from other configuration
3279 language. Thanks to a patch written by Mattias Ronnblom, gotten to us
3280 via Robin Breathe.
3281
b22de500
DH
3282- A new dhcp server option 'adaptive-lease-time-threshold' has been added
3283 which causes the server to substantially reduce lease-times if there are
3284 few (configured percentage) remaining leases. Thanks to a patch submitted
3285 from Christof Chen.
3286
96bbe8c5
SK
3287- Encapsulated option spaces within encapsulated option spaces is now
3288 formally supported.
3289
b8221d95
DH
3290 Changes since 3.0.6rc1
3291
3292- supersede_lease() now requeues leases in their respective hardware
3293 address hash bucket. This mirrors client identifier behaviour.
3294
c1e6c832
DH
3295 Changes since 3.0.5
3296
f546c28b
DH
3297- Assorted fixes for broken network devices: Packet length is now
3298 determined from the IP header length field to finally calculate the
3299 UDP payload length, because some NIC drivers return more data than
5a22eb63 3300 they actually received.
f546c28b
DH
3301
3302- UDP packets are now stored in aligned data structures.
3303
c1e6c832
DH
3304- A logic error in omapi interface code was repaired that might result in
3305 incorrectly indicating 'up' state when any flags were set, rather than
23e10d37
DH
3306 specifically the INTERFACE_REQUESTED flag. Thanks to a patch from
3307 Jochen Voss which got to us via Andrew Pollock at Debian.
c1e6c832 3308
75ab3070
DH
3309- A reference leak on binding scopes set by ddns updates was repaired.
3310
d69fb6a8 3311- A memory leak in the minires_nsendsigned() function call was repaired.
23e10d37 3312 Effectively, this leaked ~176 bytes per DDNS update.
d69fb6a8 3313
02428754
DH
3314- In the case where an "L2" DHCP Relay Agent (one that does not set giaddr)
3315 was directly attached to the same broadcast domain as the DHCP server,
3316 the RFC3046 relay agent information option was not being returned to the
3317 relay in the server's replies. This was fixed; the dhcp server no longer
3318 requires the giaddr to reply with relay agent information. Note that
3319 this also improves compatibility with L2 devices that "intercept" DHCP
3320 packets and expect relay agent information even in unicast (renewal)
23e10d37
DH
3321 replies. Thanks to a patch from Pekka Silvonen.
3322
3323- A bug was fixed where the BOOTP header 'sname' field had a value, the
3324 copy written to persistent storage was actually the contents of the
3325 'file' field.
02428754 3326
ecde99a3
DH
3327- A bug was fixed where the nwip virtual option space was referencing
3328 the fqdn option's virtual option space's option cache.
3329
67674ffb
DH
3330- Timestamp parsing errors that indicated missing "minutes" fields rather
3331 than the actually missing "seconds" fields have been repaired thanks to
3332 a patch from Kevin Steves.
3333
830ebc4c
DH
3334- A grammar error in the dhclient.8 manpage was repaired thanks to a patch
3335 from Chris Wagner.
3336
c759db75
DH
3337- Several spelling typos were repaired, and some cross-references to other
3338 relevant documents were included in the manpages, thanks to a patch
3339 by Andrew Pollock which got to us via Tomas Pospisek.
3340
9aa3f3a5
DH
3341- Some bugs were fixed in the 'emergency relay agent options hologram'
3342 which is used to retain relay agent option contents from when the
3343 client was in INIT or REBIND states. This should solve problems where
3344 relay agent options were not echoed from the server, even when giaddr
3345 was set.
3346
3d0c598a
DH
3347- dhclient now closes its descriptor to dhclient.leases prior to executing
3348 dhclient-script. Thanks to a patch from Tomas Pospisek.
3349
d5b6835f
DH
3350- The server's "by client-id" and "by hardware address" hash table lists
3351 are now sorted according to the preference to re-allocate that lease to
3352 returning clients. This should eliminate pool starvation problems
3353 arising when "INIT" clients were given new leases rather than presently
3354 active ones.
3355
02428754 3356 Changes since 3.0.5rc1
0a73b7b6 3357
901306d5 3358- A bug was repaired in fixes to the dhclient, which sought to run the
0a73b7b6
SK
3359 dhclient-script with the 'EXPIRE' state should it receive a NAK in
3360 response to a REQUEST. The client now iterates the PREINIT state
3361 after the EXPIRE state, so that interfaces that might be configured
3362 'down' can be brought back 'up' and initialized.
3363
87a08ccc
DH
3364- DHCPINFORM handling for clients that properly set ciaddr and come to the
3365 server via a relay aget has been repaired.
3366
6da113fb
DH
3367 Changes since 3.0.4
3368
3369- A warning that host statements declared within subnet or shared-network
3370 scopes are actually global has been added.
3371
3372- The default minimum lease time (if min-lease-time was not specified)
3373 was raised from 0 to 300. 0 is not thought to be sensible, and is
3374 known to be damaging.
3375
3376- Added additional fatal error sanity checks surrounding lease binding
3377 state count calculations (free/active counts used for failover pool
3378 balancing).
3379
dcc557db
DH
3380- Some time value size fixes in 3.0.4 brought on from FreeBSD /usr/ports were
3381 misapplied to server values rather than client values. The server no longer
3382 advertises 8-byte lease-time options when on 64-bit platforms.
3383
1b2ab55f
DH
3384- A bug where leases not in ACTIVE state would get billed to billed classes
3385 (classes with lease limitations) was fixed. Non-active leases OFFERed
3386 to clients are no longer billed (but billing is checked before offering).
3387
e48891e8
DH
3388- The dhcpd.conf.5 manpage was updated in regard to the ddns-domainname
3389 configuration option - the default configuration and results should be
3390 more clear now.
3391
6cbc6629
DH
3392- If the dhclient were to receive a DHCPNAK while it was in the RENEW
3393 state (and consequently, had an active, 'bound' address and related
3394 configuration options), it would fail to 'tear down' this information
3395 before proceeding into INIT state. dhclient now iterates the dhclient-
3396 script with the 'EXPIRE' action to cause these teardowns prior to entering
1d3bfb17 3397 INIT state. Thanks to a patch from Chris Zimmerman.
6cbc6629 3398
c5fec5fa
DH
3399- The omapi.1 manpage had some formatting errors repaired thanks to a patch
3400 from Yoshihiko Sarumaru.
3401
33e1cb2b
DH
3402- A few lines of code that were failover-specific were moved within
3403 #if defined() clauses so that compilation without failover could be
3404 made possible.
3405
2bddf829
DH
3406- The log message emitted when the 'leased-address' value was not available
3407 in dhcpd.conf "executable statements" has been updated to be more helpful.
3408 Manpage information for this value has also been updated.
3409
87578987
DH
3410- Abandoned or dissociated (err condition) leases now remove any related
3411 dynamic dns bindings. Thanks to a patch from Patrick Schoo.
3412
e77c575f
DH
3413- Attempting to write a new lease file to replace a corrupt (due to
3414 encountering non-retryable errors during writing) lease file should
3415 no longer result in an infinite recursion.
3416
2178df03
DH
3417- Host declaration hardware addresses and client identifiers may only be
3418 configured once. dhcpd will now fail to load config files that specify
3419 multiple identifiers (previous versions would silently over-ride the
3420 value with the later configured value).
3421
d5341d9b
SK
3422- Several option codes that have been allocated since our last release
3423 have been named and documented.
3424
3425- Option names of the form "unknown-123" have been removed from the in-
3426 memory hash tables. In order to support options of these names that
3427 may appear in dhclient.leases or similar in previous versions, the
3428 parser will now find the new option code definition, or mock up a
3429 generic option code definition. This should result in a smooth
3430 transition from one name to the other, as the new name is used to
3431 write new output.
3432
6da113fb
DH
3433 Changes since 3.0.4rc1
3434
3435- The dhcp-options.5 manpage was updated to correct indentation errors
3436 thanks to a patch from Jean Delvare.
3437
3438 Changes since 3.0.4b3
3439
3440- Some manual pages were clarified pursuant to discussion on the dhcp-server
3441 mailing list.
3442
88cd8aca
DH
3443 Changes since 3.0.4b2
3444
45d545f0 3445- Null-termination sensing for certain clients that unfortunately require
88cd8aca
DH
3446 it in DHCPINFORM processing was repaired.
3447
3448- The host-name option and a few others were moved from "X" format to "t"
3449 format to be compatible with new NULL handling functions.
3450
3451- DHCPINFORM processing is a little more careful about return addressing
3452 its responses, or if responding via a relay. The INFORM related
3453 messages also log the 'effective client ip address' rather than the
3454 client's supplied ciaddr (since some clients produce null ciaddrs).
3455
3456- The server was inappropriately sending leases to the RESET state in the
3457 event that multiple active leases were found to match a singly-identified
3458 client. This was changed to RELEASED (by accepting a different, ACTIVE
3459 binding, the client is implicitly releasing its lease). This repairs a
3460 bug wherein secondary servers in failover pairs detecting this condition
3461 move leases to RESET, and primaries refuse to accept that state
3462 transition (properly).
3463
3464- The memset-after-dmalloc() changes made in 3.0.4b1 have been backed out.
3465
3466 Changes since 3.0.4b1
3467
3468- Command line parsing in omshell was repaired - it no longer closes
3469 STDIN after reading one line.
3470
3471- The resolver library no longer closes the /etc/resolv.conf file
3472 descriptor it opened twice.
3473
3474- Changes to trailing NULL removal in 't' option-atoms has been rethought,
3475 it now includes 'd' (domain name) types, and tries hard not to rewind an
3476 option beyond the start of the text field it is un-terminating.
3477
3478 Changes since 3.0.3
3479
3480- A DDNS update handling function was misusing the DNS error codes, rather
3481 than the internal generic result enumeration. The result is a confusing
3482 syslog line, logging the wrong condition.
3483
3484- The DHCP Server was not checking pool balance in the case where it brought
3485 a non-ACTIVE lease out of storage for a client that was returning to use
3486 a lease it once had long ago, and had since expired.
3487
3488- Failover peers no longer bother to look for free leases to allocate when
3489 they already found the client's ACTIVE lease. DISCOVERs are load balanced
98bd7ca0 3490 whether freely-allocated or not, unless the server doubts the peer has
88cd8aca
DH
3491 leases to allocate.
3492
3493- Fixed a bug in dhcrelay agent addition code that suppressed trailing
45d545f0 3494 PAD options - it was suppressing only one trailing PAD option, rather
88cd8aca
DH
3495 than the entire block of them.
3496
3a16098f
DH
3497! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
3498 option addition and stripping code. Added a few sanity checks. Although
3499 highly improbable, due to requiring the reception of a DHCP datagram well
3500 in excess of all known to be used physical MTU limitations, it is possible
3501 this may have been used in a stack overflow security vulnerability. Thanks
3502 to a patch from infamous42md.
3503
3504! Added some sanity checks to OMAPI connection/authentication code.
3505 Although highly improbable, due to having to deliver in excess of 2^32
3506 bytes of data via the OMAPI channel, not to mention requiring dhcpd to
3507 be able to malloc() a memory region 2^32 bytes in size, it was possible
3508 this might have resulted in a heap overflow security vulnerability.
3509 Thanks to a patch from infamous42md.
88cd8aca
DH
3510
3511- dmalloc() memset()'s the non-debug (data) portion of the allocated
3512 memory to zero. Code that memset()'s the result returned by dmalloc() to
3513 zero is redundant. These redundancies were removed.
3514
3515- Some type declaration corrections to u_int16_t were made in common/tr.c
4b97eaff 3516 (Token Ring support) thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH
3517
3518- A failover bug that was allowing leases that EXPIRED or were RELEASED
3519 where tsfp and tstp are identical timestamps to languish in these
3520 transitional states has been repaired. As a side effect, lease
3521 databases should be kept more consistent overall, not just for these
3522 transitional states.
3523
3524- If the lease db is deleted out from under the daemon, and it moves to rewrite
3525 the db, it will go ahead with the operation and move the new db into place
3526 once it detects the old db does not exist.
3527
3528- dhclient now ignores IRDA, SIT, and IEEE1394 network interfaces, as it
3529 is either nonsensical or (in the case of IEEE1394) is not known to support
3530 these interfaces. Thanks to Marius Gedminas and Andrew Pollock of Debian.
3531
3532- Some previously undocumented reasons for dhclient-script invoking has
45d545f0 3533 been documented in the dhclient-script.8 manpage.
88cd8aca
DH
3534
3535- Failover potential expiry calculations (TSTP) have been corrected. Results
3536 should be substantially more consistent, and proper given the constraints.
3537
3538- Adjusted lease state validation checks in potential-conflict, to
3539 account for possible clock skew similarly to normal state, and several
3540 previously illegal transitions were made legal (ex: active->released).
3541
3542- An impossible sanity check was removed from omapi/buffer.c, thanks to a
3543 patch from 'infamous42md'.
3544
3545- An OMAPI host/network byte order problem in lease time values has been
3546 repaired.
3547
3548- Several minor bugs, largely relating to treating 8-byte time values as
3549 4-byte entities, have been repaired after careful review of the FreeBSD
3550 ports collection's patch set. Thanks to the nameless entities who have
3551 contributed to the FreeBSD ports.
3552
3553- When writing a trace file, the file is now created with permissions 0600,
3554 to help administrators avoid accidentally publicising sensitive config
3555 data.
3556
3557- The calculation of the maximum size of DHCP packets no longer includes
3558 Ethernet framing overhead. The result is that the 'Maximum Message
3559 Size' option advertised by clients, or the default value 576, is no
3560 longer reduced by 14 bytes, and instead directly reflects the IP level
3561 MTU (and the default, minimum allowed IP MTU of 576).
3562
3563- The special status of RELEASED/EXPIRED/RESET leases when a server
3564 is operating in partner-down was fixed. It no longer requires a
3565 lease be twice the MCLT beyond STOS to 'reallocate', and the expiry
3566 event to turn these into FREE leases without peer acknowledgement
3567 (after STOS+MCLT) has been repaired.
3568
3569- Compilation on older Solaris systems (lacking /usr/include/sys/int_types.h)
3570 has been repaired.
3571
3572- "append"ing a string onto the end of a "t" type option (such as the
3573 domain-name field) that had been improperly NULL-terminated by the
3574 DHCP server will no longer result in a truncated string containing
3575 only the option from the server, and not the expected appended value.
4b97eaff 3576 Thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH
3577
3578- File handlers on configuration state (config files and lease dbs) should
98bd7ca0 3579 be treated consistently, regardless of whether TRACING is defined or not.
88cd8aca 3580
45d545f0 3581- The Linux build environment has had some minor improvements - better
88cd8aca
DH
3582 sensing of 64-bit pointer sizes (only used for establishing an icmp_id),
3583 and corrections to #if operators regarding LINUX_MAJOR should it ever
3584 move to 3.[01].x.
3585
3586- The server now tries harder to survive the condition where it is unable
3587 to open a new lease file to rewrite the lease state database.
3588
c75473d8
DH
3589 Changes since 3.0.3b3
3590
3591- dhclient.conf documentation for interface {} was updated to reflect recent
3592 discussion on the dhcp-hackers mailing list.
3593
3594- In response to reports that the software does not compile on GCC 4.0.0,
3595 -Werror was removed from Makefile.conf for all platforms that used it.
3596 We will address the true problem in a future release; this is a temporary
3597 workaround.
3598
3599 Changes since 3.0.3b2
3600
3601- An error in code changes introduced in 3.0.3b2 was corrected, which caused
3602 static BOOTP clients to receive random addresses.
3603
3604 Changes since 3.0.3b1
3605
3606- A bug was fixed in BOOTPREQUEST handling code wherein stale references to
3607 host records would be left behind on leases that were not allocated to the
3608 client currently booting (eg in the case where the host was denied booting).
3609
3610- The dhcpd.conf.5 manpage was updated to be more clear in regards to
3611 multiple host declarations (thanks to Vincent McIntyre). 'Interim' style
3612 dynamic updates were also retouched.
3613
98311e4b
DH
3614 Changes since 3.0.2
3615
3616- A bug was fixed where a server might load balance a DHCP REQUEST to its
45d545f0 3617 peer after already choosing not to load balance the preceding DISCOVER.
98311e4b
DH
3618 The peer cannot allocate the originating server's lease.
3619
3620- In the case where a secondary server lost its stable storage while the
3621 primary was still in communications-interrupted, and came back online,
3622 the lease databases would not be fully transferred to the secondary.
3623 This was due to the secondary errantly sending an extra UPDREQ message
3624 when the primary made its state transition to PARTNER-DOWN known.
3625
3626- The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
3627 lease structures will be 9 bytes smaller on all platforms. Thanks to
4b97eaff 3628 Jason Vas Dias at Red Hat.
98311e4b
DH
3629
3630- Interface discovery code in DISCOVER_UNCONFIGURED mode is now
3631 properly restricted to only detecting broadcast interfaces. Thanks
4b97eaff 3632 to a patch from Jason Vas Dias at Red Hat.
98311e4b
DH
3633
3634- decode_udp_ip_header was changed so that the IP address was copied out
3635 to a variable, rather than referenced by a pointer. This enforces 4-byte
3636 alignment of the 32-bit IP address value. Thanks to a patch from Dr.
3637 Peter Poeml.
3638
3639- An incorrect log message was corrected thanks to a patch from
3640 Dr. Peter Poeml.
3641
3642- A bug in DDNS was repaired, where if the server's first DDNS action was
3643 a DDNS removal rather than a DDNS update, the resolver library's
3644 retransmit timer and retry timer was set to the default, implying a
3645 15 second timeout interval. Which is a little excessive in a synchronous,
3646 single-threaded system. In all cases, ISC DHCP should now hold fast to
3647 a 1-second timeout, trying only once.
3648
3649- The siaddr field was being improperly set to the server-identifier when
3650 responding to DHCP messages. RFC2131 clarified the siaddr field as
3651 meaning the 'next server in the bootstrap process', eg a tftp server.
3652 The siaddr field is now left zeroed unless next-server is configured.
3653
3654- mockup_lease() could have returned in an error condition (or in the
3655 condition where no fixed-address was found matching the shared
3656 network) with stale references to a host record. This is probably not
3657 a memory leak since host records generally never die anyway.
3658
3659- A bug was repaired where failover servers would let stale client identifiers
3660 persist on leases that were reallocated to new clients not sending an id.
3661
3662- Binding scopes ("set var = value;") are now removed from leases allocated
3663 by failover peers if the lease had expired. This should help reduce the
3664 number of stale binding scopes on leases.
3665
3666- A small memory leak was closed involving client identifiers larger than
3667 7 bytes, and failover.
3668
3669- Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
3670 cause an internal function to overflow heap. Thanks to Jason Vas Dias
4b97eaff 3671 at Red Hat.
98311e4b
DH
3672
3673- Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
3674 or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
3675 should work better.
3676
3677- In several cases, parse warnings were being issued before the lexical
3678 token had been advanced to the token whose value was causing an error...
3679 causing parse warnings to claim the problem is on the wrong token.
3680
3681- Host declarations matching on client identifier for dynamic leases will
3682 no longer match fixed-address host declarations (this is now identical
3683 to behaviour for host records matching on hardware address).
3684
3685 Changes since 3.0.2rc3
3686
3687- A previously undocumented configuration directive, 'local-address',
3688 was documented in the dhcpd.conf manpage.
3689
3690 Changes since 3.0.2rc2
3691
45d545f0 3692- Two variables introduced in 3.0.2b1 were used without being initialized
98311e4b
DH
3693 in the case where neither the FILE nor SNAME fields were available for
3694 overloading. This was repaired.
3695
3696- A heretofore believed to be impossible corner case of the option
3697 overloading implementation turned out to be possible ("Unable to sort
3698 overloaded options after 10 tries."). The implementation was reworked
3699 to consider the case of an option so large it would require more than
3700 three chunks to fit.
3701
3702- Many other instances of variables being used without being initialized
3703 were repaired.
3704
3705- An uninitialized variable in omapi_io_destroy() led to the discovery
3706 that this function may result in orphaned pointers (and hence, a memory
3707 leak).
3708
3709 Changes since 3.0.2rc1
3710
3711- allocate_lease() was rewritten to repair a bug in which the server would
3712 try to allocate an ABANDONED lease when FREE leases were available.
3713
3714 Changes since 3.0.2b1
3715
3716- Some dhcp-eval.5 manpage formatting was repaired.
3717
3718 Changes since 3.0.1
3719
3720- A bug was fixed in the server's 'option overloading' implementation,
3721 where options loaded into the 'file' and 'sname' packet fields were
3722 not aligned precisely as rfc2131 dictates.
3723
3724- The FreeBSD client script was changed to support the case where a domain
3725 name was not provided by the server.
3726
3727- A memory leak in 'omshell' per each command line parsed was
3728 repaired, thanks to a patch from Jarkko Torppa.
3729
3730- Log functions writing to stderr were adjusted to use the STDERR_FILENO
3731 system definition rather than '2'. This is a no-op for 90% of platforms.
3732
3733- One call to trace_write_packet_iov() counted the number of io vectors
3734 incorrectly, causing inconsistent tracefiles. This was fixed.
3735
3736- Some expression parse failure memory leaks were closed.
3737
3738- A host byte order problem in tracefiles was repaired.
3739
3740- Pools configured in DHCPD for failover possessing permission lists that
adb95d23 3741 previously were assumed to not include dynamic bootp clients are now
98311e4b
DH
3742 a little more pessimistic. The result is, dhcpd will nag you about just
3743 about most pools that possess a 'allow' statement with no 'deny' that
3744 would definitely match a dynamic bootp client.
3745
3746- The 'ddns-update-style' configuration warning bit now insists that
3747 the configuration be globally scoped.
3748
3749- Two memory leaks in dhclient were closed thanks to a patch from Felix
3750 Farkas.
3751
3752- Some minor but excellently pedantic documentation errors were fixed
3753 thanks to a patch from Thomas Klausner.
3754
3755- Bugs in operator precedence in executable statements have been repaired
3756 once again. More legal syntaxes should be parsed legally.
3757
3758- Failing to initialize a tracefile for any reason if a tracefile was
3759 specified is now a fatal error. Thanks to a patch from Albert Herranz.
3760
3761- Corrected a bug in which the number of leases transferred as calculated
3762 by the failover primary and sent to peers in POOLRESP responses may be
3763 incorrect. This value is not believed to be used by other failover
3764 implementations, excepting perhaps as logged information.
3765
3766- Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
3767 sending POOLREQ messages instead of POOLRESP mesasges. This message
3768 was essentially ignored since failover secondaries effectively do not
3769 respond to POOLREQ messages.
3770
3771- Type definitions for various bitwidths of integers in the sunos5-5
3772 build of ISC DHCP have been fixed. It should compile and run more
3773 easily when built in 64-bit for this platform.
3774
3775- "allow known-clients;" is now a legal syntax, to avoid confusion.
3776
3777- If one dhcp server chooses to 'load balance' a request to its failover
3778 peer, it first checks to see if it believes said peer has a free
3779 lease to allocate before ignoring the DISCOVER.
3780
3781- log() was logging a work buffer, rather than the value returned by
3782 executing the statements configured by the user. In some cases,
3783 the work buffer and the intended results were the same. In some other
3784 cases, they were not. This was fixed thanks to a patch from Gunnar
3785 Fjone and directconnect.no.
3786
3787- Compiler warnings for some string type conversions was fixed, thanks
3788 to Andreas Gustafsson.
3789
3790- The netbsd build environments were simplified to one, in which
3791 -Wconversion is not used, thanks to Andreas Gustafsson.
3792
3793- How randomness in the backoff-cutoff dhclient configuration variable
3794 is implemented was better documented in the manpage, and the behaviour
3795 of dhclient in REQUEST timeout handling was changed to match that of
3796 DISCOVER timeout handling.
3797
3798- Omapi was hardened against clients that pass in null values, thanks
3799 to a patch from Mark Jason Dominus.
3800
3801- A bug was fixed in dhclient that kept it from doing client-side
3802 ddns updates. Thanks to a patch from Andreas Gustafsson, which
3803 underwent some modification after review by Jason Vas Dias.
3804
3805- Failover implementations disconnected due to the network between
3806 them (rather than one of the two shutting down) will now try to
3807 re-establish the failover connection every 5 seconds, rather than
3808 to simply try once and give up until one of them is restarted.
3809 Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
3810 by Greger V. Teigre which led to an enhancement to it.
3811
3812- A problem that kept DHCP Failover secondaries from tearing down
3813 ddns records was repaired. Thanks to a patch from Ulf Ekberg from
3814 Infoblox.
3815
3816- 64bit pointer sizes are detected properly on FreeBSD now.
3817
3818- A bug was repaired where the DHCP server would leave stale references
3819 to host records on leases it once thought about offering to certain
3820 clients. The result would be to apply host and 'known' scopes to the
3821 wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
3822 that was being circulated as a workaround is not the way this bug was
3823 fixed. If you were a victim of this bug in 3.0.1, you are cautioned
3824 to proceed carefully and see if it fixes your problem.
3825
3826- A bug was repaired in the server's DHCPINFORM handling, where it
3827 tried to divine the client's address from the source packet and
3828 would get it wrong. Thanks to Anshuman Singh Rawat.
3829
3830- A log message was introduced to help illuminate the case where the
3831 server was unable to find a lease to assign to any BOOTP client.
3832 Thanks to Daniel Baker.
3833
3834- A minor dhcpd.conf.5 manpage error was fixed.
3835
3836 Changes since 3.0.1rc14
3837
3838- The global variable 'cur_time' was centralized and is now uniformly of a
3839 type #defined in system-dependent headers. It had previously been defined
3840 in one of many places as a 32-bit value, and this causes mayhem on 64-bit
3841 big endian systems. It probably wasn't too healthy on little endian
3842 systems either.
3843
3844- A printf format string error introduced in rc14 was repaired.
3845
3846- AIX system-dependent header file was altered to only define NO_SNPRINTF
3847 if the condition used to #ifdef in vsnprintf in AIX' header files
3848 is false.
3849
3850- The Alpha/OSF system-dependent header file was altered to define
3851 NO_SNPRINTF on OS revisions older than 4.0G.
3852
3853- omapip/test.c had string.h added to its includes.
3854
3855 Changes since 3.0.1rc13
3856
3857! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
3858 in logging messages with excessively long hostnames provided by the
3859 clients. It is highly probable that these could have been used by
3860 attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
3861 release candidates 12 or 13. Special thanks to Gregory Duchemin for
3862 both finding and solving the problem.
3863
3864! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
45d545f0 3865 in log_*() functions was evidenced, on some specific platforms where
98311e4b
DH
3866 vsnprintf() was not believed to be available and calls were wrapped to
3867 sprintf() instead. Again, credit goes to Gregory Duchemin for finding
3868 the problem. Calls to snprintf() are now linked to a distribution-local
3869 snprintf implementation, only in those cases where the architecture is
3870 not known to provide one (see includes/cf/[arch].h). If you experience
3871 linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
3872 is where to look. This vulnerability did not exist in any previously
3873 published version of ISC DHCP.
3874
3875- Compilation on hpux 11.11 was repaired.
3876
3877- 'The cross-compile bug fix' was backed out.
3878
3879 Changes since 3.0.1rc12
3880
3881- Fixed a bug in omapi lease lookup function, to form the hardware
3882 address for the hash lookup correctly, thanks to a patch from
3883 Richard Hirst.
3884
3885- Fixed a bug where dhcrelay was sending relayed responses back to the
3886 broadcast address, but with the source's unicast mac address. Should
3887 now conform to rfc2131 section 4.1.
3888
3889- Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
3890
3891- Fixed a crash bug in dhclient where dhcpd servers that do not provide
3892 renewal times results in an FPE. As a side effect, dhclient can now
3893 properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
3894 to a patch from Burt Silverman.
3895
3896- The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
45d545f0 3897 and reformatted to correct a compilation error on Solaris platforms.
98311e4b
DH
3898
3899- A patch was applied which fixes a case where leases read from the
3900 leases database do not properly over-ride previously read leases.
3901
3902- dhcpctl.3 manpage was tweaked.
3903
3904 Changes since 3.0.1rc11
3905
3906- A patch from Steve Campbell was applied with minor modifications to
3907 permit reverse dns PTR record updates with values containing spaces.
3908
3909- A patch from Florian Lohoff was applied with some modifications to
3910 dhcrelay. It now discards packets whose hop count exceeds 10 by default,
3911 and a command-line option (-c) can be used to set this threshold.
3912
3913- A failover bug relating to identifying peers by name length instead of
3914 by name was fixed.
3915
45d545f0 3916- Declaring failover configs within shared-network statements should no
98311e4b
DH
3917 longer result in error.
3918
3919- The -nw command line option to dhclient now works.
3920
3921- Thanks to a patch from Michael Richardson:
3922 - Some problems with long option processing have been fixed.
3923 - Some fixes to minires so that updates of KEY records will work.
3924
3925- contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
3926 see contrib/ms2isc/readme.txt for revision notes.
3927
3928- Dhclient no longer uses shell commands to kill another instance of
3929 itself, it sends the signal directly. Thanks to a patch from Martin
3930 Blapp.
3931
3932- The FreeBSD dhclient-script was changed so that a failure to write to
3933 /etc/resolv.conf does not prematurely end the script. This keeps dhclient
3934 from looping infinitely when this is the case. Thanks to a patch from
3935 Martin Blapp.
3936
3937- A patch from Bill Stephens was applied which resolves a problem with lease
3938 expiry times in failover configurations.
3939
3940- A memory leak in configuration parsing was closed thanks to a patch from
3941 Steve G.
3942
3943- The function which discovers interfaces will now skip non-broadcast or
3944 point-to-point interfaces, thanks to a patch from David Brownlee.
3945
3946- Options not yet known by the dhcpd or dhclient have had their names
3947 changed such that they do not contain # symbols, in case they should ever
3948 appear in a lease file. An option that might have been named "#144" is
3949 now "unknown-144".
3950
3951- Another patch from Bill Stephens which allows the ping-check timeout to
3952 be configured as 'ping-timeout'. Defaults to 1.
3953
3954 Changes since 3.0.1rc10
3955
3956- Potential buffer overflows in minires repaired.
3957
3958- A change to the linux client script to use /bin/bash, since /bin/sh may
3959 not be bash.
3960
3961- Some missing va_end cleanups thanks to a patch from Thomas Klausner.
3962
3963- A correction of boolean parsing syntax validation - some illegal syntaxes
3964 that worked before are now detected and produce errs, some legal syntaxes
3965 that errored before will now work properly.
3966
3967- Some search-and-replace errors that caused some options to change their
3968 names was repaired.
3969
3970- Shu-min Chang of the Intel corporation has contributed a perl script and
3971 module that converts the MS NT4 DHCP configuration to a ISC DHCP3
3972 configuration file.
3973
3974- Applied the remainder of the dhcpctl memory leak patch provided by Bill
3975 Squier at ReefEdge, Inc. (groo@reefedge.com).
3976
3977- Missing non-optional failover peer configurations will now result in a soft
3978 error rather than a null dereference.
3979
3980 Changes since 3.0.1rc9
3981
3982- A format string was corrected to fix compiler warnings.
3983
3984- A number of spelling corrections were made in the man pages.
3985
3986- The dhclient.conf.5 man page was changed to refer to do-forward-updates
3987 rather than a configuration option that doesn't exist.
3988
3989- A FreeBSD-specific bug in the interface removal handling was fixed.
3990
3991- A Linux-specific Token Ring detection problem was fixed.
3992
3993- Hashes removed from as-yet-unknown agent options, having those options
3994 appear in reality before we know about them will no longer produce
3995 self-corrupting lease databases.
3996
3997- dhclient will use the proper port numbers now when using the -g option.
3998
3999- A order-of-operations bug with 2 match clauses in 1 class statement is
4000 fixed thanks to a patch from Andrew Matheson.
4001
4002- Compilation problems on Solaris were fixed.
4003
4004- Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
4005
4006- A fix to the dhcp ack process which makes certain group options will be
4007 included in the first DHCPOFFER message was made thanks to a patch from
4008 Ling Gou.
4009
4010- A few memory leaks were repaired thanks to patches from Bill Squier at
4011 ReefEdge, Inc. (groo@reefedge.com).
4012
4013- A fix for shared-networks that sometimes give clients options for the
4014 wrong subnets (in particular, 'option routers') was applied, thanks to
4015 Ted Lemon for the patch.
4016
4017- Omshell's handling of dotted octets as values was changed such that dots
4018 one after the other produce zero values in the integer string.
4019
4020 Changes since 3.0.1rc8
4021
4022- Fix a format string vulnerability in the server that could lead to a
4023 remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
4024
4025- Add additional support for NetBSD/sparc64.
4026
4027- Fix a bug in the command-line parsing of the client. Also, resolve
4028 a memory leak.
4029
4030- Add better support for shells other than bash in the Linux client
4031 script.
4032
4033- Various build fixes for modern versions of FreeBSD and Linux.
4034
4035- Fix a bad bounds check when printing binding state names.
4036
4037- Clarify documentation about fixed-address and multiple addresses.
4038
4039- Fix a typo in the authoritative error message.
4040
4041- Make a log entry when we can't write a billing class.
4042
4043- Use conversion targets that are the right size on all architectures.
4044
4045- Increment the hop count when relaying.
4046
4047- Log a message when lease state is changed through OMAPI.
4048
4049- Don't rerun the shared_network when evaluating the pool.
4050
4051- Fix a reversed test in the parser.
4052
4053- Change the type of rbuf_max.
4054
4055- Make FTS_LAST a manifest constant to quiet warnings.
4056
4057 Changes since 3.0.1rc7
4058
4059- Fix two compiler warnings that are generated when compiling on Solaris
4060 with gcc. These stop the build, even though they weren't actually
4061 errors, because we prefer that our builds generate no warnings.
4062
4063 Changes since 3.0.1rc6
4064
4065- Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
4066 to be renewed.
4067
4068- Implement lease stealing for cases where the primary has fewer leases
4069 than the secondary, as called for by the standard.
4070
4071- Add a fudge factor to the lease expiry acceptance code, (suggested
4072 by Kevin Miller of CMU).
4073
4074- Fix a bug in permit_list_match that made it much too willing to say
4075 that two permit lists matched.
4076
4077- Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
4078 also more compact) messages about DNS updates.
4079
4080- Fix a bug in generating wire-format domain names for the FQDN option.
4081
4082- Fix a bug where the FQDN option would not be returned if the client
4083 requested it, contrary to the standard.
4084
4085- On Darwin, use the FreeBSD DHCP client script.
4086
4087- On NetBSD/sparc, don't check for casting warnings.
4088
4089- Add a flag in the DHCP client to disable updating the client's A
4090 record when sending an FQDN option indicating that the client is
4091 going to update its A record.
4092
4093- In the client, don't attempt a DNS update until one second after
4094 configuring the new IP address, and if the update times out, keep
4095 trying until a response, positive or negative, is received from the
4096 DNS server.
4097
4098- Fix an uninitialized memory bug in the DHCP client.
4099
4100- Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
4101
4102- Fix a bug in ns_parserr(), where it was returning the wrong sort
4103 of result code in some cases (suggested by Ben Harris of the
4104 NetBSD project).
4105
4106- Fix a bug in is_identifier(), where it was checking against EOF
4107 instead of the END_OF_FILE token (also suggested by Ben Harris).
4108
4109- Fix a bug where if an option universe contained no options, the
4110 DHCP server could dump core (Walter Steiner).
4111
4112- Fix a bug in the handling of encapsulated options.
4113
4114- Fix a bug that prevented NWIP suboptions from being processed.
4115
4116- Delete the FTS_BOOTP and FTS_RESERVED states and implement them
4117 as modifier flags to the FTS_ACTIVE state, as called for in the
4118 failover protocol standard.
4119
4120- Fix bugs in the pool merging code that resulted in references and
4121 dereferences of null pointers. This bug had no impact unless the
4122 POINTER_DEBUG flag was defined.
4123
4124- In the server, added a do-forward-updates flag that can be used to
4125 disable forward updates in all cases, so that sites that want the
4126 clients to take sole responsibility for updating their A record can
4127 do so.
4128
4129- Make it possible to disable optimization of PTR record updates.
4130
4131 Changes since 3.0.1rc5
4132
4133- Include some new documentation and changes provided by Karl Auer.
4134
4135- Add a workaround for some Lexmark printers that send a double-NUL-
4136 terminated host-name option, which would break DNS updates.
4137
4138- Fix an off-by-one error in the MAC-address checking code for
4139 DHCPRELEASE that was added in 3.0.1rc5.
4140
4141- Fix a bug where client-specific information was not being discarded
4142 from the lease when it expired or was released, resulting in
4143 problems if the lease was reallocated to a different client.
4144
4145- If more than one allocation pool is specified that has the same set
4146 of constraints as another allocation pool on the same shared
4147 network, merge the two pools.
4148
4149- Don't print an error in fallback_discard, since this just causes
4150 confusion and does not appear to be helping to encourage anyone to
4151 fix this bug.
4152
4153 Changes since 3.0.1rc4
4154
4155- Fix a bug that would cause the DHCP server to spin if asked to parse
4156 a certain kind of incorrect statement.
4157
4158- Fix a related bug that would prevent an error from being reported in
4159 the same case.
4160
4161- Additional documentation.
4162
4163- Make sure that the hardware address matches the lease when
4164 processing a DHCPRELEASE message.
4165
4166 Changes since 3.0.1rc3
4167
4168- A minor bug fix in the arguments to a logging function call.
4169- Documentation update for dhcpd.conf.
4170
adbef119 4171 Changes since 3.0.1rc2
98311e4b
DH
4172
4173- Allow the primary to send a POOLREQ message. This isn't what the current
4174 failover draft says to do, so we may have to back it out if I can't get the
4175 authors to relent, but the scheme for balancing that's specified in the
4176 current draft seems needlessly hairy, so I'm floating a trial balloon.
4177 The rc1 code did not implement the method described in the draft either.
4178
adbef119 4179 Changes since 3.0.1rc1
98311e4b
DH
4180
4181- Treat NXDOMAIN and NXRRSET as success when we are trying to delete a
4182 domain or RRSET. This allows the DHCP server to forget about a name
4183 it added to the DNS once it's been removed, even if the DHCP server
4184 wasn't the one that removed it.
4185
4186- Install defaults for failover maximum outstanding updates and maximum
4187 silent time. This prevents problems that might occur if these values
4188 were not configured.
4189
4190- Don't do DDNS deletes if ddns-update-style is none.
4191
4192- Return relay agent information options in DHCPNAK. This prevents DHCPNAK
4193 messages from being dropped when the relay agent information option contains
4194 routing information.
4195
4196- Fix a problem where coming up in recover wouldn't result in an update
4197 request being sent.
4198
4199- Add some more chatty messages when we start a recovery update and when it's
4200 done.
4201
4202- Fix a possible problem where some state might have been left around
4203 after the peer lost contact and regained contact about how many updates
4204 were pending.
4205
4206- Don't nix a lease update because of a lease conflict. This test has
4207 never (as far as I know) prevented a mistake, and it appears to cause
4208 problems with failover.
4209
4210- Add support in rc history code for keeping a selective history, rather
4211 than a history of all references and dereferences. This code is only used
4212 when extensive additional debugging is enabled.
4213
adbef119 4214 Changes since 3.0
98311e4b
DH
4215
4216- Make allocators for hash tables. As a side effect, this fixes a memory
4217 smash in the subclass allocation code.
4218
4219- Fix a small bug in omshell where if you try to close an object when
4220 no object is open, it dumps core.
4221
4222- Fix an obscure coredump that could occur on shutdown.
4223
4224- Fix a bug in the recording of host declaration rubouts in the lease file.
4225
4226- Fix two potential spins in the host deletion code.
4227
4228- Fix a core dump that would happen if an application tried to update
4229 a host object attribute with a null value.
4230
4231 Changes since 3.0 Release Candidate 12
4232
4233- Fix a memory leak in the evaluation code.
4234
4235- Fix an obscure core dump.
4236
4237- Print a couple of new warnings when parsing the configuration file
4238 when crucial information is left out.
4239
4240- Log "no free leases" as an error.
4241
4242- Documentation updates.
4243
4244 Changes since 3.0 Release Candidate 11
4245
4246- Always return a subnet selection option if one is sent.
4247
4248- Fix a warning that was being printed because an automatic data
4249 structure wasn't zeroed.
4250
4251- Fix some failover state transitions that were being handled
4252 incorrectly.
4253
4254- When supersede_lease is called on a lease whose end time has already
4255 expired, but for which a state transition has not yet been done, do
4256 a state transition. This fixes the case where if the secondary
4257 allocated a lease to a client and the lease "expired" while the
4258 secondary was in partner-down, no expiry event would actually
4259 happen, so the lease would remain active until the primary was
4260 restarted.
4261
4262 Changes since 3.0 Release Candidate 10
4263
4264- Fix a bug that was preventing released leases from changing state
4265 in failover-enabled pools.
4266
4267- Fix a core dump in the client identifier finder code (for host
4268 declarations).
4269
4270- Finish fixing a bug where bogus data would sometimes get logged to
4271 the dhclient.leases file because it was opened as descriptor 2.
4272
4273- Fix the Linux dhclient-script according to suggestions made by
4274 several people on the dhcp-client mailing list.
4275
4276- Log successful DNS updates at LOG_INFO, not LOG_ERROR.
4277
4278- Print an error message and refuse to run if a failover peer is
4279 defined but not referenced by any pools.
4280
4281- Correct a confusing error message in failover.
4282
eaf0b302
TL
4283 Changes since 3.0 Release Candidate 9
4284
4285- Fix a bug in lease allocation for Dynamic BOOTP clients.
4286
0db87765
TL
4287 Changes since 3.0 Release Candidate 8 Patchlevel 2
4288
4289- Fix a bug that prevented update-static-leases from working.
4290
4291- Document failover-state OMAPI object.
4292
4293- Fix a compilation error on SunOS 4.
4294
d758ad8c
TL
4295 Changes since 3.0 Release Candidate 8 Patchlevel 1
4296
4297- Fix a parsing bug that broke dns updates (both interim and ad-hoc).
4298 This was introduced in rc8pl1 as an unintended result of the memory
4299 leakage fixes that were in pl1.
4300
4301- Fix a long-standing bug where the server would record that an update
4302 had been done for a client with no name, even though no update had
4303 been done, and then when the client's lease expired the deletion of
4304 that nonexistant record would time out because the name was the null
9a111ee8 4305 string.
d758ad8c
TL
4306
4307- Clean up the omshell, dhcpctl and omapi man pages a bit.
4308
d758ad8c
TL
4309 Changes since 3.0 Release Candidate 8
4310
4311- Fix a bug that could cause the DHCP server to spin if
4312 one-lease-per-client was enabled.
4313
4314- Fix a bug that was causing core dumps on BSD/os in the presence of
4315 malformed packets.
4316
4317- In partner-down state, don't restrict lease lengths to MCLT.
4318
4319- On the failover secondary, record the MCLT received from the primary
4320 so that if we come up without a connection to the primary we don't
4321 wind up giving out zero-length leases.
4322
4323- Fix some compilation problems on BSD/os.
4324
4325- Fix a bunch of memory leaks.
4326
4327- Fix a couple of bugs in the option printer.
4328
4329- Fix an obscure error reporting bug in the dns update code, and also
4330 make the message clearer when a key algorithm isn't supported.
4331
4332- Fix a bug in the tracing code that prevented trace runs that used
4333 tcp connections from being played back.
4334
4335- Add some additional debugging capability for catching memory leaks
4336 on exit.
4337
4338- Make the client release the lease correctly on shutdown.
4339
4340- Add some configurability to the build system.
4341
4342- Install omshell manual page in man1, not man8.
4343
4344- Craig Gwydir sent in a patch that fixes a long-standing bug in the
4345 DHCP client that could cause core dumps, but that for some reason
4346 hadn't been noticed until now.
4347
4348 Changes since 3.0 Release Candidate 7
4349
4350- Fix a bug in failover where we weren't sending updates after a
4351 transition from communications-interrupted to normal.
4352
4353- Handle expired/released/reset -> free transition according to the
4354 protocol specification (this works - the other way not only wasn't
4355 conformant, but also didn't work).
4356
4357- Add a control object in both client and server that allows either
4358 daemon to be shut down cleanly.
4359
4360- When writing a lease, if we run out of disk space, shut down the
4361 output file and insist on writing a new one before proceeding.
4362
4363- In the server, if the OMAPI listener port is occupied, keep trying
4364 to get it, rather than simply giving up and exiting.
4365
4366- Support fetching variables from leases and also updating and adding
4367 variables to leases via OMAPI.
4368
4369- If two failover peers have wildly different clocks, refuse to start
4370 doing failover.
4371
4372- Fix a bug in the DNS update code that could cause core dumps when
4373 running on alpha processors.
4374
4375- Fixed a bug in ddns updates for static lease entries, thanks to a
4376 patch from Andrey M Linkevitch.
4377
4378- Add support for Darwin/MacOS X
4379
4380- Install omshell (including new documentation).
4381
4382- Support DNS updates in the client (this is a very obscure feature
4383 that most DHCP client users probably will not be able to use).
4384
4385- Somewhat cleaner status logging in the client.
4386
4387- Make OMAPI key naming syntax compatible with the way keys are
4388 actually named (key names are domain names).
4389
4390- Fix a bug in the lease file writer.
4391
4392- Install DHCP ISC headers in a different place than BIND 9 ISC
4393 headers, to avoid causing trouble in BIND 9 builds.
4394
4395- Don't send updates for attributes on an object when the attributes
4396 haven't changed. Support deleting attributes on remote objects.
4397
4398- Fix a number of bugs in omshell, and add the unset and refresh
4399 statements.
4400
4401- Handle disconnects in OMAPI a little bit more intelligently (so that
4402 the caller gets ECONNRESET instead of EINVAL).
4403
4404- Fix a bunch of bugs in the handling of clients that have existing
4405 leases when the try to renew their leases while failover is
4406 operating.
4407
eaf0b302
TL
4408 Changes since 3.0 Release Candidate 6
4409
4410- Fix a core dump that could happen when processing a DHCPREQUEST from
4411 a client that had a host declaration that contained both a
4412 fixed-address declaration and a dhcp-client-identifier option
4413 declaration, if the client identifier was longer than nine bytes.
4414
4415- Fix a memory leak that could happen in certain obscure cases when
4416 using omapi to manipulate leases.
4417
4418- Fix some bugs and omissions in omshell.
4419
eaf0b302
TL
4420 Changes since 3.0 Release Candidate 5
4421
4422- Fix a bug in omapi_object_dereference that prevented objects in
4423 chains from having their reference counts decreased on dereference.
4424
4425- Fix a bug in omapi_object_dereference that would prevent object
4426 chains from being freed upon removal of the last reference external
4427 to the chain.
4428
4429- Fix a number of other memory leaks in the OMAPI protocol subsystem.
4430
4431- Add code in the OMAPI protocol handler to trace memory leakage.
4432
4433- Clean up the memory allocation/reference history printer.
4434
98311e4b 4435- Support input of dotted quads and colon-separated hex lists as
eaf0b302
TL
4436 attribute values in omshell.
4437
98311e4b 4438- Fix a typo in the Linux interface discovery code.
eaf0b302
TL
4439
4440- Conditionalize a piece of trace code that wasn't conditional.
4441
4442 Changes since 3.0 Release Candidate 4
4443
4444- Fix a bug that would prevent leases from being abandoned properly on
4445 DHCPDECLINE.
4446
4447- Fix failover peer OMAPI support.
4448
4449- In failover, correctly handle expiration of leases. Previously,
4450 leases would never be reclaimed because they couldn't make the
4451 transition from EXPIRED to FREE.
4452
4453- Fix some broken failover state transitions.
4454
4455- Documentation fixes.
4456
4457- Take out an unnecessary check in DHCP relay agent information option
4458 stashing code that was preventing REBINDING clients from rebinding.
4459
4460- Prevent failover peers from allocating leases in DHCPREQUEST
4461 processing if the lease belongs to the other server.
4462
4463- Record server version in lease file introductory comment.
4464
4465- Correctly report connection errors in OMAPI and failover.
4466
4467- Make authentication signature algorithm name comparisons in OMAPI
4468 case-insensitive.
4469
4470- Fix compile problem on SunOS 4.x
4471
98311e4b 4472- If a signature algorithm is not terminated with '.', terminate it so
eaf0b302
TL
4473 that comparisons between fully-qualified names will work
4474 consistently.
4475
4476- Different SIOCGIFCONF probe code, may "fix" problem on some Linux
4477 systems with the probe not working correctly.
4478
4479- Don't allow user to type omapi key on command line of omshell.
4480
0596b051
TL
4481 Changes since 3.0 Release Candidate 3
4482
4483- Do lease billing on startup in a way that I *think* will finally do
4484 the billing correctly - the previous method could overbill as a
4485 result of duplicate leases.
4486
4487- Document OMAPI server objects.
4488
892fe689
TL
4489 Changes since 3.0 Release Candidate 2 Patchlevel 1
4490
4491- Fix some problems in the DDNS update code. Thanks to Albert
4492 Herranz for figuring out the main problem.
4493
4494- Fix some reference counting errors on host entries that were causing
4495 core dumps.
4496
4497- Fix a byte-swap bug in the token ring code, thanks to Jochen
4498 Friedrich.
4499
4500- Fix a bug in lease billing, thanks to Jonas Bulow.
4501
4502 Changes since 3.0 Release Candidate 2
4503
4504- Change the conditions under which a DHCPRELEASE is actually
4505 committed to be consistent with lease binding states rather than
98311e4b 4506 using the lease end time. This may fix some problems with the
892fe689
TL
4507 billing class code.
4508
4509- Fix a bug where lease updates would fail on Digital Unix (and maybe
4510 others) because malloc was called with a size of zero.
4511
4512- Fix a core dump that happens when the DHCP server can't create its
4513 trace file.
4514
79ea3de8 4515 Changes since 3.0 Release Candidate 1 Patchlevel 1
87784777 4516
79ea3de8
TL
4517- Fix the dhcp_failover_put_message to not attempt to allocate a
4518 zero-length buffer. Some versions of malloc() fail if you try to
4519 allocate a zero-length buffer, and this was causing problems on,
4520 e.g., Digital Unix.
4521
4522- Fix a case where the failover code was printing an error message
4523 when no error had occurred.
4524
4525- Fix a problem where when a server went down and back up again, the
4526 peer would not see a state transition and so would stay in the
4527 non-communicating state.
4528
4529- Be smart about going into recover_wait.
4530
4531- Fix a problem in the failover implementation where peers would fail
4532 to come into sync if interrupted in the RECOVER state. This could
4533 have been the cause of some problems people have reported recently.
4534
4535- Fix a problem with billing classes where they would not be unbilled
4536 when the client lease expired.
4537
4538- If select fails, figure out which descriptor is bad, and cut it out
4539 of the I/O loop. This prevents a potentially nasty spin. I
4540 haven't heard any report it in a while, but it came up consistently
4541 in testing.
4542
4543- Fix a bug in the relay agent where if you specified interfaces on
4544 the command line, it would fail.
4545
4546- Fix a couple of small bugs in the omapi connection object (no known
4547 user impact).
4548
4549- Add the missing 3.0 Beta 1 lease conversion script.
4550
4551- Read dhcp client script hooks if they exist, rather than only if
4552 they're executable.
4553
4554 Changes since 3.0 Release Candidate 1
87784777
TL
4555
4556- Fix a memory smash that happens when fixed-address leases are used.
4557 ANY SITE AT WHICH FIXED-ADDRESS STATEMENTS ARE BEING USED SHOULD
4558 UPGRADE IMMEDIATELY. This has been a long-standing bug - thanks to
4559 Alvise Nobile for discovering it and helping me to find it!
4560
79ea3de8
TL
4561- Fix a small bug in binary-to-ascii, thanks to H. Peter Anvin of
4562 Transmeta.
4563
87784777
TL
4564- There is a known problem with the DHCP server doing failover on
4565 Compaq Alpha systems. This patchlevel is not a release candidate
4566 because of this bug. The bug should be straightforward to fix, so
4567 a new release candidate is expected shortly.
4568
4569- There is a known problem in the DDNS update code that is probably a
4570 bug, and is not, as far as we know, fixed in this patchlevel.
4571
6d779c72
TL
4572 Changes since 3.0 Beta 2 Patchlevel 24
4573
4574- Went over problematic failover state transitions and made them all
4575 work, so that failover should now much less fragile.
4576
4577- Add some dhcpctl and omapi documentation
4578
4579- Fix compile errors when compiling with unusual predefines.
4580
4581- Make Token Ring work on Linux 2.4
4582
4583- Fix the Digital Unix BPF_WORDALIGN bug.
4584
4585- Fix some dhcp client documentation errors.
4586
4587- Update some parts of the README file.
4588
4589- Support GCC on SCO.
4590
adbef119 4591 Changes since 3.0 Beta 2 Patchlevel 23
de57e64b
TL
4592
4593- Fix a bug in the DNS update code where a status code was not being
4594 checked. This may have been causing core dumps.
4595
4596- When parsing the lease file, if a lease declaration includes a
4597 billing class statement, and the lease already has a billing class,
4598 unbill the old class.
4599
4600- When processing failover transactions, where acks will be deferred,
4601 process the state transition immediately.
4602
4603- Don't try to use the new SIOCGIFCONF buffer size detection code on
4604 Linux 2.0, which doesn't provide this functionality.
4605
4606- Apply a patch suggested by Tuan Uong for a problem in dlpi.c.
4607
4608- Fix a problem in using the which command in the configure script.
4609
4610- Fix a parse error in the client when setting up an omapi listener.
4611
4612- Document the -n and -g flags to the client.
4613
4614- Make sure there is always a stdin and stdout on startup. This
4615 prevents shell scripts from accidentally writing error messages into
4616 configuration files that happen to be opened as stderr.
4617
4618- If an interface is removed, the client will now notice that it is
4619 gone rather than spinning. This has only been tested on NetBSD.
4620
4621- The client will attempt to get an address even if it can't create a
4622 lease file.
4623
4624- Don't overwrite tracefiles.
4625
4626- Fix some memory allocation bugs in failover.
2aa36519 4627
adbef119 4628 Changes since 3.0 Beta 2 Patchlevel 22
140158d3
TL
4629
4630- Apply some patches suggested by Cyrille Lefevre, who is maintaining
4631 the FreeBSD ISC DHCP Distribution port.
4632
4633- Fix a core dump in DHCPRELEASE.
4634
adbef119 4635 Changes since 3.0 Beta 2 Patchlevel 21
3a395e60
TL
4636
4637- This time for sure: fix the spin described in the changes for pl20.
4638
adbef119 4639 Changes since 3.0 Beta 2 Patchlevel 20
fc74dd0c
TL
4640
4641- Fix a problem with Linux detecting large numbers of interfaces (Ben)
4642
4643- Fix a memory smash in the quotify code, which was introduced in
4644 pl19.
4645
4646- Actually fix the spin described in the changes for pl20. The
4647 previous fix only partially fixed the problem - enough to get it
4648 past the regression test.
4649
adbef119 4650 Changes since 3.0 Beta 2 Patchlevel 19
ed5ee591
TL
4651
4652- Fix a bug that could cause the server to abort if compiled with
4653 POINTER_DEBUG enabled.
4654
4655- Fix a bug that could cause the server to spin when responding to a
4656 DHCPREQUEST.
4657
4658- Apply Joost Mulders' suggested patches for DLPI on x86.
4659
4660- Support NUL characters in quoted strings.
4661
4662- Install unformatted man pages on SunOS.
4663
adbef119 4664 Changes since 3.0 Beta 2 Patchlevel 18
b3fad8ac 4665
3350f5b7
TL
4666- Allow the server to be placed in partner-down state using OMAPI.
4667 (Damien Neil)
4668
4669- Implement omshell, which can be used to do arbitrary things to the
4670 server (in theory). (Damien Neil)
4671
4672- Fix a case where if a client had two different leases the server could
4673 actually dereference the second one when it hadn't been referenced,
4674 leading to memory corruption and a core dump. (James Brister)
4675
4676- Fix a case where a client could request the address of another client's
4677 lease, but find_lease wouldn't detect that the other client had it, and
4678 would attempt to allocate it to the client, resulting in a lease conflict
4679 message.
4680
4681- Fix a case where a client with more than one client identifier could be
4682 given a lease where the hardware address was correct but the client
4683 identifier was not, resulting in a lease conflict message.
4684
98311e4b 4685- Fix a problem where the server could write out a colon-separated
3350f5b7
TL
4686 hex list as a value for a variable, which would then not parse.
4687 The fix is to always write strings as quoted strings, with any
4688 non-printable characters quoted as octal escape sequences. So
4689 a file written the old way still won't work, but new files written
4690 this way will work.
4691
b3fad8ac
TL
4692- Fix documentation for sending non-standard options.
4693
4694- Use unparsable names for unknown options. WARNING: this will
4695 break any configuration files that use the option-nnn convention.
4696 If you want to continue to use this convention for some options,
4697 please be sure to write a definition, like this:
4698
4699 option option-nnn code nnn = string;
4700
4701 You can use a descriptive name instead of option-nnn if you like.
4702
4703- Fix a problem where we would see a DHCPDISCOVER/DHCPOFFER/
4704 DHCPREQUEST/DHCPACK/DHCPREQUEST/DHCPNAK sequence. This was the
4705 result of a deceptively silly bug in supersede_lease.
4706
4707- Fix client script exit status check, according to a fix supplied by
4708 Hermann Lauer.
4709
4710- Fix an endianness bug in the tracefile support, regarding ICMP
4711 messages.
4712
3350f5b7
TL
4713- Fix a bug in the client where the medium would not work correctly if
4714 it contained quoted strings.
4715
b3fad8ac
TL
4716 ** there was no pl17 **
4717
adbef119 4718 Changes since 3.0 Beta 2 Patchlevel 16
e6d30fd6 4719
6da9db9d
TL
4720- Add support for transaction tracing. This allows the state of the
4721 DHCP server on startup, and all the subsequent transactions, to be
4722 recorded in a file which can then be played back to reproduce the
4723 behaviour of the DHCP server. This can be used to quickly
4724 reproduce bugs that cause core dumps or corruption, and also for
4725 tracking down memory leaks.
4726
4727- Incorporate some bug fixes provided by Joost Mulders for the DLPI
4728 package which should clear up problems people have been seeing on
4729 Solaris.
4730
4731- Fix bugs in the handling of options stored as linked lists (agent
4732 options, fqdn options and nwip options) that could cause memory
4733 corruption and core dumps.
4734
4735- Fix a bug in DHCPREQUEST handling that resulted in DHCPNAK messages
4736 not being send in some cases when they were needed.
4737
4738- Make the lease structure somewhat more compact.
4739
4740- Make initial failover startup *much* faster. This was researched
4741 and implemented by Damien Neil.
4742
4743- Add a --version flag to all executables, which prints the program
4744 name and version to standard output.
4745
4746- Don't rewrite the lease file every thousand leases.
4747
e6d30fd6
TL
4748- A bug in nit.c for older SunOS machines was fixed by a patch sent in
4749 by Takeshi Hagiwara.
4750
6da9db9d
TL
4751- Fix a memory corruption bug in the DHCP client.
4752
4753- Lots of documentation updates.
4754
4755- Add a feature allowing environment variables to be passed to the
4756 DHCP client script on the DHCP client command line.
4757
4758- Fix client medium support, which had been broken for some time.
4759
4760- Fix a bug in the DHCP client initial startup backoff interval, which
4761 would cause two DHCPDISCOVERS to be sent back-to-back on startup.
4762
adbef119 4763 Changes since 3.0 Beta 2 Patchlevel 15
af49fdff
TL
4764
4765- Some documentation tweaks.
4766
4767- Maybe fix a problem in the DLPI code.
4768
4769- Fix some error code space inconsistencies in ddns update code.
4770
4771- Support relay agents that intercept unicast DHCP messages to stuff
4772 agent options into them.
4773
4774- Fix a small memory leak in the relay agent option support code.
4775
c5b569f8
TL
4776- Fix a core dump that would occur if a packet was sent with no
4777 options.
4778
adbef119 4779 Changes since 3.0 Beta 2 Patchlevel 14
754ae3e9
TL
4780
4781- Finish fixing a long-standing bug in the agent options code. This
4782 was causing core dumps and failing to operate correctly - in
4783 particular, agent option stashing wasn't working. Agent option
4784 stashing should now be working, meaning that agent options can be
4785 used in class statements to control address allocation.
4786
4787- Fix up documentation.
4788
4789- Fix a couple of small memory leaks that would have added up
4790 significantly in a high-demand situation.
4791
4792- Add a log-facility configuration parameter.
4793
4794- Fix a compile error on some older operating systems.
4795
4796- Add the ability in the client to execute certain statements before
4797 transmitting packets to the server. Handy for debugging; not much
4798 practical use otherwise.
4799
4800- Don't send faked-out giaddr when renewing or bound - again, useful
4801 for debugging.
4802
adbef119 4803 Changes since 3.0 Beta 2 Patchlevel 13
2f2e7960
TL
4804
4805- Fixed a problem where the fqdn decoder would sometimes try to store
4806 an option with an (unsigned) negative length, resulting in a core
4807 dump on some systems.
4808
4809- Work around the Win98 DHCP client, which NUL-terminates the FQDN
4810 option.
4811
4812- Work around Win98 and Win2k clients that will claim they want to do
4813 the update even when they don't have any way to do it.
4814
4815- Fix some log messages that can be printed when failover is operating
4816 that were not printing enough information.
4817
4818- It was possible for a DHCPDISCOVER to get an allocation even when
4819 the state machine said the server shouldn't be responding.
4820
4821- Don't load balance DHCPREQUESTs from clients in RENEWING and
4822 REBINDING, since in RENEWING, if we heard it, it's for us, and in
4823 REBINDING, the client wouldn't have got to REBINDING if its primary
4824 were answering.
4825
4826- When we get a bogus state lease binding state transition, don't do
4827 the transition.
9a111ee8 4828
2f2e7960 4829
adbef119 4830 Changes since 3.0 Beta 2 Patchlevel 12
66e98927
TL
4831
4832- Fixed a couple of silly compile errors.
4833
a1e2e3d6
TL
4834 Changes since 3.0 Beta 2 Patchlevel 11
4835
4836- Albert Herranz tracked down and fixed a subtle bug in the base64
4837 decoder that would prevent any key with an 'x' in its base64
4838 representation from working correctly.
4839
4840- Thanks to Chris Cheney and Michael Sanders, we have a fix for the
4841 hang that they both spotted in the DHCP server - when
4842 one-lease-per-client was set, the code to release the "other" lease
4843 could spin.
4844
4845- Fix a problem with alignment of the input buffer in bpf in cases
4846 where two packets arrive in the same bpf read.
4847
4848- Fix a problem where the relay agent would crash if you specified an
4849 interface name on the command line.
4850
4851- Add the ability to conditionalize client behaviour based on the
4852 client state.
4853
4854- Add support for the FQDN option, and added support for a new way of
4855 doing ddns updates (ddns update style interim) that allows more than
4856 one DHCP server to update the DNS for the same network(s). This
4857 was implemented by Damien Neil with some additional functionality
4858 added by Ted Lemon.
4859
4860- Damien added a "log" statement, so that the configuration file can
4861 be made to log debugging information and other information.
4862
4863- Fixed a bug that caused option buffers not to be terminated with an
4864 end option.
4865
4866- Fixed a long-standing bug in the support for option spaces where the
4867 options are stored as an ordered list rather than in a hash table,
4868 which could theoretically result in memory pool corruption.
4869
4870- Prevent hardware declarations with no actual hardware address from
4871 being written as something unparsable, and behave correctly in the
4872 face of a null hardware address on input.
4873
4874- Allow key names to be FQDNs, and qualify the algorithm name if it is
4875 specified unqualified.
4876
4877- Modify the DDNS update code so that it never prints the "resolver
4878 failed" message, but instead says *why* the resolver failed.
4879
4880- Officially support the subnet selection option, which now has an
4881 RFC.
4882
4883- Fix a build bug on MacOS X.
4884
4885- Allow administrator to disable ping checking.
4886
4887- Clean up dhcpd.conf documentation and add more information about how
4888 it works.
4889
6c68ec36
TL
4890 Changes since 3.0 Beta 2 Patchlevel 10
4891
4892- Fix a bug introduced during debugging (!) and accidentally committed
4893 to CVS.
4894
9fd337e7
TL
4895 Changes since 3.0 Beta 2 Patchlevel 9
4896
4897- Fix DHCP client handling of vendor encapsulated options.
4898
4899- Fix a bug in the handling of relay agent information options introduced
4900 in patchlevel 9.
4901
4902- Stash agent options on client leases by default, and use the stashed
4903 options at renewal time.
4904
4905- Add the ability to test the client's binding state in the client
4906 configuration language.
4907
4908- Fix a core dump in the DNS update code.
4909
4910- Fix some expression evaluation bugs that were causing updates to be
4911 done when no client hostname was received.
4912
4913- Fix expression evaluation debugging printfs.
4914
4915- Teach pretty_print_option to print options in option spaces other than
4916 the DHCP option space.
4917
4918- Add a warning message if the RHS of a not is not boolean.
4919
4920- Never select for more than a day, because some implementations of
4921 select will just fail if the timeout is too long (!).
4922
4923- Fix a case where a DHCPDISCOVER from an unknown network would be
4924 silently dropped.
4925
4926- Fix a bug where if a client requested an IP address for which a different
4927 client had the lease, the DHCP server would reallocate it anyway.
4928
4929- Fix the DNS update code so that if the client changes its name, the DNS
4930 will be correctly updated.
4931
3922772a
TL
4932 Changes since 3.0 Beta 2 Patchlevel 8
4933
4934- Oops, there was another subtle math error in the header-length
4935 bounds-checking.
4936
4937 Changes since 3.0 Beta 2 Patchlevel 7
848c2547
TL
4938
4939- Oops, forgot to byte-swap udp header length before bounds-checking it.
4940
3922772a 4941 Changes since 3.0 Beta 2 Patchlevel 6
0f6045f8 4942
f8572308
TL
4943- Fix a possible DoS attack where a client could cause the checksummer
4944 to dump core. This was a read, not a write, so it shouldn't be
4945 possible to exploit it any further than that.
4946
4947- Implement client- and server-side support for using the Client FQDN
4948 option.
4949
4950- Support for other option spaces in the client has been added. This
4951 means that it is now possible to define a vendor option space on the
4952 client, request options in that space from the server (which must
4953 define the same option space), and then use those options in the
4954 client. This also allows NWIP and Client FQDN options to be used
4955 meaningfully.
4956
4957- Add object initializer support. This means that objects can now be
4958 initialized to something other than all-zeros when allocated, which
4959 makes, e.g., the interface object support code a little more robust.
4960
4961- Fix an off-by-one bug in the host stuffer. This was causing host
4962 deletes not the work, and may also have been causing OMAPI
4963 connections to get dropped. Thanks to James Brister for tracking
4964 this one down!
4965
4966- Fixed a core dump in the interface discovery code that is triggered
4967 when there is no subnet declaration for an interface, but the server
4968 decides to continue running. Thanks to Shane Kerr for tracking
4969 down and fixing this problem.
4970
4971 Changes since 3.0 Beta 2 Patchlevel 5
4972
0f6045f8
TL
4973- Fix a bug in the recent enhancement to the interface discovery code
4974 to support arbitrary-length interface lists.
4975
4976- Support NUL-terminated DHCP options when initializing client-script
4977 environment.
4978
4979- Fix suffix operator.
4980
4981- Fix NetWare/IP option parsing.
4982
4983- Better error/status checking in dhcpctl initialization and omapi
4984 connection code.
4985
4986- Fix a potential memory smash in dhcpctl code.
4987
4988- Fix SunOS4 and (maybe) Ultrix builds.
4989
4990- Fix a bug where a certain sort of incoming packet could cause a core
4991 dump on Solaris (and probably elsewhere).
4992
4993- Add some more safety checks in error logging code.
4994
4995- Add support for ISC_R_INCOMPLETE in OMAPI protocol connection code.
4996
4997- Fix relay agent so that if an interface is specified on the command
4998 line, the relay agent does not dump core.
4999
5000- Fix class matching so that match if can be combined with match or
5001 spawn with.
5002
5003- Do not allow spurious leases in the lease database to introduce
5004 potentially bogus leases into the in-memory database.
5005
5006- Fix a byte-order problem in the client hardware address type code
5007 for OMAPI.
5008
5009- Be slightly less picky about what sort of hardware addresses OMAPI
5010 can install in host declarations.
5011
801de092
TL
5012 Changes since 3.0 Beta 2 Patchlevel 4
5013
5014- Incorporated Peter Marschall's proposed change to array/record
5015 parsing, which allows things like the slp-agent option to be encoded
5016 correctly. Thanks very much to Peter for taking the initiative to
5017 do this, and for doing such a careful job of it (e.g., updating the
5018 comments)!
5019
5020- Added an encoding for the slp-agent option. :')
5021
6ed7a93d
TL
5022- Fixed SunOS 4 build. Thanks to Robert Elz for responding to my
5023 request for help on this with patches!
5024
5025- Incorporated a change that should fix a problem reported by Philippe
5026 Jumelle where when the network connection between two servers is
5027 lost, they never reconnect.
5028
5029- Fix client script files other than that for NetBSD to actually use
5030 make_resolv_conf as documented in the manual page.
5031
5032- Fix a bug in the packet handling code that could result in a core
5033 dump.
5034
5035- Fix a bug in the bootp code where responses on the local net would
5036 be sent to the wrong MAC address. Thanks to Jerry Schave for
5037 catching this one.
5038
490eb5e7
TL
5039 Changes since 3.0 Beta 2 Patchlevel 3
5040
5041- In the DHCP client, execute client statements prior to using the values
45d545f0 5042 of options, so that the client configuration can overridden, e.g., the
490eb5e7
TL
5043 lease renewal time.
5044
5045- Fix a reference counting error that would result in very reproducible
5046 failures in updates, as well as occasional core dumps, if a zone was
5047 declared without a key.
5048
5049- Fix some Linux 2.0 compilation problems.
5050
5051- Fix a bug in scope evaluation during execution of "on" statements that
5052 caused values not to be recorded on leases.
5053
5054- If the dhcp-max-message-size option is specified in scope, and the
5055 client didn't send this option, use the one specified in scope to
5056 determine the maximum size of the response.
5057
592d8153
TL
5058 Changes since 3.0 Beta 2 Patchlevel 2
5059
359b023e
TL
5060- Fix a case where spawning subclasses were being allocated
5061 incorrectly, resulting in a core dump.
5062
592d8153
TL
5063- Fix a case where the DHCP server might inappropriately NAK a
5064 RENEWING client.
5065
5066- Fix a place dhcprequest() where static leases could leak.
5067
5068- Include memory.h in omapip_p.h so that we don't get warnings about
5069 using memcmp().
5070
2aa36519
TL
5071 Changes since 3.0 Beta 2 Patchlevel 1
5072
5073- Notice when SIOCFIGCONF returns more data than fit in the buffer -
5074 allocate a larger buffer, and retry. Thanks to Greg Fausak for
5075 pointing this out.
5076
5077- In the server, if no interfaces were configured, report an error and
5078 exit.
5079
5080- Don't ever record a state of 'startup'.
5081
5082- Don't try to evaluate the local failover binding address if none was
5083 specified. Thanks to Joseph Breu for finding this.