]> git.ipfire.org Git - thirdparty/dhcp.git/blame - RELNOTES
projects / thirdparty / dhcp.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fix some misspelling typos
[thirdparty/dhcp.git] / RELNOTES
CommitLineData
5ddbe8e4
TM		 1 Internet Systems Consortium DHCP Distribution
2 Version 4.3.2
3 05 March 2015
72c7bd79 4
5ddbe8e4 5 Release Notes
72c7bd79 6
5ddbe8e4 7 NEW FEATURES
16449d9c 8
5ade3c84 9The major "theme" for ISC DHCP 4.3.x was to update the support for
324257e3
SR		 10DHCPv6 to include several of the features that have been available
11for DHCPv4. These include:
37ec5845 12
324257e3
SR		 13- Support the use of classes
14
15- Support for on_commit, on_expiry and on_release statements
16
4809ef5c 17- Better logging of address assignments
324257e3
SR		 18
19- Support for using DHCPv6 relay options in expressions
20
21This release also adds suppport for the standard DDNS as described in the
22current RFCs as well as enhancing support for dynamically adding and removing
23subclasses via OMAPI.
98bf1607 24
01a54c17
EH		 25There are a number of DHCPv6 limitations and features missing in this
26release, which will be addressed in the future:
98bd7ca0 27
01a54c17 28- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
3a16098f 29
adbef119
DH		 30- DHCPv6 includes human-readable text in status code messages, in
31 English. A method to reconfigure or support other languages would
80778e94 32 be preferable.
98bd7ca0
DH		 33
34- The "host-identifier" option is limited to a simple token.
35
98bd7ca0 36- The client and server can only operate DHCPv4 or DHCPv6 at a time,
45d545f0 37 not both. To use both protocols simultaneously, two instances of the
6de1f33e 38 relevant daemon are required, one with the '-6' command line option.
4ff4053b 39
01a54c17
EH		 40For information on how to install, configure and run this software, as
41well as how to find documentation and report bugs, please consult the
42README file.
ca4606b5 43
01a54c17
EH		 44ISC DHCP uses standard GNU configure for installation. Please review the
45output of "./configure --help" to see what options are available.
fe5b0fdd 46
01a54c17
EH		 47The system has only been tested on Linux, FreeBSD, and Solaris, and may not
48work on other platforms. Please report any problems and suggested fixes to
49<dhcp-users@isc.org>.
98bd7ca0 50
fef8c6f0
SR		 51ISC DHCP is open source software maintained by Internet Systems
52Consortium. This product includes cryptographic software written
53by Eric Young (eay@cryptsoft.com).
54
c2419dca
SR		 55 Changes since 4.3.2rc2
56
57- None
58
59 Changes since 4.3.2rc1
75d02fcf
TM		 60
61- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
62 The error occurs on Linux variants that do not support VLAN tag information
63 in packet auxiliary data. The configure script now only enables inclusion
64 of the VLAN tag-based logic if it is supported by the underlying OS.
65 [ISC-Bugs #38677]
66
45adf35c 67 Changes since 4.3.2b1
4d9b81fc 68
45adf35c 69- Specifying the option, --disable-debug, on the configure script command line
4e1bf548 70 now disables debug features. Prior to this, specifying --disable-debug
112d76f6
TM		 71 incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
72 the issue.
4e1bf548 73 [ISC-Bugs #37780]
4d9b81fc 74
9a111ee8
TM		 75- Unit test execution now uses a path augmented during configuration
76 processing of the --with-atf option to locate ATF runtime tools, atf-run
77 and atf-report. For most installations of ATF, this should alleviate the
78 need to manually include them in the PATH, as was formerly required.
79 If the configure script cannot locate the tools it will emit a warning,
80 informing the user that the tools must be in the PATH when running unit
81 tests.
82 Secondly, please note that "make check" will now exit with a failure status
83 code (non-zero) if one or more unit tests fail. This means that invoking
84 "make check" from an upper level directory will cause the make process to
85 STOP after the first test subdirectory with failed test(s). To force all
86 tests in all subdirectories to run, regardless of individual test outcome,
87 use the command "make -k check".
88 [ISC-Bugs #38619]
89
36e2c224 90 Changes since 4.3.1
906ec9a7 91
71d7e9aa
TM		 92- Corrected parser's right brace matching when a statement contains an error.
93 [ISC-Bugs #36021]
94
3ffc07de 95- TSIG-authenticated dynamic DNS updates now support the use of these
267a248d
TM		 96 additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
97 and hmac-sha512
3ffc07de
TM		 98 [ISC-Bugs #36947]
99
fa54ba10 100- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
45adf35c 101 working with the OpenBSD project who spotted the issue and provided the
fa54ba10 102 patch.
e1b18c69
TM		 103 [ISC-Bugs #36653]
104
fa54ba10 105- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
45adf35c 106 Stoeckmann working with the OpenBSD project who spotted the issue and
fa54ba10 107 provided the patch.
0ce1aa94
TM		 108 [ISC-Bugs #36897]
109
3956569b
TM		 110- Log statements depicting what files will be used by the server now occur
111 after the configuration file has been processed.
112 [ISC-Bugs #36671]
113
36e2c224 114- Addressed Coverity issues reported as of 07-31-2014:
6444928c 115 [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
c7c11ea1 116 [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
6444928c
TM		 117 [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
118 compilers that was introduced by #36712
906ec9a7 119
2a537542
TM		 120- Server now supports a failover split value of 256.
121 [ISC-Bugs] #36664]
122
1dceab6c
SR		 123- Remove unneeded error #defines. These defines were included in case
124 external programs required the older versions of the macro. They
125 have been #ifdeffed for now and will be removed at a future date.
126 See site.h for the #define to include them again, but you should
127 switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
adb95d23 128 Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
1dceab6c
SR		 129 [ISC-Bugs #37128]
130
bd49432f 131- Added checks in range6 and prefix6 statement parsing to ensure addresses
b3b69c1c
TM		 132 are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
133 bug report and patch.
bd49432f 134 [ISC-Bugs #32453]
7ff6ae5a
TM		 135 [ISC-Bugs #17766]
136 [ISC-Bugs #18510]
137 [ISC-Bugs #23698]
138 [ISC-Bugs #28883]
139
140- Addressed checksum issues:
141 Added checksum readiness check to Linux packet filtering which eliminates
142 invalid packet drops due to checksum errors when checksum offloading is
143 in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
144 [ISC-Bugs #22806]
145 [ISC-Bugs #15902]
146 [ISC-Bugs #17739]
147 [ISC-Bugs #18010]
148 [ISC-Bugs #22556]
149 [ISC-Bugs #29769]
45adf35c 150 Inbound packets with UDP checksums of 0xffff now validate correctly rather
7ff6ae5a 151 than being dropped.
e046c826
TM		 152 [ISC-Bugs #24216]
153 [ISC-Bugs #25587]
154
155- Added the echo-client-id configuration parameter to the server configuration.
156 The server now supports RFC 6842 compliant behavior by setting a new
157 configuration parameter, echo-client-id. When enabled, the server will
158 include the client identifier option (Option code 61) if received, in its
159 responses. The server identifier returned in NAKs (if enabled) will now
160 be the globally defined value (if one) if the server cannot attribute the
161 inbound request to a known subnet.
f542e92b
SR		 162 [ISC-Bugs #35958]
163 [ISC-Bugs #32545]
bd49432f 164
0a7e1a8a
TM		 165- Added support of the configuration parameter, use-host-decl-names, to
166 BOOTP request handling.
167 [ISC-Bugs #36233]
168
6067cd48
TM		 169- Added logic to ignore the signal, SIGPIPE, which ensures write failures
170 will be delivered as errors rather than as SIGPIPE signals on all OSs.
171 Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
172 the patch upon which the fix is based.
173 [ISC-Bugs #32222]
174
21d30347
SR		 175- In the failover code, handle the case of communications being interrupted
176 when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
177 the primary to accept the secondary moving from POTENTIAL-CONFLICT to
178 RESOLUTION-INTERRUPTED as well as handling the bind update process better.
179 In addition the code to resend update or update all requests has been
180 modified to send requests more often.
181 [ISC-Bugs #36810]
182 [ISC-Bugs #20352]
183
d9b2a590
TM		 184- By default, the server will now choose the value to use in the forward DNS
185 name from the following in order of preference:
186
187 1. FQDN option if provided by the client
188 2. Host name option if provided by the client
189 3. Configured option host-name if defined
190
191 As before, this may be overridden by defining ddns-hostname to the desired
192 value (or expression). In addition, the server logic has been extended to
193 use the value of the host name declaration if use-host-decl-names is enabled
194 and no other value is available.
195 [ISC-Bugs #21323]
196
f3a44c10
TM		 197- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
198 the existing lease and the forward DNS name had not changed. This has been
199 corrected.
200 [ISC-Bugs #37368]
59990751 201 [ISC-Bugs #38686]
f3a44c10 202
04daf4fe 203- Corrected an issue which caused dhclient to incorrectly form the result when
45adf35c 204 prepending or appending to the IPv4 domain-search option, received from the
04daf4fe
TM		 205 server, when either of the values being combined contain compressed
206 components.
207 [ISC-Bugs #20558]
208
7116a34f
TM		 209- Added the server-id-check parameter to the server configuration.
210 This parameter allows run-time control over whether or not a server,
211 participating in failover, verifies the dhcp-server-identifier option in
212 DHCP REQUESTs against the server’s id before processing the request.
213 Formerly, enabling this behavior was done at compilation time through
214 the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
adb95d23 215 The functionality is now only available through the new runtime parameter.
7116a34f
TM		 216 [ISC-Bugs #37551]
217
2775bd62
TM		 218- During startup, when the server encounters a lease whose binding state is
219 FTS_BACKUP but whose pool has no configured failover peer, it will reset the
220 lease's binding state to FTS_FREE. This allows the leases to be reclaimed
221 by the server after a pool's configuration has changed from failover to
222 standalone. Prior to this such leases would remain stuck in the backup state
223 making them unavailable for assignment. Note this conversion will occur
224 whether or not the server is compiled for failover.
225 [ISC-Bugs #36960]
226
dd9738aa
SR		 227- Fixed a small issue in the treatment of hosts in the inform processing
228 that could cause the response to an inform to include information from
229 the wrong scope. The two examples we've heard of are getting subnet
230 instead of group information associated with a host entry, or getting
231 global information instead of subnet if the host entry was built via
433927d3
SR		 232 omapi. Thanks to Julien Soula at University of Lille for finding the
233 bug and supplying a patch.
dd9738aa
SR		 234 [ISC-Bugs #35712]
235
491bf4a2
SR		 236- Avoid calling pool_timer() recursively from supersede_lease(). This could
237 result in leases changing state incorrectly or delaying the running of the
238 leae expiration code.
239 [ISC-Bugs #38002]
240
992dc765
SR		 241- Move the check for a PID file and process to be before we rewrite the
242 lease file. This avoids the possibility of starting a second instance
243 of a server which changes the current lease file confusing the first
244 instance. This check is only included if the admin hasn't disabled PID
245 files.
246 [ISC-Bugs #38078]
001b9d53 247 [ISC-Bugs #38143]
992dc765 248
cb8c997e
SR		 249- In the client code change the way preferred_life and max_life are printed
250 for environment variables to be unsigned rather than signed.
251 Thanks to Jiri Popelka at Red Hat for the bug report and patch.
252 [ISC-Bugs #37084]
253
acbecb2e
TM		 254- Modified linux packet handling such that packets received via VLAN are now
255 seen only by the VLAN interface. Prior to this, such packets were seen by
256 both the VLAN interface and its parent (physical) interface, causing the
257 server to respond to both. Note this remains an issue for non-Linux OSs.
258 Thanks to Jiri Popelka at Red Hat for the patch.
259 [ISC-Bugs #37415]
260 [ISC-Bugs #37133]
261 [ISC-Bugs #36668]
262 [ISC-Bugs #36652]
263
fb98e02e
TM		 264- Log content has been changed to more directly suggest that admins should
265 check for multiple IPv6 clients attempting to use the same DUID when only
266 abandoned addresses are available. Debug level logging will now emit counts
267 of the total number of, in-use, and abandoned addresses in a shared subnet
268 when the server finds no addresses available for a given DUID. Lastly,
269 threshold logging is now automatically disabled for shared subnets whose
270 total number of possible addresses exceeds (2^64)-1.
271 [ISC-Bugs #26376]
272 [ISC-Bugs #38131]
273
1a006ff6
TM		 274- Added a global parameter, prefix-length-mode, which may be used to determine
275 how the server uses a non-zero value for prefix-length supplied by clients
276 when soliciting DHCPv6 prefixes. The server supports selection modes of:
277 ignore, prefer, exact, minimum and maximum which are described in detail in
278 the server man pages. The prior behavior of the server was to only offer a
279 prefix whose length exactly matched the prefix-length value requested. If
280 no such prefixes were available, the server returned a status of none
281 available. Note the default mode, "exact", provides this same behavior.
282 [ISC-Bugs #36780]
f48dfdf1 283 [ISC-Bugs #32228]
1a006ff6 284
45adf35c
TM		 285- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
286 limit such that it now sets it to 32 when the upstream address is a multicast
287 address per RFC 3315 Section 20. Prior to this if the -u argument preceded
288 the -l argument on the command line or if the same interface was specified
289 for both; the logic to set the hop limit count for the upper interface was
290 skipped. This caused the hop count limit to be set to the default value
291 (typically 1) in the outbound upstream packets.
292 [ISC-Bugs #37426]
293
294
7d9dd306
TM		 295 Changes since 4.3.1b1
296
297- Modify the linux and openwrt dhclient scripts to process information
298 from a stateless request. Thanks to Jiri Popelka at Red Hat for the
299 bug report and patch.
f542e92b 300 [ISC-Bugs #36102]
7d9dd306 301
29c6b4f1
SR		 302- Remove more unused RCSID tags. These weren't noticed in 4.3 as
303 the code isn't used anymore but we remove them here to keep the
304 code consistent across versions.
305 [ISC-Bugs #36451]
306
57187138 307 Changes since 4.3.0
01a44a77 308
5ade3c84 309- Tidy up several small tickets.
38c4774a
SR		 310 Correct parsing of DUID from config file, previously the LL type
311 was put in the wrong place in the DUID string.
9a111ee8 312 [ISC-Bugs #20962]
38c4774a
SR		 313 Add code to parse "do-forward-updates" as well as "do-forward-update"
314 Thanks to Jiri Popelka at Red Hat.
315 [ISC-Bugs #31328]
316 Remove log_priority as it isn't currently used.
317 [ISC-Bugs #33397]
318 Increase the size of the buffer used for reading interface information.
319 [ISC-Bugs #34858]
01a44a77 320
fc48033a
SR		 321- Remove an extra set of the msg_controllen variable.
322 [ISC-Bugs #21035]
323
db3f7799
SR		 324- Add a more understandable error message if a configuration attempts
325 to add multiple keys for a single zone. Thanks to a patch from Jiri
326 Popelka at Red Hat.
327 [ISC-Bugs #31892]
328
0da37b4c
SR		 329- Fix some minor issues in the dst code.
330 [ISC-Bugs #34172]
331
5ade3c84 332- Properly #ifdef functions so that the code can compile without NSUPDATE.
158a34fb
SR		 333 [ISC-Bugs #35058]
334
dceef873
SR		 335- Update the partner's stos (start time of state, basically when we last
336 heard from this partner) field when updating the state in failover.
337 [ISC-Bugs #35549]
338
5ade3c84 339- Modify the overload processing to allow space for the remote agent ID.
1be2ba15
SR		 340 [ISC-Bugs #35569]
341 Handle the ordering of the SUBNET_MASK option even if it is the last
342 option in the list.
343 [ISC-Bugs #24580]
344
388cba45
SR		 345- Remove the code that allows a server to follow RFC3315 instead of
346 the subsequent errata from August 2010 when determining which IAs
347 to include if no addresses will be assigned.
2c4be1d7 348 [ISC-Bugs #28938]
388cba45 349
2c4be1d7
SR		 350- Remove unused RCSID tags.
351 [ISC-Bugs #35846]
388cba45 352
b6ab3f6c
SR		 353- Correct the v6 client timing code. When doing the timing backoff
354 for MRT limit it to MRD.
5ade3c84 355 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
b6ab3f6c
SR		 356 [ISC-Bugs #21238
357
f950de77
SR		 358- Add a log entry when killing a client and remove the PID files
359 when a server, relay or client are killed.
360 [ISC-Bugs #16970]
361 [ISC-Bugs #17258]
362
5ade3c84
SR		 363- Some minor cleanups in the client code.
364 In addition to checking for dhcpc check for bootpc in the services list.
02b0bdc3
SR		 365 [ISC-Bugs #18933]
366 Correct the client code to only try to get a lease once when the
367 given the "-1" argument.
5ade3c84 368 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
02b0bdc3
SR		 369 [ISC-Bugs #26735]
370 When asked for the version don't send the output to syslog.
371 [ISC-Bugs #29772]
372 Add the next server information to the environment variables for
373 use by the client script. In order to avoid changing the client
374 lease file the next server information isn't written to it.
375 Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
376 [ISC-Bugs #33098]
377
5ade3c84 378- Several updates to the dhcp server code.
d8c7c34e
SR		 379 When not in quiet mode print out the files being used.
380 [ISC-Bugs #17551]
381 As accessing some pid files may require privileges move the dropping
382 of permission bits due to the paranoia patch to be after the pid code.
5ade3c84 383 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
d8c7c34e
SR		 384 [ISC-Bugs #25806]
385 When processing a "--version" request don't output the version information
386 to syslog.
387
5ade3c84 388- Add the "enable-log-pid" build option to the configure script. When enabled
00e9af8e
SR		 389 this causes the client, server and relay programs to include the PID
390 number in syslog messages.
391 Thanks to Marius Tomaschewski for the suggestion and proto-patch.
392 [ISC-Bugs #29713]
393
9279a3d7
SR		 394- Add a #define to specify the prefix length used when a client attempts
395 to configure an address. This can be modified by editing includes/site.h.
396 By default it is set to 64. While 128 might be a better choice it would
397 also be a change for currently running systems, so we have left it at 64.
63c8800c 398 [ISC-Bugs #DHCP-2]
9279a3d7 399
79818c93
SR		 400- Add a run time option to the client "-df" to allow the administrator to
401 point to a second lease file the client can search for a DUID. This can
402 be used to allow a v4 and a v6 instance of the client to share a DUID.
403 The second file will only be searched if there isn't a DUID in the main
404 lease file and the DUID will be written out to the main lease file.
405 [ISC-Bugs #34886]
406
8a2e40cf
SR		 407- Have the client fsync the lease file to avoid lease corruption if the
408 client hibernates or otherwise shuts down.
409 [ISC-Bugs #35894]
410
59a351d6
SR		 411- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
412 Thanks to Steinar Haug for the suggestion.
413 [ISC-Bugs #36033]
414
0ab4a716
SR		 415- Modify the handling of the resolv.conf file to allow the DHCP
416 process to start up even if the resolv.conf file has problems.
417 [ISC-Bugs #35989]
418
a89fd0cd 419- Add threshold logging functionality. Two new options,
250f7134
SR		 420 log-threshold-low and log-threshold-high, indicate to the
421 server if and when it should log an error message as addresses
422 in a pool are used.
423 [ISC-Bugs #34487]
424
b05e05b7
SR		 425- Add code to properly dereference a pointer in the dhclient code
426 on an error condition.
e9326fd0 427 [ISC-Bugs #36194]
b05e05b7 428
ad80055f
SR		 429- Add code to help clean up soft leases.
430 [ISC-Bugs #36304]
431
e9326fd0
SR		 432- Disable the gentle shutdown functionality until we can determine
433 the best way to present it to remove or reduce the side effects.
434 [ISC-Bugs #36066]
435
01a44a77
SR		 436 Changes since 4.3.0rc1
437
438- None
439 Changes since 4.3.0b1
440
441- Tidy up receive packet processing.
442 Thanks to Brad Plank of GTA for reporting the issue and suggesting
443 a possible patch.
444 [ISC-Bugs #34447]
445
446 Changes since 4.3.0a1
447
448- Modify the message displayed when a process hits a fatal error.
449 The new message is much shorter and simply points to the README
450 and our website for directions on bug submissions.
451 [ISC-Bugs #24789]
452
453- Handle an absent resolv.conf file better.
454 [ISC-Bugs #35194]
455
6980ae03 456 Changes since 4.2.0 (new features)
51b8a8a0
SR		 457
458- If a client renews before 'dhcp-cache-threshold' percent of its lease
459 has elapsed (default 25%), the server will reuse the allocated lease
460 (provide a lease within the currently allocated lease-time) rather
461 than extend or renew the lease. This absolves the server of needing
462 to perform an fsync() operation on the lease database before reply,
463 which improves performance. [ISC-Bugs #22228]
80778e94 464 Updated this patch to support asynchronous DDNS. If the server is
adb95d23 465 attempting to do DDNS on a lease it should be updated and written to
4809ef5c 466 disk even if that wouldn't be necessary due to the thresholding.
8cd88e20 467 [ISC-Bugs #26311]
51b8a8a0 468
6980ae03
SR		 469- The 'no available billing' log line now also logs the name of the last
470 matching billing class tried before failing to provide a billing.
471 [ISC-Bugs #21759]
472
32e651c4
SR		 473- A problem with missing get_hw_addr function when --enable-use-sockets
474 was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
475 that use-sockets feature was not tested on those systems. Client and
476 server code no longer use MAX_PATH constant that is not defined on
3cb6f9bb 477 GNU/Hurd systems. [ISC-Bugs #25979]
32e651c4 478
67418698
SR		 479- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
480 can parse v4 lease files and output the lease information in a more
481 human friendly manner. This was written by Christian Hammers with
482 some updates by vom and ISC. This is contributed code and is not
483 supported by ISC; however it may be useful to some users.
484 [ISC-Bugs #20680]
485
a7341359 486- Add support in v6 for on-commit, on-expire and on-release.
4809ef5c 487 [ISC-Bugs #27912]
a7341359 488
01fa619f
SR		 489- Add support for using classes with v6.
490 [ISC-Bugs #26510]
491
d7d9c0c7
SR		 492- Update the DDNS code to current standards and allow for sharing
493 of DDNS entries between v4 and v6 clients. The new code is used
494 if the ddns-update-style is set to "standard", the older code is
495 still available if ddns-update-style is set to "interim". The
496 oldest DDNS code "ad-hoc" has been removed. Thanks to Thomas Pegeot
497 who submitted a patch for this issue. This patch is based on
498 that work with some modifications.
64fb661c 499 [ISC-Bugs #21139]
1534fff7 500
cde11a4c
SR		 501- Add a configuration option to the server to suppress using fsync().
502 Enabling this option will mean that fsync() is never called. This
503 may provide better performance but there is also a risk that a lease
504 will not be properly written to the disk after it has been issued
505 to a client and before the server stops. Using this option is
506 not recommended.
64fb661c 507 [ISC-Bugs #34810]
cde11a4c 508
f88446f1
SR		 509- Add some logging statements to indicate when the server is ready
510 to serve. One statement is emitted after the server has finished
511 reading its files and is about to enter the dispatch loop.
512 This is "Server starting service.".
513 The second is emitted when a server determines that both it and
514 its failover peer are in the normal state.
515 This is "failover peer <name>: Both servers normal."
64fb661c 516 [ISC-Bugs #33208]
f88446f1 517
619304cd
SR		 518- Add support for accessing options from v6 relays. The v6relay
519 statement allows the administrator to choose which relay to
520 use when searching for an option, see the dhcp-options man page
6b9c9f87
SR		 521 for a description. The host-identifier option has also been
522 updated to support the use of relay options, see the dhcpd.conf
619304cd
SR		 523 man page for a description.
524 [ISC-Bugs #19598]
525
e54ff84f 526- When doing DDNS if there isn't an appropriate zone statement attempt
80778e94 527 to find a reasonable nameserver via a DNS resolver. This restores
e54ff84f
SR		 528 some functionality that was lost in the transition to asynchronous
529 DDNS. Due to the lack of security and increase in fragility of the
530 system when using this feature we strongly recommend the use of
531 appropriate zone statements rather than using this functionality.
532 [ISC-Bugs #30461]
533
61ef216b
SR		 534- Add support for specifying the address from which to send
535 DDNS updates on the DHCP server. There are two new options
536 "ddns-local-address4" and "ddns-local-address6" that each take
537 one instance of their respective address types.
538 [ISC-Bugs #34779]
4d079f0e 539
38ee81bd
SR		 540- Add ignore-client-uids option in the server. This option causes
541 the server to not record a client's uid in its lease. This
542 violates the specification but may also be useful when a client
543 can dual boot using different client ids but the same mac address.
6b9c9f87 544 Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
38ee81bd
SR		 545 [ISC-Bugs #32427]
546 [ISC-Bugs #35066]
4d079f0e
SR		 547
548- Extend the DHCPINFORM processing to honor the subnet selection option
549 and take host declarations into account.
550 Thanks to Christof Chen for testing and submitting the patch.
551 [ISC-Bugs #35015]
552
fe2ac9e3
SR		 553- Extend the hardware expression to look into the lease structure
554 for a hardware address if there is no packet. This allows the
555 server to find the hardware address during on-expiry processing.
556 [ISC-Bugs #24584]
61ef216b 557
bc30c84e
SR		 558- Add definitions for some options that have been specified by the IETF.
559 [ISC-Bugs #29268]
ccc2a367 560 [ISC-Bugs #35198]
bc30c84e 561
01a44a77 562 Changes since 4.2.0 (bug fixes)
8ee352ee 563
01a44a77
SR		 564- When using 'ignore client-updates;', the FQDN returned to the client
565 is no longer truncated to one octet.
8ee352ee 566
01a44a77 567- Cleaned up an unused hardware address variable in nak_lease().
4889a646 568
01a44a77
SR		 569- Manpage entries for the ia-pd and ia-prefix options were updated to
570 reflect support for prefix delegation.
4889a646 571
01a44a77 572- Cleaned up some compiler warnings
7dc4e69c 573
01a44a77
SR		 574- An optimization described in the failover protocol draft is now included,
575 which permits a DHCP server operating in communications-interrupted state
576 to 'rewind' a lease to the state most recently transmitted to its peer,
577 greatly increasing a server's endurance in communications-interrupted.
578 This is supported using a new 'rewind state' record on the dhcpd.leases
579 entry for each lease.
c5bc8b1a 580
01a44a77 581- Fix the trace code which was broken by the changes to the DDNS code.
d0a10f6a 582
01a44a77
SR		 583- Update the fsync code to work with the changes to the DDNS code. It now
584 uses a timer instead of noticing if there are no more packets to process.
dc9d7b08 585
01a44a77
SR		 586- When constructing the DNS name structure from a text string append
587 the root to relative names. This satisfies a requirement in the DNS
588 library that names be absolute instead of relative and prevents DHCP
589 from crashing. [ISC-Bugs #21054]
a24b9f23 590
01a44a77
SR		 591- "The LDAP Patch" that has been circulating for some time, written by
592 Brian Masney and S.Kalyanasundraram and maintained for application to
593 the DHCP-4 sources by David Cantrell has been included. Please be
594 advised that these sources were contributed, and do not yet meet the
595 high standards we place on production sources we include by default.
596 As a result, the LDAP features are only included by using a compile-time
597 option which defaults off, and if you enable it you do so under your
598 own recognizance. We will be improving this software over time.
599 [ISC-Bugs #17741]
c5bc8b1a 600
01a44a77
SR		 601- Prohibit including lease time information in a response to a DHCP INFORM.
602 [ISC-Bugs #21092]
cc17cbc3 603
01a44a77
SR		 604! Accept a client id of length 0 while hashing. Previously the server would
605 exit if it attempted to hash a zero length client id, providing attackers
606 with a simple denial of service attack. [ISC-Bugs #21253]
607 CERT: VU#541921 - CVE: CVE-2010-2156
08b2d347 608
01a44a77 609- A memory leak in ddns processing was closed. [ISC-Bugs #21377]
08b2d347 610
01a44a77
SR		 611- Modify the exception handling for initial context creation. Previously
612 we would try and clean up before exiting. This could present problems
613 when the cleanup required part of the context that wasn't available. It
614 also didn't do much as we exited afterwards anyway. Now we simply log
615 the error and exit. [ISC-Bugs #21093]
ad4001ce 616
01a44a77
SR		 617- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
618 previously allocated (active) lease to a client that has changed subnets,
619 despite being on different shared networks. Dynamic prefixes specifically
620 allocated in shared networks also now are not offered if the client has
621 moved. [ISC-Bugs #21152]
3cb6f9bb 622
01a44a77 623- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
f6dc164f 624
01a44a77
SR		 625- Fix the trace code to handle timing events better and to truncate a file
626 before using instead of overwriting it. [ISC-Bugs #20969]
4b8251a0 627
01a44a77
SR		 628- Modify the determination of the default TTL to use for DDNS updates.
629 The user may still configure the ttl via ddns-ttl. The default for
630 both v4 and v6 is now 1/2 the (preferred) lease time with a limit. The
631 previous defaults (1/2 lease time without a limit for v4 and a default
632 value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
633 [ISC-Bugs #21126]
47e8308d 634
01a44a77
SR		 635- libisc/libdns is now brought up to version 9.7.1rc1. This corrects
636 three reported flaws in ISC DHCP;
d9b5c150 637
01a44a77
SR		 638 o DHCP processes (dhcpd, dhclient) fail to start if one of either the
639 IPv4 or IPv6 address families is not present. [ISC-Bugs #21122]
08e6dad9 640
01a44a77
SR		 641 o Assertion failure when attempting to cancel a previously running DDNS
642 update. [ISC-Bugs #21133]
9f9265b6 643
01a44a77
SR		 644 o Compilation failure of libisc/libdns due to the use of a flexible
645 array member. [ISC-Bugs #21316]
9f9265b6 646
01a44a77 647- Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
35de6c8c 648
01a44a77
SR		 649- Documentation cleanup covering multiple tickets
650 [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
651 [ISC-Bugs #20263] add text describing some default values
652 [ISC-Bugs #20193] single quotes at the start of a line indicate a control
653 line to nroff, escape them if we actually want a quote.
654 [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
de87ffe3 655
01a44a77
SR		 656- 'get-host-names true;' now also works even if 'use-host-decl-names true;'
657 was also configured. The nature of this repair also fixes another
658 error; the host-name supplied by a client is no longer overridden by a
659 reverse lookup of the lease address. Thanks to a patch from Wilco Baan
660 Hofman supplied to us by the Debian package maintenance team.
661 [ISC-Bugs #21691] {Debian Bug#509445}
e563ec2e 662
01a44a77
SR		 663- The .TH tag for the dhcp-options manpage was typo repaired
664 thanks to a report from jidanni and the Debian package maintenance
665 team. [ISC-Bugs #21676] {Debian Bug#563613}
3bedb117 666
01a44a77
SR		 667- More documentation changes - primarily to put the options in the dhclient
668 and dhcpd man pages into the standard form. Thanks in part to a patch
669 from David Cantrell at Red Hat.
670 [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
18a28679 671
01a44a77
SR		 672- Add code to clear the pointer to an object in an OMAPI handle when the
673 object is freed due to a dereference. [ISC-Bugs #21306]
0b2ec8c9 674
01a44a77
SR		 675- Fixed a bug that leaks host record references onto lease structures,
676 causing the server to apply configuration intended for one host to any
677 other innocent clients that come along later. [ISC-Bugs #22018]
67b2cb45 678
01a44a77
SR		 679- Minor code fixes
680 [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
681 the name to be at the apex of the zone.
682 [ISC-Bugs #19617] Restrict length of interface name read from command line
683 in dhcpd - based on a patch from David Cantrell at Red Hat.
684 [ISC-Bugs #20039] Correct some error messages in dhcpd.c
685 [ISC-Bugs #20070] Better range check on values when creating a DHCID.
9a111ee8 686 [ISC-Bugs #20198] Avoid writing past the end of the field when adding
01a44a77
SR		 687 overly long file or server names to a packet and add a log message
688 if the configuration supplied overly long names for these fields.
689 Thanks to Martin Pala.
690 [ISC-Bugs #21497] Add a little more randomness to rng seed in client
691 thanks to a patch from Jeremiah Jinno.
74977c94 692
01a44a77 693- Correct error handling in DLPI [ISC-Bugs #20378]
30e42327 694
01a44a77
SR		 695- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
696 checked in configure. [ISC-Bugs #20443]
dbd65517 697
01a44a77
SR		 698- Modify how the cmsg header is allocated the v6 send and received routines
699 to compile on more compilers. [ISC-Bugs #20524]
0f750c4f 700
01a44a77
SR		 701- When parsing a domain name free the memory for the name after we are
702 done with it. [ISC-Bugs #20824]
b95f1ee0 703
01a44a77
SR		 704- Add an elapsed time option to the release message and refactor the
705 code to move most of the common code to a single routine.
706 [ISC-Bugs #21171].
b95f1ee0 707
01a44a77
SR		 708- Two identical log messages for commit_leases() have been disambiguated.
709 [ISC-Bugs #18915]
0ef9a46e 710
01a44a77
SR		 711- Parse date strings more properly - the code now handles semi-colons in
712 date strings correctly. Thanks to a patch from Jiri Popelka at Red Hat.
713 [ISC-Bugs #21501, #20598]
de6c9af6 714
01a44a77
SR		 715- Fixes to lease input and output.
716 [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
717 strftime, paste together the same string using mktime instead.
718 [ISC-Bugs #19596] - When parsing iaid values accept printable
719 characters.
720 [ISC-Bugs #21585] - Always print time values in omshell as hex
721 instead of ascii if the values happen to be printable characters.
87132514 722
01a44a77
SR		 723- Minor changes for scripts, configure.ac and Makefiles
724 [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
725 example conf file. Thanks to a patch from David Cantrell
726 at Red Hat.
727 [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
728 [ISC-Bugs #19945] Properly close the quote on some arguments.
729 [ISC-Bugs #20952] Add 64 bit types to configure.ac
adb95d23 730 [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable
b047bd38 731
01a44a77
SR		 732- Update the code to parse dhcpv6 lease files to accept a semi-colon at
733 the end of the max-life and preferred-life clauses. In order to be
734 backwards compatible with older lease files not finding a semi-colon
735 is also accepted. [ISC-Bugs #22303].
e3c94800 736
01a44a77
SR		 737! Handle a relay forward message with an unspecified address in the
738 link address field. Previously such a message would cause the
739 server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992]
740 CERT: VU#102047 CVE: CVE-2010-3611
dd9237c3 741
01a44a77
SR		 742- ./configure on longer searches for -lcrypto to explicitly link against.
743 This fixes a bug where 'dhclient' would have shared library dependencies
744 on '/usr/lib'. [ISC-Bugs #21967]
d13db163 745
01a44a77
SR		 746- Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
747 signal to a process and will kill the process if the signal isn't
748 caught. This patch adds code to turn off the SIGPIPE signal via
749 a setsockopt() call. The signal is already being ignored as part
750 of the ISC library. [ISC-Bugs #22269]
b342f2e7 751
01a44a77
SR		 752- Restore printing of values in omshell to the style pre 21585. For
753 21585 we changed the print routines to always display time values
754 as a hex list. This had a side effect of printing all data strings
755 as a hex list. We shall investigate other ways of displaying time
756 values more usefully. [ISC-Bugs #22626]
797aab67 757
01a44a77
SR		 758! Fix the handling of connection requests on the failover port.
759 Previously a connection request from a source that wasn't
760 listed as a failover peer would cause the server to become
761 non-responsive. Thanks to a report from Brad Bendily, brad@bendily.com.
762 [ISC-Bugs #22679]
9a111ee8 763 CERT: VU#159528 CVE: CVE-2010-3616
bc7f8b8e 764
01a44a77
SR		 765- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
766 Passing it through to the handlers caused the omshell program to fail
767 to connect to the server. [ISC-Bugs #21839]
d289ee68 768
adb95d23 769- Fix the parenthesis in the code to process configuration statements
01a44a77
SR		 770 beginning with "auth". The previous arrangement caused
771 "auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
d19fa5a1 772
01a44a77
SR		 773- Limit the timeout period allowed in the dispatch code to 2^^32-1 seconds.
774 Thanks to a report from Jiri Popelka at Red Hat.
775 [ISC-Bugs #22033], [Red Hat Bug #628258]
bb9189c3 776
01a44a77
SR		 777- When processing the format flags for a given option consume the
778 flag indicating an optional value correctly. A symptom of this
779 bug was an infinite loop when trying to parse the slp-service-scope
780 option. Thanks to a patch from Marius Tomaschewski.
781 [ISC-Bugs #22055]
cbbd2714 782
01a44a77
SR		 783- Disable the use of kqueue in the ISC library. This avoids a problem
784 between the fork and socket code that caused the dhcpd process to
785 use all available cpu if the program daemonized itself.
786 [ISC-Bugs #21911]
d208bb04 787
01a44a77
SR		 788! When processing a request in the DHCPv6 server code that specifies
789 an address that is tagged as abandoned (meaning we received a
790 decline request for it previously) don't attempt to move it from
791 the inactive to active pool as doing so can result in the server
792 crashing on an assert failure. Also retag the lease as active
793 and reset its timeout value.
794 [ISC-Bugs #21921]
9a111ee8 795
01a44a77
SR		 796- Removed the restriction on using IPv6 addresses in IPv4 mode. This
797 allows IPv4 options which contain IPv6 addresses to be specified. For
798 example the 6rd option can be specified and used like this:
799 [ISC-Bugs #23039]
d208bb04 800
01a44a77
SR		 801 option 6rd code 212 = { integer 8, integer 8,
802 ip6-address, array of ip-address };
803 option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
25f664a6 804
01a44a77
SR		 805- Handle some DDNS corner cases better. Maintain the DDNS transaction
806 information when updating a lease and cancel any existing transactions
9a111ee8 807 when removing the ddns information.
01a44a77 808 [ISC-Bugs #23103]
d424157d 809
01a44a77
SR		 810- Some fixes for LDAP
811 [ISC-Bugs #21783] - Include lber library when building ldap
812 [ISC-Bugs #22888] - Enable the ldap code when buidling common
813 The above fixes are from Jiri Popelka at Red Hat.
3221151b 814
01a44a77
SR		 815- Modify the dlpi code to accept getmsg() returning a positive value.
816 [ISC-Bugs #22824]
bea17697
SR		 817
818! In dhclient check the data for some string options for
819 reasonableness before passing it along to the script that
820 interfaces with the OS.
821 [ISC-Bugs #23722]
822 CVE: CVE-2011-0997
c7aa4dd4
TM		 823
824- DHCPv6 server now responds properly if client asks for a prefix that
825 is already assigned to a different client. [ISC-Bugs #23948]
4a5bfeac
SR		 826
827- Add the option "--no-pid" to the client, relay and server code,
828 to disable writing a pid file. Add the option "-pf pidfile"
829 to the relay to allow the user to supply the pidfile name at
830 runtime. Add the "with-relay6-pid-file" option to configure
831 to allow the user to supply the pidfile name for the relay
832 in v6 mode at configure time.
833 [ISC-Bugs #23351] [ISC-Bugs #17541]
5d082abd
TM		 834
835- 'dhclient' no longer waits a random interval after first starting up to
836 begin in the INIT state. This conforms to RFC 2131, but elects not to
9a111ee8 837 implement a 'SHOULD' direction in section 4.1. The goal of this change
73c83820 838 is to start up faster. [ISC-Bugs #19660]
9a111ee8
TM		 839
840- Added 'initial-delay' parameter that specifies maximum amount of time
841 before client goes to the INIT state. The default value is 0. In previous
842 versions of the code client could wait up to 5 seconds. The old behavior
5d082abd 843 may be restored by using 'initial-delay 5;' in the client config file.
73c83820 844 [ISC-Bugs #19660]
5d082abd
TM		 845
846- ICMP ping-check should now sit closer to precisely the number of seconds
847 configured (or default 1), due to making use of the new microsecond
848 scale timer internally to dhcpd. This corrects a bug where the server
849 may immediately timeout an ICMP ping-check if it was made late in the
73c83820 850 current second. [ISC-Bugs #19660]
5d082abd
TM		 851
852- The DHCP client will schedule renewal and rebinding events in
853 microseconds if the DHCP server provided a lease-time that would result
854 in sub-1-second timers. This corrects a bug where a 2-second or lower
855 lease-time would cause the DHCP client to enter an infinite loop by
73c83820 856 scheduling renewal at zero seconds. [ISC-Bugs #19660]
5d082abd
TM		 857
858- Client lease records are recorded at most once every 15 seconds. This
859 keeps the client from filling the lease database disk quickly on very small
73c83820 860 lease times. [ISC-Bugs #19660]
5d082abd
TM		 861
862- To defend against RFC 2131 non-compliant DHCP servers which fail to
863 advertise a lease-time (either mangled, or zero in value) the DHCP
864 client now adds the server to the reject list ACL and returns to INIT
865 state to hopefully find an RFC 2131 compliant server (or retry in INIT
73c83820 866 forever). [ISC-Bugs #19660]
023fbaa0
TM		 867
868- Parameters configured to evaluate from user defined function calls can
869 now be correctly written to dhcpd.leases (as on 'on events' or dynamic
870 host records inserted via OMAPI). [ISC-Bugs #22266]
871
872- If a 'next-server' parameter is configured in a dynamic host record via
873 OMAPI as a domain name, the syntax written to disk is now correctly parsed
874 upon restart. [ISC-Bugs #22266]
656b1ece
TM		 875
876- The DHCP server now responds to DHCPLEASEQUERY messages from agents using
877 IP addresses not covered by a subnet in configuration. Whether or not to
878 respond to such an agent is still governed by the 'allow leasequery;'
879 configuration parameter, in the case of an agent not covered by a configured
880 subnet the root configuration area is examined. Server now also returns
881 vendor-class-id option, if client sent it. [ISC-Bugs #21094]
9a111ee8 882
fc06ee4f
SR		 883- Documentation fixes
884 [ISC-Bugs #17959] add text to AIX section describing how to have it send
885 responses to the all-ones address.
886 [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
887 [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
888
1185c766
TM		 889- Relay no longer crashes, when DHCP packet is received over interface without
890 any IPv4 address assigned. Also extended logging message about discarding
891 packets with invalid hlen with information about relevant interface name.
892 [ISC-Bugs #22409]
893
c6455252
TM		 894- Relay now properly logs that packet was received over interface without
895 global IPv6 address [ISC-Bugs #24070]
896
9a111ee8
TM		 897- Linux Packet Filter interface improvement. sockaddr_pkt structure is used,
898 rather than sockaddr. Packet ethertype is now forced to ETH_P_IP.
9369bdc1
TM		 899 [ISC-Bugs #18975]
900
fb30f3fc
SR		 901- Minor code cleanups - but note port change for #23196
902 [ISC-Bugs #23470] - Modify when an ignore return macro is defined to
903 handle unsed error return warnings for more versions of gcc.
904 [ISC-Bugs #23196] - Modify the reply handling in the server code to
905 send to a specified port rather than to the source port for the incoming
906 message. Sending to the source port was test code that should have
907 been removed. The previous functionality may be restored by defining
908 REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
909 enable this except for testing purposes.
910 [ISC-Bugs #22695] - Close a file descriptor in an error path.
911 [ISC-Bugs #19368] - Tidy up variable types in validate_port.
912
c616de4f 913- Code cleanup: remove obsolete PROTO, KandR, INLINE and ANSI_DECL macros
9a111ee8 914 [ISC-Bugs #13151]
c616de4f
TM		 915
916- Compilation problem with gcc4.5 and omshell.c resolved. [ISC-Bugs #23831]
a34feb7d 917
4f55e11b
SR		 918- Client Script fixes
919 [ISC-Bugs #23045] Typos in client/scripts/openbsd
920 [ISC-Bugs #23565] In the client scripts add a zone id (interface id) if
921 the domain search address is link local.
922 [ISC-Bugs #1277] In some of the client scripts add code to handle the
923 case of the default router information being changed without the address
924 being changed.
925
802fdea1
TM		 926- Documentation cleanup
927 [ISC-Bugs #23326] Updated References document, several man page updates
928
9a111ee8 929- Server no longer complains about NULL pointer when configured
1b601efa
TM		 930 server-identifier expression fails to evaluate. [ISC-Bugs #24547]
931
199f0b8a
SR		 932- Convert ISC_R_INPROGRESS status to ISC_R_SUCCESS when called from other
933 than the dispatch handler. This fixes an issue where omshell, when
934 run from the same platform as the server, would appear to fail to
935 connect. This is a companion to #21839. [ISC-Bugs #23592]
936
786f2e79
SR		 937- Enlarge the buffer size used by the Omshell code and some of the
938 print routines to allow for greater than 60 characters or, when
939 printing as hex strings, 20 characters. [ISC-Bugs #22743]
940
7cfeb916
SR		 941- In Solaris 11 switch to using sockets instead of DLPI, thanks
942 to a patch form Oracle. [ISC-Bugs #24634].
943
9a111ee8
TM		 944- Strict checks for content of domain-name DHCPv4 option can now be
945 configured during compilation time. Even though RFC2132 does not allow
946 to store more than one domain in domain-name option, such behavior is
d15aa964
TM		 947 now enabled by default, but this may change some time in the future.
948 See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
949 [ISC-Bugs #24167]
950
beaed73f
SR		 951- DNS Update fix. A misconfigured server could crash during DNS update
952 processing if the configuration included overlapping pools or
953 multiple fixed-address entries for a single address. This issue
954 affected both IPv4 and IPv6. The fix allows a server to detect such
955 conditions, provides the user with extra information and recommended
956 steps to fix the problem. If the user enables the appropriate option
957 in site.h then server will be terminated
958 [ISC-Bugs #23595]
959
8bd96ccb
SR		 960! Two packets were found that cause a server to halt. The code
961 has been updated to properly process or reject the packets as
962 appropriate. Thanks to David Zych at University of Illinois
963 for reporting this issue. [ISC-Bugs #24960]
964 One CVE number for each class of packet.
965 CVE-2011-2748
966 CVE-2011-2749
967
01a44a77
SR		 968- Fix the code that checks for an existing DDNS transaction to cancel
969 when removing DDNS information, so that we will continue with the
970 processing if we have a lease even if it doesn't have an outstanding
971 transaction. [ISC-Bugs #24682]
5a38e43f 972
01a44a77
SR		 973- Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
974 configuration files. [ISC-Bugs #24107]
5a38e43f 975
01a44a77
SR		 976- Add support for passing DDNS information to a DNS server over
977 an IPv6 address. [ISC-Bugs #22647]
524705e5 978
01a44a77
SR		 979- Enhanced patch for 23595 to handle IPv4 fixed addresses more
980 cleanly. [ISC-Bugs #23595]
66be0ad1 981
01a44a77
SR		 982! Add a check for a null pointer before calling the regexec function.
983 Without this check we could, under some circumstances, pass
984 a null pointer to the regexec function causing it to segfault.
985 Thanks to a report from BlueCat Networks.
986 [ISC-Bugs #26704].
987 CVE: CVE-2011-4539
57fbc772 988
01a44a77
SR		 989! Modify the DDNS handling code. In a previous patch we added logging
990 code to the DDNS handling. This code included a bug that caused it
991 to attempt to dereference a NULL pointer and eventually segfault.
992 While reviewing the code as we addressed this problem, we determined
993 that some of the updates to the lease structures would not work as
994 planned since the structures being updated were in the process of
995 being freed: these updates were removed. In addition we removed an
996 incorrect call to the DDNS removal function that could cause a failure
997 during the removal of DDNS information from the DNS server.
998 Thanks to Jasper Jongmans for reporting this issue.
999 [ISC-Bugs #27078]
1000 CVE: CVE-2011-4868
57fbc772 1001
01a44a77
SR		 1002- Fixed the code that checks if an address the server is planning
1003 to hand out is in a reserved range. This would appear as
1004 the server being out of addresses in pools with particular ranges.
1005 [ISC-Bugs #26498]
57fbc772 1006
01a44a77
SR		 1007- In the DDNS code handle error conditions more gracefully and add more
1008 logging code. The major change is to handle unexpected cancel events
1009 from the DNS client code.
1010 [ISC-Bugs #26287]
57fbc772 1011
01a44a77
SR		 1012- Tidy up the receive calls and eliminate the need for found_pkt.
1013 [ISC-Bugs #25066]
9a111ee8 1014
01a44a77
SR		 1015- Add support for Infiniband over sockets to the server and
1016 relay code. We've tested this on Solaris and hope to expand
1017 support for Infiniband in the future. This patch also corrects
1018 some issues we found in the socket code.
1019 [ISC-Bugs #24245]
197c917e 1020
01a44a77
SR		 1021- Add a compile time check for the presence of the noreturn attribute
1022 and use it for log_fatal if it's available. This will help code
1023 checking programs to eliminate false positives.
1024 [ISC-Bugs #27539]
8bd445a1 1025
01a44a77
SR		 1026- Fixed many compilation problems ("set, but not used" warnings) for
1027 gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
83d409ae 1028
01a44a77
SR		 1029- Modify the code that determines if an outstanding DDNS request
1030 should be cancelled. This patch results in cancelling the
1031 outstanding request less often. It fixes the problem caused
1032 by a client doing a release where the TXT and PTR records
1033 weren't removed from the DNS.
1034 [ISC-BUGS #27858]
6aaaf6a4 1035
01a44a77
SR		 1036- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
1037 and dhcpv6_packet in several more places. Thanks to a report from
1038 Bruno Verstuyft and Vincent Demaertelaere of Excentis.
1039 [ISC-Bugs #27941]
4e0997c6 1040
01a44a77
SR		 1041- Remove outdated note in the description of the bootp keyword about the
1042 option not satisfying the requirement of failover peers for denying
1043 dynamic bootp clients.
1044 [ISC-bugs #28574]
ad59838e 1045
01a44a77
SR		 1046- Multiple items to clean up IPv6 address processing.
1047 When processing an IA that we've seen check to see if the
1048 addresses are usable (not in use by somebody else) before
1049 handing it out.
1050 When reading in leases from the file discard expired addresses.
1051 When picking an address for a client include the IA ID in
1052 addition to the client ID to generally pick different addresses
1053 for different IAs.
1054 [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
1055 [ISC-Bugs #27684]
f33dc722 1056
01a44a77
SR		 1057- Remove unnecessary checks in the lease query code and clean up
1058 several compiler issues (some dereferences of NULL and treating
1059 an int as a boolean).
1060 [ISC-Bugs #26203]
4dc5a6b1 1061
01a44a77
SR		 1062- Fix the NA and PD allocation code to handle the case where a client
1063 provides a preference and the server doesn't have any addresses or
1064 prefixes available. Previously the server ignored the request with
1065 this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
1066 By default the code performs according to the errata of August 2010
1067 for RFC 3315 section 17.2.2; to enable the previous style see the
1068 section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
1069 may be removed in the future.
1070 Thanks to Jiri Popelka at Red Hat for the patch.
1071 [ISC-Bugs #22676]
3004baba 1072
01a44a77
SR		 1073- Fix up some issues found by static analysis.
1074 A potential memory leak and NULL dereference in omapi.
1075 The use of a boolean test instead of a bitwise test in dst.
1076 [ISC-Bugs #28941]
3004baba 1077
01a44a77
SR		 1078- Rotate the lease file when running in v6 mode.
1079 Thanks to Christoph Moench-Tegeder at Astaro for the
1080 report and the first version of the patch.
1081 [ISC-Bugs #24887]
9d97e644 1082
01a44a77
SR		 1083- Correct code to calculate timing values in client to compare
1084 rebind value to infinity instead of renew value.
1085 Thanks to Chenda Huang from H3C Technologies Co., Limited
1086 for reporting this issue.
1087 [ISC-Bugs #29062]
23d39ae2 1088
01a44a77
SR		 1089- Fix some issues in the code for parsing and printing options.
1090 [ISC-Bugs #22625] - properly print options that have several fields
1091 followed by an array of something for example "fIa"
1092 [ISC-Bugs #27289] - properly parse options in declarations that have
1093 several fields followed by an array of something for example "fIa"
1094 [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
1095 value in evaluate_numeric_expression (extract-int).
1096 [ISC-Bugs #27314] - properly parse a zero length option from
1097 a lease file. Thanks to Marius Tomaschewski from SUSE for the report
1098 and prototype patch for this ticket as well as ticket 27289.
23d39ae2 1099
01a44a77
SR		 1100! Previously the server code was relaxed to allow packets with zero
1101 length client ids to be processed. Under some situations use of
1102 zero length client ids can cause the server to go into an infinite
1103 loop. As such ids are not valid according to RFC 2132 section 9.14
1104 the server no longer accepts them. Client ids with a length of 1
1105 are also invalid but the server still accepts them in order to
1106 minimize disruption. The restriction will likely be tightened in
1107 the future to disallow ids with a length of 1.
1108 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 1109 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR		 1110 [ISC-Bugs #29851]
1111 CVE: CVE-2012-3571
0c9d3a81 1112
01a44a77
SR		 1113! When attempting to convert a DUID from a client id option
1114 into a hardware address handle unexpected client ids properly.
1115 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 1116 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR		 1117 [ISC-Bugs #29852]
1118 CVE: CVE-2012-3570
e1a40211 1119
01a44a77
SR		 1120! A pair of memory leaks were found and fixed. Thanks to
1121 Glen Eustace of Massey University, New Zealand for finding
1122 this issue.
1123 [ISC-Bugs #30024]
1124 CVE: CVE-2012-3954
e7e17397 1125
01a44a77
SR		 1126- Existing legacy unit-tests have been migrated to Automated Test
1127 Framework (ATF). Several new tests have been developed. To enable
1128 unit-tests, please use --with-atf in configure script. A Developer's
1129 Guide has been added. To generate it, please use make devel in
1130 the doc directory. It is currently in early stages of development,
1131 but is expected to grow in the near future. [ISC-Bugs 25901]
ef86959b 1132
01a44a77
SR		 1133! An issue with the use of lease times was found and fixed. Making
1134 certain changes to the end time of an IPv6 lease could cause the
1135 server to abort. Thanks to Glen Eustace of Massey University,
1136 New Zealand for finding this issue.
1137 [ISC-Bugs #30281]
1138 CVE: CVE-2012-3955
ef86959b 1139
01a44a77
SR		 1140- Update the memory leakage debug code to work with v6.
1141 [ISC-Bugs #30297]
919f1407 1142
01a44a77
SR		 1143- Relax the requirements for deleting an A or AAAA record.
1144 Previously the DDNS removal code required both the A or AAAA
1145 record and the TXT record to exist. This requirement could
1146 cause problems if something interrupted the removal leaving
1147 the TXT record alone. This relaxation was codified in RFC 4703.
1148 [ISC-Bugs #30734]
8a0d9ca4 1149
01a44a77
SR		 1150- Modify the failover code to handle incorrect peer names
1151 better. Previously the structure holding the name might
1152 have been freed inappropriately in some cases and not
1153 freed in other cases.
1154 [ISC-Bugs #30320]
17a8f0e2 1155
01a44a77
SR		 1156- Add a configure option, enable-secs-byteorder, to deal with
1157 clients that do the byte ordering on the secs field incorrectly.
1158 This field should be in network byte order but some clients
1159 get it wrong. When this option is enabled the server will examine
1160 the secs field and if it looks wrong (high byte non zero and low
1161 byte zero) swap the bytes. The default is disabled. This option
1162 is only useful when doing load balancing within failover.
1163 [ISC-Bugs #26108]
badc999d 1164
01a44a77
SR		 1165- Fix a set of issues that were discovered via a code inspection
1166 tool. Thanks to Jiri Popelka and Tomas Hozza Red Hat for the logs
1167 and patches.
1168 [ISC-Bugs #23833]
0d8c3d6e 1169
9a111ee8 1170- Parsing unquoted base64 strings improved. Parser now properly handles
01a44a77 1171 strings that contain reserved names. [ISC-Bugs #23048]
1e05d095 1172
01a44a77
SR		 1173- Modify the nak_lease function to make some attempts to find a
1174 server-identifier option to use for the NAK.
1175 [ISC-Bugs #25689]
1e05d095 1176
01a44a77
SR		 1177- The client now passes information about the options it requested
1178 from the server to the script code via environment variables.
1179 These variables are of the form requested_<option_name>=1 with
1180 the option name being the same as used in the new_* and old_*
1181 variables.
1182 [ISC-Bugs #29068]
1943bbf8 1183
01a44a77
SR		 1184- Add support for a simple check that the server id in a request message
1185 to a failover peer matches the server id of the server. This support
1186 is enabled by editing the file includes/site.h and uncommenting the
1187 definition for SERVER_ID_CHECK. The option has several restrictions
1188 and issues - please read the comment in the site.h file before
1189 enabling it.
1190 [ISC-Bugs #31463]
8a513c43 1191
01a44a77
SR		 1192- Tidy up some compiler issues in the debug code.
1193 [ISC-Bugs #26460]
d122accf 1194
adb95d23 1195- Move the dhcpd.conf example file to dhcpd.conf.example to avoid
01a44a77
SR		 1196 overwriting the dhcpd.conf file when installing a new version of
1197 ISC DHCP. The user will now need to manual copy and edit the
1198 dhcpd.conf file as desired.
1199 [ISC-Bugs #19337]
0d8c3d6e 1200
01a44a77
SR		 1201- Check the status value when trying to read from a connection to
1202 see if it may have been closed. If it appears closed don't try
1203 to read from it again. This avoids a potential busy-wait like
1204 loop when the peer names are mismatched.
1205 [ISC-Bugs #31231]
590298e7 1206
01a44a77
SR		 1207- Remove an unused variable to keep compilers happy.
1208 [ISC-Bugs #31983]
2b58b865 1209
01a44a77
SR		 1210- Modify test makefiles to be more similar to standard makefiles
1211 and comment out a currently unused test.
1212 [ISC-Bugs #32089]
600ee619 1213
01a44a77
SR		 1214- Address static analysis warnings.
1215 [ISC-Bugs #33510] [ISC-Bugs #33511]
a5c7bf77 1216
01a44a77
SR		 1217- Silence benign static analysis warnings.
1218 [ISC-Bugs #33428]
a5c7bf77 1219
01a44a77
SR		 1220- Add check for 64-bit package for atf.
1221 [ISC-Bugs #32206]
a5c7bf77 1222
01a44a77
SR		 1223- Use newer auto* tool packages and turn on RFC_3542 support on Mac OS.
1224 [ISC-Bugs #26303]
a5c7bf77 1225
01a44a77
SR		 1226- Remove a variable when it isn't being used due to #ifdefs to avoid
1227 a compiler warning on Solaris using GCC.
1228 [ISC-Bugs #33032]
0585235c 1229
01a44a77
SR		 1230- Add a check for too much whitespace in a config or lease file.
1231 Thanks to Paolo Pellegrino for finding the issue and a suggestion
1232 for the patch.
1233 [ISC-Bugs #33351]
0585235c 1234
01a44a77
SR		 1235- Fix several problems with using OMAPI to manipulate class and subclass
1236 objects.
1237 [ISC-Bugs #27452]
f4bc8261 1238
01a44a77
SR		 1239- Added a sleep call after killing the old client to allow time
1240 for the sockets to be cleaned. This should allow the -r option
1241 to work more consistently.
1242 [ISC-Bugs #18175]
33692791 1243
01a44a77
SR		 1244- Missing files for ISC DHCP Developer's Guide are now included in
1245 the release tarballs. To generate this documentation, please use
1246 make devel command in doc directory. [ISC-Bugs #32767]
928618dd 1247
01a44a77
SR		 1248- Update client script for use with openwrt.
1249 [ISC-Bugs #29843]
928618dd 1250
01a44a77
SR		 1251- Fix the socket handling for DHCPv6 clients to allow multiple instances
1252 of a client on a single machine to work properly. Previously only
1253 one client would receive the packets. Thanks to Jiri Popelka at Red Hat
1254 for the bug report and a potential patch.
1255 [ISC-Bugs #34784]
3c941d42 1256
01a44a77
SR		 1257- Added support for gentle shutdown after signal is received.
1258 [ISC-Bugs #32692] [ISC-Bugs 34945]
bdd8e747 1259
01a44a77
SR		 1260- Enhance the DHCPv6 server logging to include the addresses that are assigned
1261 to the clients.
1262 [ISC-Bugs #26377]
3da71461 1263
01a44a77
SR		 1264- Fix an operation in the DDNS code to be a bitwise instead of logical or.
1265 [ISC-Bugs #35138]
fdfebedf 1266
7aa153b8 1267
adbef119
DH		 1268 Changes since 4.1.0 (new features)
1269
d340bc24
DH		 1270- Failover port configuration can now be left to defaults (port 647) as
1271 described in the -12 revision of the Failover draft (and assigned by
4b97eaff 1272 IANA). Thanks in part to a patch from David Cantrell at Red Hat.
adbef119 1273
0829d595
DH		 1274- If configured, dhclient may now transmit to an anycast MAC address,
1275 rather than using a broadcast address. Thanks to a patch from David
1276 Cantrell at Red Hat.
1277
8a3c1e33
PS		 1278- Added client support for setting interface MTU and metric, thanks to
1279 Roy "UberLord" Marples <roy@marples.name>.
1280
a41d7a25
PS		 1281- Added client -D option to specify DUID type to send.
1282
9e3eb22a
DH		 1283- A new failover configuration parameter has been introduced for those
1284 environments where DHCP servers can be reasonably guaranteed to be
1285 "down" when the failover TCP socket is severed, "auto-partner-down".
1286 This parameter is not generally safe, and by default is disabled, so
1287 please carefully review the documentation of this parameter in the
1288 dhcpd.conf(5) manpage before determining to use it yourself.
1289
33ea4622
DH		 1290- Added a configuration function, 'gethostname()', which calls the system
1291 function of the same name and presents the results as a data expression.
1292 This function can be used to incorporate the system level hostname of
1293 the system the DHCP software is operating on in responses or queries (such
1294 as including a failover partner's hostname in a dhcp message or binding
1295 scope, or having a DHCP client send any system hostname in the host-name or
1296 FQDN options by default).
1297
5a671e87
DH		 1298- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
1299 for DHCPv4 operation and used independently of the dhcp-lease-time
1300 calculations. Invalid renew and rebinding times (e.g., greater than the
1301 determined lease time) are omitted.
1302
adb95d23 1303- Processing the DHCP to DNS server transactions in an asynchronous fashion,
45adf35c 1304 the DHCP server or client can now continue with its processing while
98bf1607 1305 awaiting replies from the DNS server.
c900c5b2
DH		 1306
1307- The 'hardware [ethernet|etc] ...;' parameter in host records has been
1308 extended to attempt to match DHCPv6 clients by the last octets of a
1309 DUID-LL or DUID-LLT provided by the client.
1310
59112e84
SR		 1311 Changes since 4.1.0 (bug fixes)
1312
62f6843d
MA		 1313- Remove infinite loop in token_print_indent_concat().
1314
59112e84
SR		 1315- Validate the argument to the -p option.
1316
47e6eb82
DH		 1317- The notorious 'option <unknown> ... larger than buffer' log line,
1318 which is seen in some malformed DHCP client packets, was modified.
1319 It now logs the universe name, and does not log the length values
1320 (which are bogus corruption read from the packet anyway). It also
1321 carries a hopefully more useful explanation.
1322
159c89d7
EH		 1323- Suppress spurious warnings from configure about --datarootdir
1324
1aa0fe5e
DH		 1325- A bug was fixed that caused the server not to answer some valid Solicit
1326 and Request packets, if the dynamic range covering any requested addresses
1327 had been deleted from configuration.
1328
cd51403d
SR		 1329- Update the code to deal with GCC 4.3. This included two sets of changes.
1330 The first is to the configuration files to include the use of
571c38b0 1331 AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
cd51403d
SR		 1332 were being ignored.
1333
64e1823d
DH		 1334- The db-time-format option was documented in manpages.
1335
26e59ee9
DH		 1336- Using reserved leases no longer results in 'lease with binding state
1337 free not on its queue' error messages, thanks to a patch from Frode
1338 Nordahl.
1339
70ea9345
PS		 1340- Fix a build error in dhcrelay, using older versions of gcc with
1341 dhcpv6 disabled.
1342
8d7dca58 1343- Two uninitialized stack structures are now memset to zero, thanks to a
4b97eaff 1344 patch from David Cantrell at Red Hat.
819186b7 1345
f4534b17
DH		 1346- Fixed a cosmetic bug where pretty-printing valid domain-search options would
1347 result in an erroneous error log message ('garbage in format string').
1348
f9453d21
DH		 1349- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
1350 to stop receiving packets is fixed. The same fix also means that the MAC
1351 address will no longer appear 'bogus' on DLPI-based systems.
1352
1353- A bug in select handling was discovered where the results of one select()
1354 call were discarded, causing the server to process the next select() call
1355 and use more system calls than required. This has been repaired - the
1356 sockets will be handled after the first return from select(), resulting in
1357 fewer system calls.
1358
a3dcc0b1
DH		 1359- The update-conflict-detection feature would leave an FQDN updated without
1360 a DHCID (still currently implemented as a TXT RR). This would cause later
1361 expiration or release events to fail to remove the domain name. The feature
1362 now also inserts the client's up to date DHCID record, so records may safely
1363 be removed at expiration or release time. Thanks to a patch submitted by
1364 Christof Chen.
1365
95fd7038
DH		 1366- Memory leak in the load_balance_mine() function is fixed. This would
1367 leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
1368 and in normal state.
1369
1370- Various compilation fixes have been included for the memory related
1371 DEBUG #defines in includes/site.h.
1372
8a3c1e33
PS		 1373- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
1374
1375- Fixed setting hostname in Linux hosts that require hostname argument
1376 to be double-quoted. Also allow server-provided hostname to
1377 override hostnames 'localhost' and '(none)'.
1378
dedde1ba
DH		 1379- Fixed failover reconnection retry code to continue to retry to reconnect
1380 rather than restarting the listener.
1381
a57df74a
DH		 1382- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
1383 been repaired. Other USE_ overrides should work better.
1384
1385- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
1386 that probably still resulted in the correct behaviour (but wouldn't use
1387 a larger defined value provided by the host OS).
1388
350576c5
DH		 1389- Fixed a bug where an OMAPI socket disconnection message would not result
1390 in scheduling a failover reconnection, if the link had not negotiated a
1391 failover connect yet (e.g.: connection refused, asynch socket connect()
1392 timeouts).
1393
792156a9
DH		 1394- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
1395 in failover state records.
1396
8a4e543b
DH		 1397! A stack overflow vulnerability was fixed in dhclient that could allow
1398 remote attackers to execute arbitrary commands as root on the system,
1399 or simply terminate the client, by providing an over-long subnet-mask
1b12d999 1400 option. CERT VU#410676 - CVE-2009-0692
8a4e543b 1401
a1308b64
DH		 1402- Fixed a bug where relay agent options would never be returned when
1403 processing a DHCPINFORM.
1404
1b12d999
DH		 1405- Versions 3.0.x syntax with multiple name->code option definitions is now
1406 supported. Note that, similarly to 3.0.x, for by-code lookups only the
1407 last option definition is used.
1408
d453265f
PS		 1409- Fixed a bug where a time difference of greater than 60 seconds between a
1410 failover pair could cause the primary to crash on contact with the
1411 secondary. Thanks to a patch from Steinar Haug.
1412
3e29af1e
PS		 1413- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
1414 Thanks to patches from Matthew Newton and David Cantrell.
1415
b8d45c67
DH		 1416- Secondary servers in a failover pair will now perform ddns removals if
1417 they had performed ddns updates on a lease that is expiring, or was
1418 released through the primary. As part of the same fix, stale binding scopes
1419 will now be removed if a change in identity of a lease's active client is
1420 detected, rather than simply if a lease is noticed to have expired (which it
1421 may have expired without a failover server noticing in some situations).
1422
583c1c16
DH		 1423- A patch supplied by David Cantrell at RedHat was applied that detects
1424 invalid calling parameters given to the ns_name_ntop() function.
1425 Specifically, it detects if the caller passed a pointer and size pair
1426 that causes the pointer to integer-wrap past zero.
1427
e4e3a2ab
DH		 1428! Fixed a fenceposting bug when a client had two host records configured,
1429 one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
95f5d38c 1430
875e99dc
SR		 1431- Fixed the check in the dhcp_interface_signal_handler routine to verify
1432 the existence of the linked signal handler before calling it.
1433
2267da84
DH		 1434- Both host and subnet6 configuration groups are now included whether a
1435 fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
1436 precedence. This fixes two bugs, one where host scoped configuration
1437 would not be included from a non-fixed-address6 host record, and the equal
1438 and opposite bug where subnet6 scoped configuration would not be used when
571c38b0 1439 over-riding values were not present in a matching fixed-address6 host
2267da84
DH		 1440 configuration.
1441
cd3f0b9b
DH		 1442- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
1443 correcting a compilation failure when using Sun's compiler.
1444
0493fdca
SR		 1445- Modified the handling of a connection to avoid releasing the omapi io
1446 object for the connection while it is still in use. One symptom from
1447 this error was a segfault when a failover secondary attempted to connect
1448 to the failover primary if their clocks were not synchronized.
1449
95bba8b6
SR		 1450- Clean up to allow compilation with gcc 2.95.4 on FreeBSD. Remove an
1451 extra semi-colon from common/dns.c and moved setting a variable to NULL
1452 in server/dhcpv6.c to allow the compiler to decide that the variable
9a111ee8 1453 was always properly set.
95bba8b6 1454
adbef119 1455 Changes since 4.1.0b1
ebf076fe
EH		 1456
1457- A missing "else" in dhcrelay.c could have caused an interface not to
1458 be recognized.
61d75ea2 1459
a4ffedd1
DH		 1460 Changes since 4.1.0a2
1461
1462- A cosmetic bug in DHCPDECLINE processing was fixed which caused all
1463 successful DHCPDECLINEs to be logged as "not found" rather than
1464 "abandoned".
1465
6ff3b26d
FD		 1466- Added configuration file examples for DHCPv6.
1467
1387545f
DH		 1468- Some failover debugging #defines have been better defined and some
1469 high frequency messages moved to a deeper debugging symbol.
1470
1471- The CLTT parameter in failover is now only updated by client activity,
1472 and not by failover binding updates (taking on the peer's CLTT).
1473
1474- Failover BNDUPD messages are now discarded if they conflict with an
d7ac7a27 1475 update that has been transmitted, but not acknowledged.
1387545f 1476
399d3dbe
DH		 1477- A bug cleaning up unknown-xxx temporary option definitions was fixed.
1478
fbcee149
DH		 1479- Delayed-ack is now a compile-time option, compiled out by default.
1480 This feature is simply too experimental for right now, and causes
1481 some problems to some failover installations. We will revisit this
1482 in future releases.
1483
f1672d89
DH		 1484- The !inet_pton() call in res_mkupdrec was adjusted to '<= 0' as
1485 inet_pton returns either 1, 0, or -1.
1486
236d3a99
DH		 1487- A dhclient-script for MacOS X has been included, which enables
1488 'dhclient -6' support.
1489
efa5e6b9
DH		 1490- DDNS removal routines were updated so that the DHCID is not removed until
1491 the client has been deprived of all A and AAAA records (not only the last
1492 one of either of those). This resolves a bug where dual stack clients
1493 would not be able to regain their names after either expiration event.
1494
7d6180be 1495 Changes since 4.1.0a1
edcb5c46
EH		 1496
1497- Corrected list of failover state values in dhcpd man page.
1498
51e7687f
EH		 1499- Fixed a bug that caused some request types to be logged incorrectly.
1500
20210a7b
EH		 1501- Clients that sent a parameter request list containing the
1502 routers option before the subnet mask option were receiving
1503 only the latter. Fixed.
1504
535485df
EH		 1505- The server wasn't always sending the FQDN option when it should.
1506
8fbb55ff
DH		 1507- A partner-down failover server no longer emits 'peer holds all free leases'
1508 if it is able to newly-allocate one of the peer's leases.
1509
61220a00
EH		 1510- Fixed a coredump when adding a class via OMAPI.
1511
c40e954c
EH		 1512- Check whether files are zero length before trying to parse them.
1513
63971a83
DH		 1514- Ari Edelkind's PARANOIA patch has been included and may be compiled in
1515 via two ./configure parameters, --enable-paranoia and
1516 --enable-early-chroot.
1517
66cebfcb
DH		 1518- ./configure was extended to cover many optional build features, such
1519 as failover, server tracing, debugging, and the execute() command.
1520
f8cbf390
DH		 1521- There is now a default 1/4 of a second scheduled delay between delayed
1522 fsync()'s, it can be configured by the max-ack-delay configuration
1523 parameter.
1524
8269561d
DH		 1525- A bug was fixed where the length of a hostname was miscalculated, so that
1526 hosts were given odd-looking domain names ("foo.bar.ba.example.com").
1527
b445a411
DH		 1528- Shared network selection should be done from the innermost relay
1529 valid link-address field, rather than the outermost.
1530
bd72740e
FD		 1531- Prefix pools are attached to shared network scopes.
1532
9322442f
FD		 1533- Merged IA_XX related structures.
1534
8dea7ba7
FD		 1535- Add DHCPv6 files in configure.
1536
4619c0a2
DH		 1537- A memory leak when using omapi has been fixed.
1538
9ac4206a
DH		 1539- DHCPv6 vendor-class options (VSIO) are now only sent when they appear
1540 on the DHCPv6 ORO. This resolves a bug where VSIO options were placed
1541 in IA_NA encapsulated options fields.
1542
420d8b3f
FD		 1543- Integrated client with stateless, temporary address and prefix delegation
1544 support.
1545
40ec5f38
DH		 1546- A double-dereference in dhclient transmission of DHCPDECLINEs was
1547 repaired.
1548
80097764
FD		 1549- Fix handling of format code 'Z'.
1550
ffbaa880
FD		 1551- Support "-1" argument in DHCPv6.
1552
7de20a95
EH		 1553- Merge DHCPv6-only "dhcrelay6" into general-purpose "dhcrelay" (use
1554 "-6" option to select DHCPv6 mode).
1555
d352732e
EH		 1556- Fix handling of -A and -a flags in dhcrelay; it was failing to expand
1557 packet size as needed to add relay agent options.
1558
7d6180be
DH		 1559- A bug in subnet6 parsing where options contained in subnet6 clauses would
1560 not be applied to clients addressed within that network was repaired.
1561
1562- When configuring a "subnet {}" or "subnet6 {}" without an explicit
1563 shared-network enclosing it, the DHCP software would synthesize a
1564 shared-network to contain the subnet. However, all configuration
1565 parameters within the subnet more intuitively belong "to any client
1566 on that interface", or rather the synthesized shared-network. So,
1567 when a shared-network is synthesized, it is used to contain the
1568 configuration present inside the subnet {} clause. This means that
1569 the configuration will be valid for all clients on that network, not
1570 just those addressed out of the stated subnet. If you intended the
1571 opposite, the workaround is to explicitly configure an empty
1572 shared-network.
1573
1574- A bug was fixed where Information-Request processing was not sourcing
1575 configured option values.
1576
1577- A warning was added since the DHCPv6 processing software does not yet
1578 support class statements.
1579
adb95d23 1580- Compilation warnings on GCC 4.3 relating to bootp source address
dd484ced
DH		 1581 selection were repaired.
1582
ecddae64
DH		 1583- The v6 BSD socket method was updated to use a single UDP BSD socket
1584 no matter how many interfaces are involved, differentiating the
1585 interfaces the packets were received on by the interface index supplied
1586 by the OS.
1587
1588- The relay agent no longer listens to the All DHCP Servers Multicast
1589 address.
1590
1591- A bug was fixed in data_string_sprintfa() where va_start was only called
1592 once for two invocations of vsprintf() variants.
1593
d104d45b
DH		 1594- ERO (RFC 4994) server support.
1595
1596- Basic and partial DHCPv6 leasequery support.
1597
1598- Reliable DHCPv6 release (previous behavior, send release and exit, is
1599 still available with dhclient -6 -1 -r).
1600
01a54c17 1601 Changes since 4.0.0 (new features)
3c12f746 1602
6d7f9584
FD		 1603- Added DHCPv6 rapid commit support.
1604
4cafb815 1605- Added explicit parser support for zero-length DHCP options, such as
6d7f9584 1606 rapid-commit, via format code 'Z'.
4cafb815 1607
022fe95e
EH		 1608- It's now possible to update the "ends" field of a lease with OMAPI.
1609 This is useful if you want not only to release a lease, but also make
1610 it available for reuse right away. Hat tip to Christof Chen.
1611
9a111ee8 1612- Fixed definition of the iaaddr hash functions to use the correct
1dcc3612
SK		 1613 functions when referencing and dereferencing memory.
1614
aabfa4de
FD		 1615- Some definitions not in phase with the IANA registry were updated.
1616
0674055a
FD		 1617- Allocated interface IDs are better controlled ('u' bit set to zero,
1618 reserved IDs avoided).
1619
b51c785f
FD		 1620- Unicast options are taken into account only for RENEWs.
1621
900405e9
FD		 1622- NoAddrsAvail answers to SOLICITs are always ADVERTISEs even when a SOLICIT
1623 carries a rapid-commit option.
1624
96b620e5
FD		 1625- Return in place of raise an impossible condition when one tries to release
1626 an empty active lease.
1627
be62cf06
FD		 1628- Timer granularity is now 1/100s in the DHCPv6 client.
1629
01a54c17
EH		 1630- The dhclient-script was updated to create a host route for the default
1631 gateway if the supplied subnet mask for an IPv4 address was a /32. This
1632 allows the client to work in 'captive' network environments, where the
1633 operator does not want clients to crosstalk directly.
1634
adb95d23 1635- MINUS tokens should be parsable again.
01a54c17
EH		 1636
1637- Multiple (up to "delayed-ack x;" maximum) DHCPv4 packets are now queued and
1638 released in bursts after single fsync() events when the upper limit is
1639 reached or if the receiving sockets go dry. The practical upshot is
1640 that fsync-coupled server performance is now multiplicitively increased.
1641 The default delayed ack limit is 28. Thanks entirely to a patch from
1642 Christof Chen.
1643
1644 Changes since 4.0.0 (bug fixes)
1645
1646- DHCP now builds on AIX.
1647
1648- Exit with warning when DHCPv6-specific statements are used in the
1649 config file but -6 is not specified.
1650
1651- Fixed "--version" flag in dhcrelay
1652
1653- The 'min-secs' configuration parameter's log message has been updated to
1654 be more helpful.
1655
1656- The warning logged when an address range doesn't fit in the subnets
1657 they were declared has been updated to be more helpful and identify the
1658 typo in configuration that created the spanning addresses.
1659
1660- A bug in failover pool rebalancing that caused POOLREQ message ping-pongs
1661 was repaired.
1662
1663- A flaw in failover pool rebalancing that could cause POOLREQ messages to
1664 be sent outside of the min-balance/max-balance scheduled intervals has
1665 been repaired.
1666
1667- A cosmetic bug during potential-conflict recovery that caused the peer's
1668 'conflict-done' state message to be logged as 'unknown-state' has been
1669 repaired. It is now logged correctly.
1670
49f61135
DH		 1671- A bug was fixed where the 'giaddr' may be used to find the client's subnet
1672 rather than its own 'ciaddr'.
1673
41d4652f
DH		 1674- A log message was introduced to clarify the situation where a failover
1675 'address' parameter (the server's local address) did not resolve to an
1676 IPv4 address.
1677
2c9bf1f4
DH		 1678- The minimum site code value was set to 224 in 3.1.0 to track RFC3942. This
1679 broke a lot of legacy site local configurations. The new code in place will
1680 track site local space minimum option codes and logs a warning to encourage
1681 updates and exploration of site local code migration problems. Option
1682 codes less than 128 in site local spaces remain inaccessible.
1683
1684- A possible relay agent option bug was repaired where random server
1685 initialization state may have been used to signal the relay agent
1686 information options sub-option code for the 'END' of the option space.
1687
cff9b78f
SK		 1688- Fixes to allow code to compile and run on Solaris 9.
1689
c4d29896
SK		 1690- Fixes to allow code to compile on Mac OS X Leopard (10.5).
1691
57fcb8d9
SK		 1692- When server is configured with options that it overrides, a warning is
1693 issued when the configuration file is read, rather than at the time the
1694 option is overridden. This was important, because the warning was given
9a111ee8 1695 every time the option was overridden, which could create a lot of
57fcb8d9
SK		 1696 unnecessary logging.
1697
219a65eb
DH		 1698- Fixed a compilation problems on platforms that define a value for FDDI,
1699 which conflicts with a dhcp configuration syntax token by the same name.
1700
ffdf3c8c
DH		 1701- When a failover server suspects it has encountered a peer running a
1702 version 3.0.x failover server, a warning that the failover wire protocol
1703 is incompatible is printed.
1704
1705- The failover server no longer issues a floating point error if it encounters
1706 a previously undefined option code.
1707
00a002fc
MA		 1708- Fix startup error messages to report a missing "subnet6 declaration", rather
1709 than a missing "subnet declaration", when running as a DHCPv6 server.
1710
9a111ee8 1711- DHCPv6 client timestamp in DUID was based on the year 1970 rather
7e9f7a1b
FD		 1712 than the year 2000.
1713
e2cfde76
FD		 1714- Warn when attempting to use a hardware parameter in DHCPv6.
1715
cabdb9b1
FD		 1716- DHCPv6 released resources are now marked as released by the client.
1717
5d89d60f
FD		 1718- 'Soft' bindings have no more side-effects.
1719
61d75ea2
DH		 1720 Changes since 4.0.0b3
1721
1722- The reverse dns name for PTR updates on IPv6 addresses has been fixed to
1723 use ip6.arpa. rather than default to in-addr.arpa and require user
1724 configuration.
76db44f9 1725
e32529a5
EH		 1726- dhc6_lease_destroy() and dhc6_ia_destroy() now set lease and IA pointers
1727 to NULL after freeing, to prevent subsequent accesses to freed memory.
1728
9a111ee8 1729- The DHCPv6 server would not send the preference option unless the
76db44f9
SK		 1730 client requested it, via the ORO. This has been fixed, so the DHCPv6
1731 server will always send the preference value if it is configured.
e4a6be15 1732
9a111ee8
TM		 1733- When addresses were passed as hints to the server in an IA, they were
1734 incorrectly handled, sometimes being treated as an error. Now the
6f76de58
SK		 1735 server will treat these as hints and ignore them if it cannot supply
1736 a requested address.
1737
703873ab
DH		 1738- If the client had multiple addresses, and one expired (was not renewed
1739 by the server), the client would continue to attempt to renew the same
1740 old address over and over. Now, the client will omit any expired
1741 addresses from future Confirm, Renew, or Rebind messages.
1742
1743- dhclient -6 will now select renew/rebind timers based upon the longest
1744 address expiration time rather than the shortest expiration time, in
1745 order to avoid cascading renewals in the event a server elects not to
1746 extend one of multiple IAADDR leases.
1747
b024480e
DH		 1748- The server now limits clients that request multiple addresses to one
1749 address per IA by default, which can be adjusted through the
1750 "limit-addrs-per-ia" configuration option.
1751
c0216cb7
DH		 1752- The DHCPv6 client now issues fresh transaction IDs on Renew and Rebind
1753 message exchanges, rather than using the most recent ID.
1754
1ac57173
FD		 1755- The DHCPv6 server now replies to Information-Request messages.
1756
83835822
DH		 1757- A bug was fixed in the dhclient-script for BSDs to correctly carry error
1758 codes through some conditions.
1759
c54db708
FD		 1760- The parsing of some options in the dhclient lease file, in particular
1761 the success DHCPv6 status-code, was fixed.
1762
e5d83524
DH		 1763- A bug was fixed that caused the DHCPv6 ORO option to be corrupted with
1764 seemingly random values.
1765
821f2dda
DH		 1766- A reference overleak in DHCPv6 shared network processing was repaired.
1767
f8b3c6f4
DH		 1768- ./configure now autodetects local database locations rather than trying
1769 to put dhcpd.leases and dhclient.leases in /usr/local/var/db, which no
1770 one ever has.
1771
9a111ee8
TM		 1772- Regression fix for bug where server advertised a IPv6 address in
1773 response to a SOLICIT but would not return the address in response
b9137d42
SK		 1774 to a REQUEST.
1775
9f1d5a2f
DH		 1776- A bug was fixed where the DHCPv6 server puts the NoAddrsAvail status
1777 code in the IA_NA was fixed. The status code now appears in the root
1778 level.
1779
e4a6be15
DH		 1780 Changes since 4.0.0b2
1781
65cf86d7
EH		 1782- Clarified error message when lease limit exceeded
1783
b1d3778c
DH		 1784- Relative time may now be used as a qualifier for 'allow' and 'deny' access
1785 control lists. These directives may be used to assist in re-addressing
1786 address pools without having to constantly reconfigure the server. Please
1787 see 'man dhcpd.conf' for more information on allow/deny 'after time' syntax.
1788 Thanks to a patch from Christof Chen.
1789
bead14ea
DH		 1790- The server will now include multiple IA_NA's and multiple IAADDRs within
1791 them, if advertised by the client. It still only seeks to allocate one
1792 new address.
1793
f765ec36
SK		 1794 Changes since 4.0.0b1
1795
75135a3f 1796- Use different paths for PID and lease files when running in DHCPv4
adb95d23 1797 or DHCPv6 mode, so that servers for both protocols can be run
75135a3f
EH		 1798 simultaneously on a single interface.
1799
5c2d55c7
EH		 1800- Fixed a buffer overflow error which could have allowed a denial
1801 of service under unusual server configurations
1802
1803- Eliminated a spurious error message from the client
1804
9a111ee8 1805- A number of bugs with the internal handling of lease state on the
f765ec36 1806 server have been fixed. Some of these could cause server crashes.
fa9b593d 1807
edb1283e
DH		 1808- The peer_wants_leases() changes pulled up from 3.1.0 were corrected,
1809 'never used' leases will no longer consistently shift between servers
1810 on every pool rebalance run.
1811
c71c6399
DH		 1812- sendmsg()/recvmsg() control buffers are now declared in such a way to
1813 ensure they are correctly aligned on all (esp. 64-bit) architectures.
1814
5279b8f3
DH		 1815- The client leasing subsystem was streamlined and corrected to account
1816 more closely for changes in client link attachment selection.
1817
ab3a540f 1818 Changes since 4.0.0a3
763cba6b 1819
9a111ee8 1820- The DHCP server no longer requires a "ddns-update-style" statement,
884a458f
SK		 1821 and now defaults to "none", which means DNS updates are disabled.
1822
fa9b593d
DH		 1823- Log messages when failover peer names mismatch have been improved to
1824 point out the problem.
1825
9a111ee8 1826- Bug where server advertised a IPv6 address in response to a SOLICIT
1b5053b5
SK		 1827 but would not return the address in response to a REQUEST. Thanks to
1828 Dennis Kou for finding the bug.
1829
c886c298
SK		 1830- Fixed an error causing the server to lock up on lease expiration,
1831 reported independently by Jothilingam Vasu and Dennis Kou.
1832
eaf7eb17
DH		 1833- Fixed a ./configure bug where compile tests were failing due to
1834 "-Werror" (unused variable) rather than the actual test failure. Lead
1835 to inconsistent and unworkable auto-configurations.
1836
109e00db
DH		 1837- Compilation with DLPI and -Werror has been repaired.
1838
9a111ee8 1839- Error in decoding IA_NA option if multiple interfaces are present
3ad9d48f
SK		 1840 fixed by Marcus Goller.
1841
8eab95f2
DH		 1842- DHCPv6 server Confirm message processing has been enhanced - it no
1843 longer replies only to clients with host {} records, it now replies
1844 as directed in RFC3315 section 18.2.2 - that is, to all clients
1845 regardless of the existence of bindings.
1846
07b9a351
DH		 1847- A core dump during expired lease cleanup has been repaired.
1848
7285af30
DH		 1849- DDNS updates state information are now stored in 'binding scopes' that
1850 follow the leases through their lifecycles. This enables DDNS teardowns
1851 on leases that are assigned and expired inbetween a server restart (the
1852 state is recovered from dhcpd.leases). Arbitrary user-specified binding
1853 scopes ('set var = "value";') are not yet supported.
1854
2394b26b
DH		 1855- Additional compilation problems on HP/UX have been repaired.
1856
ab3a540f
SK		 1857 Changes since 4.0.0a2
1858
97050349
SK		 1859- Fix for startup where there are no IPv4 addresses on an interface.
1860 Thanks to Marcus Goller for reporting the bug.
1861
763cba6b 1862- Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
e889ded1 1863
237f8d3a 1864- Bug in server configuration parser caused server to get stuck on
9a111ee8 1865 startup for certain bad pool declarations. Thanks to Guillaume
237f8d3a
SK		 1866 Knispel for the bug report and fix.
1867
28868515
SK		 1868- Code cleaned to remove warnings reported by "gcc -Wall".
1869
d00d373a
SK		 1870- DHCPv6 is now the default. You can disable DHCPv6 support using the
1871 "--disable-dhcpv6" flag when you run the configure script.
1872
8dfd5744
DH		 1873- An internal database inconsistency bug was repaired where the server
1874 would segfault if a client attempted to renew a lease that had been
1875 loaded from persistent storage.
1876
45d545f0 1877- 'request' and 'also request' syntaxes have been added to accommodate
0c20eab3
DH		 1878 the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
1879 necessary.
1880
9a111ee8
TM		 1881- Bug fixed where configuration file parsing did not work with
1882 zero-length options; this made it impossible to set the
f800f4f6
SK		 1883 rapid-commit option.
1884
845e9677
DH		 1885- Bogus messages about host records with IPv4 fixed-addresses being of
1886 non-128-bits in length were removed.
1887
76c944da
SK		 1888 Changes since 4.0.0a1
1889
71765b58
SK		 1890- Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
1891 and fix.
1892
847e7000
SK		 1893- Autoconf now supplies proper flags for Solaris DHCPv6 builds.
1894
bda33169
SK		 1895- Fix for parsing error on some IPv6 addresses.
1896
9b21e73e
SK		 1897- Invalid CIDR representation for IPv6 subnets or ranges now checked
1898 for when loading configuration.
1899
8da06bb1
DH		 1900- Compilation on HP/UX has been repaired. The changes should generally
1901 apply to any architecture that supplies SIOCGLIFCONF but does not
1902 use 'struct lifconf' structures to pass values.
1903
dd328225
DH		 1904- Two new operators, ~= and ~~, have been integrated to implement
1905 boolean matches by regular expression (such as may be used in
1906 class matching statements). Thanks to a patch by Alexandr S.
1907 Agranovsky, which underwent slight modification.
1908
76c944da
SK		 1909- Fix for icmp packets on 64-bit systems (bug introduced in 4.0).
1910
f796f70a
DH		 1911- A bug was fixed in interface discovery wherein an error identifying
1912 a server-configured interface with no IPv4 addresses would SEGV.
76c944da 1913
c11f349d
EH		 1914- Fixed a bug in which write_lease() might report a failure incorrectly
1915
af5fa176
EH		 1916- Added support for DHCPv6 Release messages
1917
1918- Added -x option to dhclient, which triggers dhclient processes
1919 to exit gracefully without releasing leases first
1920
a546f2a7
EH		 1921- All binaries (client, server, relay) now change directories
1922 to / before going into daemon mode, so as not to hold $CWD open
1923
b55d0d5f
EH		 1924- Fixed a bug parsing DHCPv6 client-id's in host-identifier statements
1925
26be82af
DH		 1926- Fixed a bug with the 'ddns-updates' boolean server configuration
1927 parameter, which caused the server to fail.
1928
98bd7ca0
DH		 1929 Changes since 4.0.0-20070413
1930
d9b43370
SK		 1931- Old (expired) leases are now cleaned.
1932
8c1752d2
DH		 1933- IPv6 subnets now have support for arbitrary allocation ranges via
1934 a new 'range6' configuration directive.
1935
98bd7ca0
DH		 1936- An obviated option code hash lookup to find D6O_CLIENTID was removed.
1937
a512d11b
DH		 1938- Corrected some situations where variables might be used without being
1939 initialized.
1940
1941- Silenced several other compiler warnings.
1942
1943- Include the more standard sys/uio.h rather than rely upon other
f66f02cc
DH		 1944 header files to include it (fixes a BSD 4.2 compile failure).
1945
1946- Duplicate dhclient-script updates for DHCPv6 to all provided scripts.
a512d11b 1947
4ba58919
DH		 1948- DHCPv4 I/O methods that failed to sense hardware address were corrected.
1949
1950- DHCPv4 is now the default (as documented) rather than DHCPv6. The default
1951 was set to DHCPv6 to facilitate ease early development, and forgotten.
1952
1953- Corrected a segmentation violation in DHCPv4 socket processing.
1954
8ea19a71 1955- dhclient will now fork() into the background once it binds to an
45d545f0 1956 IPv6 address, or immediately if the -n flag is supplied.
8ea19a71
DH		 1957
1958- -q is now the default behaviour on dhclient, with -d or -v enabling
1959 non-quiet (stderr logging) mode.
1960
2cf8d0bd
DH		 1961- Fix documentation of the domain-search atom (quoted, with commas).
1962
1963- Document DHCPv6 options presently in the default table.
1964
fe5b0fdd
DH		 1965- Replaced ./configure shellscripting with GNU Autoconf.
1966
98bd7ca0
DH		 1967 Changes since 3.1.0 (NEW FEATURES)
1968
1969- DHCPv6 Client and Server protocol support. Use '-6' to run the daemons
1970 as v6-only. Use '-4' to run the daemons as v4-only (default. There is
1971 no support currently for both.
1972
1973- Server support for multiple IA_NA options, containing at most one
1974 IAADDR option.
1975
1976- Client support for one IA_NA option, containing any number of IAADDR
1977 options.
1978
1979- Server support for the DHCPv6 Information-request message.
1980
1981- Inappropriate unicast DHCPv6 messages sent to the server are now
1982 discarded, and this has rearchitected the IO system slightly.
1983
1984- The DHCPv6 server DUID defaults to type 1, is persistently stored in
1985 the leases database, and can be over-ridden (either completely, or by
1986 specifying type 1 or type 2).
1987
1988- The server only uses Rapid-Commit if it has been configured with the
1989 Rapid-Commit option and the client requests it.
1990
1991- DDNS support. We now update AAAA records in the same place we would
1992 update A records, if we have an IPv6 address. We also generate IP6.ARPA
1993 style names for PTR records if we're dealing with an IPv6 address. Both
1994 A and AAAA updates are done using the same 'fqdn.' virtual option space
1995 (although the DHCPv4 FQDN and DHCPv6 FQDN options are formatted
1996 differently, they both use the same code here).
1997
1998- The Linux dhclient-script attempts to set and remove assigned addresses,
1999 and to configure /etc/resolv.conf from nameserver and domain name
2000 configurations. It can be extended to configure other parameters.
2001
2002- Initial DHCPv6 lease support.
2003
2004- The IO system now tracks all local IP addresses, so that the DHCP
2005 applications (particularly the dhcrelay) can discern between what frames
2006 were transmitted to it, and what frames are being carried through it which
2007 it should not intercept.
2008
1418fd11
DH		 2009 Changes since 3.1.0 (Maintenance)
2010
2011- A bug was repaired where MAC Address Affinity for virgin leases always
2012 mapped to the primary. Virgin leases now have an interleaved preference
2013 between primary and secondary.
2014
2015- A bug was repaired where MAC Address Affinity for clients with no client
2016 identifier was sometimes mishashed to the peer. Load balancing during
2017 runtime and pool rebalancing were opposing.
2018
aa3e348e
DH		 2019- An assertion in lease counting relating to reserved leases was repaired.
2020
e9c59645
DH		 2021- The subnet-mask option inclusion now conforms with RFC2132 section 3.3;
2022 it will only appear prior to the routers option if it is present on the
2023 Parameter-Request-List. The subnet-mask option will also only be
2024 included by default (if it is not on the PRL) in response to DISCOVER
2025 or REQUEST messages.
2026
2027- The FQDN option is only supplied if the client supplied an FQDN option or
2028 if the FQDN option was explicitly requested on the PRL.
2029
c104546d
DH		 2030- Dynamic BOOTP leases are now load balanced in failover.
2031
b9d0cc05
DH		 2032 Changes since 3.1.0rc1
2033
adb95d23 2034- The parse warning that 'deny dynamic bootp;' must be configured for
b9d0cc05
DH		 2035 failover protected subnets was removed.
2036
a512cc3a
DH		 2037 Changes since 3.1.0b2
2038
2039- Failover rebalance events no longer play ping pong with round errors
2040 (moving leases between free and back to backup where there are an
2041 odd number of leases).
2042
2043- The 'pool' log line has been split into two messages, one before the
2044 rebalance run, and one after.
2045
2046- Any queued BNDACKs are transmitted before transmitting new BNDUPDs.
2047 This enforces the correct sequence of events for the remote server
2048 processing these messages.
2049
fe5b0fdd 2050 Changes since 3.1.0b1
27837f95 2051
74dc3e0b
EH		 2052- Fixed a bug that caused OMAPI clients to freeze when opening lease
2053 objects.
2054
1ba87b37
EH		 2055- A new server config option "fqdn-reply" specifies whether the server
2056 should send out option 81 (FQDN). Defaults to "on". If set to "off",
2057 the FQDN option is not sent, even if the client requested it. This is
2058 needed because some clients misbehave otherwise. Thanks to Christof Chen
2059 at Allianz.
2060
a58da042
EH		 2061- Allow trace output files (-tf option) to be overwritten, rather than
2062 crashing dhcpd if the file already exists
2063
61252edf
EH		 2064- A bug was fixed that caused dhcpd to segfault if a pool was declared
2065 outside the scope of a subnet in dhcpd.conf.
2066
27837f95
DH		 2067- Some uninitialized values were repaired in dhcpleasequery.c that
2068 caused the server to abort.
2069
4d2eaafb
DH		 2070- A new server config option, 'do-reverse-updates', has been added
2071 which causes the server to abstain from performing updates on PTR
2072 records. Thanks to a patch from Christof Chen at Allianz.
2073
06211b40
DH		 2074- A bug was repaired in subencapsulation support, where spaces separated
2075 by empty spaces would not get included.
2076
d6614ea2
DH		 2077- A bug in dhclient was repaired which caused it to send parameter request
2078 lists of 55 bytes in length no matter how long the declared PRL was.
2079
132d38f2
DH		 2080- 'dhcp.c(3953): non-null pointer' has been repaired. This fixes a flaw
2081 wherein the DHCPv4 server may ignore a configured server-identifier.
2082
fc3b9c90
DH		 2083- A flaw in failover startup sequences was repaired that sometimes left
2084 the primary DHCP server's pool rebalance schedules unscheduled.
2085
c9feb859
DH		 2086- Corrected a flaw that broke encapsulated spaces included due to presence
2087 on the parameter request list.
2088
c57db45c
SK		 2089 Changes since 3.1.0a3
2090
2091- Some spelling fixes.
98311e4b 2092
bd2bc2fa
DH		 2093 Changes since 3.1.0a2
2094
2095- A bug was fixed where attempting to permit leasequeries results in a
2096 fatal internal error, "Unable to find server option 49".
2097
85edef5c
DH		 2098- A bug was fixed in dhclient rendering the textual output form of the
2099 domain-search option syntax.
2100
bdddcb7d
DH		 2101 Changes since 3.1.0a1
2102
2103- A bug in the FQDN universe that added FQDN codes to the NWIP universe's
2104 hash table was repaired.
2105
616d67cb
DH		 2106- The servers now try harder to transmit pending binding updates when
2107 entering normal state.
2108
2109- UPDREQ/UPDREQALL handling was optimized - it no longer dequeues and
2110 requeues all pending updates. This should reduce the number of spurious
66c8f734
DH		 2111 'xid mismatch' log messages.
2112
2113- An option definition referencing leak was fixed, which resulted in early
2114 termination of dhclient upon the renewal event.
616d67cb 2115
6708d944
DH		 2116- Some default hash table sizes were tweaked, some upwards, some downwards.
2117 3.1.0a1's tables resulted in a reduction in default server memory use.
2118 The new selected values provide more of a zero sum (increasing the size
2119 of tables likely to be populated, decreasing the size of tables unlikely).
2120
45d545f0 2121- Lease structures appear in three separate hashes: by IP address, by UID,
6708d944
DH		 2122 and by hardware address. One type of table was used for all three, and
2123 improvements to IP address hashing were applied to all three (so UID and
2124 hardware addresses were treated like 4-byte integers). There are now two
2125 types of tables, and the uid/hw hashes use functions more appropriate
2126 to their needs.
2127
2128- The max-lease-misbalance percentage no longer causes scheduled rebalance
2129 runs to be skipped: it still governs the schedule, but every scheduled
2130 run will attempt balance.
2131
a7ee93fe
DH		 2132- A segfault bug in recursive encapsulation support has been corrected.
2133
98311e4b
DH		 2134 Changes since 3.0 (New Features)
2135
2136- A workaround for certain STSN servers that send a mangled domain-name
2137 option was introduced for dhclient. The client will now accept corrupted
2138 server responses, if they contain a valid DHCP_MESSAGE_TYPE (OFFER, ACK,
2139 or NAK). The server will continue to not accept corrupt client packets.
2140
98bd7ca0 2141- Support for 'reserved' (pseudo-static) and BOOTP leases via failover
a55ccdd0 2142 was introduced.
98311e4b
DH		 2143
2144- Support for adding, removing, and managing class and subclass statements
2145 via OMAPI.
2146
a55ccdd0
DH		 2147- The failover implementation was updated to comply with revision 12 of
2148 the protocol draft.
2149
98311e4b
DH		 2150- 'make install' now creates the initial zero-length dhcpd.leases file if
2151 one does not already exist on the system.
2152
b43c87ad 2153- RFC3942 compliance, site-local option spaces start at 224 now, not 128.
b43c87ad 2154
0b17f049
DH		 2155- The Load Balance Algorithm was misimplemented. The current implementation
2156 matches RFC 3074.
2157
2727c1cf
DH		 2158- lcase() and ucase() configuration expressions have been added which adjust
2159 their arguments from upper to lower and lower to upper cases respectively.
2714a8ef 2160 Thanks to a patch from Albert Herranz.
2727c1cf 2161
febbd402
DH		 2162- The dhclient 'reject ...;' statement, which rejects leases given by named
2163 server-identifiers, now permits address ranges to be specified in CIDR
7d7073e7 2164 notation. Thanks to a patch from David Boyce.
febbd402 2165
ee912528
DH		 2166- The subnet-mask option is now supplied by default, but at lowest
2167 priority. This helps a small minority of clients that provide parameter
2168 request lists, but do not list the subnet-mask option because they were
2169 designed to interoperate with a server that behaves in this manner.
2170
2171- The FQDN option is similarly supplied even if it does not appear on the
2172 parameter request list, but not to the exclusion of options that do
2173 appear at the parameter request list. Up until now it had ultimate
2174 priority over the client's parameter request list.
2175
f7fdb216 2176- Varying option space code and length bit widths (8/16/32) are now
51202707 2177 supported. This is a milestone in achieving RFC 3925 "VIVSO" and
f7fdb216
DH		 2178 DHCPv6 support.
2179
5e864416
DH		 2180- A new common (server or client) option, 'db-time-format local;', has
2181 been added which prints the local time in /var/db/dhcpd.leases rather
2182 than UTC. Thanks to a patch from Ken Lalonde.
2183
b500bd4c
DH		 2184- Some patches to improve DHCP Server startup speed from Andrew Matheson
2185 have been incorporated.
2186
2426234f
DH		 2187- Failover pairs now implement 'MAC Affinity' on leases moving from the
2188 active to free states. Leases that belonged to the failover secondary
2189 are moved to BACKUP state rather than FREE upon exiting EXPIRED state.
2190 If lease rebalancing must move leases, it tries first to move leases
2191 that belong to the peer in need.
2192
2193- The server no longer sends POOLREQ messages unless the pool is severely
2194 misbalanced in the peer's favor (see 'man dhcpd.conf' for more details).
2195
2196- Pool rebalance events no longer happen upon successfully allocating a
2197 lease. Instead, they happen on a schedule. See 'man dhcpd.conf' for the
2198 min-balance and max-balance statements for more information.
2199
334bf491
DH		 2200- The DHCP Relay Agent Information Option / Link Selection Sub-Option
2201 is now supported. (See RFC3527 for details).
2202
3004bebf
DH		 2203- A new DDNS related server option, update-conflict-detection, has been
2204 added. If this option is enabled, dhcpd will perform normal DHCID
2205 conflict resolution (the default). If this option is disabled, it will
2206 instead trust the assigned name implicitly (removing any other bindings
2207 on that name). This option has not been made available in dhclient.
2208
567e8561
DH		 2209- In those cases where the DHCP software manufactures an IP header (to
2210 transmit via bpf, lpf, etc), the IP TTL the software selects has been
2211 increased from 16 to 128. This is intended to match Microsoft Windows
2212 DHCP Client behaviour, to increase compatibility.
2213
a396d25f
DH		 2214- 'ignore client-updates;' now has behaviour that is different from
2215 'deny client-updates;'. The client's request is not truly ignored,
2216 rather it is encouraged. Should this value be configured, the server
2217 updates DNS as though client-updates were set to 'deny'. That is, it
2218 enters into DNS whatever it is configured to do already, provided it is
2219 configured to. Then it sends a response to the client that lets the
2220 client believe it is performing client updates (which it will), probably
2221 for a different name. In essence, this lets the client do as it will,
2222 ignoring this aspect of their request.
2223
dba5803b
DH		 2224- Support for compressed 'domain name list' style DHCP option contents, and
2225 in particular the domain search option (#119) was added.
2226
41e45067 2227- The DHCP LEASEQUERY protocol as defined in RFC4388 is now implemented.
6d103865
SK		 2228 LEASEQUERY lets you query the DHCP server for information about a lease,
2229 using either an IP address, MAC address, or client identifier. Thanks
2230 to a patch from Justin Haddad.
2231
41e45067
DH		 2232- DHCPD is now RFC2131 section 4.1 compliant (broadcast to all-ones ip and
2233 ethernet mac address) on the SCO platform specifically without any strange
2234 ifconfig hacks. Many thanks go to the Kroger Co. for donating the
2235 hardware and funding the development.
6d103865 2236
b543fea9
DH		 2237- A new common configuration executable statement, execute(), has been
2238 added. This permits dhcpd or dhclient to execute a named external
2239 program with command line arguments specified from other configuration
2240 language. Thanks to a patch written by Mattias Ronnblom, gotten to us
2241 via Robin Breathe.
2242
b22de500
DH		 2243- A new dhcp server option 'adaptive-lease-time-threshold' has been added
2244 which causes the server to substantially reduce lease-times if there are
2245 few (configured percentage) remaining leases. Thanks to a patch submitted
2246 from Christof Chen.
2247
96bbe8c5
SK		 2248- Encapsulated option spaces within encapsulated option spaces is now
2249 formally supported.
2250
b8221d95
DH		 2251 Changes since 3.0.6rc1
2252
2253- supersede_lease() now requeues leases in their respective hardware
2254 address hash bucket. This mirrors client identifier behaviour.
2255
c1e6c832
DH		 2256 Changes since 3.0.5
2257
f546c28b
DH		 2258- Assorted fixes for broken network devices: Packet length is now
2259 determined from the IP header length field to finally calculate the
2260 UDP payload length, because some NIC drivers return more data than
5a22eb63 2261 they actually received.
f546c28b
DH		 2262
2263- UDP packets are now stored in aligned data structures.
2264
c1e6c832
DH		 2265- A logic error in omapi interface code was repaired that might result in
2266 incorrectly indicating 'up' state when any flags were set, rather than
23e10d37
DH		 2267 specifically the INTERFACE_REQUESTED flag. Thanks to a patch from
2268 Jochen Voss which got to us via Andrew Pollock at Debian.
c1e6c832 2269
75ab3070
DH		 2270- A reference leak on binding scopes set by ddns updates was repaired.
2271
d69fb6a8 2272- A memory leak in the minires_nsendsigned() function call was repaired.
23e10d37 2273 Effectively, this leaked ~176 bytes per DDNS update.
d69fb6a8 2274
02428754
DH		 2275- In the case where an "L2" DHCP Relay Agent (one that does not set giaddr)
2276 was directly attached to the same broadcast domain as the DHCP server,
2277 the RFC3046 relay agent information option was not being returned to the
2278 relay in the server's replies. This was fixed; the dhcp server no longer
2279 requires the giaddr to reply with relay agent information. Note that
2280 this also improves compatibility with L2 devices that "intercept" DHCP
2281 packets and expect relay agent information even in unicast (renewal)
23e10d37
DH		 2282 replies. Thanks to a patch from Pekka Silvonen.
2283
2284- A bug was fixed where the BOOTP header 'sname' field had a value, the
2285 copy written to persistent storage was actually the contents of the
2286 'file' field.
02428754 2287
ecde99a3
DH		 2288- A bug was fixed where the nwip virtual option space was referencing
2289 the fqdn option's virtual option space's option cache.
2290
67674ffb
DH		 2291- Timestamp parsing errors that indicated missing "minutes" fields rather
2292 than the actually missing "seconds" fields have been repaired thanks to
2293 a patch from Kevin Steves.
2294
830ebc4c
DH		 2295- A grammar error in the dhclient.8 manpage was repaired thanks to a patch
2296 from Chris Wagner.
2297
c759db75
DH		 2298- Several spelling typos were repaired, and some cross-references to other
2299 relevant documents were included in the manpages, thanks to a patch
2300 by Andrew Pollock which got to us via Tomas Pospisek.
2301
9aa3f3a5
DH		 2302- Some bugs were fixed in the 'emergency relay agent options hologram'
2303 which is used to retain relay agent option contents from when the
2304 client was in INIT or REBIND states. This should solve problems where
2305 relay agent options were not echoed from the server, even when giaddr
2306 was set.
2307
3d0c598a
DH		 2308- dhclient now closes its descriptor to dhclient.leases prior to executing
2309 dhclient-script. Thanks to a patch from Tomas Pospisek.
2310
d5b6835f
DH		 2311- The server's "by client-id" and "by hardware address" hash table lists
2312 are now sorted according to the preference to re-allocate that lease to
2313 returning clients. This should eliminate pool starvation problems
2314 arising when "INIT" clients were given new leases rather than presently
2315 active ones.
2316
02428754 2317 Changes since 3.0.5rc1
0a73b7b6 2318
901306d5 2319- A bug was repaired in fixes to the dhclient, which sought to run the
0a73b7b6
SK		 2320 dhclient-script with the 'EXPIRE' state should it receive a NAK in
2321 response to a REQUEST. The client now iterates the PREINIT state
2322 after the EXPIRE state, so that interfaces that might be configured
2323 'down' can be brought back 'up' and initialized.
2324
87a08ccc
DH		 2325- DHCPINFORM handling for clients that properly set ciaddr and come to the
2326 server via a relay aget has been repaired.
2327
6da113fb
DH		 2328 Changes since 3.0.4
2329
2330- A warning that host statements declared within subnet or shared-network
2331 scopes are actually global has been added.
2332
2333- The default minimum lease time (if min-lease-time was not specified)
2334 was raised from 0 to 300. 0 is not thought to be sensible, and is
2335 known to be damaging.
2336
2337- Added additional fatal error sanity checks surrounding lease binding
2338 state count calculations (free/active counts used for failover pool
2339 balancing).
2340
dcc557db
DH		 2341- Some time value size fixes in 3.0.4 brought on from FreeBSD /usr/ports were
2342 misapplied to server values rather than client values. The server no longer
2343 advertises 8-byte lease-time options when on 64-bit platforms.
2344
1b2ab55f
DH		 2345- A bug where leases not in ACTIVE state would get billed to billed classes
2346 (classes with lease limitations) was fixed. Non-active leases OFFERed
2347 to clients are no longer billed (but billing is checked before offering).
2348
e48891e8
DH		 2349- The dhcpd.conf.5 manpage was updated in regard to the ddns-domainname
2350 configuration option - the default configuration and results should be
2351 more clear now.
2352
6cbc6629
DH		 2353- If the dhclient were to receive a DHCPNAK while it was in the RENEW
2354 state (and consequently, had an active, 'bound' address and related
2355 configuration options), it would fail to 'tear down' this information
2356 before proceeding into INIT state. dhclient now iterates the dhclient-
2357 script with the 'EXPIRE' action to cause these teardowns prior to entering
1d3bfb17 2358 INIT state. Thanks to a patch from Chris Zimmerman.
6cbc6629 2359
c5fec5fa
DH		 2360- The omapi.1 manpage had some formatting errors repaired thanks to a patch
2361 from Yoshihiko Sarumaru.
2362
33e1cb2b
DH		 2363- A few lines of code that were failover-specific were moved within
2364 #if defined() clauses so that compilation without failover could be
2365 made possible.
2366
2bddf829
DH		 2367- The log message emitted when the 'leased-address' value was not available
2368 in dhcpd.conf "executable statements" has been updated to be more helpful.
2369 Manpage information for this value has also been updated.
2370
87578987
DH		 2371- Abandoned or dissociated (err condition) leases now remove any related
2372 dynamic dns bindings. Thanks to a patch from Patrick Schoo.
2373
e77c575f
DH		 2374- Attempting to write a new lease file to replace a corrupt (due to
2375 encountering non-retryable errors during writing) lease file should
2376 no longer result in an infinite recursion.
2377
2178df03
DH		 2378- Host declaration hardware addresses and client identifiers may only be
2379 configured once. dhcpd will now fail to load config files that specify
2380 multiple identifiers (previous versions would silently over-ride the
2381 value with the later configured value).
2382
d5341d9b
SK		 2383- Several option codes that have been allocated since our last release
2384 have been named and documented.
2385
2386- Option names of the form "unknown-123" have been removed from the in-
2387 memory hash tables. In order to support options of these names that
2388 may appear in dhclient.leases or similar in previous versions, the
2389 parser will now find the new option code definition, or mock up a
2390 generic option code definition. This should result in a smooth
2391 transition from one name to the other, as the new name is used to
2392 write new output.
2393
6da113fb
DH		 2394 Changes since 3.0.4rc1
2395
2396- The dhcp-options.5 manpage was updated to correct indentation errors
2397 thanks to a patch from Jean Delvare.
2398
2399 Changes since 3.0.4b3
2400
2401- Some manual pages were clarified pursuant to discussion on the dhcp-server
2402 mailing list.
2403
88cd8aca
DH		 2404 Changes since 3.0.4b2
2405
45d545f0 2406- Null-termination sensing for certain clients that unfortunately require
88cd8aca
DH		 2407 it in DHCPINFORM processing was repaired.
2408
2409- The host-name option and a few others were moved from "X" format to "t"
2410 format to be compatible with new NULL handling functions.
2411
2412- DHCPINFORM processing is a little more careful about return addressing
2413 its responses, or if responding via a relay. The INFORM related
2414 messages also log the 'effective client ip address' rather than the
2415 client's supplied ciaddr (since some clients produce null ciaddrs).
2416
2417- The server was inappropriately sending leases to the RESET state in the
2418 event that multiple active leases were found to match a singly-identified
2419 client. This was changed to RELEASED (by accepting a different, ACTIVE
2420 binding, the client is implicitly releasing its lease). This repairs a
2421 bug wherein secondary servers in failover pairs detecting this condition
2422 move leases to RESET, and primaries refuse to accept that state
2423 transition (properly).
2424
2425- The memset-after-dmalloc() changes made in 3.0.4b1 have been backed out.
2426
2427 Changes since 3.0.4b1
2428
2429- Command line parsing in omshell was repaired - it no longer closes
2430 STDIN after reading one line.
2431
2432- The resolver library no longer closes the /etc/resolv.conf file
2433 descriptor it opened twice.
2434
2435- Changes to trailing NULL removal in 't' option-atoms has been rethought,
2436 it now includes 'd' (domain name) types, and tries hard not to rewind an
2437 option beyond the start of the text field it is un-terminating.
2438
2439 Changes since 3.0.3
2440
2441- A DDNS update handling function was misusing the DNS error codes, rather
2442 than the internal generic result enumeration. The result is a confusing
2443 syslog line, logging the wrong condition.
2444
2445- The DHCP Server was not checking pool balance in the case where it brought
2446 a non-ACTIVE lease out of storage for a client that was returning to use
2447 a lease it once had long ago, and had since expired.
2448
2449- Failover peers no longer bother to look for free leases to allocate when
2450 they already found the client's ACTIVE lease. DISCOVERs are load balanced
98bd7ca0 2451 whether freely-allocated or not, unless the server doubts the peer has
88cd8aca
DH		 2452 leases to allocate.
2453
2454- Fixed a bug in dhcrelay agent addition code that suppressed trailing
45d545f0 2455 PAD options - it was suppressing only one trailing PAD option, rather
88cd8aca
DH		 2456 than the entire block of them.
2457
3a16098f
DH		 2458! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
2459 option addition and stripping code. Added a few sanity checks. Although
2460 highly improbable, due to requiring the reception of a DHCP datagram well
2461 in excess of all known to be used physical MTU limitations, it is possible
2462 this may have been used in a stack overflow security vulnerability. Thanks
2463 to a patch from infamous42md.
2464
2465! Added some sanity checks to OMAPI connection/authentication code.
2466 Although highly improbable, due to having to deliver in excess of 2^32
2467 bytes of data via the OMAPI channel, not to mention requiring dhcpd to
2468 be able to malloc() a memory region 2^32 bytes in size, it was possible
2469 this might have resulted in a heap overflow security vulnerability.
2470 Thanks to a patch from infamous42md.
88cd8aca
DH		 2471
2472- dmalloc() memset()'s the non-debug (data) portion of the allocated
2473 memory to zero. Code that memset()'s the result returned by dmalloc() to
2474 zero is redundant. These redundancies were removed.
2475
2476- Some type declaration corrections to u_int16_t were made in common/tr.c
4b97eaff 2477 (Token Ring support) thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 2478
2479- A failover bug that was allowing leases that EXPIRED or were RELEASED
2480 where tsfp and tstp are identical timestamps to languish in these
2481 transitional states has been repaired. As a side effect, lease
2482 databases should be kept more consistent overall, not just for these
2483 transitional states.
2484
2485- If the lease db is deleted out from under the daemon, and it moves to rewrite
2486 the db, it will go ahead with the operation and move the new db into place
2487 once it detects the old db does not exist.
2488
2489- dhclient now ignores IRDA, SIT, and IEEE1394 network interfaces, as it
2490 is either nonsensical or (in the case of IEEE1394) is not known to support
2491 these interfaces. Thanks to Marius Gedminas and Andrew Pollock of Debian.
2492
2493- Some previously undocumented reasons for dhclient-script invoking has
45d545f0 2494 been documented in the dhclient-script.8 manpage.
88cd8aca
DH		 2495
2496- Failover potential expiry calculations (TSTP) have been corrected. Results
2497 should be substantially more consistent, and proper given the constraints.
2498
2499- Adjusted lease state validation checks in potential-conflict, to
2500 account for possible clock skew similarly to normal state, and several
2501 previously illegal transitions were made legal (ex: active->released).
2502
2503- An impossible sanity check was removed from omapi/buffer.c, thanks to a
2504 patch from 'infamous42md'.
2505
2506- An OMAPI host/network byte order problem in lease time values has been
2507 repaired.
2508
2509- Several minor bugs, largely relating to treating 8-byte time values as
2510 4-byte entities, have been repaired after careful review of the FreeBSD
2511 ports collection's patch set. Thanks to the nameless entities who have
2512 contributed to the FreeBSD ports.
2513
2514- When writing a trace file, the file is now created with permissions 0600,
2515 to help administrators avoid accidentally publicising sensitive config
2516 data.
2517
2518- The calculation of the maximum size of DHCP packets no longer includes
2519 Ethernet framing overhead. The result is that the 'Maximum Message
2520 Size' option advertised by clients, or the default value 576, is no
2521 longer reduced by 14 bytes, and instead directly reflects the IP level
2522 MTU (and the default, minimum allowed IP MTU of 576).
2523
2524- The special status of RELEASED/EXPIRED/RESET leases when a server
2525 is operating in partner-down was fixed. It no longer requires a
2526 lease be twice the MCLT beyond STOS to 'reallocate', and the expiry
2527 event to turn these into FREE leases without peer acknowledgement
2528 (after STOS+MCLT) has been repaired.
2529
2530- Compilation on older Solaris systems (lacking /usr/include/sys/int_types.h)
2531 has been repaired.
2532
2533- "append"ing a string onto the end of a "t" type option (such as the
2534 domain-name field) that had been improperly NULL-terminated by the
2535 DHCP server will no longer result in a truncated string containing
2536 only the option from the server, and not the expected appended value.
4b97eaff 2537 Thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 2538
2539- File handlers on configuration state (config files and lease dbs) should
98bd7ca0 2540 be treated consistently, regardless of whether TRACING is defined or not.
88cd8aca 2541
45d545f0 2542- The Linux build environment has had some minor improvements - better
88cd8aca
DH		 2543 sensing of 64-bit pointer sizes (only used for establishing an icmp_id),
2544 and corrections to #if operators regarding LINUX_MAJOR should it ever
2545 move to 3.[01].x.
2546
2547- The server now tries harder to survive the condition where it is unable
2548 to open a new lease file to rewrite the lease state database.
2549
c75473d8
DH		 2550 Changes since 3.0.3b3
2551
2552- dhclient.conf documentation for interface {} was updated to reflect recent
2553 discussion on the dhcp-hackers mailing list.
2554
2555- In response to reports that the software does not compile on GCC 4.0.0,
2556 -Werror was removed from Makefile.conf for all platforms that used it.
2557 We will address the true problem in a future release; this is a temporary
2558 workaround.
2559
2560 Changes since 3.0.3b2
2561
2562- An error in code changes introduced in 3.0.3b2 was corrected, which caused
2563 static BOOTP clients to receive random addresses.
2564
2565 Changes since 3.0.3b1
2566
2567- A bug was fixed in BOOTPREQUEST handling code wherein stale references to
2568 host records would be left behind on leases that were not allocated to the
2569 client currently booting (eg in the case where the host was denied booting).
2570
2571- The dhcpd.conf.5 manpage was updated to be more clear in regards to
2572 multiple host declarations (thanks to Vincent McIntyre). 'Interim' style
2573 dynamic updates were also retouched.
2574
98311e4b
DH		 2575 Changes since 3.0.2
2576
2577- A bug was fixed where a server might load balance a DHCP REQUEST to its
45d545f0 2578 peer after already choosing not to load balance the preceding DISCOVER.
98311e4b
DH		 2579 The peer cannot allocate the originating server's lease.
2580
2581- In the case where a secondary server lost its stable storage while the
2582 primary was still in communications-interrupted, and came back online,
2583 the lease databases would not be fully transferred to the secondary.
2584 This was due to the secondary errantly sending an extra UPDREQ message
2585 when the primary made its state transition to PARTNER-DOWN known.
2586
2587- The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
2588 lease structures will be 9 bytes smaller on all platforms. Thanks to
4b97eaff 2589 Jason Vas Dias at Red Hat.
98311e4b
DH		 2590
2591- Interface discovery code in DISCOVER_UNCONFIGURED mode is now
2592 properly restricted to only detecting broadcast interfaces. Thanks
4b97eaff 2593 to a patch from Jason Vas Dias at Red Hat.
98311e4b
DH		 2594
2595- decode_udp_ip_header was changed so that the IP address was copied out
2596 to a variable, rather than referenced by a pointer. This enforces 4-byte
2597 alignment of the 32-bit IP address value. Thanks to a patch from Dr.
2598 Peter Poeml.
2599
2600- An incorrect log message was corrected thanks to a patch from
2601 Dr. Peter Poeml.
2602
2603- A bug in DDNS was repaired, where if the server's first DDNS action was
2604 a DDNS removal rather than a DDNS update, the resolver library's
2605 retransmit timer and retry timer was set to the default, implying a
2606 15 second timeout interval. Which is a little excessive in a synchronous,
2607 single-threaded system. In all cases, ISC DHCP should now hold fast to
2608 a 1-second timeout, trying only once.
2609
2610- The siaddr field was being improperly set to the server-identifier when
2611 responding to DHCP messages. RFC2131 clarified the siaddr field as
2612 meaning the 'next server in the bootstrap process', eg a tftp server.
2613 The siaddr field is now left zeroed unless next-server is configured.
2614
2615- mockup_lease() could have returned in an error condition (or in the
2616 condition where no fixed-address was found matching the shared
2617 network) with stale references to a host record. This is probably not
2618 a memory leak since host records generally never die anyway.
2619
2620- A bug was repaired where failover servers would let stale client identifiers
2621 persist on leases that were reallocated to new clients not sending an id.
2622
2623- Binding scopes ("set var = value;") are now removed from leases allocated
2624 by failover peers if the lease had expired. This should help reduce the
2625 number of stale binding scopes on leases.
2626
2627- A small memory leak was closed involving client identifiers larger than
2628 7 bytes, and failover.
2629
2630- Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
2631 cause an internal function to overflow heap. Thanks to Jason Vas Dias
4b97eaff 2632 at Red Hat.
98311e4b
DH		 2633
2634- Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
2635 or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
2636 should work better.
2637
2638- In several cases, parse warnings were being issued before the lexical
2639 token had been advanced to the token whose value was causing an error...
2640 causing parse warnings to claim the problem is on the wrong token.
2641
2642- Host declarations matching on client identifier for dynamic leases will
2643 no longer match fixed-address host declarations (this is now identical
2644 to behaviour for host records matching on hardware address).
2645
2646 Changes since 3.0.2rc3
2647
2648- A previously undocumented configuration directive, 'local-address',
2649 was documented in the dhcpd.conf manpage.
2650
2651 Changes since 3.0.2rc2
2652
45d545f0 2653- Two variables introduced in 3.0.2b1 were used without being initialized
98311e4b
DH		 2654 in the case where neither the FILE nor SNAME fields were available for
2655 overloading. This was repaired.
2656
2657- A heretofore believed to be impossible corner case of the option
2658 overloading implementation turned out to be possible ("Unable to sort
2659 overloaded options after 10 tries."). The implementation was reworked
2660 to consider the case of an option so large it would require more than
2661 three chunks to fit.
2662
2663- Many other instances of variables being used without being initialized
2664 were repaired.
2665
2666- An uninitialized variable in omapi_io_destroy() led to the discovery
2667 that this function may result in orphaned pointers (and hence, a memory
2668 leak).
2669
2670 Changes since 3.0.2rc1
2671
2672- allocate_lease() was rewritten to repair a bug in which the server would
2673 try to allocate an ABANDONED lease when FREE leases were available.
2674
2675 Changes since 3.0.2b1
2676
2677- Some dhcp-eval.5 manpage formatting was repaired.
2678
2679 Changes since 3.0.1
2680
2681- A bug was fixed in the server's 'option overloading' implementation,
2682 where options loaded into the 'file' and 'sname' packet fields were
2683 not aligned precisely as rfc2131 dictates.
2684
2685- The FreeBSD client script was changed to support the case where a domain
2686 name was not provided by the server.
2687
2688- A memory leak in 'omshell' per each command line parsed was
2689 repaired, thanks to a patch from Jarkko Torppa.
2690
2691- Log functions writing to stderr were adjusted to use the STDERR_FILENO
2692 system definition rather than '2'. This is a no-op for 90% of platforms.
2693
2694- One call to trace_write_packet_iov() counted the number of io vectors
2695 incorrectly, causing inconsistent tracefiles. This was fixed.
2696
2697- Some expression parse failure memory leaks were closed.
2698
2699- A host byte order problem in tracefiles was repaired.
2700
2701- Pools configured in DHCPD for failover possessing permission lists that
adb95d23 2702 previously were assumed to not include dynamic bootp clients are now
98311e4b
DH		 2703 a little more pessimistic. The result is, dhcpd will nag you about just
2704 about most pools that possess a 'allow' statement with no 'deny' that
2705 would definitely match a dynamic bootp client.
2706
2707- The 'ddns-update-style' configuration warning bit now insists that
2708 the configuration be globally scoped.
2709
2710- Two memory leaks in dhclient were closed thanks to a patch from Felix
2711 Farkas.
2712
2713- Some minor but excellently pedantic documentation errors were fixed
2714 thanks to a patch from Thomas Klausner.
2715
2716- Bugs in operator precedence in executable statements have been repaired
2717 once again. More legal syntaxes should be parsed legally.
2718
2719- Failing to initialize a tracefile for any reason if a tracefile was
2720 specified is now a fatal error. Thanks to a patch from Albert Herranz.
2721
2722- Corrected a bug in which the number of leases transferred as calculated
2723 by the failover primary and sent to peers in POOLRESP responses may be
2724 incorrect. This value is not believed to be used by other failover
2725 implementations, excepting perhaps as logged information.
2726
2727- Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
2728 sending POOLREQ messages instead of POOLRESP mesasges. This message
2729 was essentially ignored since failover secondaries effectively do not
2730 respond to POOLREQ messages.
2731
2732- Type definitions for various bitwidths of integers in the sunos5-5
2733 build of ISC DHCP have been fixed. It should compile and run more
2734 easily when built in 64-bit for this platform.
2735
2736- "allow known-clients;" is now a legal syntax, to avoid confusion.
2737
2738- If one dhcp server chooses to 'load balance' a request to its failover
2739 peer, it first checks to see if it believes said peer has a free
2740 lease to allocate before ignoring the DISCOVER.
2741
2742- log() was logging a work buffer, rather than the value returned by
2743 executing the statements configured by the user. In some cases,
2744 the work buffer and the intended results were the same. In some other
2745 cases, they were not. This was fixed thanks to a patch from Gunnar
2746 Fjone and directconnect.no.
2747
2748- Compiler warnings for some string type conversions was fixed, thanks
2749 to Andreas Gustafsson.
2750
2751- The netbsd build environments were simplified to one, in which
2752 -Wconversion is not used, thanks to Andreas Gustafsson.
2753
2754- How randomness in the backoff-cutoff dhclient configuration variable
2755 is implemented was better documented in the manpage, and the behaviour
2756 of dhclient in REQUEST timeout handling was changed to match that of
2757 DISCOVER timeout handling.
2758
2759- Omapi was hardened against clients that pass in null values, thanks
2760 to a patch from Mark Jason Dominus.
2761
2762- A bug was fixed in dhclient that kept it from doing client-side
2763 ddns updates. Thanks to a patch from Andreas Gustafsson, which
2764 underwent some modification after review by Jason Vas Dias.
2765
2766- Failover implementations disconnected due to the network between
2767 them (rather than one of the two shutting down) will now try to
2768 re-establish the failover connection every 5 seconds, rather than
2769 to simply try once and give up until one of them is restarted.
2770 Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
2771 by Greger V. Teigre which led to an enhancement to it.
2772
2773- A problem that kept DHCP Failover secondaries from tearing down
2774 ddns records was repaired. Thanks to a patch from Ulf Ekberg from
2775 Infoblox.
2776
2777- 64bit pointer sizes are detected properly on FreeBSD now.
2778
2779- A bug was repaired where the DHCP server would leave stale references
2780 to host records on leases it once thought about offering to certain
2781 clients. The result would be to apply host and 'known' scopes to the
2782 wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
2783 that was being circulated as a workaround is not the way this bug was
2784 fixed. If you were a victim of this bug in 3.0.1, you are cautioned
2785 to proceed carefully and see if it fixes your problem.
2786
2787- A bug was repaired in the server's DHCPINFORM handling, where it
2788 tried to divine the client's address from the source packet and
2789 would get it wrong. Thanks to Anshuman Singh Rawat.
2790
2791- A log message was introduced to help illuminate the case where the
2792 server was unable to find a lease to assign to any BOOTP client.
2793 Thanks to Daniel Baker.
2794
2795- A minor dhcpd.conf.5 manpage error was fixed.
2796
2797 Changes since 3.0.1rc14
2798
2799- The global variable 'cur_time' was centralized and is now uniformly of a
2800 type #defined in system-dependent headers. It had previously been defined
2801 in one of many places as a 32-bit value, and this causes mayhem on 64-bit
2802 big endian systems. It probably wasn't too healthy on little endian
2803 systems either.
2804
2805- A printf format string error introduced in rc14 was repaired.
2806
2807- AIX system-dependent header file was altered to only define NO_SNPRINTF
2808 if the condition used to #ifdef in vsnprintf in AIX' header files
2809 is false.
2810
2811- The Alpha/OSF system-dependent header file was altered to define
2812 NO_SNPRINTF on OS revisions older than 4.0G.
2813
2814- omapip/test.c had string.h added to its includes.
2815
2816 Changes since 3.0.1rc13
2817
2818! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
2819 in logging messages with excessively long hostnames provided by the
2820 clients. It is highly probable that these could have been used by
2821 attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
2822 release candidates 12 or 13. Special thanks to Gregory Duchemin for
2823 both finding and solving the problem.
2824
2825! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
45d545f0 2826 in log_*() functions was evidenced, on some specific platforms where
98311e4b
DH		 2827 vsnprintf() was not believed to be available and calls were wrapped to
2828 sprintf() instead. Again, credit goes to Gregory Duchemin for finding
2829 the problem. Calls to snprintf() are now linked to a distribution-local
2830 snprintf implementation, only in those cases where the architecture is
2831 not known to provide one (see includes/cf/[arch].h). If you experience
2832 linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
2833 is where to look. This vulnerability did not exist in any previously
2834 published version of ISC DHCP.
2835
2836- Compilation on hpux 11.11 was repaired.
2837
2838- 'The cross-compile bug fix' was backed out.
2839
2840 Changes since 3.0.1rc12
2841
2842- Fixed a bug in omapi lease lookup function, to form the hardware
2843 address for the hash lookup correctly, thanks to a patch from
2844 Richard Hirst.
2845
2846- Fixed a bug where dhcrelay was sending relayed responses back to the
2847 broadcast address, but with the source's unicast mac address. Should
2848 now conform to rfc2131 section 4.1.
2849
2850- Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
2851
2852- Fixed a crash bug in dhclient where dhcpd servers that do not provide
2853 renewal times results in an FPE. As a side effect, dhclient can now
2854 properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
2855 to a patch from Burt Silverman.
2856
2857- The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
45d545f0 2858 and reformatted to correct a compilation error on Solaris platforms.
98311e4b
DH		 2859
2860- A patch was applied which fixes a case where leases read from the
2861 leases database do not properly over-ride previously read leases.
2862
2863- dhcpctl.3 manpage was tweaked.
2864
2865 Changes since 3.0.1rc11
2866
2867- A patch from Steve Campbell was applied with minor modifications to
2868 permit reverse dns PTR record updates with values containing spaces.
2869
2870- A patch from Florian Lohoff was applied with some modifications to
2871 dhcrelay. It now discards packets whose hop count exceeds 10 by default,
2872 and a command-line option (-c) can be used to set this threshold.
2873
2874- A failover bug relating to identifying peers by name length instead of
2875 by name was fixed.
2876
45d545f0 2877- Declaring failover configs within shared-network statements should no
98311e4b
DH		 2878 longer result in error.
2879
2880- The -nw command line option to dhclient now works.
2881
2882- Thanks to a patch from Michael Richardson:
2883 - Some problems with long option processing have been fixed.
2884 - Some fixes to minires so that updates of KEY records will work.
2885
2886- contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
2887 see contrib/ms2isc/readme.txt for revision notes.
2888
2889- Dhclient no longer uses shell commands to kill another instance of
2890 itself, it sends the signal directly. Thanks to a patch from Martin
2891 Blapp.
2892
2893- The FreeBSD dhclient-script was changed so that a failure to write to
2894 /etc/resolv.conf does not prematurely end the script. This keeps dhclient
2895 from looping infinitely when this is the case. Thanks to a patch from
2896 Martin Blapp.
2897
2898- A patch from Bill Stephens was applied which resolves a problem with lease
2899 expiry times in failover configurations.
2900
2901- A memory leak in configuration parsing was closed thanks to a patch from
2902 Steve G.
2903
2904- The function which discovers interfaces will now skip non-broadcast or
2905 point-to-point interfaces, thanks to a patch from David Brownlee.
2906
2907- Options not yet known by the dhcpd or dhclient have had their names
2908 changed such that they do not contain # symbols, in case they should ever
2909 appear in a lease file. An option that might have been named "#144" is
2910 now "unknown-144".
2911
2912- Another patch from Bill Stephens which allows the ping-check timeout to
2913 be configured as 'ping-timeout'. Defaults to 1.
2914
2915 Changes since 3.0.1rc10
2916
2917- Potential buffer overflows in minires repaired.
2918
2919- A change to the linux client script to use /bin/bash, since /bin/sh may
2920 not be bash.
2921
2922- Some missing va_end cleanups thanks to a patch from Thomas Klausner.
2923
2924- A correction of boolean parsing syntax validation - some illegal syntaxes
2925 that worked before are now detected and produce errs, some legal syntaxes
2926 that errored before will now work properly.
2927
2928- Some search-and-replace errors that caused some options to change their
2929 names was repaired.
2930
2931- Shu-min Chang of the Intel corporation has contributed a perl script and
2932 module that converts the MS NT4 DHCP configuration to a ISC DHCP3
2933 configuration file.
2934
2935- Applied the remainder of the dhcpctl memory leak patch provided by Bill
2936 Squier at ReefEdge, Inc. (groo@reefedge.com).
2937
2938- Missing non-optional failover peer configurations will now result in a soft
2939 error rather than a null dereference.
2940
2941 Changes since 3.0.1rc9
2942
2943- A format string was corrected to fix compiler warnings.
2944
2945- A number of spelling corrections were made in the man pages.
2946
2947- The dhclient.conf.5 man page was changed to refer to do-forward-updates
2948 rather than a configuration option that doesn't exist.
2949
2950- A FreeBSD-specific bug in the interface removal handling was fixed.
2951
2952- A Linux-specific Token Ring detection problem was fixed.
2953
2954- Hashes removed from as-yet-unknown agent options, having those options
2955 appear in reality before we know about them will no longer produce
2956 self-corrupting lease databases.
2957
2958- dhclient will use the proper port numbers now when using the -g option.
2959
2960- A order-of-operations bug with 2 match clauses in 1 class statement is
2961 fixed thanks to a patch from Andrew Matheson.
2962
2963- Compilation problems on Solaris were fixed.
2964
2965- Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
2966
2967- A fix to the dhcp ack process which makes certain group options will be
2968 included in the first DHCPOFFER message was made thanks to a patch from
2969 Ling Gou.
2970
2971- A few memory leaks were repaired thanks to patches from Bill Squier at
2972 ReefEdge, Inc. (groo@reefedge.com).
2973
2974- A fix for shared-networks that sometimes give clients options for the
2975 wrong subnets (in particular, 'option routers') was applied, thanks to
2976 Ted Lemon for the patch.
2977
2978- Omshell's handling of dotted octets as values was changed such that dots
2979 one after the other produce zero values in the integer string.
2980
2981 Changes since 3.0.1rc8
2982
2983- Fix a format string vulnerability in the server that could lead to a
2984 remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
2985
2986- Add additional support for NetBSD/sparc64.
2987
2988- Fix a bug in the command-line parsing of the client. Also, resolve
2989 a memory leak.
2990
2991- Add better support for shells other than bash in the Linux client
2992 script.
2993
2994- Various build fixes for modern versions of FreeBSD and Linux.
2995
2996- Fix a bad bounds check when printing binding state names.
2997
2998- Clarify documentation about fixed-address and multiple addresses.
2999
3000- Fix a typo in the authoritative error message.
3001
3002- Make a log entry when we can't write a billing class.
3003
3004- Use conversion targets that are the right size on all architectures.
3005
3006- Increment the hop count when relaying.
3007
3008- Log a message when lease state is changed through OMAPI.
3009
3010- Don't rerun the shared_network when evaluating the pool.
3011
3012- Fix a reversed test in the parser.
3013
3014- Change the type of rbuf_max.
3015
3016- Make FTS_LAST a manifest constant to quiet warnings.
3017
3018 Changes since 3.0.1rc7
3019
3020- Fix two compiler warnings that are generated when compiling on Solaris
3021 with gcc. These stop the build, even though they weren't actually
3022 errors, because we prefer that our builds generate no warnings.
3023
3024 Changes since 3.0.1rc6
3025
3026- Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
3027 to be renewed.
3028
3029- Implement lease stealing for cases where the primary has fewer leases
3030 than the secondary, as called for by the standard.
3031
3032- Add a fudge factor to the lease expiry acceptance code, (suggested
3033 by Kevin Miller of CMU).
3034
3035- Fix a bug in permit_list_match that made it much too willing to say
3036 that two permit lists matched.
3037
3038- Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
3039 also more compact) messages about DNS updates.
3040
3041- Fix a bug in generating wire-format domain names for the FQDN option.
3042
3043- Fix a bug where the FQDN option would not be returned if the client
3044 requested it, contrary to the standard.
3045
3046- On Darwin, use the FreeBSD DHCP client script.
3047
3048- On NetBSD/sparc, don't check for casting warnings.
3049
3050- Add a flag in the DHCP client to disable updating the client's A
3051 record when sending an FQDN option indicating that the client is
3052 going to update its A record.
3053
3054- In the client, don't attempt a DNS update until one second after
3055 configuring the new IP address, and if the update times out, keep
3056 trying until a response, positive or negative, is received from the
3057 DNS server.
3058
3059- Fix an uninitialized memory bug in the DHCP client.
3060
3061- Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
3062
3063- Fix a bug in ns_parserr(), where it was returning the wrong sort
3064 of result code in some cases (suggested by Ben Harris of the
3065 NetBSD project).
3066
3067- Fix a bug in is_identifier(), where it was checking against EOF
3068 instead of the END_OF_FILE token (also suggested by Ben Harris).
3069
3070- Fix a bug where if an option universe contained no options, the
3071 DHCP server could dump core (Walter Steiner).
3072
3073- Fix a bug in the handling of encapsulated options.
3074
3075- Fix a bug that prevented NWIP suboptions from being processed.
3076
3077- Delete the FTS_BOOTP and FTS_RESERVED states and implement them
3078 as modifier flags to the FTS_ACTIVE state, as called for in the
3079 failover protocol standard.
3080
3081- Fix bugs in the pool merging code that resulted in references and
3082 dereferences of null pointers. This bug had no impact unless the
3083 POINTER_DEBUG flag was defined.
3084
3085- In the server, added a do-forward-updates flag that can be used to
3086 disable forward updates in all cases, so that sites that want the
3087 clients to take sole responsibility for updating their A record can
3088 do so.
3089
3090- Make it possible to disable optimization of PTR record updates.
3091
3092 Changes since 3.0.1rc5
3093
3094- Include some new documentation and changes provided by Karl Auer.
3095
3096- Add a workaround for some Lexmark printers that send a double-NUL-
3097 terminated host-name option, which would break DNS updates.
3098
3099- Fix an off-by-one error in the MAC-address checking code for
3100 DHCPRELEASE that was added in 3.0.1rc5.
3101
3102- Fix a bug where client-specific information was not being discarded
3103 from the lease when it expired or was released, resulting in
3104 problems if the lease was reallocated to a different client.
3105
3106- If more than one allocation pool is specified that has the same set
3107 of constraints as another allocation pool on the same shared
3108 network, merge the two pools.
3109
3110- Don't print an error in fallback_discard, since this just causes
3111 confusion and does not appear to be helping to encourage anyone to
3112 fix this bug.
3113
3114 Changes since 3.0.1rc4
3115
3116- Fix a bug that would cause the DHCP server to spin if asked to parse
3117 a certain kind of incorrect statement.
3118
3119- Fix a related bug that would prevent an error from being reported in
3120 the same case.
3121
3122- Additional documentation.
3123
3124- Make sure that the hardware address matches the lease when
3125 processing a DHCPRELEASE message.
3126
3127 Changes since 3.0.1rc3
3128
3129- A minor bug fix in the arguments to a logging function call.
3130- Documentation update for dhcpd.conf.
3131
adbef119 3132 Changes since 3.0.1rc2
98311e4b
DH		 3133
3134- Allow the primary to send a POOLREQ message. This isn't what the current
3135 failover draft says to do, so we may have to back it out if I can't get the
3136 authors to relent, but the scheme for balancing that's specified in the
3137 current draft seems needlessly hairy, so I'm floating a trial balloon.
3138 The rc1 code did not implement the method described in the draft either.
3139
adbef119 3140 Changes since 3.0.1rc1
98311e4b
DH		 3141
3142- Treat NXDOMAIN and NXRRSET as success when we are trying to delete a
3143 domain or RRSET. This allows the DHCP server to forget about a name
3144 it added to the DNS once it's been removed, even if the DHCP server
3145 wasn't the one that removed it.
3146
3147- Install defaults for failover maximum outstanding updates and maximum
3148 silent time. This prevents problems that might occur if these values
3149 were not configured.
3150
3151- Don't do DDNS deletes if ddns-update-style is none.
3152
3153- Return relay agent information options in DHCPNAK. This prevents DHCPNAK
3154 messages from being dropped when the relay agent information option contains
3155 routing information.
3156
3157- Fix a problem where coming up in recover wouldn't result in an update
3158 request being sent.
3159
3160- Add some more chatty messages when we start a recovery update and when it's
3161 done.
3162
3163- Fix a possible problem where some state might have been left around
3164 after the peer lost contact and regained contact about how many updates
3165 were pending.
3166
3167- Don't nix a lease update because of a lease conflict. This test has
3168 never (as far as I know) prevented a mistake, and it appears to cause
3169 problems with failover.
3170
3171- Add support in rc history code for keeping a selective history, rather
3172 than a history of all references and dereferences. This code is only used
3173 when extensive additional debugging is enabled.
3174
adbef119 3175 Changes since 3.0
98311e4b
DH		 3176
3177- Make allocators for hash tables. As a side effect, this fixes a memory
3178 smash in the subclass allocation code.
3179
3180- Fix a small bug in omshell where if you try to close an object when
3181 no object is open, it dumps core.
3182
3183- Fix an obscure coredump that could occur on shutdown.
3184
3185- Fix a bug in the recording of host declaration rubouts in the lease file.
3186
3187- Fix two potential spins in the host deletion code.
3188
3189- Fix a core dump that would happen if an application tried to update
3190 a host object attribute with a null value.
3191
3192 Changes since 3.0 Release Candidate 12
3193
3194- Fix a memory leak in the evaluation code.
3195
3196- Fix an obscure core dump.
3197
3198- Print a couple of new warnings when parsing the configuration file
3199 when crucial information is left out.
3200
3201- Log "no free leases" as an error.
3202
3203- Documentation updates.
3204
3205 Changes since 3.0 Release Candidate 11
3206
3207- Always return a subnet selection option if one is sent.
3208
3209- Fix a warning that was being printed because an automatic data
3210 structure wasn't zeroed.
3211
3212- Fix some failover state transitions that were being handled
3213 incorrectly.
3214
3215- When supersede_lease is called on a lease whose end time has already
3216 expired, but for which a state transition has not yet been done, do
3217 a state transition. This fixes the case where if the secondary
3218 allocated a lease to a client and the lease "expired" while the
3219 secondary was in partner-down, no expiry event would actually
3220 happen, so the lease would remain active until the primary was
3221 restarted.
3222
3223 Changes since 3.0 Release Candidate 10
3224
3225- Fix a bug that was preventing released leases from changing state
3226 in failover-enabled pools.
3227
3228- Fix a core dump in the client identifier finder code (for host
3229 declarations).
3230
3231- Finish fixing a bug where bogus data would sometimes get logged to
3232 the dhclient.leases file because it was opened as descriptor 2.
3233
3234- Fix the Linux dhclient-script according to suggestions made by
3235 several people on the dhcp-client mailing list.
3236
3237- Log successful DNS updates at LOG_INFO, not LOG_ERROR.
3238
3239- Print an error message and refuse to run if a failover peer is
3240 defined but not referenced by any pools.
3241
3242- Correct a confusing error message in failover.
3243
eaf0b302
TL		 3244 Changes since 3.0 Release Candidate 9
3245
3246- Fix a bug in lease allocation for Dynamic BOOTP clients.
3247
0db87765
TL		 3248 Changes since 3.0 Release Candidate 8 Patchlevel 2
3249
3250- Fix a bug that prevented update-static-leases from working.
3251
3252- Document failover-state OMAPI object.
3253
3254- Fix a compilation error on SunOS 4.
3255
d758ad8c
TL		 3256 Changes since 3.0 Release Candidate 8 Patchlevel 1
3257
3258- Fix a parsing bug that broke dns updates (both interim and ad-hoc).
3259 This was introduced in rc8pl1 as an unintended result of the memory
3260 leakage fixes that were in pl1.
3261
3262- Fix a long-standing bug where the server would record that an update
3263 had been done for a client with no name, even though no update had
3264 been done, and then when the client's lease expired the deletion of
3265 that nonexistant record would time out because the name was the null
9a111ee8 3266 string.
d758ad8c
TL		 3267
3268- Clean up the omshell, dhcpctl and omapi man pages a bit.
3269
d758ad8c
TL		 3270 Changes since 3.0 Release Candidate 8
3271
3272- Fix a bug that could cause the DHCP server to spin if
3273 one-lease-per-client was enabled.
3274
3275- Fix a bug that was causing core dumps on BSD/os in the presence of
3276 malformed packets.
3277
3278- In partner-down state, don't restrict lease lengths to MCLT.
3279
3280- On the failover secondary, record the MCLT received from the primary
3281 so that if we come up without a connection to the primary we don't
3282 wind up giving out zero-length leases.
3283
3284- Fix some compilation problems on BSD/os.
3285
3286- Fix a bunch of memory leaks.
3287
3288- Fix a couple of bugs in the option printer.
3289
3290- Fix an obscure error reporting bug in the dns update code, and also
3291 make the message clearer when a key algorithm isn't supported.
3292
3293- Fix a bug in the tracing code that prevented trace runs that used
3294 tcp connections from being played back.
3295
3296- Add some additional debugging capability for catching memory leaks
3297 on exit.
3298
3299- Make the client release the lease correctly on shutdown.
3300
3301- Add some configurability to the build system.
3302
3303- Install omshell manual page in man1, not man8.
3304
3305- Craig Gwydir sent in a patch that fixes a long-standing bug in the
3306 DHCP client that could cause core dumps, but that for some reason
3307 hadn't been noticed until now.
3308
3309 Changes since 3.0 Release Candidate 7
3310
3311- Fix a bug in failover where we weren't sending updates after a
3312 transition from communications-interrupted to normal.
3313
3314- Handle expired/released/reset -> free transition according to the
3315 protocol specification (this works - the other way not only wasn't
3316 conformant, but also didn't work).
3317
3318- Add a control object in both client and server that allows either
3319 daemon to be shut down cleanly.
3320
3321- When writing a lease, if we run out of disk space, shut down the
3322 output file and insist on writing a new one before proceeding.
3323
3324- In the server, if the OMAPI listener port is occupied, keep trying
3325 to get it, rather than simply giving up and exiting.
3326
3327- Support fetching variables from leases and also updating and adding
3328 variables to leases via OMAPI.
3329
3330- If two failover peers have wildly different clocks, refuse to start
3331 doing failover.
3332
3333- Fix a bug in the DNS update code that could cause core dumps when
3334 running on alpha processors.
3335
3336- Fixed a bug in ddns updates for static lease entries, thanks to a
3337 patch from Andrey M Linkevitch.
3338
3339- Add support for Darwin/MacOS X
3340
3341- Install omshell (including new documentation).
3342
3343- Support DNS updates in the client (this is a very obscure feature
3344 that most DHCP client users probably will not be able to use).
3345
3346- Somewhat cleaner status logging in the client.
3347
3348- Make OMAPI key naming syntax compatible with the way keys are
3349 actually named (key names are domain names).
3350
3351- Fix a bug in the lease file writer.
3352
3353- Install DHCP ISC headers in a different place than BIND 9 ISC
3354 headers, to avoid causing trouble in BIND 9 builds.
3355
3356- Don't send updates for attributes on an object when the attributes
3357 haven't changed. Support deleting attributes on remote objects.
3358
3359- Fix a number of bugs in omshell, and add the unset and refresh
3360 statements.
3361
3362- Handle disconnects in OMAPI a little bit more intelligently (so that
3363 the caller gets ECONNRESET instead of EINVAL).
3364
3365- Fix a bunch of bugs in the handling of clients that have existing
3366 leases when the try to renew their leases while failover is
3367 operating.
3368
eaf0b302
TL		 3369 Changes since 3.0 Release Candidate 6
3370
3371- Fix a core dump that could happen when processing a DHCPREQUEST from
3372 a client that had a host declaration that contained both a
3373 fixed-address declaration and a dhcp-client-identifier option
3374 declaration, if the client identifier was longer than nine bytes.
3375
3376- Fix a memory leak that could happen in certain obscure cases when
3377 using omapi to manipulate leases.
3378
3379- Fix some bugs and omissions in omshell.
3380
eaf0b302
TL		 3381 Changes since 3.0 Release Candidate 5
3382
3383- Fix a bug in omapi_object_dereference that prevented objects in
3384 chains from having their reference counts decreased on dereference.
3385
3386- Fix a bug in omapi_object_dereference that would prevent object
3387 chains from being freed upon removal of the last reference external
3388 to the chain.
3389
3390- Fix a number of other memory leaks in the OMAPI protocol subsystem.
3391
3392- Add code in the OMAPI protocol handler to trace memory leakage.
3393
3394- Clean up the memory allocation/reference history printer.
3395
98311e4b 3396- Support input of dotted quads and colon-separated hex lists as
eaf0b302
TL		 3397 attribute values in omshell.
3398
98311e4b 3399- Fix a typo in the Linux interface discovery code.
eaf0b302
TL		 3400
3401- Conditionalize a piece of trace code that wasn't conditional.
3402
3403 Changes since 3.0 Release Candidate 4
3404
3405- Fix a bug that would prevent leases from being abandoned properly on
3406 DHCPDECLINE.
3407
3408- Fix failover peer OMAPI support.
3409
3410- In failover, correctly handle expiration of leases. Previously,
3411 leases would never be reclaimed because they couldn't make the
3412 transition from EXPIRED to FREE.
3413
3414- Fix some broken failover state transitions.
3415
3416- Documentation fixes.
3417
3418- Take out an unnecessary check in DHCP relay agent information option
3419 stashing code that was preventing REBINDING clients from rebinding.
3420
3421- Prevent failover peers from allocating leases in DHCPREQUEST
3422 processing if the lease belongs to the other server.
3423
3424- Record server version in lease file introductory comment.
3425
3426- Correctly report connection errors in OMAPI and failover.
3427
3428- Make authentication signature algorithm name comparisons in OMAPI
3429 case-insensitive.
3430
3431- Fix compile problem on SunOS 4.x
3432
98311e4b 3433- If a signature algorithm is not terminated with '.', terminate it so
eaf0b302
TL		 3434 that comparisons between fully-qualified names will work
3435 consistently.
3436
3437- Different SIOCGIFCONF probe code, may "fix" problem on some Linux
3438 systems with the probe not working correctly.
3439
3440- Don't allow user to type omapi key on command line of omshell.
3441
0596b051
TL		 3442 Changes since 3.0 Release Candidate 3
3443
3444- Do lease billing on startup in a way that I *think* will finally do
3445 the billing correctly - the previous method could overbill as a
3446 result of duplicate leases.
3447
3448- Document OMAPI server objects.
3449
892fe689
TL		 3450 Changes since 3.0 Release Candidate 2 Patchlevel 1
3451
3452- Fix some problems in the DDNS update code. Thanks to Albert
3453 Herranz for figuring out the main problem.
3454
3455- Fix some reference counting errors on host entries that were causing
3456 core dumps.
3457
3458- Fix a byte-swap bug in the token ring code, thanks to Jochen
3459 Friedrich.
3460
3461- Fix a bug in lease billing, thanks to Jonas Bulow.
3462
3463 Changes since 3.0 Release Candidate 2
3464
3465- Change the conditions under which a DHCPRELEASE is actually
3466 committed to be consistent with lease binding states rather than
98311e4b 3467 using the lease end time. This may fix some problems with the
892fe689
TL		 3468 billing class code.
3469
3470- Fix a bug where lease updates would fail on Digital Unix (and maybe
3471 others) because malloc was called with a size of zero.
3472
3473- Fix a core dump that happens when the DHCP server can't create its
3474 trace file.
3475
79ea3de8 3476 Changes since 3.0 Release Candidate 1 Patchlevel 1
87784777 3477
79ea3de8
TL		 3478- Fix the dhcp_failover_put_message to not attempt to allocate a
3479 zero-length buffer. Some versions of malloc() fail if you try to
3480 allocate a zero-length buffer, and this was causing problems on,
3481 e.g., Digital Unix.
3482
3483- Fix a case where the failover code was printing an error message
3484 when no error had occurred.
3485
3486- Fix a problem where when a server went down and back up again, the
3487 peer would not see a state transition and so would stay in the
3488 non-communicating state.
3489
3490- Be smart about going into recover_wait.
3491
3492- Fix a problem in the failover implementation where peers would fail
3493 to come into sync if interrupted in the RECOVER state. This could
3494 have been the cause of some problems people have reported recently.
3495
3496- Fix a problem with billing classes where they would not be unbilled
3497 when the client lease expired.
3498
3499- If select fails, figure out which descriptor is bad, and cut it out
3500 of the I/O loop. This prevents a potentially nasty spin. I
3501 haven't heard any report it in a while, but it came up consistently
3502 in testing.
3503
3504- Fix a bug in the relay agent where if you specified interfaces on
3505 the command line, it would fail.
3506
3507- Fix a couple of small bugs in the omapi connection object (no known
3508 user impact).
3509
3510- Add the missing 3.0 Beta 1 lease conversion script.
3511
3512- Read dhcp client script hooks if they exist, rather than only if
3513 they're executable.
3514
3515 Changes since 3.0 Release Candidate 1
87784777
TL		 3516
3517- Fix a memory smash that happens when fixed-address leases are used.
3518 ANY SITE AT WHICH FIXED-ADDRESS STATEMENTS ARE BEING USED SHOULD
3519 UPGRADE IMMEDIATELY. This has been a long-standing bug - thanks to
3520 Alvise Nobile for discovering it and helping me to find it!
3521
79ea3de8
TL		 3522- Fix a small bug in binary-to-ascii, thanks to H. Peter Anvin of
3523 Transmeta.
3524
87784777
TL		 3525- There is a known problem with the DHCP server doing failover on
3526 Compaq Alpha systems. This patchlevel is not a release candidate
3527 because of this bug. The bug should be straightforward to fix, so
3528 a new release candidate is expected shortly.
3529
3530- There is a known problem in the DDNS update code that is probably a
3531 bug, and is not, as far as we know, fixed in this patchlevel.
3532
6d779c72
TL		 3533 Changes since 3.0 Beta 2 Patchlevel 24
3534
3535- Went over problematic failover state transitions and made them all
3536 work, so that failover should now much less fragile.
3537
3538- Add some dhcpctl and omapi documentation
3539
3540- Fix compile errors when compiling with unusual predefines.
3541
3542- Make Token Ring work on Linux 2.4
3543
3544- Fix the Digital Unix BPF_WORDALIGN bug.
3545
3546- Fix some dhcp client documentation errors.
3547
3548- Update some parts of the README file.
3549
3550- Support GCC on SCO.
3551
adbef119 3552 Changes since 3.0 Beta 2 Patchlevel 23
de57e64b
TL		 3553
3554- Fix a bug in the DNS update code where a status code was not being
3555 checked. This may have been causing core dumps.
3556
3557- When parsing the lease file, if a lease declaration includes a
3558 billing class statement, and the lease already has a billing class,
3559 unbill the old class.
3560
3561- When processing failover transactions, where acks will be deferred,
3562 process the state transition immediately.
3563
3564- Don't try to use the new SIOCGIFCONF buffer size detection code on
3565 Linux 2.0, which doesn't provide this functionality.
3566
3567- Apply a patch suggested by Tuan Uong for a problem in dlpi.c.
3568
3569- Fix a problem in using the which command in the configure script.
3570
3571- Fix a parse error in the client when setting up an omapi listener.
3572
3573- Document the -n and -g flags to the client.
3574
3575- Make sure there is always a stdin and stdout on startup. This
3576 prevents shell scripts from accidentally writing error messages into
3577 configuration files that happen to be opened as stderr.
3578
3579- If an interface is removed, the client will now notice that it is
3580 gone rather than spinning. This has only been tested on NetBSD.
3581
3582- The client will attempt to get an address even if it can't create a
3583 lease file.
3584
3585- Don't overwrite tracefiles.
3586
3587- Fix some memory allocation bugs in failover.
2aa36519 3588
adbef119 3589 Changes since 3.0 Beta 2 Patchlevel 22
140158d3
TL		 3590
3591- Apply some patches suggested by Cyrille Lefevre, who is maintaining
3592 the FreeBSD ISC DHCP Distribution port.
3593
3594- Fix a core dump in DHCPRELEASE.
3595
adbef119 3596 Changes since 3.0 Beta 2 Patchlevel 21
3a395e60
TL		 3597
3598- This time for sure: fix the spin described in the changes for pl20.
3599
adbef119 3600 Changes since 3.0 Beta 2 Patchlevel 20
fc74dd0c
TL		 3601
3602- Fix a problem with Linux detecting large numbers of interfaces (Ben)
3603
3604- Fix a memory smash in the quotify code, which was introduced in
3605 pl19.
3606
3607- Actually fix the spin described in the changes for pl20. The
3608 previous fix only partially fixed the problem - enough to get it
3609 past the regression test.
3610
adbef119 3611 Changes since 3.0 Beta 2 Patchlevel 19
ed5ee591
TL		 3612
3613- Fix a bug that could cause the server to abort if compiled with
3614 POINTER_DEBUG enabled.
3615
3616- Fix a bug that could cause the server to spin when responding to a
3617 DHCPREQUEST.
3618
3619- Apply Joost Mulders' suggested patches for DLPI on x86.
3620
3621- Support NUL characters in quoted strings.
3622
3623- Install unformatted man pages on SunOS.
3624
adbef119 3625 Changes since 3.0 Beta 2 Patchlevel 18
b3fad8ac 3626
3350f5b7
TL		 3627- Allow the server to be placed in partner-down state using OMAPI.
3628 (Damien Neil)
3629
3630- Implement omshell, which can be used to do arbitrary things to the
3631 server (in theory). (Damien Neil)
3632
3633- Fix a case where if a client had two different leases the server could
3634 actually dereference the second one when it hadn't been referenced,
3635 leading to memory corruption and a core dump. (James Brister)
3636
3637- Fix a case where a client could request the address of another client's
3638 lease, but find_lease wouldn't detect that the other client had it, and
3639 would attempt to allocate it to the client, resulting in a lease conflict
3640 message.
3641
3642- Fix a case where a client with more than one client identifier could be
3643 given a lease where the hardware address was correct but the client
3644 identifier was not, resulting in a lease conflict message.
3645
98311e4b 3646- Fix a problem where the server could write out a colon-separated
3350f5b7
TL		 3647 hex list as a value for a variable, which would then not parse.
3648 The fix is to always write strings as quoted strings, with any
3649 non-printable characters quoted as octal escape sequences. So
3650 a file written the old way still won't work, but new files written
3651 this way will work.
3652
b3fad8ac
TL		 3653- Fix documentation for sending non-standard options.
3654
3655- Use unparsable names for unknown options. WARNING: this will
3656 break any configuration files that use the option-nnn convention.
3657 If you want to continue to use this convention for some options,
3658 please be sure to write a definition, like this:
3659
3660 option option-nnn code nnn = string;
3661
3662 You can use a descriptive name instead of option-nnn if you like.
3663
3664- Fix a problem where we would see a DHCPDISCOVER/DHCPOFFER/
3665 DHCPREQUEST/DHCPACK/DHCPREQUEST/DHCPNAK sequence. This was the
3666 result of a deceptively silly bug in supersede_lease.
3667
3668- Fix client script exit status check, according to a fix supplied by
3669 Hermann Lauer.
3670
3671- Fix an endianness bug in the tracefile support, regarding ICMP
3672 messages.
3673
3350f5b7
TL		 3674- Fix a bug in the client where the medium would not work correctly if
3675 it contained quoted strings.
3676
b3fad8ac
TL		 3677 ** there was no pl17 **
3678
adbef119 3679 Changes since 3.0 Beta 2 Patchlevel 16
e6d30fd6 3680
6da9db9d
TL		 3681- Add support for transaction tracing. This allows the state of the
3682 DHCP server on startup, and all the subsequent transactions, to be
3683 recorded in a file which can then be played back to reproduce the
3684 behaviour of the DHCP server. This can be used to quickly
3685 reproduce bugs that cause core dumps or corruption, and also for
3686 tracking down memory leaks.
3687
3688- Incorporate some bug fixes provided by Joost Mulders for the DLPI
3689 package which should clear up problems people have been seeing on
3690 Solaris.
3691
3692- Fix bugs in the handling of options stored as linked lists (agent
3693 options, fqdn options and nwip options) that could cause memory
3694 corruption and core dumps.
3695
3696- Fix a bug in DHCPREQUEST handling that resulted in DHCPNAK messages
3697 not being send in some cases when they were needed.
3698
3699- Make the lease structure somewhat more compact.
3700
3701- Make initial failover startup *much* faster. This was researched
3702 and implemented by Damien Neil.
3703
3704- Add a --version flag to all executables, which prints the program
3705 name and version to standard output.
3706
3707- Don't rewrite the lease file every thousand leases.
3708
e6d30fd6
TL		 3709- A bug in nit.c for older SunOS machines was fixed by a patch sent in
3710 by Takeshi Hagiwara.
3711
6da9db9d
TL		 3712- Fix a memory corruption bug in the DHCP client.
3713
3714- Lots of documentation updates.
3715
3716- Add a feature allowing environment variables to be passed to the
3717 DHCP client script on the DHCP client command line.
3718
3719- Fix client medium support, which had been broken for some time.
3720
3721- Fix a bug in the DHCP client initial startup backoff interval, which
3722 would cause two DHCPDISCOVERS to be sent back-to-back on startup.
3723
adbef119 3724 Changes since 3.0 Beta 2 Patchlevel 15
af49fdff
TL		 3725
3726- Some documentation tweaks.
3727
3728- Maybe fix a problem in the DLPI code.
3729
3730- Fix some error code space inconsistencies in ddns update code.
3731
3732- Support relay agents that intercept unicast DHCP messages to stuff
3733 agent options into them.
3734
3735- Fix a small memory leak in the relay agent option support code.
3736
c5b569f8
TL		 3737- Fix a core dump that would occur if a packet was sent with no
3738 options.
3739
adbef119 3740 Changes since 3.0 Beta 2 Patchlevel 14
754ae3e9
TL		 3741
3742- Finish fixing a long-standing bug in the agent options code. This
3743 was causing core dumps and failing to operate correctly - in
3744 particular, agent option stashing wasn't working. Agent option
3745 stashing should now be working, meaning that agent options can be
3746 used in class statements to control address allocation.
3747
3748- Fix up documentation.
3749
3750- Fix a couple of small memory leaks that would have added up
3751 significantly in a high-demand situation.
3752
3753- Add a log-facility configuration parameter.
3754
3755- Fix a compile error on some older operating systems.
3756
3757- Add the ability in the client to execute certain statements before
3758 transmitting packets to the server. Handy for debugging; not much
3759 practical use otherwise.
3760
3761- Don't send faked-out giaddr when renewing or bound - again, useful
3762 for debugging.
3763
adbef119 3764 Changes since 3.0 Beta 2 Patchlevel 13
2f2e7960
TL		 3765
3766- Fixed a problem where the fqdn decoder would sometimes try to store
3767 an option with an (unsigned) negative length, resulting in a core
3768 dump on some systems.
3769
3770- Work around the Win98 DHCP client, which NUL-terminates the FQDN
3771 option.
3772
3773- Work around Win98 and Win2k clients that will claim they want to do
3774 the update even when they don't have any way to do it.
3775
3776- Fix some log messages that can be printed when failover is operating
3777 that were not printing enough information.
3778
3779- It was possible for a DHCPDISCOVER to get an allocation even when
3780 the state machine said the server shouldn't be responding.
3781
3782- Don't load balance DHCPREQUESTs from clients in RENEWING and
3783 REBINDING, since in RENEWING, if we heard it, it's for us, and in
3784 REBINDING, the client wouldn't have got to REBINDING if its primary
3785 were answering.
3786
3787- When we get a bogus state lease binding state transition, don't do
3788 the transition.
9a111ee8 3789
2f2e7960 3790
adbef119 3791 Changes since 3.0 Beta 2 Patchlevel 12
66e98927
TL		 3792
3793- Fixed a couple of silly compile errors.
3794
a1e2e3d6
TL		 3795 Changes since 3.0 Beta 2 Patchlevel 11
3796
3797- Albert Herranz tracked down and fixed a subtle bug in the base64
3798 decoder that would prevent any key with an 'x' in its base64
3799 representation from working correctly.
3800
3801- Thanks to Chris Cheney and Michael Sanders, we have a fix for the
3802 hang that they both spotted in the DHCP server - when
3803 one-lease-per-client was set, the code to release the "other" lease
3804 could spin.
3805
3806- Fix a problem with alignment of the input buffer in bpf in cases
3807 where two packets arrive in the same bpf read.
3808
3809- Fix a problem where the relay agent would crash if you specified an
3810 interface name on the command line.
3811
3812- Add the ability to conditionalize client behaviour based on the
3813 client state.
3814
3815- Add support for the FQDN option, and added support for a new way of
3816 doing ddns updates (ddns update style interim) that allows more than
3817 one DHCP server to update the DNS for the same network(s). This
3818 was implemented by Damien Neil with some additional functionality
3819 added by Ted Lemon.
3820
3821- Damien added a "log" statement, so that the configuration file can
3822 be made to log debugging information and other information.
3823
3824- Fixed a bug that caused option buffers not to be terminated with an
3825 end option.
3826
3827- Fixed a long-standing bug in the support for option spaces where the
3828 options are stored as an ordered list rather than in a hash table,
3829 which could theoretically result in memory pool corruption.
3830
3831- Prevent hardware declarations with no actual hardware address from
3832 being written as something unparsable, and behave correctly in the
3833 face of a null hardware address on input.
3834
3835- Allow key names to be FQDNs, and qualify the algorithm name if it is
3836 specified unqualified.
3837
3838- Modify the DDNS update code so that it never prints the "resolver
3839 failed" message, but instead says *why* the resolver failed.
3840
3841- Officially support the subnet selection option, which now has an
3842 RFC.
3843
3844- Fix a build bug on MacOS X.
3845
3846- Allow administrator to disable ping checking.
3847
3848- Clean up dhcpd.conf documentation and add more information about how
3849 it works.
3850
6c68ec36
TL		 3851 Changes since 3.0 Beta 2 Patchlevel 10
3852
3853- Fix a bug introduced during debugging (!) and accidentally committed
3854 to CVS.
3855
9fd337e7
TL		 3856 Changes since 3.0 Beta 2 Patchlevel 9
3857
3858- Fix DHCP client handling of vendor encapsulated options.
3859
3860- Fix a bug in the handling of relay agent information options introduced
3861 in patchlevel 9.
3862
3863- Stash agent options on client leases by default, and use the stashed
3864 options at renewal time.
3865
3866- Add the ability to test the client's binding state in the client
3867 configuration language.
3868
3869- Fix a core dump in the DNS update code.
3870
3871- Fix some expression evaluation bugs that were causing updates to be
3872 done when no client hostname was received.
3873
3874- Fix expression evaluation debugging printfs.
3875
3876- Teach pretty_print_option to print options in option spaces other than
3877 the DHCP option space.
3878
3879- Add a warning message if the RHS of a not is not boolean.
3880
3881- Never select for more than a day, because some implementations of
3882 select will just fail if the timeout is too long (!).
3883
3884- Fix a case where a DHCPDISCOVER from an unknown network would be
3885 silently dropped.
3886
3887- Fix a bug where if a client requested an IP address for which a different
3888 client had the lease, the DHCP server would reallocate it anyway.
3889
3890- Fix the DNS update code so that if the client changes its name, the DNS
3891 will be correctly updated.
3892
3922772a
TL		 3893 Changes since 3.0 Beta 2 Patchlevel 8
3894
3895- Oops, there was another subtle math error in the header-length
3896 bounds-checking.
3897
3898 Changes since 3.0 Beta 2 Patchlevel 7
848c2547
TL		 3899
3900- Oops, forgot to byte-swap udp header length before bounds-checking it.
3901
3922772a 3902 Changes since 3.0 Beta 2 Patchlevel 6
0f6045f8 3903
f8572308
TL		 3904- Fix a possible DoS attack where a client could cause the checksummer
3905 to dump core. This was a read, not a write, so it shouldn't be
3906 possible to exploit it any further than that.
3907
3908- Implement client- and server-side support for using the Client FQDN
3909 option.
3910
3911- Support for other option spaces in the client has been added. This
3912 means that it is now possible to define a vendor option space on the
3913 client, request options in that space from the server (which must
3914 define the same option space), and then use those options in the
3915 client. This also allows NWIP and Client FQDN options to be used
3916 meaningfully.
3917
3918- Add object initializer support. This means that objects can now be
3919 initialized to something other than all-zeros when allocated, which
3920 makes, e.g., the interface object support code a little more robust.
3921
3922- Fix an off-by-one bug in the host stuffer. This was causing host
3923 deletes not the work, and may also have been causing OMAPI
3924 connections to get dropped. Thanks to James Brister for tracking
3925 this one down!
3926
3927- Fixed a core dump in the interface discovery code that is triggered
3928 when there is no subnet declaration for an interface, but the server
3929 decides to continue running. Thanks to Shane Kerr for tracking
3930 down and fixing this problem.
3931
3932 Changes since 3.0 Beta 2 Patchlevel 5
3933
0f6045f8
TL		 3934- Fix a bug in the recent enhancement to the interface discovery code
3935 to support arbitrary-length interface lists.
3936
3937- Support NUL-terminated DHCP options when initializing client-script
3938 environment.
3939
3940- Fix suffix operator.
3941
3942- Fix NetWare/IP option parsing.
3943
3944- Better error/status checking in dhcpctl initialization and omapi
3945 connection code.
3946
3947- Fix a potential memory smash in dhcpctl code.
3948
3949- Fix SunOS4 and (maybe) Ultrix builds.
3950
3951- Fix a bug where a certain sort of incoming packet could cause a core
3952 dump on Solaris (and probably elsewhere).
3953
3954- Add some more safety checks in error logging code.
3955
3956- Add support for ISC_R_INCOMPLETE in OMAPI protocol connection code.
3957
3958- Fix relay agent so that if an interface is specified on the command
3959 line, the relay agent does not dump core.
3960
3961- Fix class matching so that match if can be combined with match or
3962 spawn with.
3963
3964- Do not allow spurious leases in the lease database to introduce
3965 potentially bogus leases into the in-memory database.
3966
3967- Fix a byte-order problem in the client hardware address type code
3968 for OMAPI.
3969
3970- Be slightly less picky about what sort of hardware addresses OMAPI
3971 can install in host declarations.
3972
801de092
TL		 3973 Changes since 3.0 Beta 2 Patchlevel 4
3974
3975- Incorporated Peter Marschall's proposed change to array/record
3976 parsing, which allows things like the slp-agent option to be encoded
3977 correctly. Thanks very much to Peter for taking the initiative to
3978 do this, and for doing such a careful job of it (e.g., updating the
3979 comments)!
3980
3981- Added an encoding for the slp-agent option. :')
3982
6ed7a93d
TL		 3983- Fixed SunOS 4 build. Thanks to Robert Elz for responding to my
3984 request for help on this with patches!
3985
3986- Incorporated a change that should fix a problem reported by Philippe
3987 Jumelle where when the network connection between two servers is
3988 lost, they never reconnect.
3989
3990- Fix client script files other than that for NetBSD to actually use
3991 make_resolv_conf as documented in the manual page.
3992
3993- Fix a bug in the packet handling code that could result in a core
3994 dump.
3995
3996- Fix a bug in the bootp code where responses on the local net would
3997 be sent to the wrong MAC address. Thanks to Jerry Schave for
3998 catching this one.
3999
490eb5e7
TL		 4000 Changes since 3.0 Beta 2 Patchlevel 3
4001
4002- In the DHCP client, execute client statements prior to using the values
45d545f0 4003 of options, so that the client configuration can overridden, e.g., the
490eb5e7
TL		 4004 lease renewal time.
4005
4006- Fix a reference counting error that would result in very reproducible
4007 failures in updates, as well as occasional core dumps, if a zone was
4008 declared without a key.
4009
4010- Fix some Linux 2.0 compilation problems.
4011
4012- Fix a bug in scope evaluation during execution of "on" statements that
4013 caused values not to be recorded on leases.
4014
4015- If the dhcp-max-message-size option is specified in scope, and the
4016 client didn't send this option, use the one specified in scope to
4017 determine the maximum size of the response.
4018
592d8153
TL		 4019 Changes since 3.0 Beta 2 Patchlevel 2
4020
359b023e
TL		 4021- Fix a case where spawning subclasses were being allocated
4022 incorrectly, resulting in a core dump.
4023
592d8153
TL		 4024- Fix a case where the DHCP server might inappropriately NAK a
4025 RENEWING client.
4026
4027- Fix a place dhcprequest() where static leases could leak.
4028
4029- Include memory.h in omapip_p.h so that we don't get warnings about
4030 using memcmp().
4031
2aa36519
TL		 4032 Changes since 3.0 Beta 2 Patchlevel 1
4033
4034- Notice when SIOCFIGCONF returns more data than fit in the buffer -
4035 allocate a larger buffer, and retry. Thanks to Greg Fausak for
4036 pointing this out.
4037
4038- In the server, if no interfaces were configured, report an error and
4039 exit.
4040
4041- Don't ever record a state of 'startup'.
4042
4043- Don't try to evaluate the local failover binding address if none was
4044 specified. Thanks to Joseph Breu for finding this.
Mirror of https://github.com/isc-projects/dhcp.git