]> git.ipfire.org Git - thirdparty/dhcp.git/blame - RELNOTES
projects / thirdparty / dhcp.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[master] Updated match expression man page text and release notes
[thirdparty/dhcp.git] / RELNOTES
CommitLineData
5ddbe8e4 1 Internet Systems Consortium DHCP Distribution
397599cb
TM		 2 Version 4.4.0b1
3 09 January 2018
72c7bd79 4
5ddbe8e4 5 Release Notes
72c7bd79 6
5ddbe8e4 7 NEW FEATURES
16449d9c 8
397599cb
TM		 9Please note that that ISC DHCP is now licensed under the Mozilla Public License,
10MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
11license terms.
37ec5845 12
397599cb
TM		 13The areas of focus for ISC DHCP 4.4.0 were:
14
151. Dynamic DNS additions
162. dhclient improvements
173. Support for dynamic shared libraries
18
19Dynamic DNS Improvements:
20
21- We added three new server configuration parameters which influence DDNS
22 conflict resolution:
23
24 1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
25 to mitigate issues with non-compliant clients in dual stack environments.
26
27 2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
28 requirement of DNS conflict resolution.
29
30 3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
31 allow unguarded DNS entries to be overwritten in certain cases
32
33- The server now honors update-static-leases parameter for static DHCPv6
34 hosts.
35
36dhclient Improvements:
37
a804fcc0 38 - We've added three command line parameters to dhclient:
397599cb
TM		 39
40 1. --prefix-len-hint - directs dhclient to use the given length as
41 the prefix length hint when requesting prefixes
42
a804fcc0 43 2. --decline-wait-time - instructs the client to wait the given number
397599cb
TM		 44 of seconds after declining an IPv4 address before issuing a discover
45
a804fcc0
TM		 46 3. --address-prefix-len - specifies the prefix length passed by dhclient
47 into the client script (via the environment variable ip6_prefixlen) with
48 each IPv6 address. We added this parameter because we have changed the
49 default value from 64 to 128 in order to be compliant with RFC3315bis
50 draft (-09, page 64) and RFC5942, Section 4, point 1.
51 **WARNING**: The new default value of 128 may not be backwardly compatible
52 with your environment. If you are operating without a router, such as
7932503f 53 between VMs on a host, you may find they cannot see each other with prefix
a804fcc0
TM		 54 length of 128. In such cases, you'll need to either provide routing or use
55 the command line parameter to set the value to 64. Alternatively you may
56 change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
57 in includes/site.h.
58
397599cb
TM		 59 - dhclient will now generate a DHCPv6 DECLINE message when the client script
60 indicates a DAD failure
61
62Dynamic shared library support:
63
64 Configure script, configure.ac+lt, which supports libtool is now provided
65 with the source tar ball. This script can be used to configure ISC DHCP
9de870cc 66 to build with libtool and thus use dynamic shared libraries.
4ff4053b 67
4aa6129a
TM		 68Other Highlights:
69
70 - The server now supports dhcp-cache-threshold for DHCPv6 operations
71 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
72 - Experimental support for alternate relay port in the both the server
73 and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
74
01a54c17
EH		 75For information on how to install, configure and run this software, as
76well as how to find documentation and report bugs, please consult the
77README file.
ca4606b5 78
01a54c17
EH		 79ISC DHCP uses standard GNU configure for installation. Please review the
80output of "./configure --help" to see what options are available.
fe5b0fdd 81
01a54c17
EH		 82The system has only been tested on Linux, FreeBSD, and Solaris, and may not
83work on other platforms. Please report any problems and suggested fixes to
84<dhcp-users@isc.org>.
98bd7ca0 85
fef8c6f0
SR		 86ISC DHCP is open source software maintained by Internet Systems
87Consortium. This product includes cryptographic software written
88by Eric Young (eay@cryptsoft.com).
89
d638452e
TM		 90 Changes since 4.4.0b1 (Bug Fixes)
91
92- Added clarifying text to dhcpd.conf.5 explaining the class match expressions
93 cannot rely on the results of executable statements.
94 [ISC-Bugs #45451]
95
4aa6129a 96 Changes since 4.4.0a1 (New Features)
7512d88b 97
4aa6129a
TM		 98- Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
99 feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be
100 enabled at compile time via --enable-relay-port and is fully backward
101 compatible (i.e. works with previous implementations of servers and relays
102 using the standard ports). A new --rp <relay-port> command line option
103 specifies to dhcrelay an alternate source port for upstream (i.e. toward
104 the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco
105 systems for submitting these patches.
106 [ISC-Bugs #44535]
107
108- Added --release-on-roam to dhcpd server. When enabled and the server detects
109 that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
110 the pre-existing leases on the old network and emit a log statement similar
111 to the following:
112
113 "Client: <id> roamed to new network, releasing lease: <address>"
114
115 The server will carry out all of the same steps that would normally occur
116 when a client explicitly releases a lease. This behavior is disabled by
117 default and may only be specified globally. Prior to this the server renders
118 the leases unavailable until they expire or the server is restarted. Clients
119 that need leases in multiple networks must supply a unique IAID in each IA.
120 When release-on-roam is disabled (the default) the server maintains the
121 prior behavior of making such leases unavailable until they expire or the
122 server is restarted. Clients that need leases in multiple networks must
123 supply a unique IAID in each IA. This parameter may only be specified at
124 the global level. Thanks to Fernando Soto from BlueCat Networks for
125 suggesting this change.
126 [ISC-Bugs #44576]
127 [ISC-Bugs #46849]
128
129- Support for delayed-ack is now compiled in by default. Prior to this
130 it had to be enabled at compile time via --enable-delayed-acks. The
131 default value for delayed-ack, however, has been changed from 28 to 0
132 (i.e. disabled). This was done to minimize the impact on users not
133 currently using the feature. Please note that the delayed-ack feature
134 is not currently compatible with support for DHPCv4-over-DHCPv6 so
135 when a 4to6 port command line argument enables this in the server the
136 delayed-ack value is reset to 0.
137 [ISC-Bugs #42446]
138
139- The server (-6) now honors the parameter, update-static-leases, for static
140 (fixed-address6) DHCPv6 leases. It is worth noting that because stateful
141 data is not retained by the server for static leases, each time a client
142 requests or renews a static lease, the server will perform DDNS updates for
143 it. This may have significant performance implications for environments
144 with many clients that request or renew static leases often. Similarly,
145 the DNS entries will not be removed by server when a client issues a RELEASE
146 nor if the lease is deleted from the configuration. In such cases the DNS
147 entries must be removed manually. This feature is disabled by default.
148 Thanks to both Bill Shirley and dgutier-at-cern-dot-ch for requesting
149 this change.
150 [ISC-Bugs #34097]
151 [ISC-Bugs #41054]
152 [ISC-Bugs #41450]
153
154- Added to the server (-6) a new statement, local-address6, which specifies
155 the source address of packets sent by the server. An additional flag,
156 bind-local-address6, disabled by default, binds the service socket to
157 to local-address6. Note that bind-local-address does not work with direct
158 clients: a relay has to forward packets to the server using the
159 local-address6 destination.
160 [ISC-Bugs #46084]
161
162 Changes since 4.4.0a1 (Bugs)
163
164- The server now recognizes environment variables PATH_DHCPD_DB and
165 PATH_DHCPD_PID. These had been incorrectly compiled out of the code
166 unless DHCPv6 support was disabled. Additionally, the server man
167 pages were corrected to accurately reflect how the server chooses
168 file names (see lease-file-name and pid-file-name statements). Thanks
7932503f
TM		 169 to Fernando Soto at Bluecat Networks for bringing this matter to our
170 attention.
4aa6129a
TM		 171 [ISC-Bugs #46859]
172
173- Removed an "Impossible condition" error upon exit in the dhcpd server that
174 has been shutdown via OMAPI. This condition was only apparent under Solaris
175 when building with --enable-use-sockets and --enable-ipv4-pktinfo.
176 [ISC-Bugs #36118]
177
65eed5c1 178- Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
4aa6129a
TM		 179 [ISC-Bugs #46836]
180
181- Added missing text to dhclient.8 and expanded release note coverage
182 for --address-prefix-len changes.
7512d88b 183
0e76cb91 184 Changes since 4.3.6 (New Features)
3210786b 185
f9741514
FD		 186- Added --enable-bind-install to install embedded bind includes and
187 libraries. Default is to not install them (it was the previous
188 behavior). If you'd like to change the includedir and/or libdir
5a67b030
FD		 189 installation directories to something different than for ISC DHCP
190 you must pass them using the --with-bind-extra-config configuration
191 arguments.
f9741514
FD		 192 [ISC-Bugs #39318]
193
007ba82a
FD		 194- Added support of dynamic shared libraries with libtool. A new
195 --enable-libtool configuration parameter is available but
196 should not be used directly: *please* read the build configuration
197 section in the README file for the recommended procedure.
198 [ISC-Bugs #29402]
199
417b7b4a
TM		 200- IPv6 operation now supports an EUI-64 based address allocation which will
201 calculate addresses for clients with EUI-64 DUIDs based on those DUIDs when
202 enabled by setting use-eui-64 true. The parameter may defined down to the
203 pool scope. Note this feature must be compiled in by defining EUI_64 in
204 includes/site.h. This flag is undefined by default.
205 [ISC-Bugs #43927]
206
b3e6fd51
TM		 207- The directory includes/isc-dhcp and it's only occupant, dst.h, have
208 been removed from the source tree. They are obsolete for branches
209 other than v4_1_esv.
210 [ISC-bugs #45541]
211
7512d88b
TM		 212- Replaced ISC licensing with Mozilla Public License, MPL 2.0 licensing
213 throughout. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read
214 the MPL 2.0 license terms.
215 [ISC-Bugs #45541]
216
3e985dbf
TM		 217- Load balancing for failover peers can now be disabled by setting
218 "load balance max secs" to 0. Doing so for both peers means both
219 servers will respond to all DHCPDISCOVERs or DHCPREQUESTs as soon as
220 they are received.
221 [ISC-Bugs #39669]
222
c0e9661e
TM		 223- Added a new dhclient command line parameter, --prefix-len-hint <length>.
224 When used in conjunction with -P, it directs dhclient to use the given
d8805cee
TM		 225 length as the prefix length hint when requesting prefixes. Thanks to both
226 Indy, of the FireballISO open source project and H. Peter Anvin for
227 suggesting this change.
228 [ISC-Bugs #43792]
229 [ISC-Bugs #35112]
230 [ISC-Bugs #32228]
231 [ISC-Bugs #29470]
3e88222f
TM		 232
233- dhclient will now wait for 10 seconds after declining an IPv4 address
234 before issuing a discover. This is in keeping with RFC 2131, section 3.1.5.
235 Prior to this dhclient did not wait at all. The amount of time dhclient
236 waits can be specified via a new command line parameter:
237 --decline-wait-time <seconds>. A value of zero equates to no wait at all.
ecf9f77b 238 Thanks to Pavel Kankovsky for bringing this matter to our attention.
9de870cc 239 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
3e88222f 240 [ISC-Bugs #45457]
c0e9661e 241
35e86889
TM		 242- dhclient will now include the lease address when logging DHCPOFFERs,
243 DHCPREQUESTs, DHCPACKs, DHCPRELEASEs, and DHCPDECLINEs. Additionally,
244 DHCPOFFERs will be logged before their corresponding DHCPREQUESTs are
245 sent and logged.
246 [ISC-Bugs #2729]
247
d6057334
TM		 248- When given the -T command line argument, in addition to reading the
249 current lease file, the server will write the leases to a temporary
250 lease file. This can help detect issues in server configuration that
251 only surface when leases are written to the file. The current lease
252 file will not be modified and the temporary lease file is removed upon
253 completion of the test.
254 [ISC-Bugs #22267]
255
0f69ff73
TM		 256- dhclient will now generate a DHCPv6 DECLINE message containing all IA_NA
257 addresses which for which the client script indicates a DAD failure. After
258 receiving the DECLINE reply, dhclient will restart the solicit process.
259 Note, the client script must exit with a value of 3 to signify that the
260 address failed DAD. Thanks to Jiri Popelka of Red Hat for submitting the
261 patch that was the foundation for this change.
9de870cc 262 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
1aca5897
TM		 263 [ISC-Bugs #21237]
264 [ISC-Bugs #23357]
f0f3555e 265 [ISC-Bugs #36966]
0f69ff73 266
30593241
TM		 267- Replaced compilation option, enable-secs-byteorder, with a run-time, server
268 configuration parameter, check-secs-byte-order. When enabled, the
269 server will check for clients that do the byte ordering on the secs field
270 incorrectly. This field should be in network byte order but some clients
271 get it wrong. When this parameter is enabled the server will examine the
272 secs field and if it looks wrong (high byte non zero and low byte zero) swap
273 the bytes. The default is disabled. This parameter is only useful when
274 doing load balancing within failover.
275 [ISC-Bugs #45364]
276
b53ba157
TM		 277- The default value for server (-6) parameter, prefix-length-mode, has been
278 changed from "exact" to "prefer". In "prefer" mode the server will offer
279 the first available prefix with the same length as that requested by the
280 client. If none are found then it will offer the first available prefix of
281 any length. This is more in line with with RFC 8168 and should improve
282 the out-of-the-box user experience.
9de870cc 283 **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
b53ba157
TM		 284 [ISC-Bugs #45615]
285
bbdac71d
TM		 286- Added support for 'dhcp-cache-threshold' to IPv6 operation: If a client
287 renews before 'dhcp-cache-threshold' percent of its lease has elapsed
288 (default 25%), the server will reuse the allocated lease (provide a
289 lease within the currently allocated lease-time) rather than extend or
290 renew the lease. This allows the server to reply without needlessly
291 writing leases to disk. The preferred and valid lease lifetimes
292 sent to the client will be reduced by the age of the lease. The option
293 may be specified down to the pool level and is supported for all three
294 pool types: NA, TA, and PD.
295 [ISC-Bugs #45292]
296
905c58b9
TM		 297- Added three new server configuration parameters which influence DDNS:
298 1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
299 to mitigate issues with non-compliant clients in dual stack environments.
300
301 2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
302 requirement of DNS conflict resolution.
303
2f3eca17 304 3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
905c58b9
TM		 305 allow unguarded DNS entries to be overwritten in certain cases
306 [ISC-Bugs #42620]
25e4af8b
TM		 307 [ISC-Bugs #42621]
308 [ISC-Bugs #44753]
905c58b9 309
e6ffc27f
TM		 310- A "key-algorithm <algorithm>" statement has been added to omshell to
311 allow the specification of the key algorithm to use during transaction
312 authentication. Prior to this it was hard-coded to be hmac-md5. It now
313 supports all of the same algorithms as the dhcpd server: hmac-md5 (the
314 default), hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and hmac-sha512.
315 [ISC-Bugs #46771]
316
c2e5ee28
TM		 317- Added a server configuration parameter, persist-eui-64-leases, which
318 determines whether or not EUI-64 based leases are written to the
319 leases file. Default is true.
320 [ISC-Bugs #45046]
321
140612c8 322- Changed the default value of the prefix length passed by dhclient into the
a804fcc0
TM		 323 client script for each IPv6 address from 64 to 128. This was done to comply
324 with RFC3315bis draft (-09, page 64) and RFC5942, Section 4, point 1.
325 In addition, dhclient now supports a command line argument,
326 --address-prefix-len, which may be used to override the default value.
327 **WARNING**: This change may not be backwardly compatible with your
328 environment. If you are operating without a router, such as between VMs on
329 a host, you may find they cannot see each with prefix length of 128. In
330 such cases, you'll need to either provide routing or use the command line
331 parameter to set the value to 64. Alternatively you may change the default
332 at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN in includes/site.h.
140612c8 333 [ISC-Bugs #23252]
fa6c4c08 334 [ISC-Bugs #37221]
140612c8 335
f1fc5ede 336- Modified dhclient (-6) to bypass sending a confirm (INIT REBOOT) when it has
a804fcc0 337 only expired address associations. Thanks to Jiri Popelka at Red Hat for
f1fc5ede
TM		 338 raising the issue and submitting the patch.
339 [ISC-Bugs #22675]
0e76cb91 340 Changes since 4.3.6 (Bugs):
0b0a1399 341
0e76cb91
TM		 342- Corrected an issue where the server would return a client's previously
343 released prefix lease even when the client provides a prefix length
344 hint that does not match the prior lease. Now the server will only
345 return the previous lease if it exactly matches the hint. If not
346 it will attempt to allocate a new prefix based on the hint and the
347 prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications
348 for pointing out the error of our ways.
349 [ISC-bugs #45780]
d1489a35 350
a804fcc0 351- Added explicit include of BIND9 isc/util.h to adapt to revisions
0e76cb91
TM		 352 in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing
353 with implicit function declarations errors for POST() and INSIST().
354 [ISC-bugs #46332]
d1489a35 355
0e76cb91
TM		 356- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132
357 states the option cannot be empty, some clients are apparently capable of
358 sending it. Prior to this the server was attempting to use it and store it
359 in the lease file causing issues with DDNS and so forth.
360 [ISC-bugs #43786]
d1489a35 361
9de870cc
TM		 362- Corrected dhclient command line parsing for --dad-wait-time that causes
363 even valid values to fail as invalid on some environments.
364 [ISC-Bugs #46535]
365
0e76cb91
TM		 366- Replaced iasubopt::heap_index with separate values for active and inactive
367 heaps: iasubopt::active_index and iasubopt::inactive_index. This was done
a804fcc0 368 to accommodate a change in behavior in BIND9 isc_heap_delete().
0e76cb91 369 [ISC-bugs #46719]
e105afa1 370
0e76cb91
TM		 371! Plugged a socket descriptor leak in OMAPI, that can occur when there is
372 data pending to be written to an OMAPI connection, when the connection
373 is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
374 this issue to our attention and whose patch helped guide us in the right
375 direction.
376 [ISC-Bugs #46767]
4f553fea 377
9de870cc
TM		 378- The ability of the server to send back dhcp6.vendor-opts values has been
379 restored. A change in 4.3.5 (see #29246) which enabled it to send back the
380 FQDN option unfortunately broke its ability send back dhcp6.vendor-opts.
381 Thanks to Sumant Gupta (sumantgupta at gmail dot com) of Landis+Gry for
382 bringing this issue to our attention.
383 [ISC-Bugs #46427]
384
0e76cb91 385 Changes since 4.3.6b1
09dccd03 386
0e76cb91 387- None
eb2d84b6 388
0e76cb91 389 Changes since 4.3.5
76a7db2c 390
0e76cb91
TM		 391- The server now allows the client identifier (option 61) to own leases
392 in more than one subnet concurrently. Prior to this the server would
393 incorrectly release an existing lease in one subnet prior to assigning
394 a lease in another subnet. Note that the prior behavior can be still
395 be achieved by enabling one-lease-per-client. Thanks to both David Zych at
396 the University of Illinois and Norm Proffitt of Infoblox for reporting
397 the issue; and Norm for suggesting a solution.
398 [ISC-Bugs #41358]
ad06e7ba 399
0e76cb91
TM		 400- When replying to a DHCPINFORM, the server will now include options specified
401 at the pool scope, provided the ciaddr field of the DHCPINFORM is populated.
402 Prior to this the server only evaluated options down to the subnet scope.
403 Thanks to Fernando Soto at BlueCat Networks for reporting the issue.
404 [ISC-Bugs #43219]
405 [ISC-Bugs #45051]
a5252220 406
0e76cb91
TM		 407- When memory allocation fails in a repeated way the process writes
408 "Run out of memory." on the standard error and exists with status 1.
409 [ISC-Bugs #32744]
b7bfb2c7 410
0e76cb91
TM		 411- The new lmdb (Lightning Memory DataBase) bind9 configure option is
412 now disabled by default to avoid the presence of this library to be
413 detected which can lead to a link failure.
414 [ISC-Bugs #45069]
841d9a18 415
0e76cb91
TM		 416- The linux interface discovery code has been modified to use getifaddrs()
417 as is done for BSD and OS-X. Prior to this the code would only recognize
418 the first address on an interface and thereby omit vlans.
419 Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei
420 Kong at Novell, who all submitted patches.
421 [ISC-Bugs #28761]
422 [ISC-Bugs #31992]
423 [ISC-Bugs #25428]
424 [ISC-Bugs #31940]
425 [ISC-Bugs #32935]
3abc5708 426
0e76cb91
TM		 427- Fixed a bug in OMAPI that causes omshell to crash when a name-value
428 pair with a zero length value is shipped in an object. Thanks to
429 Fernando Soto at BlueCat Networks for reporting the issue and
430 supplying the patch.
431 [ISC-Bugs #29108]
10b7683e 432
0e76cb91
TM		 433- On 64-bit platforms, dhclient now generates the correct value for the
434 script environment variable, "expiry", the lease expiry value exceeds
435 0x7FFFFFFF. Prior to this such values would produce negative values
436 for expiry in the script environment.
437 [ISC-Bugs #43326]
21f3982a 438
0e76cb91
TM		 439- Common timer logic was modified to cap the maximum timeout values at
440 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of
441 range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for
442 reporting the issue.
443 [ISC-Bugs #28038]
33dca28a 444
0e76cb91
TM		 445- DHCP6 FQDN option unpacking code now correctly handles values that contain
446 spaces, special, or non-printable characters. Prior to this the buffer
447 size needed was underestimated causing a conversion error message to
448 be logged and DNS updates to be skipped. Thanks to Fernando Soto at
449 BlueCat Networks for bringing the matter to our attention.
450 [ISC-Bugs #43592]
33dca28a 451
0e76cb91
TM		 452- When running in -6 mode, dhclient can enforce the require option statement
453 and will discard offered leases that do not contain all the required
454 options specified in the client configuration. If not enabled the client
455 will still consider such leases. This must be enabled at compile time
456 (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to
457 Mritunjaykumar Dubey at Nokia for reporting the issue.
458 [ISC-Bugs #41473]
7da1ac2b 459
0e76cb91
TM		 460- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit
461 OS systems when using -1 or large values for default-lease-time. Rollover
462 values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally
463 short expiration times being handed out when infinite lease times (-1) in
464 conjunction with failover. Our thanks to Alessandro Gherardi for bringing
465 the issue to our attention.
466 [ISC-Bugs #41976]
e82906fc 467
0e76cb91
TM		 468- Added new compile time option --with-srv-conf-file which specifies a
469 default location of the server configuration file.
470 [ISC-Bugs #44765]
20931f53 471
0e76cb91
TM		 472- Added --dad-wait-time parameter to dhclient. It specifies the maximum time,
473 in seconds, that the client process should wait for the duplicate address
474 detection to complete before initiating DHCP requests. This value is
475 propagated to the dhclient script and the script is responsible for waiting
476 the specified amount of time or until DAD has completed. If the script does
477 not support it, specifying this parameter has no effect. The default value
478 is 0 which specifies that the script should not wait for DAD. With this
479 change the following scripts have been modified to support the new parameter:
480 freebsd, linux, macos, netbsd, openbsd.
481 [ISC-Bugs #36169]
5cc6f201 482
0e76cb91
TM		 483- The server nows checks both the address and length of a prefix delegation
484 when attempting to match it to a prefix pool. This ensures the server
485 responds properly when pool configurations change such that once valid,
486 "in-pool" delegations are now treated as being invalid. During lease
487 file loading at startup, the server will discard any PD leases that
488 are deemed "out-of-pool" either by address or mis-matched prefix length.
489 Clients seeking to renew or rebind such leases will get a response of
490 No Binding in the case of the former, and the prefix delegation with
491 lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo
492 at TDS Telecom for reporting this issue.
493 [ISC-Bugs #35378]
88c3ff5d 494
0e76cb91
TM		 495- Modified DDNS support initialization such that DNS related ports will only be
496 opened by the server (dhcpd) at startup if ddns-update-style is not "none";
497 by dhclient only if and when the it first attempts an update; and never by
498 dhcrelay. Prior to this all three always did the initialization at startup
499 which causes them to always open on and listen for traffic on two random
500 ports. Thanks to Rodney Beede for reporting this issue.
501 [ISC-Bugs #45290]
502 [ISC-Bugs #33377]
f10cbbfa 503
0e76cb91
TM		 504- Added error logging to two memory allocation failure checks. Thanks to Bill
505 Parker (wp02855 at gmail dot com) for reporting the issue.
506 [ISC-Bugs #41185]
5fc79cfd 507
0e76cb91
TM		 508- Corrected a dhclient -6 issue that caused the client to crash with an
509 "Impossible condition" error after de-preferencing its only IA binding.
510 The crash occurred when server configuration changes rendered the existing
511 binding out-of-range and no other leases were available to offer. Thanks
512 to Pierre Clerissi for bringing this issue to our attention.
513 [ISC-Bugs #44373]
555093da 514
0e76cb91
TM		 515- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will
516 now call the script with reason set to FAIL when run with -1 (one try) and
517 there are no server responses. This applies to IPv4 mode only. Thanks for a
518 patch by Martin Pitt which got to us via Andrew Pollock.
519 [ISC-bugs #18183]
646acb59 520
0e76cb91
TM		 521- The server now detects failover peers that are not referenced in at least
522 one pool when run with the command line option for test mode, -T. Prior to
523 this the check was performed too far down stream to be detected in test mode.
524 [ISC-Bugs #29892]
18ba0ff3 525
0e76cb91
TM		 526- Linux script updated. The script is now based on Debian version. It uses
527 ip tool from iproute2 package and ifconfig is no longer used. This also
528 addresses an issue of calling arping with inappropriate parameter.
529 [ISC-bugs #19430]
530 [ISC-bugs #18111]
ce29e695 531
0e76cb91
TM		 532- Changed severity of the log message indicating UDP checksum errors in
533 the received packets from 'info' to 'debug' to avoid logging excessive
534 number of false positives when UDP checksum offloading is enabled.
535 [ISC-bugs #41757]
d1d1da8f 536
0e76cb91
TM		 537- The directory minires has been removed from the source tree. It has
538 long been obsolete for branches other than v4_1_esv. Additionally,
539 includes/minires.h was renamed includes/ns_name.h.
540 [ISC-bugs #45471]
c88dfebd 541
0e76cb91
TM		 542- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias"
543 for IPv6 mode in the client scripts, netbsd and openbsd. This was
544 preventing IPv6 addresses from being added or removed from interfaces.
545 Thanks to Tim Dean for reporting this issue.
546 [ISC-bugs #31573]
4ce21cb6 547
0e76cb91 548 Changes since 4.3.5b1
b2cb745b 549
0e76cb91
TM		 550- Corrected a bug which could cause the server to sporadically crash while
551 loading lease files with the lease-id-format is set to "hex". Our thanks
552 to Jay Ford, University of Iowa for reporting the issue.
553 [ISC-Bugs #43185]
4ced250f 554
0e76cb91
TM		 555- Eliminated a noisy, but otherwise harmless debug log statment that may
556 appear during server startup when building with --enable-binary-leases
557 and configuring multiple pools in a shared network. Thanks to Fernando
558 Soto from BlueCat Networks for reporting the issue and supplying a patch.
559 [ISC-Bugs #43262]
a3471269 560
0e76cb91 561 Changes since 4.3.4
3e3b5257 562
0e76cb91
TM		 563- Fixed util/bindvar.sh error handling.
564 [ISC-Bugs #41973]
ba4c704d 565
0e76cb91
TM		 566- Correct error message in relay to use remote id length instead
567 of circuit id length.
568 [ISC-Bugs #42556]
b1eea858 569
0e76cb91
TM		 570- Add logic to test directory Makefiles to avoid copying Attfile(s)
571 when building within the source tree. This eliminates a noisy but
572 otherwise harmless error message when running "make check".
573 [ISC-Bugs #41883]
36c4a037 574
0e76cb91
TM		 575- Leases are now scrubbed of certain prior use information when pool
576 re-balancing reassigns them from one FO peer to the other. This
577 corrects an issue where leases that were offered but not used
578 by the client retained the client hostname from the original
579 client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
580 for reporting the issue.
581 [ISC-Bugs #42008]
41b5a1a6 582
0e76cb91
TM		 583- In the LDAP code and schema add some missing '6' characters to use
584 the v6 instead of the v4 versions. Thanks to Denis Taranushin for
585 reporting this issue and supplying its patch.
586 [ISC-Bugs #42666]
62a9eb91 587
0e76cb91
TM		 588- Correct how the pick-first-value expression is written to a lease
589 file. Previously it was written as a concat expression due to
590 a cut and paste error.
591 [ISC-Bugs #42253]
b7311aae 592
0e76cb91
TM		 593- Modify the DDNS code to clean up the PTR record even if there
594 are issues while cleaning up the A or AAAA records.
595 [ISC-Bugs #23954]
1bfdeaae 596
0e76cb91
TM		 597- Added global configuration parameter, abandon-lease-time, which determines
598 the amount of time a lease remains abandoned. The default is 84600 seconds.
599 Additionaly, the server now conducts a ping check (if ping checks are
600 enabled) prior to offering an abandoned lease to client. Our thanks to
601 David Zych at University of Illinois for reporting the issue and working
602 with us to produce a viable solution.
603 [ISC-Bugs #41815]
1d3fc4d0 604
0e76cb91
TM		 605- Correct handling of interface names during interface discovery. This
606 addresses an issue where interface names of 15 characters in length
607 could lead to crashes or interface recognition errors during startup
608 of dhcpd, dhclient, and dhcrelay.
609 [ISC-Bugs #42226]
68b5d395 610
0e76cb91
TM		 611- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
612 The updates are: looking for the lease file in more places and skipping
613 the "processing complete" output when creating machine readable
614 output. Thanks to Cameron Paine (cbp at null dot net) for the
615 patch.
616 [ISC-Bugs #42113]
f704712e 617
0e76cb91
TM		 618- When reusing a lease for dhcp-cache-threshold return the hostname
619 to the original lease. Also if the host pointer, UID or hardware address
620 change don't allow reuse of the lease.
621 Thanks to Michael Vincent for reporting this and helping us
622 verify the problem and fix.
623 [ISC-Bugs #42849]
6e7e6637 624
0e76cb91
TM		 625- Change dmalloc to use a size_t as the length argument to bring it
626 in line with the call it will make to malloc().
627 [ISC-Bugs #40843]
dce576b8 628
0e76cb91
TM		 629- If the failover socket can't be bound, close it. Otherwise if the
630 user configures an incorrect address in the failover stanza the
631 server will continue to open new sockets every 90 seconds until
632 it runs out.
633 [ISC-Bugs #42452]
45086eef 634
0e76cb91
TM		 635- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
636 allow interfaces to be upstream or downstream respectively. Upstream
637 interfaces will accept and forward only BOOTP replies, while downstream
638 interfaces will accept and forward only BOOTP requests.
639 [ISC-Bugs #41547]
785c1a51 640
0e76cb91
TM		 641- Clean up some memory references in the vendor-class construct.
642 [ISC-Bugs #42984]
0f1a34e9 643
0e76cb91 644 Changes since 4.3.4b1
84ee63a0 645
0e76cb91 646- None
cc1bd34e 647
0e76cb91 648 Changes since 4.3.3
0b209ea5 649
0e76cb91
TM		 650- Corrected a static analyzer warning in common/execute.c
651 [ISC-Bugs #40374]
ba4c704d 652
0e76cb91
TM		 653- ISC DHCP now follows the common convention to use the base name a
654 program is invoked with (aka argv[0], vs. a builtin name) for
655 logs. This should help differentiate syslog entries for DHCPv4 and
656 DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
657 keep the previous behavior.
658 [ISC-Bugs #38692]
6067cd48 659
d618ba48
SR		 660- The Linux packet filter code now correctly treats only the least significant
661 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
662 Prior to this it was using the entire 16 bit value as the VLAN id and
663 incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
664 reporting this issue and supplying its patch.
665 [ISC-Bugs #40591]
21d30347 666
d618ba48
SR		 667- Fixed several static analysis issues such as potential null
668 references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
669 gmail dot com) who identified these issues and supplied patches to
670 address them.
671 [ISC-Bugs #40754]
672 [ISC-Bugs #40823]
d9b2a590 673
d618ba48
SR		 674- Corrected compilation errors that prohibited building the server
675 and its ATF unit tests when failover is disabled.
676 [ISC-Bugs #40372]
d9b2a590 677
d618ba48
SR		 678- Added the lease address to the end of the debug level log message
679 emitted when an existing lease is renewed within the dhcp-cache-threshold.
680 Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
681 [ISC-Bugs #40598]
d9b2a590 682
d618ba48
SR		 683- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
684 section of the configure script output. Additionally, all of the
685 features reported on will now always show either a "yes" or "no"
686 value. Prior to this features left to their default setting would
687 not show a value.
688 [ISC-Bugs #40381]
f3a44c10 689
d618ba48
SR		 690- Added a parameter, authoring-byte-order, to the lease file. This value
691 is automatically added to the top of new lease files by the server and
692 indicates the internal byte order (big endian or little endian) of the
693 server. This permits lease files generated on a server with one form of
694 byte order to be used on a server with the opposite form. Our thanks to
695 Timothe Litt for calling this to our attention and for the suggestions
696 he provided.
697 [ISC-Bugs #38396]
04daf4fe 698
d618ba48
SR		 699- Fixed a small memory leak in the DHCPv6 version of the client code.
700 This is unlikely to cause significant issues in actual use.
701 [ISC-Bugs #40990]
7116a34f 702
d618ba48
SR		 703- Corrected a few minor memory leaks in omapi's dereferencing of
704 host objects. Thanks to Jiri Popelka at Red Hat for reporting
705 the issue and supplying the patches.
706 [ISC-Bugs #33990]
707 [ISC-Bugs #41325]
2775bd62 708
d618ba48
SR		 709- Cleaned up some of the Make infrastructure to make --with-libbind
710 work better. Though it still only works with an absolute path.
711 [ISC-Bugs #39210]
dd9738aa 712
d618ba48
SR		 713- Made the embedded bind libraries able to be cross compiled
714 (please refer to the bind9 documentation to learn how to cross
715 compile DHCP and its bind library dependency).
716 [ISC-Bugs #38836]
491bf4a2 717
d618ba48
SR		 718- Update the client code to better support getting IA_NAs and IA_PDs
719 in the same packet, see RFC7550 for some discussion.
720 [ISC-Bugs #40190]
992dc765 721
d618ba48
SR		 722! Update the bounds checking when receiving a packet.
723 Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
724 patch.
725 [ISC-Bugs #41267]
726 CVE: CVE-2015-8605
cb8c997e 727
d618ba48
SR		 728- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
729 print out a specific error message about the first error in addition
730 to the usage string. This may be disabled by editing includes/site.h.
731 [ISC-Bugs #40321]
732 [ISC-Bugs #41454]
acbecb2e 733
d618ba48
SR		 734- The configure script will now exit with an error message if it cannot find
735 a GNU-style make tool (needed when building BIND libraries) or pkg-config
736 (needed to locate ATF used for building unit tests). Prior to this the
737 script would exit indicating success causing subsequent attempts to build
738 the software to fail.
739 [ISC-Bugs #40371]
fb98e02e 740
d618ba48
SR		 741- Properly terminate strings before passing them to regex and fix
742 a boundary error when creating certain new data strings.
743 Thanks to Andrey Jr. Melnikov for the bug report.
744 [ISC-Bugs #41217]
1a006ff6 745
d618ba48
SR		 746- Option expressions, such as prepend and append, are now supported when
747 running dhclient for IPv6. Prior to this such statements in the
748 client configuration file would be parsed but have no affect. Thanks
749 to Jiri Popelka at Red Hat for reporting the issue.
750 [ISC-Bugs #39952]
45adf35c 751
d618ba48
SR		 752- A failover primary server will now accept a binding status update from the
753 secondary which transitions a lease from ACTIVE to ABANDONED. This accounts
754 for instances in which a client declines a lease and only the secondary
755 server receives it. Prior to this the primary server would reject such an
756 update as an "invalid state transition".
757 [ISC_BUGS #25189]
7d9dd306 758
d618ba48
SR		 759- Properly allocate memory for a bpf filter.
760 Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue.
761 [ISC-Bugs #41485]
7d9dd306 762
d618ba48
SR		 763- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better
764 and to print out the hostnames a bit better.
765 Thanks to Antoine Beaupré from Debian for the suggested patch.
766 [ISC-Bugs #41288]
29c6b4f1 767
d618ba48
SR		 768- The DHCPv6 server now handles long valid and preferred lease times better.
769 Values that would cause the internal end time of the lease to wrap are
770 modified to work as infinite.
771 [ISC-Bugs #40773]
01a44a77 772
d618ba48
SR		 773- Updated support for cross compiling by allowing the library archiver
774 to be set at configure time via the environment variable 'AR'.
775 [ISC-Bugs #41536]
01a44a77 776
d618ba48
SR		 777- The server will now match DHCPv6 relayed clients to host declarations
778 which include the "hardware" statement, if the relay connected to the
779 client supplies the client's hardware address via client-linklayer-address
780 option as per RFC 6939.
781 [ISC-Bugs #40334]
fc48033a 782
d618ba48
SR		 783- Allow a filename to be specified instead of /dev/random during
784 configuration. This is passed to the BIND configuration to allow
785 for cross compilation.
786 [ISC-Bugs #33835]
db3f7799 787
d618ba48
SR		 788- Add more option definitions.
789 [ISC-Bugs #40562]
0da37b4c 790
d618ba48
SR		 791- Correct outputting of long lines in the lease file when writing
792 a lease that includes long strings in an execute statement.
793 [ISC-Bugs #40994]
158a34fb 794
d618ba48
SR		 795- The server will now correctly treat a lease as reserved when the client
796 requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved"
797 is enabled. Prior to this the server would halt. In addition, corrections
798 were made to the server to allow a lease's flags field to be set via omapi.
799 Prior to this, the server, depending on the host architecture, would
800 incorrectly parse the new flags value from the omapi message.
801 [ISC-Bugs #31179]
dceef873 802
d618ba48
SR		 803- ISC DHCP can now be configured and built from a directory other than
804 the top level source directory. Note that "make distcheck" uses this
805 feature.
806 [ISC-Bugs #39262]
1be2ba15 807
d618ba48
SR		 808- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument,
809 "-U <interface>" enables the addition of a RFC 3527 compliant link selection
810 suboption to the agent option added for clients directly connected to the
811 relay.
812 [ISC-Bugs #34875]
813 [ISC-Bugs #41708]
388cba45 814
d618ba48
SR		 815- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled
816 instructs the server to calculate T1 and T2 as recommended in RFC 3315,
817 Section 22.4.
818 [ISC-Bugs #25687]
388cba45 819
d618ba48
SR		 820- Corrected minor Coverity issues.
821 [ISC-Bugs #35144]
b6ab3f6c 822
d618ba48
SR		 823- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration
824 option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support
825 and is not compatible with delayed-ack. Both client and server use 2
826 processes which communicate over UDP on a pair of sockets. The new
827 "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support
828 and specifies the consecutive ports to use for inter-process communication.
829 Please look at doc/DHCPv4-over-DHCPv6 for more details.
830 [ISC-Bugs #35711]
f950de77 831
d618ba48
SR		 832- Correct interface name formation when using DLPI under Solaris 11. As of
833 Solaris 11, ethernet device files are located in "/dev/net". The configure
834 script has been modified to detect this situation and adjust the directory
835 used accordingly. Thanks to Jarkko Torppa for reporting this issue and
86bda88b 836 submitting a patch
d618ba48
SR		 837 [ISC-Bugs #37954]
838 [ISC-Bugs #40752]
02b0bdc3 839
d618ba48
SR		 840- Add a dereference call when handling an error condition while
841 decoding a packet.
842 [ISC-Bugs #41774]
d8c7c34e 843
d618ba48
SR		 844- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The
845 parameter controls the format in which certain values are written to lease
846 files. Formats supported are octal - quoted string containing octal
847 escapes, and hex - unquoted, colon separated hex digits. Thanks to
848 Jay Ford, University of Iowa for bringing the issue to our attention.
849 [ISC-Bugs #26378]
00e9af8e 850
d618ba48
SR		 851! Add an option in site.h to limit the number of failover and control
852 connections the server will accept. By default this is 200.
853 [ISC-Bugs #41845]
854 CVE: CVE-2016-2774
9279a3d7 855
0e76cb91 856 Changes since 4.3.3b1
59a351d6 857
0e76cb91 858- None
0ab4a716 859
0e76cb91 860 Changes since 4.3.2
250f7134 861
0e76cb91
TM		 862- The server now does a better check to see if it can allocate the memory
863 for large blocks of v4 leases and should provide a slightly better error
864 message. Note well: the server pre-allocates v4 addresses, if you use
865 a large range, such as a /8, the server will attempt to use a large
866 amount of memory and may not start if there either isn't enough memory
867 or the size exceeds what the code supports.
868 [ISC-Bugs #38637]
b05e05b7 869
0e76cb91
TM		 870- The server will now reject unicast Request, Renew, Decline, and Release
871 messages from a client unless the server would have sent that client the
872 dhcp6.unicast option. This behavior is in compliance with paragraph 1 in
873 each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
874 to this, the server would simply accept the messages. Now, in order for
875 the server to accept such a message, the server configuration must include
876 the dhcp6.unicast option either globally or within the shared network to
877 which the requested lease belongs. In other words, the server will map
878 the first IA_XX address found within the client message to a shared-network
879 and look for the presence of the unicast option there and then globally.
880 Thanks to Jiri Popelka at Red Hat for this issue and his patch which
881 inspired the fix.
882 [ISC-Bugs #21235]
ad80055f 883
0e76cb91
TM		 884- The ATF (Automated Testing Framework) tools used for optional unit tests
885 can now be built from its embedded sources in bind, solving the
886 atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
887 The new configuration option is "./configure --with-atf=bind".
888 [ISC-Bugs #38754, #39300]
e9326fd0 889
0e76cb91
TM		 890- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
891 On older linuxes that do not include the tpacket_auxdata structure don't
892 bother allocating the cmsgbuf as it isn't necessary and we don't have
893 a proper length for it.
894 [ISC-Bugs #39209]
01a44a77 895
0e76cb91
TM		 896- Remove the dst directory. This was replaced in 4.2.0 with the dst
897 code from the Bind libraries but we continued to include it for
898 backwards compatibility. As we have now released 4.3.x it seems
899 reasonable to remove it.
900 [ISC-Buts #39019]
901
902- Write out the DUID server id on startup in all cases, previously if it
903 was read in from server-duid option in the config or lease files for
904 DHCPv4 it would not be written to the new lease file.
905 [ISC-Bugs #37791]
906
907- When parsing dates for leases convert dates past 2038 to "never".
908 This avoids problems with integer overflows in the date and time
909 handling code for people that decide to use very large lease times
910 or add a lease entry with a date far in the future.
911 [ISC-Bugs #33056]
912
913- Leave the siaddr field clear when sending a NACK as per RFC 2131
914 table 3.
915 [ISC-Bugs #38769]
916
917- In the client don't send expired addresses to the script as part of
918 the binding process. Thanks to Sven Trenkel at Google for reporting
919 the issue and suggesting the patch.
920 [ISC-Bugs #38631]
921
922- While parsing IPv6 addresses treat "add" as part of the address instead
923 of as a token.
924 [ISC-Bugs #39529]
925
926- Add support for accessing the v4 lease queues (active, free etc) in a
927 binary fashion instead of needing to walk through a linear list to
928 insert, find or remove an entry from the queues. In addition add a
929 compile time option "--enable-binary-leases" to enable the new code
930 or to continue using the old code. The old code is the default.
931 Thanks to Fernando Soto from BlueCat Networks for the patch.
932 [ISC-Bugs #39078]
933
934- Delayed-ack now works properly with Failover. Prior to this, bind updates
935 post startup were being queued but never delivered. Among other things, this
936 was causing leases to not transition from expired or released to free.
937 [ISC-Bugs #31474]
938
939- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
940 lease file is corrupt in certain ways.
941 [ISC-Bugs #39760]
942
943- Corrected a crash in dhclient that occurs during lease renewal if the
944 client is performing its own DNS updates. Thanks to Jiri Popelka at Red Hat
945 for the bug report.
946 [ISC-Bugs #38639]
947
948- Corrected an issue in v6 lease file parsing. Prior to this, when encountering
949 a lease with an address for which no configured pool exists, the server was
950 declaring the lease file corrupt and incorrectly skipping over the subsequent
951 entry in the file. The server will now emit a log message indicating that
952 no pool was found for the address (or prefix) and correctly resume parsing
953 with the next entry in the lease file. Our thanks to Michal Žejdl for
954 reporting the issue.
955 [ISC-Bugs #39314]
956
957- Be more liberal in finding a subnet group associated with a static
958 prefix. When we added the class matching code for v6 we also added
959 a requirement that the static prefix must be within a subnet the
960 client was in, in order to find the proper statements. We now
961 look for a subnet based on the prefix, failing that on the static
962 address for the client and failing that on the shared network
963 itself.
964 [ISC-Bugs #38329]
965
966- Add a new action expression "parse_vendor_options", which can be used
967 to parse a vendor-encapsualted-option received by the server based on
968 the encoding specified by the vendor-option-space statement.
969 [ISC-Bugs #36449]
970
971- Enhance the PARANOIA patch to include fchown() the lease file to
972 allow it to be manipulated after the server does a chown().
973 Thanks to Jiri Popelka at Red Hat for the patch.
974 [ISC-Bugs #36978]
975
976- Relax the requirement that prefix pools must be within the subnet.
977 This was added in as part of #32453 in order to avoid configuration
978 mistakes but is being removed as prefixes aren't required to be
979 within the same subnet and many people configure them in that fashion.
980 [ISC-Bugs #40077]
981
982- Fixed a server crash that could occur when the server attempts to remove
983 the billing class from the last lease billed to a dynamic class after said
984 class has been deleted. Our thanks to Lasse Pesonen for reporting the
985 issue.
986 [ISC-Bugs #39978]
987
988- LDAP Patches - Numerous small patches submitted by contributors have
989 been applied to the contributed code which supplies LDAP support.
990 In addition, two larger submissions have also been included. The
991 first adds support for IPv6 configuration and the second provides
992 GSSAPI authentication. We would like to thank the following for their
993 contributions (alphabetically):
994 Alex Novak at SUSE
995 Bill Parker (wp02855 at gmail dot com)
996 Jiri Popelka at Red Hat
997 Marius Tomaschewski at SUSE
998 (william at adelaide.edu.au), The University of Adelaide
999 [ISC-Bugs #39056]
1000 [ISC-Bugs #22742]
1001 [ISC-Bugs #24449]
1002 [ISC-Bugs #28545]
1003 [ISC-Bugs #29873]
1004 [ISC-Bugs #30183]
1005 [ISC-Bugs #30402]
1006 [ISC-Bugs #32217]
1007 [ISC-Bugs #32240]
1008 [ISC-Bugs #33176]
1009 [ISC-Bugs #33178]
1010 [ISC-Bugs #36409]
1011 [ISC-Bugs #36774]
1012 [ISC-Bugs #37876]
1013
1014- Handle an out of memory condition in the client a bit better.
1015 Thanks to Frédéric Perrin from Brocade for finding the issue
1016 and suggesting a patch.
1017 [ISC-Bugs #39279]
1018
1019 Changes since 4.3.2rc2
1020- None
1021
1022 Changes since 4.3.2rc1
1023
1024- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
1025 The error occurs on Linux variants that do not support VLAN tag information
1026 in packet auxiliary data. The configure script now only enables inclusion
1027 of the VLAN tag-based logic if it is supported by the underlying OS.
1028 [ISC-Bugs #38677]
1029
1030 Changes since 4.3.2b1
1031
1032- Specifying the option, --disable-debug, on the configure script command line
1033 now disables debug features. Prior to this, specifying --disable-debug
1034 incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
1035 the issue.
1036 [ISC-Bugs #37780]
1037
1038- Unit test execution now uses a path augmented during configuration
1039 processing of the --with-atf option to locate ATF runtime tools, atf-run
1040 and atf-report. For most installations of ATF, this should alleviate the
1041 need to manually include them in the PATH, as was formerly required.
1042 If the configure script cannot locate the tools it will emit a warning,
1043 informing the user that the tools must be in the PATH when running unit
1044 tests.
1045 Secondly, please note that "make check" will now exit with a failure status
1046 code (non-zero) if one or more unit tests fail. This means that invoking
1047 "make check" from an upper level directory will cause the make process to
1048 STOP after the first test subdirectory with failed test(s). To force all
1049 tests in all subdirectories to run, regardless of individual test outcome,
1050 use the command "make -k check".
1051 [ISC-Bugs #38619]
1052
1053 Changes since 4.3.1
1054
1055- Corrected parser's right brace matching when a statement contains an error.
1056 [ISC-Bugs #36021]
1057
1058- TSIG-authenticated dynamic DNS updates now support the use of these
1059 additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
1060 and hmac-sha512
1061 [ISC-Bugs #36947]
1062
1063- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
1064 working with the OpenBSD project who spotted the issue and provided the
1065 patch.
1066 [ISC-Bugs #36653]
1067
1068- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
1069 Stoeckmann working with the OpenBSD project who spotted the issue and
1070 provided the patch.
1071 [ISC-Bugs #36897]
1072
1073- Log statements depicting what files will be used by the server now occur
1074 after the configuration file has been processed.
1075 [ISC-Bugs #36671]
1076
1077- Addressed Coverity issues reported as of 07-31-2014:
1078 [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
1079 [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
1080 [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
1081 compilers that was introduced by #36712
1082
1083- Server now supports a failover split value of 256.
1084 [ISC-Bugs] #36664]
1085
1086- Remove unneeded error #defines. These defines were included in case
1087 external programs required the older versions of the macro. They
1088 have been #ifdeffed for now and will be removed at a future date.
1089 See site.h for the #define to include them again, but you should
1090 switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
1091 Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
1092 [ISC-Bugs #37128]
1093
1094- Added checks in range6 and prefix6 statement parsing to ensure addresses
1095 are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
1096 bug report and patch.
1097 [ISC-Bugs #32453]
1098 [ISC-Bugs #17766]
1099 [ISC-Bugs #18510]
1100 [ISC-Bugs #23698]
1101 [ISC-Bugs #28883]
1102
1103- Addressed checksum issues:
1104 Added checksum readiness check to Linux packet filtering which eliminates
1105 invalid packet drops due to checksum errors when checksum offloading is
1106 in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
1107 [ISC-Bugs #22806]
1108 [ISC-Bugs #15902]
1109 [ISC-Bugs #17739]
1110 [ISC-Bugs #18010]
1111 [ISC-Bugs #22556]
1112 [ISC-Bugs #29769]
1113 Inbound packets with UDP checksums of 0xffff now validate correctly rather
1114 than being dropped.
1115 [ISC-Bugs #24216]
1116 [ISC-Bugs #25587]
1117
1118- Added the echo-client-id configuration parameter to the server configuration.
1119 The server now supports RFC 6842 compliant behavior by setting a new
1120 configuration parameter, echo-client-id. When enabled, the server will
1121 include the client identifier option (Option code 61) if received, in its
1122 responses. The server identifier returned in NAKs (if enabled) will now
1123 be the globally defined value (if one) if the server cannot attribute the
1124 inbound request to a known subnet.
1125 [ISC-Bugs #35958]
1126 [ISC-Bugs #32545]
1127
1128- Added support of the configuration parameter, use-host-decl-names, to
1129 BOOTP request handling.
1130 [ISC-Bugs #36233]
1131
1132- Added logic to ignore the signal, SIGPIPE, which ensures write failures
1133 will be delivered as errors rather than as SIGPIPE signals on all OSs.
1134 Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
1135 the patch upon which the fix is based.
1136 [ISC-Bugs #32222]
1137
1138- In the failover code, handle the case of communications being interrupted
1139 when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
1140 the primary to accept the secondary moving from POTENTIAL-CONFLICT to
1141 RESOLUTION-INTERRUPTED as well as handling the bind update process better.
1142 In addition the code to resend update or update all requests has been
1143 modified to send requests more often.
1144 [ISC-Bugs #36810]
1145 [ISC-Bugs #20352]
1146
1147- By default, the server will now choose the value to use in the forward DNS
1148 name from the following in order of preference:
1149
1150 1. FQDN option if provided by the client
1151 2. Host name option if provided by the client
1152 3. Configured option host-name if defined
1153
1154 As before, this may be overridden by defining ddns-hostname to the desired
1155 value (or expression). In addition, the server logic has been extended to
1156 use the value of the host name declaration if use-host-decl-names is enabled
1157 and no other value is available.
1158 [ISC-Bugs #21323]
1159
1160- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
1161 the existing lease and the forward DNS name had not changed. This has been
1162 corrected.
1163 [ISC-Bugs #37368]
1164 [ISC-Bugs #38636]
1165
1166- Corrected an issue which caused dhclient to incorrectly form the result when
1167 prepending or appending to the IPv4 domain-search option, received from the
1168 server, when either of the values being combined contain compressed
1169 components.
1170 [ISC-Bugs #20558]
1171
1172- Added the server-id-check parameter to the server configuration.
1173 This parameter allows run-time control over whether or not a server,
1174 participating in failover, verifies the dhcp-server-identifier option in
1175 DHCP REQUESTs against the server's id before processing the request.
1176 Formerly, enabling this behavior was done at compilation time through
1177 the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
1178 The functionality is now only available through the new runtime parameter.
1179 [ISC-Bugs #37551]
1180
1181- During startup, when the server encounters a lease whose binding state is
1182 FTS_BACKUP but whose pool has no configured failover peer, it will reset the
1183 lease's binding state to FTS_FREE. This allows the leases to be reclaimed
1184 by the server after a pool's configuration has changed from failover to
1185 standalone. Prior to this such leases would remain stuck in the backup state
1186 making them unavailable for assignment. Note this conversion will occur
1187 whether or not the server is compiled for failover.
1188 [ISC-Bugs #36960]
1189
1190- Fixed a small issue in the treatment of hosts in the inform processing
1191 that could cause the response to an inform to include information from
1192 the wrong scope. The two examples we've heard of are getting subnet
1193 instead of group information associated with a host entry, or getting
1194 global information instead of subnet if the host entry was built via
1195 omapi. Thanks to Julien Soula at University of Lille for finding the
1196 bug and supplying a patch.
1197 [ISC-Bugs #35712]
1198
1199- Avoid calling pool_timer() recursively from supersede_lease(). This could
1200 result in leases changing state incorrectly or delaying the running of the
1201 leae expiration code.
1202 [ISC-Bugs #38002]
1203
1204- Move the check for a PID file and process to be before we rewrite the
1205 lease file. This avoids the possibility of starting a second instance
1206 of a server which changes the current lease file confusing the first
1207 instance. This check is only included if the admin hasn't disabled PID
1208 files.
1209 [ISC-Bugs #38078]
1210 [ISC-Bugs #38143]
1211
1212- In the client code change the way preferred_life and max_life are printed
1213 for environment variables to be unsigned rather than signed.
1214 Thanks to Jiri Popelka at Red Hat for the bug report and patch.
1215 [ISC-Bugs #37084]
1216
1217- Modified Linux packet handling such that packets received via VLAN are now
1218 seen only by the VLAN interface. Prior to this, such packets were seen by
1219 both the VLAN interface and its parent (physical) interface, causing the
1220 server to respond to both. Note this remains an issue for non-Linux OSs.
1221 Thanks to Jiri Popelka at Red Hat for the patch.
1222 [ISC-Bugs #37415]
1223 [ISC-Bugs #37133]
1224 [ISC-Bugs #36668]
1225 [ISC-Bugs #36652]
1226
1227- Log content has been changed to more directly suggest that admins should
1228 check for multiple IPv6 clients attempting to use the same DUID when only
1229 abandoned addresses are available. Debug level logging will now emit counts
1230 of the total number of, in-use, and abandoned addresses in a shared subnet
1231 when the server finds no addresses available for a given DUID. Lastly,
1232 threshold logging is now automatically disabled for shared subnets whose
1233 total number of possible addresses exceeds (2^64)-1.
1234 [ISC-Bugs #26376]
1235 [ISC-Bugs #38131]
1236
1237- Added a global parameter, prefix-length-mode, which may be used to determine
1238 how the server uses a non-zero value for prefix-length supplied by clients
1239 when soliciting DHCPv6 prefixes. The server supports selection modes of:
1240 ignore, prefer, exact, minimum and maximum which are described in detail in
1241 the server man pages. The prior behavior of the server was to only offer a
1242 prefix whose length exactly matched the prefix-length value requested. If
1243 no such prefixes were available, the server returned a status of none
1244 available. Note the default mode, "exact", provides this same behavior.
1245 [ISC-Bugs #36780]
1246 [ISC-Bugs #32228]
1247
1248- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
1249 limit such that it now sets it to 32 when the upstream address is a multicast
1250 address per RFC 3315 Section 20. Prior to this if the -u argument preceded
1251 the -l argument on the command line or if the same interface was specified
1252 for both; the logic to set the hop limit count for the upper interface was
1253 skipped. This caused the hop count limit to be set to the default value
1254 (typically 1) in the outbound upstream packets.
1255 [ISC-Bugs #37426]
1256
1257 Changes since 4.3.1b1
1258
1259- Modify the linux and openwrt dhclient scripts to process information
1260 from a stateless request. Thanks to Jiri Popelka at Red Hat for the
1261 bug report and patch.
1262 [ISC-Bugs #36102]
01a44a77 1263
0e76cb91
TM		 1264- Remove more unused RCSID tags. These weren't noticed in 4.3 as
1265 the code isn't used anymore but we remove them here to keep the
1266 code consistent across versions.
1267 [ISC-Bugs #36451]
01a44a77 1268
0e76cb91 1269 Changes since 4.3.0
01a44a77 1270
0e76cb91
TM		 1271- Tidy up several small tickets.
1272 Correct parsing of DUID from config file, previously the LL type
1273 was put in the wrong place in the DUID string.
1274 [ISC-Bugs #20962]
1275 Add code to parse "do-forward-updates" as well as "do-forward-update"
1276 Thanks to Jiri Popelka at Red Hat.
1277 [ISC-Bugs #31328]
1278 Remove log_priority as it isn't currently used.
1279 [ISC-Bugs #33397]
1280 Increase the size of the buffer used for reading interface information.
1281 [ISC-Bugs #34858]
01a44a77 1282
0e76cb91
TM		 1283- Remove an extra set of the msg_controllen variable.
1284 [ISC-Bugs #21035]
01a44a77 1285
0e76cb91
TM		 1286- Add a more understandable error message if a configuration attempts
1287 to add multiple keys for a single zone. Thanks to a patch from Jiri
1288 Popelka at Red Hat.
1289 [ISC-Bugs #31892]
f2e70402 1290
0e76cb91
TM		 1291- Fix some minor issues in the dst code.
1292 [ISC-Bugs #34172]
51ce5995 1293
0e76cb91
TM		 1294- Properly #ifdef functions so that the code can compile without NSUPDATE.
1295 [ISC-Bugs #35058]
9b7d458d 1296
0e76cb91
TM		 1297- Update the partner's stos (start time of state, basically when we last
1298 heard from this partner) field when updating the state in failover.
1299 [ISC-Bugs #35549]
9b7d458d 1300
0e76cb91
TM		 1301- Modify the overload processing to allow space for the remote agent ID.
1302 [ISC-Bugs #35569]
1303 Handle the ordering of the SUBNET_MASK option even if it is the last
1304 option in the list.
1305 [ISC-Bugs #24580]
9b7d458d 1306
0e76cb91
TM		 1307- Remove the code that allows a server to follow RFC3315 instead of
1308 the subsequent errata from August 2010 when determining which IAs
1309 to include if no addresses will be assigned.
1310 [ISC-Bugs #28938]
2c8a396a 1311
0e76cb91
TM		 1312- Remove unused RCSID tags.
1313 [ISC-Bugs #35846]
9b7d458d 1314
0e76cb91
TM		 1315- Correct the v6 client timing code. When doing the timing backoff
1316 for MRT limit it to MRD.
1317 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1318 [ISC-Bugs #21238
66e80033 1319
0e76cb91
TM		 1320- Add a log entry when killing a client and remove the PID files
1321 when a server, relay or client are killed.
1322 [ISC-Bugs #16970]
1323 [ISC-Bugs #17258]
9b7d458d 1324
0e76cb91
TM		 1325- Some minor cleanups in the client code.
1326 In addition to checking for dhcpc check for bootpc in the services list.
1327 [ISC-Bugs #18933]
1328 Correct the client code to only try to get a lease once when the
1329 given the "-1" argument.
1330 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1331 [ISC-Bugs #26735]
1332 When asked for the version don't send the output to syslog.
1333 [ISC-Bugs #29772]
1334 Add the next server information to the environment variables for
1335 use by the client script. In order to avoid changing the client
1336 lease file the next server information isn't written to it.
1337 Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
1338 [ISC-Bugs #33098]
e191f1e8 1339
0e76cb91
TM		 1340- Several updates to the dhcp server code.
1341 When not in quiet mode print out the files being used.
1342 [ISC-Bugs #17551]
1343 As accessing some pid files may require privileges move the dropping
1344 of permission bits due to the paranoia patch to be after the pid code.
1345 Thanks to Jiri Popelka at Red Hat for the bug report and fix.
1346 [ISC-Bugs #25806]
1347 When processing a "--version" request don't output the version information
1348 to syslog.
9b7d458d 1349
0e76cb91
TM		 1350- Add the "enable-log-pid" build option to the configure script. When enabled
1351 this causes the client, server and relay programs to include the PID
1352 number in syslog messages.
1353 Thanks to Marius Tomaschewski for the suggestion and proto-patch.
1354 [ISC-Bugs #29713]
9b7d458d 1355
0e76cb91
TM		 1356- Add a #define to specify the prefix length used when a client attempts
1357 to configure an address. This can be modified by editing includes/site.h.
1358 By default it is set to 64. While 128 might be a better choice it would
1359 also be a change for currently running systems, so we have left it at 64.
1360 [ISC-Bugs #DHCP-2]
9b7d458d 1361
0e76cb91
TM		 1362- Add a run time option to the client "-df" to allow the administrator to
1363 point to a second lease file the client can search for a DUID. This can
1364 be used to allow a v4 and a v6 instance of the client to share a DUID.
1365 The second file will only be searched if there isn't a DUID in the main
1366 lease file and the DUID will be written out to the main lease file.
1367 [ISC-Bugs #34886]
9b7d458d 1368
0e76cb91
TM		 1369- Have the client fsync the lease file to avoid lease corruption if the
1370 client hibernates or otherwise shuts down.
1371 [ISC-Bugs #35894]
9b7d458d 1372
0e76cb91
TM		 1373- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
1374 Thanks to Steinar Haug for the suggestion.
1375 [ISC-Bugs #36033]
ece2d9da 1376
0e76cb91
TM		 1377- Modify the handling of the resolv.conf file to allow the DHCP
1378 process to start up even if the resolv.conf file has problems.
1379 [ISC-Bugs #35989]
ab777749 1380
0e76cb91
TM		 1381- Add threshold logging functionality. Two new options,
1382 log-threshold-low and log-threshold-high, indicate to the
1383 server if and when it should log an error message as addresses
1384 in a pool are used.
1385 [ISC-Bugs #34487]
6ec59010 1386
0e76cb91
TM		 1387- Add code to properly dereference a pointer in the dhclient code
1388 on an error condition.
1389 [ISC-Bugs #36194]
63ccfbb0 1390
0e76cb91
TM		 1391- Add code to help clean up soft leases.
1392 [ISC-Bugs #36304]
babe4149 1393
0e76cb91
TM		 1394- Disable the gentle shutdown functionality until we can determine
1395 the best way to present it to remove or reduce the side effects.
1396 [ISC-Bugs #36066]
d1489a35 1397
0e76cb91 1398 Changes since 4.3.0rc1
e39b4193 1399
0e76cb91
TM		 1400- None
1401 Changes since 4.3.0b1
2d542e1e 1402
0e76cb91
TM		 1403- Tidy up receive packet processing.
1404 Thanks to Brad Plank of GTA for reporting the issue and suggesting
1405 a possible patch.
1406 [ISC-Bugs #34447]
abacf8ad 1407
0e76cb91
TM		 1408 Changes since 4.3.0a1
1409
1410- Modify the message displayed when a process hits a fatal error.
1411 The new message is much shorter and simply points to the README
1412 and our website for directions on bug submissions.
1413 [ISC-Bugs #24789]
1a6b62fe 1414
6980ae03 1415 Changes since 4.2.0 (new features)
51b8a8a0
SR		 1416
1417- If a client renews before 'dhcp-cache-threshold' percent of its lease
1418 has elapsed (default 25%), the server will reuse the allocated lease
1419 (provide a lease within the currently allocated lease-time) rather
1420 than extend or renew the lease. This absolves the server of needing
1421 to perform an fsync() operation on the lease database before reply,
1422 which improves performance. [ISC-Bugs #22228]
80778e94 1423 Updated this patch to support asynchronous DDNS. If the server is
adb95d23 1424 attempting to do DDNS on a lease it should be updated and written to
4809ef5c 1425 disk even if that wouldn't be necessary due to the thresholding.
8cd88e20 1426 [ISC-Bugs #26311]
51b8a8a0 1427
6980ae03
SR		 1428- The 'no available billing' log line now also logs the name of the last
1429 matching billing class tried before failing to provide a billing.
1430 [ISC-Bugs #21759]
1431
32e651c4
SR		 1432- A problem with missing get_hw_addr function when --enable-use-sockets
1433 was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
1434 that use-sockets feature was not tested on those systems. Client and
1435 server code no longer use MAX_PATH constant that is not defined on
3cb6f9bb 1436 GNU/Hurd systems. [ISC-Bugs #25979]
32e651c4 1437
67418698
SR		 1438- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
1439 can parse v4 lease files and output the lease information in a more
1440 human friendly manner. This was written by Christian Hammers with
1441 some updates by vom and ISC. This is contributed code and is not
1442 supported by ISC; however it may be useful to some users.
1443 [ISC-Bugs #20680]
1444
a7341359 1445- Add support in v6 for on-commit, on-expire and on-release.
4809ef5c 1446 [ISC-Bugs #27912]
a7341359 1447
01fa619f
SR		 1448- Add support for using classes with v6.
1449 [ISC-Bugs #26510]
1450
d7d9c0c7
SR		 1451- Update the DDNS code to current standards and allow for sharing
1452 of DDNS entries between v4 and v6 clients. The new code is used
1453 if the ddns-update-style is set to "standard", the older code is
1454 still available if ddns-update-style is set to "interim". The
1455 oldest DDNS code "ad-hoc" has been removed. Thanks to Thomas Pegeot
1456 who submitted a patch for this issue. This patch is based on
1457 that work with some modifications.
64fb661c 1458 [ISC-Bugs #21139]
1534fff7 1459
cde11a4c
SR		 1460- Add a configuration option to the server to suppress using fsync().
1461 Enabling this option will mean that fsync() is never called. This
1462 may provide better performance but there is also a risk that a lease
1463 will not be properly written to the disk after it has been issued
1464 to a client and before the server stops. Using this option is
1465 not recommended.
64fb661c 1466 [ISC-Bugs #34810]
cde11a4c 1467
f88446f1
SR		 1468- Add some logging statements to indicate when the server is ready
1469 to serve. One statement is emitted after the server has finished
1470 reading its files and is about to enter the dispatch loop.
1471 This is "Server starting service.".
1472 The second is emitted when a server determines that both it and
1473 its failover peer are in the normal state.
1474 This is "failover peer <name>: Both servers normal."
64fb661c 1475 [ISC-Bugs #33208]
f88446f1 1476
619304cd
SR		 1477- Add support for accessing options from v6 relays. The v6relay
1478 statement allows the administrator to choose which relay to
1479 use when searching for an option, see the dhcp-options man page
6b9c9f87
SR		 1480 for a description. The host-identifier option has also been
1481 updated to support the use of relay options, see the dhcpd.conf
619304cd
SR		 1482 man page for a description.
1483 [ISC-Bugs #19598]
1484
e54ff84f 1485- When doing DDNS if there isn't an appropriate zone statement attempt
80778e94 1486 to find a reasonable nameserver via a DNS resolver. This restores
e54ff84f
SR		 1487 some functionality that was lost in the transition to asynchronous
1488 DDNS. Due to the lack of security and increase in fragility of the
1489 system when using this feature we strongly recommend the use of
1490 appropriate zone statements rather than using this functionality.
1491 [ISC-Bugs #30461]
1492
61ef216b
SR		 1493- Add support for specifying the address from which to send
1494 DDNS updates on the DHCP server. There are two new options
1495 "ddns-local-address4" and "ddns-local-address6" that each take
1496 one instance of their respective address types.
1497 [ISC-Bugs #34779]
4d079f0e 1498
38ee81bd
SR		 1499- Add ignore-client-uids option in the server. This option causes
1500 the server to not record a client's uid in its lease. This
1501 violates the specification but may also be useful when a client
1502 can dual boot using different client ids but the same mac address.
6b9c9f87 1503 Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
38ee81bd
SR		 1504 [ISC-Bugs #32427]
1505 [ISC-Bugs #35066]
4d079f0e
SR		 1506
1507- Extend the DHCPINFORM processing to honor the subnet selection option
1508 and take host declarations into account.
1509 Thanks to Christof Chen for testing and submitting the patch.
1510 [ISC-Bugs #35015]
1511
fe2ac9e3
SR		 1512- Extend the hardware expression to look into the lease structure
1513 for a hardware address if there is no packet. This allows the
1514 server to find the hardware address during on-expiry processing.
1515 [ISC-Bugs #24584]
61ef216b 1516
bc30c84e
SR		 1517- Add definitions for some options that have been specified by the IETF.
1518 [ISC-Bugs #29268]
ccc2a367 1519 [ISC-Bugs #35198]
bc30c84e 1520
01a44a77 1521 Changes since 4.2.0 (bug fixes)
8ee352ee 1522
01a44a77
SR		 1523- When using 'ignore client-updates;', the FQDN returned to the client
1524 is no longer truncated to one octet.
8ee352ee 1525
01a44a77 1526- Cleaned up an unused hardware address variable in nak_lease().
4889a646 1527
01a44a77
SR		 1528- Manpage entries for the ia-pd and ia-prefix options were updated to
1529 reflect support for prefix delegation.
4889a646 1530
01a44a77 1531- Cleaned up some compiler warnings
7dc4e69c 1532
01a44a77
SR		 1533- An optimization described in the failover protocol draft is now included,
1534 which permits a DHCP server operating in communications-interrupted state
1535 to 'rewind' a lease to the state most recently transmitted to its peer,
1536 greatly increasing a server's endurance in communications-interrupted.
1537 This is supported using a new 'rewind state' record on the dhcpd.leases
1538 entry for each lease.
c5bc8b1a 1539
01a44a77 1540- Fix the trace code which was broken by the changes to the DDNS code.
d0a10f6a 1541
01a44a77
SR		 1542- Update the fsync code to work with the changes to the DDNS code. It now
1543 uses a timer instead of noticing if there are no more packets to process.
dc9d7b08 1544
01a44a77
SR		 1545- When constructing the DNS name structure from a text string append
1546 the root to relative names. This satisfies a requirement in the DNS
1547 library that names be absolute instead of relative and prevents DHCP
1548 from crashing. [ISC-Bugs #21054]
a24b9f23 1549
01a44a77
SR		 1550- "The LDAP Patch" that has been circulating for some time, written by
1551 Brian Masney and S.Kalyanasundraram and maintained for application to
1552 the DHCP-4 sources by David Cantrell has been included. Please be
1553 advised that these sources were contributed, and do not yet meet the
1554 high standards we place on production sources we include by default.
1555 As a result, the LDAP features are only included by using a compile-time
1556 option which defaults off, and if you enable it you do so under your
1557 own recognizance. We will be improving this software over time.
1558 [ISC-Bugs #17741]
c5bc8b1a 1559
01a44a77
SR		 1560- Prohibit including lease time information in a response to a DHCP INFORM.
1561 [ISC-Bugs #21092]
cc17cbc3 1562
01a44a77
SR		 1563! Accept a client id of length 0 while hashing. Previously the server would
1564 exit if it attempted to hash a zero length client id, providing attackers
1565 with a simple denial of service attack. [ISC-Bugs #21253]
1566 CERT: VU#541921 - CVE: CVE-2010-2156
08b2d347 1567
01a44a77 1568- A memory leak in ddns processing was closed. [ISC-Bugs #21377]
08b2d347 1569
01a44a77
SR		 1570- Modify the exception handling for initial context creation. Previously
1571 we would try and clean up before exiting. This could present problems
1572 when the cleanup required part of the context that wasn't available. It
1573 also didn't do much as we exited afterwards anyway. Now we simply log
1574 the error and exit. [ISC-Bugs #21093]
ad4001ce 1575
01a44a77
SR		 1576- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
1577 previously allocated (active) lease to a client that has changed subnets,
1578 despite being on different shared networks. Dynamic prefixes specifically
1579 allocated in shared networks also now are not offered if the client has
1580 moved. [ISC-Bugs #21152]
3cb6f9bb 1581
01a44a77 1582- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
f6dc164f 1583
01a44a77
SR		 1584- Fix the trace code to handle timing events better and to truncate a file
1585 before using instead of overwriting it. [ISC-Bugs #20969]
4b8251a0 1586
01a44a77
SR		 1587- Modify the determination of the default TTL to use for DDNS updates.
1588 The user may still configure the ttl via ddns-ttl. The default for
1589 both v4 and v6 is now 1/2 the (preferred) lease time with a limit. The
1590 previous defaults (1/2 lease time without a limit for v4 and a default
1591 value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
1592 [ISC-Bugs #21126]
47e8308d 1593
01a44a77
SR		 1594- libisc/libdns is now brought up to version 9.7.1rc1. This corrects
1595 three reported flaws in ISC DHCP;
d9b5c150 1596
01a44a77
SR		 1597 o DHCP processes (dhcpd, dhclient) fail to start if one of either the
1598 IPv4 or IPv6 address families is not present. [ISC-Bugs #21122]
08e6dad9 1599
01a44a77
SR		 1600 o Assertion failure when attempting to cancel a previously running DDNS
1601 update. [ISC-Bugs #21133]
9f9265b6 1602
01a44a77
SR		 1603 o Compilation failure of libisc/libdns due to the use of a flexible
1604 array member. [ISC-Bugs #21316]
9f9265b6 1605
01a44a77 1606- Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
35de6c8c 1607
01a44a77
SR		 1608- Documentation cleanup covering multiple tickets
1609 [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
1610 [ISC-Bugs #20263] add text describing some default values
1611 [ISC-Bugs #20193] single quotes at the start of a line indicate a control
1612 line to nroff, escape them if we actually want a quote.
1613 [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
de87ffe3 1614
01a44a77
SR		 1615- 'get-host-names true;' now also works even if 'use-host-decl-names true;'
1616 was also configured. The nature of this repair also fixes another
1617 error; the host-name supplied by a client is no longer overridden by a
1618 reverse lookup of the lease address. Thanks to a patch from Wilco Baan
1619 Hofman supplied to us by the Debian package maintenance team.
1620 [ISC-Bugs #21691] {Debian Bug#509445}
e563ec2e 1621
01a44a77
SR		 1622- The .TH tag for the dhcp-options manpage was typo repaired
1623 thanks to a report from jidanni and the Debian package maintenance
1624 team. [ISC-Bugs #21676] {Debian Bug#563613}
3bedb117 1625
01a44a77
SR		 1626- More documentation changes - primarily to put the options in the dhclient
1627 and dhcpd man pages into the standard form. Thanks in part to a patch
1628 from David Cantrell at Red Hat.
1629 [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
18a28679 1630
01a44a77
SR		 1631- Add code to clear the pointer to an object in an OMAPI handle when the
1632 object is freed due to a dereference. [ISC-Bugs #21306]
0b2ec8c9 1633
01a44a77
SR		 1634- Fixed a bug that leaks host record references onto lease structures,
1635 causing the server to apply configuration intended for one host to any
1636 other innocent clients that come along later. [ISC-Bugs #22018]
67b2cb45 1637
01a44a77
SR		 1638- Minor code fixes
1639 [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
1640 the name to be at the apex of the zone.
1641 [ISC-Bugs #19617] Restrict length of interface name read from command line
1642 in dhcpd - based on a patch from David Cantrell at Red Hat.
1643 [ISC-Bugs #20039] Correct some error messages in dhcpd.c
1644 [ISC-Bugs #20070] Better range check on values when creating a DHCID.
9a111ee8 1645 [ISC-Bugs #20198] Avoid writing past the end of the field when adding
01a44a77
SR		 1646 overly long file or server names to a packet and add a log message
1647 if the configuration supplied overly long names for these fields.
1648 Thanks to Martin Pala.
1649 [ISC-Bugs #21497] Add a little more randomness to rng seed in client
1650 thanks to a patch from Jeremiah Jinno.
74977c94 1651
01a44a77 1652- Correct error handling in DLPI [ISC-Bugs #20378]
30e42327 1653
01a44a77
SR		 1654- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
1655 checked in configure. [ISC-Bugs #20443]
dbd65517 1656
01a44a77
SR		 1657- Modify how the cmsg header is allocated the v6 send and received routines
1658 to compile on more compilers. [ISC-Bugs #20524]
0f750c4f 1659
01a44a77
SR		 1660- When parsing a domain name free the memory for the name after we are
1661 done with it. [ISC-Bugs #20824]
b95f1ee0 1662
01a44a77
SR		 1663- Add an elapsed time option to the release message and refactor the
1664 code to move most of the common code to a single routine.
1665 [ISC-Bugs #21171].
b95f1ee0 1666
01a44a77
SR		 1667- Two identical log messages for commit_leases() have been disambiguated.
1668 [ISC-Bugs #18915]
0ef9a46e 1669
01a44a77
SR		 1670- Parse date strings more properly - the code now handles semi-colons in
1671 date strings correctly. Thanks to a patch from Jiri Popelka at Red Hat.
1672 [ISC-Bugs #21501, #20598]
de6c9af6 1673
01a44a77
SR		 1674- Fixes to lease input and output.
1675 [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
1676 strftime, paste together the same string using mktime instead.
1677 [ISC-Bugs #19596] - When parsing iaid values accept printable
1678 characters.
1679 [ISC-Bugs #21585] - Always print time values in omshell as hex
1680 instead of ascii if the values happen to be printable characters.
87132514 1681
01a44a77
SR		 1682- Minor changes for scripts, configure.ac and Makefiles
1683 [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
1684 example conf file. Thanks to a patch from David Cantrell
1685 at Red Hat.
1686 [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
1687 [ISC-Bugs #19945] Properly close the quote on some arguments.
1688 [ISC-Bugs #20952] Add 64 bit types to configure.ac
adb95d23 1689 [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable
b047bd38 1690
01a44a77
SR		 1691- Update the code to parse dhcpv6 lease files to accept a semi-colon at
1692 the end of the max-life and preferred-life clauses. In order to be
1693 backwards compatible with older lease files not finding a semi-colon
1694 is also accepted. [ISC-Bugs #22303].
e3c94800 1695
01a44a77
SR		 1696! Handle a relay forward message with an unspecified address in the
1697 link address field. Previously such a message would cause the
e675b663 1698 server to crash. Thanks to a report from John Gibbins. [ISC-Bugs #21992]
01a44a77 1699 CERT: VU#102047 CVE: CVE-2010-3611
dd9237c3 1700
01a44a77
SR		 1701- ./configure on longer searches for -lcrypto to explicitly link against.
1702 This fixes a bug where 'dhclient' would have shared library dependencies
1703 on '/usr/lib'. [ISC-Bugs #21967]
d13db163 1704
01a44a77
SR		 1705- Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
1706 signal to a process and will kill the process if the signal isn't
1707 caught. This patch adds code to turn off the SIGPIPE signal via
1708 a setsockopt() call. The signal is already being ignored as part
1709 of the ISC library. [ISC-Bugs #22269]
b342f2e7 1710
01a44a77
SR		 1711- Restore printing of values in omshell to the style pre 21585. For
1712 21585 we changed the print routines to always display time values
1713 as a hex list. This had a side effect of printing all data strings
1714 as a hex list. We shall investigate other ways of displaying time
1715 values more usefully. [ISC-Bugs #22626]
797aab67 1716
01a44a77
SR		 1717! Fix the handling of connection requests on the failover port.
1718 Previously a connection request from a source that wasn't
1719 listed as a failover peer would cause the server to become
1720 non-responsive. Thanks to a report from Brad Bendily, brad@bendily.com.
1721 [ISC-Bugs #22679]
9a111ee8 1722 CERT: VU#159528 CVE: CVE-2010-3616
bc7f8b8e 1723
01a44a77
SR		 1724- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
1725 Passing it through to the handlers caused the omshell program to fail
1726 to connect to the server. [ISC-Bugs #21839]
d289ee68 1727
adb95d23 1728- Fix the parenthesis in the code to process configuration statements
01a44a77
SR		 1729 beginning with "auth". The previous arrangement caused
1730 "auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
d19fa5a1 1731
01a44a77
SR		 1732- Limit the timeout period allowed in the dispatch code to 2^^32-1 seconds.
1733 Thanks to a report from Jiri Popelka at Red Hat.
1734 [ISC-Bugs #22033], [Red Hat Bug #628258]
bb9189c3 1735
01a44a77
SR		 1736- When processing the format flags for a given option consume the
1737 flag indicating an optional value correctly. A symptom of this
1738 bug was an infinite loop when trying to parse the slp-service-scope
1739 option. Thanks to a patch from Marius Tomaschewski.
1740 [ISC-Bugs #22055]
cbbd2714 1741
01a44a77
SR		 1742- Disable the use of kqueue in the ISC library. This avoids a problem
1743 between the fork and socket code that caused the dhcpd process to
1744 use all available cpu if the program daemonized itself.
1745 [ISC-Bugs #21911]
d208bb04 1746
01a44a77
SR		 1747! When processing a request in the DHCPv6 server code that specifies
1748 an address that is tagged as abandoned (meaning we received a
1749 decline request for it previously) don't attempt to move it from
1750 the inactive to active pool as doing so can result in the server
1751 crashing on an assert failure. Also retag the lease as active
1752 and reset its timeout value.
1753 [ISC-Bugs #21921]
9a111ee8 1754
01a44a77
SR		 1755- Removed the restriction on using IPv6 addresses in IPv4 mode. This
1756 allows IPv4 options which contain IPv6 addresses to be specified. For
1757 example the 6rd option can be specified and used like this:
1758 [ISC-Bugs #23039]
d208bb04 1759
01a44a77
SR		 1760 option 6rd code 212 = { integer 8, integer 8,
1761 ip6-address, array of ip-address };
1762 option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
25f664a6 1763
01a44a77
SR		 1764- Handle some DDNS corner cases better. Maintain the DDNS transaction
1765 information when updating a lease and cancel any existing transactions
9a111ee8 1766 when removing the ddns information.
01a44a77 1767 [ISC-Bugs #23103]
d424157d 1768
01a44a77
SR		 1769- Some fixes for LDAP
1770 [ISC-Bugs #21783] - Include lber library when building ldap
1771 [ISC-Bugs #22888] - Enable the ldap code when buidling common
1772 The above fixes are from Jiri Popelka at Red Hat.
3221151b 1773
01a44a77
SR		 1774- Modify the dlpi code to accept getmsg() returning a positive value.
1775 [ISC-Bugs #22824]
bea17697
SR		 1776
1777! In dhclient check the data for some string options for
1778 reasonableness before passing it along to the script that
1779 interfaces with the OS.
1780 [ISC-Bugs #23722]
1781 CVE: CVE-2011-0997
c7aa4dd4
TM		 1782
1783- DHCPv6 server now responds properly if client asks for a prefix that
1784 is already assigned to a different client. [ISC-Bugs #23948]
4a5bfeac
SR		 1785
1786- Add the option "--no-pid" to the client, relay and server code,
1787 to disable writing a pid file. Add the option "-pf pidfile"
1788 to the relay to allow the user to supply the pidfile name at
1789 runtime. Add the "with-relay6-pid-file" option to configure
1790 to allow the user to supply the pidfile name for the relay
1791 in v6 mode at configure time.
1792 [ISC-Bugs #23351] [ISC-Bugs #17541]
5d082abd
TM		 1793
1794- 'dhclient' no longer waits a random interval after first starting up to
1795 begin in the INIT state. This conforms to RFC 2131, but elects not to
9a111ee8 1796 implement a 'SHOULD' direction in section 4.1. The goal of this change
73c83820 1797 is to start up faster. [ISC-Bugs #19660]
9a111ee8
TM		 1798
1799- Added 'initial-delay' parameter that specifies maximum amount of time
1800 before client goes to the INIT state. The default value is 0. In previous
1801 versions of the code client could wait up to 5 seconds. The old behavior
5d082abd 1802 may be restored by using 'initial-delay 5;' in the client config file.
73c83820 1803 [ISC-Bugs #19660]
5d082abd
TM		 1804
1805- ICMP ping-check should now sit closer to precisely the number of seconds
1806 configured (or default 1), due to making use of the new microsecond
1807 scale timer internally to dhcpd. This corrects a bug where the server
1808 may immediately timeout an ICMP ping-check if it was made late in the
73c83820 1809 current second. [ISC-Bugs #19660]
5d082abd
TM		 1810
1811- The DHCP client will schedule renewal and rebinding events in
1812 microseconds if the DHCP server provided a lease-time that would result
1813 in sub-1-second timers. This corrects a bug where a 2-second or lower
1814 lease-time would cause the DHCP client to enter an infinite loop by
73c83820 1815 scheduling renewal at zero seconds. [ISC-Bugs #19660]
5d082abd
TM		 1816
1817- Client lease records are recorded at most once every 15 seconds. This
1818 keeps the client from filling the lease database disk quickly on very small
73c83820 1819 lease times. [ISC-Bugs #19660]
5d082abd
TM		 1820
1821- To defend against RFC 2131 non-compliant DHCP servers which fail to
1822 advertise a lease-time (either mangled, or zero in value) the DHCP
1823 client now adds the server to the reject list ACL and returns to INIT
1824 state to hopefully find an RFC 2131 compliant server (or retry in INIT
73c83820 1825 forever). [ISC-Bugs #19660]
023fbaa0
TM		 1826
1827- Parameters configured to evaluate from user defined function calls can
1828 now be correctly written to dhcpd.leases (as on 'on events' or dynamic
1829 host records inserted via OMAPI). [ISC-Bugs #22266]
1830
1831- If a 'next-server' parameter is configured in a dynamic host record via
1832 OMAPI as a domain name, the syntax written to disk is now correctly parsed
1833 upon restart. [ISC-Bugs #22266]
656b1ece
TM		 1834
1835- The DHCP server now responds to DHCPLEASEQUERY messages from agents using
1836 IP addresses not covered by a subnet in configuration. Whether or not to
1837 respond to such an agent is still governed by the 'allow leasequery;'
1838 configuration parameter, in the case of an agent not covered by a configured
1839 subnet the root configuration area is examined. Server now also returns
1840 vendor-class-id option, if client sent it. [ISC-Bugs #21094]
9a111ee8 1841
fc06ee4f
SR		 1842- Documentation fixes
1843 [ISC-Bugs #17959] add text to AIX section describing how to have it send
1844 responses to the all-ones address.
1845 [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
1846 [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
1847
1185c766
TM		 1848- Relay no longer crashes, when DHCP packet is received over interface without
1849 any IPv4 address assigned. Also extended logging message about discarding
1850 packets with invalid hlen with information about relevant interface name.
1851 [ISC-Bugs #22409]
1852
c6455252
TM		 1853- Relay now properly logs that packet was received over interface without
1854 global IPv6 address [ISC-Bugs #24070]
1855
9a111ee8
TM		 1856- Linux Packet Filter interface improvement. sockaddr_pkt structure is used,
1857 rather than sockaddr. Packet ethertype is now forced to ETH_P_IP.
9369bdc1
TM		 1858 [ISC-Bugs #18975]
1859
fb30f3fc
SR		 1860- Minor code cleanups - but note port change for #23196
1861 [ISC-Bugs #23470] - Modify when an ignore return macro is defined to
1862 handle unsed error return warnings for more versions of gcc.
1863 [ISC-Bugs #23196] - Modify the reply handling in the server code to
1864 send to a specified port rather than to the source port for the incoming
1865 message. Sending to the source port was test code that should have
1866 been removed. The previous functionality may be restored by defining
1867 REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
1868 enable this except for testing purposes.
1869 [ISC-Bugs #22695] - Close a file descriptor in an error path.
1870 [ISC-Bugs #19368] - Tidy up variable types in validate_port.
1871
c616de4f 1872- Code cleanup: remove obsolete PROTO, KandR, INLINE and ANSI_DECL macros
9a111ee8 1873 [ISC-Bugs #13151]
c616de4f
TM		 1874
1875- Compilation problem with gcc4.5 and omshell.c resolved. [ISC-Bugs #23831]
a34feb7d 1876
4f55e11b
SR		 1877- Client Script fixes
1878 [ISC-Bugs #23045] Typos in client/scripts/openbsd
1879 [ISC-Bugs #23565] In the client scripts add a zone id (interface id) if
1880 the domain search address is link local.
1881 [ISC-Bugs #1277] In some of the client scripts add code to handle the
1882 case of the default router information being changed without the address
1883 being changed.
1884
802fdea1
TM		 1885- Documentation cleanup
1886 [ISC-Bugs #23326] Updated References document, several man page updates
1887
9a111ee8 1888- Server no longer complains about NULL pointer when configured
1b601efa
TM		 1889 server-identifier expression fails to evaluate. [ISC-Bugs #24547]
1890
199f0b8a
SR		 1891- Convert ISC_R_INPROGRESS status to ISC_R_SUCCESS when called from other
1892 than the dispatch handler. This fixes an issue where omshell, when
1893 run from the same platform as the server, would appear to fail to
1894 connect. This is a companion to #21839. [ISC-Bugs #23592]
1895
786f2e79
SR		 1896- Enlarge the buffer size used by the Omshell code and some of the
1897 print routines to allow for greater than 60 characters or, when
1898 printing as hex strings, 20 characters. [ISC-Bugs #22743]
1899
7cfeb916
SR		 1900- In Solaris 11 switch to using sockets instead of DLPI, thanks
1901 to a patch form Oracle. [ISC-Bugs #24634].
1902
9a111ee8
TM		 1903- Strict checks for content of domain-name DHCPv4 option can now be
1904 configured during compilation time. Even though RFC2132 does not allow
1905 to store more than one domain in domain-name option, such behavior is
d15aa964
TM		 1906 now enabled by default, but this may change some time in the future.
1907 See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
1908 [ISC-Bugs #24167]
1909
beaed73f
SR		 1910- DNS Update fix. A misconfigured server could crash during DNS update
1911 processing if the configuration included overlapping pools or
1912 multiple fixed-address entries for a single address. This issue
1913 affected both IPv4 and IPv6. The fix allows a server to detect such
1914 conditions, provides the user with extra information and recommended
1915 steps to fix the problem. If the user enables the appropriate option
1916 in site.h then server will be terminated
1917 [ISC-Bugs #23595]
1918
8bd96ccb
SR		 1919! Two packets were found that cause a server to halt. The code
1920 has been updated to properly process or reject the packets as
1921 appropriate. Thanks to David Zych at University of Illinois
1922 for reporting this issue. [ISC-Bugs #24960]
1923 One CVE number for each class of packet.
1924 CVE-2011-2748
1925 CVE-2011-2749
1926
01a44a77
SR		 1927- Fix the code that checks for an existing DDNS transaction to cancel
1928 when removing DDNS information, so that we will continue with the
1929 processing if we have a lease even if it doesn't have an outstanding
1930 transaction. [ISC-Bugs #24682]
5a38e43f 1931
01a44a77
SR		 1932- Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
1933 configuration files. [ISC-Bugs #24107]
5a38e43f 1934
01a44a77
SR		 1935- Add support for passing DDNS information to a DNS server over
1936 an IPv6 address. [ISC-Bugs #22647]
524705e5 1937
01a44a77
SR		 1938- Enhanced patch for 23595 to handle IPv4 fixed addresses more
1939 cleanly. [ISC-Bugs #23595]
66be0ad1 1940
01a44a77
SR		 1941! Add a check for a null pointer before calling the regexec function.
1942 Without this check we could, under some circumstances, pass
1943 a null pointer to the regexec function causing it to segfault.
1944 Thanks to a report from BlueCat Networks.
1945 [ISC-Bugs #26704].
1946 CVE: CVE-2011-4539
57fbc772 1947
01a44a77
SR		 1948! Modify the DDNS handling code. In a previous patch we added logging
1949 code to the DDNS handling. This code included a bug that caused it
1950 to attempt to dereference a NULL pointer and eventually segfault.
1951 While reviewing the code as we addressed this problem, we determined
1952 that some of the updates to the lease structures would not work as
1953 planned since the structures being updated were in the process of
1954 being freed: these updates were removed. In addition we removed an
1955 incorrect call to the DDNS removal function that could cause a failure
1956 during the removal of DDNS information from the DNS server.
1957 Thanks to Jasper Jongmans for reporting this issue.
1958 [ISC-Bugs #27078]
1959 CVE: CVE-2011-4868
57fbc772 1960
01a44a77
SR		 1961- Fixed the code that checks if an address the server is planning
1962 to hand out is in a reserved range. This would appear as
1963 the server being out of addresses in pools with particular ranges.
1964 [ISC-Bugs #26498]
57fbc772 1965
01a44a77
SR		 1966- In the DDNS code handle error conditions more gracefully and add more
1967 logging code. The major change is to handle unexpected cancel events
1968 from the DNS client code.
1969 [ISC-Bugs #26287]
57fbc772 1970
01a44a77
SR		 1971- Tidy up the receive calls and eliminate the need for found_pkt.
1972 [ISC-Bugs #25066]
9a111ee8 1973
01a44a77
SR		 1974- Add support for Infiniband over sockets to the server and
1975 relay code. We've tested this on Solaris and hope to expand
1976 support for Infiniband in the future. This patch also corrects
1977 some issues we found in the socket code.
1978 [ISC-Bugs #24245]
197c917e 1979
01a44a77
SR		 1980- Add a compile time check for the presence of the noreturn attribute
1981 and use it for log_fatal if it's available. This will help code
1982 checking programs to eliminate false positives.
1983 [ISC-Bugs #27539]
8bd445a1 1984
01a44a77
SR		 1985- Fixed many compilation problems ("set, but not used" warnings) for
1986 gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
83d409ae 1987
01a44a77
SR		 1988- Modify the code that determines if an outstanding DDNS request
1989 should be cancelled. This patch results in cancelling the
1990 outstanding request less often. It fixes the problem caused
1991 by a client doing a release where the TXT and PTR records
1992 weren't removed from the DNS.
1993 [ISC-BUGS #27858]
6aaaf6a4 1994
01a44a77
SR		 1995- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
1996 and dhcpv6_packet in several more places. Thanks to a report from
1997 Bruno Verstuyft and Vincent Demaertelaere of Excentis.
1998 [ISC-Bugs #27941]
4e0997c6 1999
01a44a77
SR		 2000- Remove outdated note in the description of the bootp keyword about the
2001 option not satisfying the requirement of failover peers for denying
2002 dynamic bootp clients.
2003 [ISC-bugs #28574]
ad59838e 2004
01a44a77
SR		 2005- Multiple items to clean up IPv6 address processing.
2006 When processing an IA that we've seen check to see if the
2007 addresses are usable (not in use by somebody else) before
2008 handing it out.
2009 When reading in leases from the file discard expired addresses.
2010 When picking an address for a client include the IA ID in
2011 addition to the client ID to generally pick different addresses
2012 for different IAs.
2013 [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
2014 [ISC-Bugs #27684]
f33dc722 2015
01a44a77
SR		 2016- Remove unnecessary checks in the lease query code and clean up
2017 several compiler issues (some dereferences of NULL and treating
2018 an int as a boolean).
2019 [ISC-Bugs #26203]
4dc5a6b1 2020
01a44a77
SR		 2021- Fix the NA and PD allocation code to handle the case where a client
2022 provides a preference and the server doesn't have any addresses or
2023 prefixes available. Previously the server ignored the request with
2024 this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
2025 By default the code performs according to the errata of August 2010
2026 for RFC 3315 section 17.2.2; to enable the previous style see the
2027 section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
2028 may be removed in the future.
2029 Thanks to Jiri Popelka at Red Hat for the patch.
2030 [ISC-Bugs #22676]
3004baba 2031
01a44a77
SR		 2032- Fix up some issues found by static analysis.
2033 A potential memory leak and NULL dereference in omapi.
2034 The use of a boolean test instead of a bitwise test in dst.
2035 [ISC-Bugs #28941]
3004baba 2036
01a44a77
SR		 2037- Rotate the lease file when running in v6 mode.
2038 Thanks to Christoph Moench-Tegeder at Astaro for the
2039 report and the first version of the patch.
2040 [ISC-Bugs #24887]
9d97e644 2041
01a44a77
SR		 2042- Correct code to calculate timing values in client to compare
2043 rebind value to infinity instead of renew value.
2044 Thanks to Chenda Huang from H3C Technologies Co., Limited
2045 for reporting this issue.
2046 [ISC-Bugs #29062]
23d39ae2 2047
01a44a77
SR		 2048- Fix some issues in the code for parsing and printing options.
2049 [ISC-Bugs #22625] - properly print options that have several fields
2050 followed by an array of something for example "fIa"
2051 [ISC-Bugs #27289] - properly parse options in declarations that have
2052 several fields followed by an array of something for example "fIa"
2053 [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
2054 value in evaluate_numeric_expression (extract-int).
2055 [ISC-Bugs #27314] - properly parse a zero length option from
2056 a lease file. Thanks to Marius Tomaschewski from SUSE for the report
2057 and prototype patch for this ticket as well as ticket 27289.
23d39ae2 2058
01a44a77
SR		 2059! Previously the server code was relaxed to allow packets with zero
2060 length client ids to be processed. Under some situations use of
2061 zero length client ids can cause the server to go into an infinite
2062 loop. As such ids are not valid according to RFC 2132 section 9.14
2063 the server no longer accepts them. Client ids with a length of 1
2064 are also invalid but the server still accepts them in order to
2065 minimize disruption. The restriction will likely be tightened in
2066 the future to disallow ids with a length of 1.
2067 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 2068 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR		 2069 [ISC-Bugs #29851]
2070 CVE: CVE-2012-3571
0c9d3a81 2071
01a44a77
SR		 2072! When attempting to convert a DUID from a client id option
2073 into a hardware address handle unexpected client ids properly.
2074 Thanks to Markus Hietava of Codenomicon CROSS project for the
9a111ee8 2075 finding this issue and CERT-FI for vulnerability coordination.
01a44a77
SR		 2076 [ISC-Bugs #29852]
2077 CVE: CVE-2012-3570
e1a40211 2078
01a44a77
SR		 2079! A pair of memory leaks were found and fixed. Thanks to
2080 Glen Eustace of Massey University, New Zealand for finding
2081 this issue.
2082 [ISC-Bugs #30024]
2083 CVE: CVE-2012-3954
e7e17397 2084
01a44a77
SR		 2085- Existing legacy unit-tests have been migrated to Automated Test
2086 Framework (ATF). Several new tests have been developed. To enable
2087 unit-tests, please use --with-atf in configure script. A Developer's
2088 Guide has been added. To generate it, please use make devel in
2089 the doc directory. It is currently in early stages of development,
2090 but is expected to grow in the near future. [ISC-Bugs 25901]
ef86959b 2091
01a44a77
SR		 2092! An issue with the use of lease times was found and fixed. Making
2093 certain changes to the end time of an IPv6 lease could cause the
2094 server to abort. Thanks to Glen Eustace of Massey University,
2095 New Zealand for finding this issue.
2096 [ISC-Bugs #30281]
2097 CVE: CVE-2012-3955
ef86959b 2098
01a44a77
SR		 2099- Update the memory leakage debug code to work with v6.
2100 [ISC-Bugs #30297]
919f1407 2101
01a44a77
SR		 2102- Relax the requirements for deleting an A or AAAA record.
2103 Previously the DDNS removal code required both the A or AAAA
2104 record and the TXT record to exist. This requirement could
2105 cause problems if something interrupted the removal leaving
2106 the TXT record alone. This relaxation was codified in RFC 4703.
2107 [ISC-Bugs #30734]
8a0d9ca4 2108
01a44a77
SR		 2109- Modify the failover code to handle incorrect peer names
2110 better. Previously the structure holding the name might
2111 have been freed inappropriately in some cases and not
2112 freed in other cases.
2113 [ISC-Bugs #30320]
17a8f0e2 2114
01a44a77
SR		 2115- Add a configure option, enable-secs-byteorder, to deal with
2116 clients that do the byte ordering on the secs field incorrectly.
2117 This field should be in network byte order but some clients
2118 get it wrong. When this option is enabled the server will examine
2119 the secs field and if it looks wrong (high byte non zero and low
2120 byte zero) swap the bytes. The default is disabled. This option
2121 is only useful when doing load balancing within failover.
2122 [ISC-Bugs #26108]
badc999d 2123
01a44a77
SR		 2124- Fix a set of issues that were discovered via a code inspection
2125 tool. Thanks to Jiri Popelka and Tomas Hozza Red Hat for the logs
2126 and patches.
2127 [ISC-Bugs #23833]
0d8c3d6e 2128
9a111ee8 2129- Parsing unquoted base64 strings improved. Parser now properly handles
01a44a77 2130 strings that contain reserved names. [ISC-Bugs #23048]
1e05d095 2131
01a44a77
SR		 2132- Modify the nak_lease function to make some attempts to find a
2133 server-identifier option to use for the NAK.
2134 [ISC-Bugs #25689]
1e05d095 2135
01a44a77
SR		 2136- The client now passes information about the options it requested
2137 from the server to the script code via environment variables.
2138 These variables are of the form requested_<option_name>=1 with
2139 the option name being the same as used in the new_* and old_*
2140 variables.
2141 [ISC-Bugs #29068]
1943bbf8 2142
01a44a77
SR		 2143- Add support for a simple check that the server id in a request message
2144 to a failover peer matches the server id of the server. This support
2145 is enabled by editing the file includes/site.h and uncommenting the
2146 definition for SERVER_ID_CHECK. The option has several restrictions
2147 and issues - please read the comment in the site.h file before
2148 enabling it.
2149 [ISC-Bugs #31463]
8a513c43 2150
01a44a77
SR		 2151- Tidy up some compiler issues in the debug code.
2152 [ISC-Bugs #26460]
d122accf 2153
adb95d23 2154- Move the dhcpd.conf example file to dhcpd.conf.example to avoid
01a44a77
SR		 2155 overwriting the dhcpd.conf file when installing a new version of
2156 ISC DHCP. The user will now need to manual copy and edit the
2157 dhcpd.conf file as desired.
2158 [ISC-Bugs #19337]
0d8c3d6e 2159
01a44a77
SR		 2160- Check the status value when trying to read from a connection to
2161 see if it may have been closed. If it appears closed don't try
2162 to read from it again. This avoids a potential busy-wait like
2163 loop when the peer names are mismatched.
2164 [ISC-Bugs #31231]
590298e7 2165
01a44a77
SR		 2166- Remove an unused variable to keep compilers happy.
2167 [ISC-Bugs #31983]
2b58b865 2168
01a44a77
SR		 2169- Modify test makefiles to be more similar to standard makefiles
2170 and comment out a currently unused test.
2171 [ISC-Bugs #32089]
600ee619 2172
01a44a77
SR		 2173- Address static analysis warnings.
2174 [ISC-Bugs #33510] [ISC-Bugs #33511]
a5c7bf77 2175
01a44a77
SR		 2176- Silence benign static analysis warnings.
2177 [ISC-Bugs #33428]
a5c7bf77 2178
01a44a77
SR		 2179- Add check for 64-bit package for atf.
2180 [ISC-Bugs #32206]
a5c7bf77 2181
01a44a77
SR		 2182- Use newer auto* tool packages and turn on RFC_3542 support on Mac OS.
2183 [ISC-Bugs #26303]
a5c7bf77 2184
01a44a77
SR		 2185- Remove a variable when it isn't being used due to #ifdefs to avoid
2186 a compiler warning on Solaris using GCC.
2187 [ISC-Bugs #33032]
0585235c 2188
01a44a77
SR		 2189- Add a check for too much whitespace in a config or lease file.
2190 Thanks to Paolo Pellegrino for finding the issue and a suggestion
2191 for the patch.
2192 [ISC-Bugs #33351]
0585235c 2193
01a44a77
SR		 2194- Fix several problems with using OMAPI to manipulate class and subclass
2195 objects.
2196 [ISC-Bugs #27452]
f4bc8261 2197
01a44a77
SR		 2198- Added a sleep call after killing the old client to allow time
2199 for the sockets to be cleaned. This should allow the -r option
2200 to work more consistently.
2201 [ISC-Bugs #18175]
33692791 2202
01a44a77
SR		 2203- Missing files for ISC DHCP Developer's Guide are now included in
2204 the release tarballs. To generate this documentation, please use
2205 make devel command in doc directory. [ISC-Bugs #32767]
928618dd 2206
01a44a77
SR		 2207- Update client script for use with openwrt.
2208 [ISC-Bugs #29843]
928618dd 2209
01a44a77
SR		 2210- Fix the socket handling for DHCPv6 clients to allow multiple instances
2211 of a client on a single machine to work properly. Previously only
2212 one client would receive the packets. Thanks to Jiri Popelka at Red Hat
2213 for the bug report and a potential patch.
2214 [ISC-Bugs #34784]
3c941d42 2215
01a44a77
SR		 2216- Added support for gentle shutdown after signal is received.
2217 [ISC-Bugs #32692] [ISC-Bugs 34945]
bdd8e747 2218
01a44a77
SR		 2219- Enhance the DHCPv6 server logging to include the addresses that are assigned
2220 to the clients.
2221 [ISC-Bugs #26377]
3da71461 2222
01a44a77
SR		 2223- Fix an operation in the DDNS code to be a bitwise instead of logical or.
2224 [ISC-Bugs #35138]
fdfebedf 2225
7aa153b8 2226
adbef119
DH		 2227 Changes since 4.1.0 (new features)
2228
d340bc24
DH		 2229- Failover port configuration can now be left to defaults (port 647) as
2230 described in the -12 revision of the Failover draft (and assigned by
4b97eaff 2231 IANA). Thanks in part to a patch from David Cantrell at Red Hat.
adbef119 2232
0829d595
DH		 2233- If configured, dhclient may now transmit to an anycast MAC address,
2234 rather than using a broadcast address. Thanks to a patch from David
2235 Cantrell at Red Hat.
2236
8a3c1e33
PS		 2237- Added client support for setting interface MTU and metric, thanks to
2238 Roy "UberLord" Marples <roy@marples.name>.
2239
a41d7a25
PS		 2240- Added client -D option to specify DUID type to send.
2241
9e3eb22a
DH		 2242- A new failover configuration parameter has been introduced for those
2243 environments where DHCP servers can be reasonably guaranteed to be
2244 "down" when the failover TCP socket is severed, "auto-partner-down".
2245 This parameter is not generally safe, and by default is disabled, so
2246 please carefully review the documentation of this parameter in the
2247 dhcpd.conf(5) manpage before determining to use it yourself.
2248
33ea4622
DH		 2249- Added a configuration function, 'gethostname()', which calls the system
2250 function of the same name and presents the results as a data expression.
2251 This function can be used to incorporate the system level hostname of
2252 the system the DHCP software is operating on in responses or queries (such
2253 as including a failover partner's hostname in a dhcp message or binding
2254 scope, or having a DHCP client send any system hostname in the host-name or
2255 FQDN options by default).
2256
5a671e87
DH		 2257- The dhcp-renewal-time and dhcp-rebinding-time options may now be configured
2258 for DHCPv4 operation and used independently of the dhcp-lease-time
2259 calculations. Invalid renew and rebinding times (e.g., greater than the
2260 determined lease time) are omitted.
2261
adb95d23 2262- Processing the DHCP to DNS server transactions in an asynchronous fashion,
45adf35c 2263 the DHCP server or client can now continue with its processing while
98bf1607 2264 awaiting replies from the DNS server.
c900c5b2
DH		 2265
2266- The 'hardware [ethernet|etc] ...;' parameter in host records has been
2267 extended to attempt to match DHCPv6 clients by the last octets of a
2268 DUID-LL or DUID-LLT provided by the client.
2269
59112e84
SR		 2270 Changes since 4.1.0 (bug fixes)
2271
62f6843d
MA		 2272- Remove infinite loop in token_print_indent_concat().
2273
59112e84
SR		 2274- Validate the argument to the -p option.
2275
47e6eb82
DH		 2276- The notorious 'option <unknown> ... larger than buffer' log line,
2277 which is seen in some malformed DHCP client packets, was modified.
2278 It now logs the universe name, and does not log the length values
2279 (which are bogus corruption read from the packet anyway). It also
2280 carries a hopefully more useful explanation.
2281
159c89d7
EH		 2282- Suppress spurious warnings from configure about --datarootdir
2283
1aa0fe5e
DH		 2284- A bug was fixed that caused the server not to answer some valid Solicit
2285 and Request packets, if the dynamic range covering any requested addresses
2286 had been deleted from configuration.
2287
cd51403d
SR		 2288- Update the code to deal with GCC 4.3. This included two sets of changes.
2289 The first is to the configuration files to include the use of
571c38b0 2290 AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
cd51403d
SR		 2291 were being ignored.
2292
64e1823d
DH		 2293- The db-time-format option was documented in manpages.
2294
26e59ee9
DH		 2295- Using reserved leases no longer results in 'lease with binding state
2296 free not on its queue' error messages, thanks to a patch from Frode
2297 Nordahl.
2298
70ea9345
PS		 2299- Fix a build error in dhcrelay, using older versions of gcc with
2300 dhcpv6 disabled.
2301
8d7dca58 2302- Two uninitialized stack structures are now memset to zero, thanks to a
4b97eaff 2303 patch from David Cantrell at Red Hat.
819186b7 2304
f4534b17
DH		 2305- Fixed a cosmetic bug where pretty-printing valid domain-search options would
2306 result in an erroneous error log message ('garbage in format string').
2307
f9453d21
DH		 2308- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
2309 to stop receiving packets is fixed. The same fix also means that the MAC
2310 address will no longer appear 'bogus' on DLPI-based systems.
2311
2312- A bug in select handling was discovered where the results of one select()
2313 call were discarded, causing the server to process the next select() call
2314 and use more system calls than required. This has been repaired - the
2315 sockets will be handled after the first return from select(), resulting in
2316 fewer system calls.
2317
a3dcc0b1
DH		 2318- The update-conflict-detection feature would leave an FQDN updated without
2319 a DHCID (still currently implemented as a TXT RR). This would cause later
2320 expiration or release events to fail to remove the domain name. The feature
2321 now also inserts the client's up to date DHCID record, so records may safely
2322 be removed at expiration or release time. Thanks to a patch submitted by
2323 Christof Chen.
2324
95fd7038
DH		 2325- Memory leak in the load_balance_mine() function is fixed. This would
2326 leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
2327 and in normal state.
2328
2329- Various compilation fixes have been included for the memory related
2330 DEBUG #defines in includes/site.h.
2331
8a3c1e33
PS		 2332- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
2333
2334- Fixed setting hostname in Linux hosts that require hostname argument
2335 to be double-quoted. Also allow server-provided hostname to
2336 override hostnames 'localhost' and '(none)'.
2337
dedde1ba
DH		 2338- Fixed failover reconnection retry code to continue to retry to reconnect
2339 rather than restarting the listener.
2340
a57df74a
DH		 2341- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
2342 been repaired. Other USE_ overrides should work better.
2343
2344- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
2345 that probably still resulted in the correct behaviour (but wouldn't use
2346 a larger defined value provided by the host OS).
2347
350576c5
DH		 2348- Fixed a bug where an OMAPI socket disconnection message would not result
2349 in scheduling a failover reconnection, if the link had not negotiated a
2350 failover connect yet (e.g.: connection refused, asynch socket connect()
2351 timeouts).
2352
792156a9
DH		 2353- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
2354 in failover state records.
2355
8a4e543b
DH		 2356! A stack overflow vulnerability was fixed in dhclient that could allow
2357 remote attackers to execute arbitrary commands as root on the system,
2358 or simply terminate the client, by providing an over-long subnet-mask
1b12d999 2359 option. CERT VU#410676 - CVE-2009-0692
8a4e543b 2360
a1308b64
DH		 2361- Fixed a bug where relay agent options would never be returned when
2362 processing a DHCPINFORM.
2363
1b12d999
DH		 2364- Versions 3.0.x syntax with multiple name->code option definitions is now
2365 supported. Note that, similarly to 3.0.x, for by-code lookups only the
2366 last option definition is used.
2367
d453265f
PS		 2368- Fixed a bug where a time difference of greater than 60 seconds between a
2369 failover pair could cause the primary to crash on contact with the
2370 secondary. Thanks to a patch from Steinar Haug.
2371
3e29af1e
PS		 2372- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
2373 Thanks to patches from Matthew Newton and David Cantrell.
2374
b8d45c67
DH		 2375- Secondary servers in a failover pair will now perform ddns removals if
2376 they had performed ddns updates on a lease that is expiring, or was
2377 released through the primary. As part of the same fix, stale binding scopes
2378 will now be removed if a change in identity of a lease's active client is
2379 detected, rather than simply if a lease is noticed to have expired (which it
2380 may have expired without a failover server noticing in some situations).
2381
583c1c16
DH		 2382- A patch supplied by David Cantrell at RedHat was applied that detects
2383 invalid calling parameters given to the ns_name_ntop() function.
2384 Specifically, it detects if the caller passed a pointer and size pair
2385 that causes the pointer to integer-wrap past zero.
2386
e4e3a2ab
DH		 2387! Fixed a fenceposting bug when a client had two host records configured,
2388 one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
95f5d38c 2389
875e99dc
SR		 2390- Fixed the check in the dhcp_interface_signal_handler routine to verify
2391 the existence of the linked signal handler before calling it.
2392
2267da84
DH		 2393- Both host and subnet6 configuration groups are now included whether a
2394 fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
2395 precedence. This fixes two bugs, one where host scoped configuration
2396 would not be included from a non-fixed-address6 host record, and the equal
2397 and opposite bug where subnet6 scoped configuration would not be used when
571c38b0 2398 over-riding values were not present in a matching fixed-address6 host
2267da84
DH		 2399 configuration.
2400
cd3f0b9b
DH		 2401- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
2402 correcting a compilation failure when using Sun's compiler.
2403
0493fdca
SR		 2404- Modified the handling of a connection to avoid releasing the omapi io
2405 object for the connection while it is still in use. One symptom from
2406 this error was a segfault when a failover secondary attempted to connect
2407 to the failover primary if their clocks were not synchronized.
2408
95bba8b6
SR		 2409- Clean up to allow compilation with gcc 2.95.4 on FreeBSD. Remove an
2410 extra semi-colon from common/dns.c and moved setting a variable to NULL
2411 in server/dhcpv6.c to allow the compiler to decide that the variable
9a111ee8 2412 was always properly set.
95bba8b6 2413
adbef119 2414 Changes since 4.1.0b1
ebf076fe
EH		 2415
2416- A missing "else" in dhcrelay.c could have caused an interface not to
2417 be recognized.
61d75ea2 2418
a4ffedd1
DH		 2419 Changes since 4.1.0a2
2420
2421- A cosmetic bug in DHCPDECLINE processing was fixed which caused all
2422 successful DHCPDECLINEs to be logged as "not found" rather than
2423 "abandoned".
2424
6ff3b26d
FD		 2425- Added configuration file examples for DHCPv6.
2426
1387545f
DH		 2427- Some failover debugging #defines have been better defined and some
2428 high frequency messages moved to a deeper debugging symbol.
2429
2430- The CLTT parameter in failover is now only updated by client activity,
2431 and not by failover binding updates (taking on the peer's CLTT).
2432
2433- Failover BNDUPD messages are now discarded if they conflict with an
d7ac7a27 2434 update that has been transmitted, but not acknowledged.
1387545f 2435
399d3dbe
DH		 2436- A bug cleaning up unknown-xxx temporary option definitions was fixed.
2437
fbcee149
DH		 2438- Delayed-ack is now a compile-time option, compiled out by default.
2439 This feature is simply too experimental for right now, and causes
2440 some problems to some failover installations. We will revisit this
2441 in future releases.
2442
f1672d89
DH		 2443- The !inet_pton() call in res_mkupdrec was adjusted to '<= 0' as
2444 inet_pton returns either 1, 0, or -1.
2445
236d3a99
DH		 2446- A dhclient-script for MacOS X has been included, which enables
2447 'dhclient -6' support.
2448
efa5e6b9
DH		 2449- DDNS removal routines were updated so that the DHCID is not removed until
2450 the client has been deprived of all A and AAAA records (not only the last
2451 one of either of those). This resolves a bug where dual stack clients
2452 would not be able to regain their names after either expiration event.
2453
7d6180be 2454 Changes since 4.1.0a1
edcb5c46
EH		 2455
2456- Corrected list of failover state values in dhcpd man page.
2457
51e7687f
EH		 2458- Fixed a bug that caused some request types to be logged incorrectly.
2459
20210a7b
EH		 2460- Clients that sent a parameter request list containing the
2461 routers option before the subnet mask option were receiving
2462 only the latter. Fixed.
2463
535485df
EH		 2464- The server wasn't always sending the FQDN option when it should.
2465
8fbb55ff
DH		 2466- A partner-down failover server no longer emits 'peer holds all free leases'
2467 if it is able to newly-allocate one of the peer's leases.
2468
61220a00
EH		 2469- Fixed a coredump when adding a class via OMAPI.
2470
c40e954c
EH		 2471- Check whether files are zero length before trying to parse them.
2472
63971a83
DH		 2473- Ari Edelkind's PARANOIA patch has been included and may be compiled in
2474 via two ./configure parameters, --enable-paranoia and
2475 --enable-early-chroot.
2476
66cebfcb
DH		 2477- ./configure was extended to cover many optional build features, such
2478 as failover, server tracing, debugging, and the execute() command.
2479
f8cbf390
DH		 2480- There is now a default 1/4 of a second scheduled delay between delayed
2481 fsync()'s, it can be configured by the max-ack-delay configuration
2482 parameter.
2483
8269561d
DH		 2484- A bug was fixed where the length of a hostname was miscalculated, so that
2485 hosts were given odd-looking domain names ("foo.bar.ba.example.com").
2486
b445a411
DH		 2487- Shared network selection should be done from the innermost relay
2488 valid link-address field, rather than the outermost.
2489
bd72740e
FD		 2490- Prefix pools are attached to shared network scopes.
2491
9322442f
FD		 2492- Merged IA_XX related structures.
2493
8dea7ba7
FD		 2494- Add DHCPv6 files in configure.
2495
4619c0a2
DH		 2496- A memory leak when using omapi has been fixed.
2497
9ac4206a
DH		 2498- DHCPv6 vendor-class options (VSIO) are now only sent when they appear
2499 on the DHCPv6 ORO. This resolves a bug where VSIO options were placed
2500 in IA_NA encapsulated options fields.
2501
420d8b3f
FD		 2502- Integrated client with stateless, temporary address and prefix delegation
2503 support.
2504
40ec5f38
DH		 2505- A double-dereference in dhclient transmission of DHCPDECLINEs was
2506 repaired.
2507
80097764
FD		 2508- Fix handling of format code 'Z'.
2509
ffbaa880
FD		 2510- Support "-1" argument in DHCPv6.
2511
7de20a95
EH		 2512- Merge DHCPv6-only "dhcrelay6" into general-purpose "dhcrelay" (use
2513 "-6" option to select DHCPv6 mode).
2514
d352732e
EH		 2515- Fix handling of -A and -a flags in dhcrelay; it was failing to expand
2516 packet size as needed to add relay agent options.
2517
7d6180be
DH		 2518- A bug in subnet6 parsing where options contained in subnet6 clauses would
2519 not be applied to clients addressed within that network was repaired.
2520
2521- When configuring a "subnet {}" or "subnet6 {}" without an explicit
2522 shared-network enclosing it, the DHCP software would synthesize a
2523 shared-network to contain the subnet. However, all configuration
2524 parameters within the subnet more intuitively belong "to any client
2525 on that interface", or rather the synthesized shared-network. So,
2526 when a shared-network is synthesized, it is used to contain the
2527 configuration present inside the subnet {} clause. This means that
2528 the configuration will be valid for all clients on that network, not
2529 just those addressed out of the stated subnet. If you intended the
2530 opposite, the workaround is to explicitly configure an empty
2531 shared-network.
2532
2533- A bug was fixed where Information-Request processing was not sourcing
2534 configured option values.
2535
2536- A warning was added since the DHCPv6 processing software does not yet
2537 support class statements.
2538
adb95d23 2539- Compilation warnings on GCC 4.3 relating to bootp source address
dd484ced
DH		 2540 selection were repaired.
2541
ecddae64
DH		 2542- The v6 BSD socket method was updated to use a single UDP BSD socket
2543 no matter how many interfaces are involved, differentiating the
2544 interfaces the packets were received on by the interface index supplied
2545 by the OS.
2546
2547- The relay agent no longer listens to the All DHCP Servers Multicast
2548 address.
2549
2550- A bug was fixed in data_string_sprintfa() where va_start was only called
2551 once for two invocations of vsprintf() variants.
2552
d104d45b
DH		 2553- ERO (RFC 4994) server support.
2554
2555- Basic and partial DHCPv6 leasequery support.
2556
2557- Reliable DHCPv6 release (previous behavior, send release and exit, is
2558 still available with dhclient -6 -1 -r).
2559
01a54c17 2560 Changes since 4.0.0 (new features)
3c12f746 2561
6d7f9584
FD		 2562- Added DHCPv6 rapid commit support.
2563
4cafb815 2564- Added explicit parser support for zero-length DHCP options, such as
6d7f9584 2565 rapid-commit, via format code 'Z'.
4cafb815 2566
022fe95e
EH		 2567- It's now possible to update the "ends" field of a lease with OMAPI.
2568 This is useful if you want not only to release a lease, but also make
2569 it available for reuse right away. Hat tip to Christof Chen.
2570
9a111ee8 2571- Fixed definition of the iaaddr hash functions to use the correct
1dcc3612
SK		 2572 functions when referencing and dereferencing memory.
2573
aabfa4de
FD		 2574- Some definitions not in phase with the IANA registry were updated.
2575
0674055a
FD		 2576- Allocated interface IDs are better controlled ('u' bit set to zero,
2577 reserved IDs avoided).
2578
b51c785f
FD		 2579- Unicast options are taken into account only for RENEWs.
2580
900405e9
FD		 2581- NoAddrsAvail answers to SOLICITs are always ADVERTISEs even when a SOLICIT
2582 carries a rapid-commit option.
2583
96b620e5
FD		 2584- Return in place of raise an impossible condition when one tries to release
2585 an empty active lease.
2586
be62cf06
FD		 2587- Timer granularity is now 1/100s in the DHCPv6 client.
2588
01a54c17
EH		 2589- The dhclient-script was updated to create a host route for the default
2590 gateway if the supplied subnet mask for an IPv4 address was a /32. This
2591 allows the client to work in 'captive' network environments, where the
2592 operator does not want clients to crosstalk directly.
2593
adb95d23 2594- MINUS tokens should be parsable again.
01a54c17
EH		 2595
2596- Multiple (up to "delayed-ack x;" maximum) DHCPv4 packets are now queued and
2597 released in bursts after single fsync() events when the upper limit is
2598 reached or if the receiving sockets go dry. The practical upshot is
2599 that fsync-coupled server performance is now multiplicitively increased.
2600 The default delayed ack limit is 28. Thanks entirely to a patch from
2601 Christof Chen.
2602
2603 Changes since 4.0.0 (bug fixes)
2604
2605- DHCP now builds on AIX.
2606
2607- Exit with warning when DHCPv6-specific statements are used in the
2608 config file but -6 is not specified.
2609
2610- Fixed "--version" flag in dhcrelay
2611
2612- The 'min-secs' configuration parameter's log message has been updated to
2613 be more helpful.
2614
2615- The warning logged when an address range doesn't fit in the subnets
2616 they were declared has been updated to be more helpful and identify the
2617 typo in configuration that created the spanning addresses.
2618
2619- A bug in failover pool rebalancing that caused POOLREQ message ping-pongs
2620 was repaired.
2621
2622- A flaw in failover pool rebalancing that could cause POOLREQ messages to
2623 be sent outside of the min-balance/max-balance scheduled intervals has
2624 been repaired.
2625
2626- A cosmetic bug during potential-conflict recovery that caused the peer's
2627 'conflict-done' state message to be logged as 'unknown-state' has been
2628 repaired. It is now logged correctly.
2629
49f61135
DH		 2630- A bug was fixed where the 'giaddr' may be used to find the client's subnet
2631 rather than its own 'ciaddr'.
2632
41d4652f
DH		 2633- A log message was introduced to clarify the situation where a failover
2634 'address' parameter (the server's local address) did not resolve to an
2635 IPv4 address.
2636
2c9bf1f4
DH		 2637- The minimum site code value was set to 224 in 3.1.0 to track RFC3942. This
2638 broke a lot of legacy site local configurations. The new code in place will
2639 track site local space minimum option codes and logs a warning to encourage
2640 updates and exploration of site local code migration problems. Option
2641 codes less than 128 in site local spaces remain inaccessible.
2642
2643- A possible relay agent option bug was repaired where random server
2644 initialization state may have been used to signal the relay agent
2645 information options sub-option code for the 'END' of the option space.
2646
cff9b78f
SK		 2647- Fixes to allow code to compile and run on Solaris 9.
2648
c4d29896
SK		 2649- Fixes to allow code to compile on Mac OS X Leopard (10.5).
2650
57fcb8d9
SK		 2651- When server is configured with options that it overrides, a warning is
2652 issued when the configuration file is read, rather than at the time the
2653 option is overridden. This was important, because the warning was given
9a111ee8 2654 every time the option was overridden, which could create a lot of
57fcb8d9
SK		 2655 unnecessary logging.
2656
219a65eb
DH		 2657- Fixed a compilation problems on platforms that define a value for FDDI,
2658 which conflicts with a dhcp configuration syntax token by the same name.
2659
ffdf3c8c
DH		 2660- When a failover server suspects it has encountered a peer running a
2661 version 3.0.x failover server, a warning that the failover wire protocol
2662 is incompatible is printed.
2663
2664- The failover server no longer issues a floating point error if it encounters
2665 a previously undefined option code.
2666
00a002fc
MA		 2667- Fix startup error messages to report a missing "subnet6 declaration", rather
2668 than a missing "subnet declaration", when running as a DHCPv6 server.
2669
9a111ee8 2670- DHCPv6 client timestamp in DUID was based on the year 1970 rather
7e9f7a1b
FD		 2671 than the year 2000.
2672
e2cfde76
FD		 2673- Warn when attempting to use a hardware parameter in DHCPv6.
2674
cabdb9b1
FD		 2675- DHCPv6 released resources are now marked as released by the client.
2676
5d89d60f
FD		 2677- 'Soft' bindings have no more side-effects.
2678
61d75ea2
DH		 2679 Changes since 4.0.0b3
2680
2681- The reverse dns name for PTR updates on IPv6 addresses has been fixed to
2682 use ip6.arpa. rather than default to in-addr.arpa and require user
2683 configuration.
76db44f9 2684
e32529a5
EH		 2685- dhc6_lease_destroy() and dhc6_ia_destroy() now set lease and IA pointers
2686 to NULL after freeing, to prevent subsequent accesses to freed memory.
2687
9a111ee8 2688- The DHCPv6 server would not send the preference option unless the
76db44f9
SK		 2689 client requested it, via the ORO. This has been fixed, so the DHCPv6
2690 server will always send the preference value if it is configured.
e4a6be15 2691
9a111ee8
TM		 2692- When addresses were passed as hints to the server in an IA, they were
2693 incorrectly handled, sometimes being treated as an error. Now the
6f76de58
SK		 2694 server will treat these as hints and ignore them if it cannot supply
2695 a requested address.
2696
703873ab
DH		 2697- If the client had multiple addresses, and one expired (was not renewed
2698 by the server), the client would continue to attempt to renew the same
2699 old address over and over. Now, the client will omit any expired
2700 addresses from future Confirm, Renew, or Rebind messages.
2701
2702- dhclient -6 will now select renew/rebind timers based upon the longest
2703 address expiration time rather than the shortest expiration time, in
2704 order to avoid cascading renewals in the event a server elects not to
2705 extend one of multiple IAADDR leases.
2706
b024480e
DH		 2707- The server now limits clients that request multiple addresses to one
2708 address per IA by default, which can be adjusted through the
2709 "limit-addrs-per-ia" configuration option.
2710
c0216cb7
DH		 2711- The DHCPv6 client now issues fresh transaction IDs on Renew and Rebind
2712 message exchanges, rather than using the most recent ID.
2713
1ac57173
FD		 2714- The DHCPv6 server now replies to Information-Request messages.
2715
83835822
DH		 2716- A bug was fixed in the dhclient-script for BSDs to correctly carry error
2717 codes through some conditions.
2718
c54db708
FD		 2719- The parsing of some options in the dhclient lease file, in particular
2720 the success DHCPv6 status-code, was fixed.
2721
e5d83524
DH		 2722- A bug was fixed that caused the DHCPv6 ORO option to be corrupted with
2723 seemingly random values.
2724
821f2dda
DH		 2725- A reference overleak in DHCPv6 shared network processing was repaired.
2726
f8b3c6f4
DH		 2727- ./configure now autodetects local database locations rather than trying
2728 to put dhcpd.leases and dhclient.leases in /usr/local/var/db, which no
2729 one ever has.
2730
9a111ee8
TM		 2731- Regression fix for bug where server advertised a IPv6 address in
2732 response to a SOLICIT but would not return the address in response
b9137d42
SK		 2733 to a REQUEST.
2734
9f1d5a2f
DH		 2735- A bug was fixed where the DHCPv6 server puts the NoAddrsAvail status
2736 code in the IA_NA was fixed. The status code now appears in the root
2737 level.
2738
e4a6be15
DH		 2739 Changes since 4.0.0b2
2740
65cf86d7
EH		 2741- Clarified error message when lease limit exceeded
2742
b1d3778c
DH		 2743- Relative time may now be used as a qualifier for 'allow' and 'deny' access
2744 control lists. These directives may be used to assist in re-addressing
2745 address pools without having to constantly reconfigure the server. Please
2746 see 'man dhcpd.conf' for more information on allow/deny 'after time' syntax.
2747 Thanks to a patch from Christof Chen.
2748
bead14ea
DH		 2749- The server will now include multiple IA_NA's and multiple IAADDRs within
2750 them, if advertised by the client. It still only seeks to allocate one
2751 new address.
2752
f765ec36
SK		 2753 Changes since 4.0.0b1
2754
75135a3f 2755- Use different paths for PID and lease files when running in DHCPv4
adb95d23 2756 or DHCPv6 mode, so that servers for both protocols can be run
75135a3f
EH		 2757 simultaneously on a single interface.
2758
5c2d55c7
EH		 2759- Fixed a buffer overflow error which could have allowed a denial
2760 of service under unusual server configurations
2761
2762- Eliminated a spurious error message from the client
2763
9a111ee8 2764- A number of bugs with the internal handling of lease state on the
f765ec36 2765 server have been fixed. Some of these could cause server crashes.
fa9b593d 2766
edb1283e
DH		 2767- The peer_wants_leases() changes pulled up from 3.1.0 were corrected,
2768 'never used' leases will no longer consistently shift between servers
2769 on every pool rebalance run.
2770
c71c6399
DH		 2771- sendmsg()/recvmsg() control buffers are now declared in such a way to
2772 ensure they are correctly aligned on all (esp. 64-bit) architectures.
2773
5279b8f3
DH		 2774- The client leasing subsystem was streamlined and corrected to account
2775 more closely for changes in client link attachment selection.
2776
ab3a540f 2777 Changes since 4.0.0a3
763cba6b 2778
9a111ee8 2779- The DHCP server no longer requires a "ddns-update-style" statement,
884a458f
SK		 2780 and now defaults to "none", which means DNS updates are disabled.
2781
fa9b593d
DH		 2782- Log messages when failover peer names mismatch have been improved to
2783 point out the problem.
2784
9a111ee8 2785- Bug where server advertised a IPv6 address in response to a SOLICIT
1b5053b5
SK		 2786 but would not return the address in response to a REQUEST. Thanks to
2787 Dennis Kou for finding the bug.
2788
c886c298
SK		 2789- Fixed an error causing the server to lock up on lease expiration,
2790 reported independently by Jothilingam Vasu and Dennis Kou.
2791
eaf7eb17
DH		 2792- Fixed a ./configure bug where compile tests were failing due to
2793 "-Werror" (unused variable) rather than the actual test failure. Lead
2794 to inconsistent and unworkable auto-configurations.
2795
109e00db
DH		 2796- Compilation with DLPI and -Werror has been repaired.
2797
9a111ee8 2798- Error in decoding IA_NA option if multiple interfaces are present
3ad9d48f
SK		 2799 fixed by Marcus Goller.
2800
8eab95f2
DH		 2801- DHCPv6 server Confirm message processing has been enhanced - it no
2802 longer replies only to clients with host {} records, it now replies
2803 as directed in RFC3315 section 18.2.2 - that is, to all clients
2804 regardless of the existence of bindings.
2805
07b9a351
DH		 2806- A core dump during expired lease cleanup has been repaired.
2807
7285af30
DH		 2808- DDNS updates state information are now stored in 'binding scopes' that
2809 follow the leases through their lifecycles. This enables DDNS teardowns
2810 on leases that are assigned and expired inbetween a server restart (the
2811 state is recovered from dhcpd.leases). Arbitrary user-specified binding
2812 scopes ('set var = "value";') are not yet supported.
2813
2394b26b
DH		 2814- Additional compilation problems on HP/UX have been repaired.
2815
ab3a540f
SK		 2816 Changes since 4.0.0a2
2817
97050349
SK		 2818- Fix for startup where there are no IPv4 addresses on an interface.
2819 Thanks to Marcus Goller for reporting the bug.
2820
763cba6b 2821- Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
e889ded1 2822
237f8d3a 2823- Bug in server configuration parser caused server to get stuck on
9a111ee8 2824 startup for certain bad pool declarations. Thanks to Guillaume
237f8d3a
SK		 2825 Knispel for the bug report and fix.
2826
28868515
SK		 2827- Code cleaned to remove warnings reported by "gcc -Wall".
2828
d00d373a
SK		 2829- DHCPv6 is now the default. You can disable DHCPv6 support using the
2830 "--disable-dhcpv6" flag when you run the configure script.
2831
8dfd5744
DH		 2832- An internal database inconsistency bug was repaired where the server
2833 would segfault if a client attempted to renew a lease that had been
2834 loaded from persistent storage.
2835
45d545f0 2836- 'request' and 'also request' syntaxes have been added to accommodate
0c20eab3
DH		 2837 the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
2838 necessary.
2839
9a111ee8
TM		 2840- Bug fixed where configuration file parsing did not work with
2841 zero-length options; this made it impossible to set the
f800f4f6
SK		 2842 rapid-commit option.
2843
845e9677
DH		 2844- Bogus messages about host records with IPv4 fixed-addresses being of
2845 non-128-bits in length were removed.
2846
76c944da
SK		 2847 Changes since 4.0.0a1
2848
71765b58
SK		 2849- Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
2850 and fix.
2851
847e7000
SK		 2852- Autoconf now supplies proper flags for Solaris DHCPv6 builds.
2853
bda33169
SK		 2854- Fix for parsing error on some IPv6 addresses.
2855
9b21e73e
SK		 2856- Invalid CIDR representation for IPv6 subnets or ranges now checked
2857 for when loading configuration.
2858
8da06bb1
DH		 2859- Compilation on HP/UX has been repaired. The changes should generally
2860 apply to any architecture that supplies SIOCGLIFCONF but does not
2861 use 'struct lifconf' structures to pass values.
2862
dd328225
DH		 2863- Two new operators, ~= and ~~, have been integrated to implement
2864 boolean matches by regular expression (such as may be used in
2865 class matching statements). Thanks to a patch by Alexandr S.
2866 Agranovsky, which underwent slight modification.
2867
76c944da
SK		 2868- Fix for icmp packets on 64-bit systems (bug introduced in 4.0).
2869
f796f70a
DH		 2870- A bug was fixed in interface discovery wherein an error identifying
2871 a server-configured interface with no IPv4 addresses would SEGV.
76c944da 2872
c11f349d
EH		 2873- Fixed a bug in which write_lease() might report a failure incorrectly
2874
af5fa176
EH		 2875- Added support for DHCPv6 Release messages
2876
2877- Added -x option to dhclient, which triggers dhclient processes
2878 to exit gracefully without releasing leases first
2879
a546f2a7
EH		 2880- All binaries (client, server, relay) now change directories
2881 to / before going into daemon mode, so as not to hold $CWD open
2882
b55d0d5f
EH		 2883- Fixed a bug parsing DHCPv6 client-id's in host-identifier statements
2884
26be82af
DH		 2885- Fixed a bug with the 'ddns-updates' boolean server configuration
2886 parameter, which caused the server to fail.
2887
98bd7ca0
DH		 2888 Changes since 4.0.0-20070413
2889
d9b43370
SK		 2890- Old (expired) leases are now cleaned.
2891
8c1752d2
DH		 2892- IPv6 subnets now have support for arbitrary allocation ranges via
2893 a new 'range6' configuration directive.
2894
98bd7ca0
DH		 2895- An obviated option code hash lookup to find D6O_CLIENTID was removed.
2896
a512d11b
DH		 2897- Corrected some situations where variables might be used without being
2898 initialized.
2899
2900- Silenced several other compiler warnings.
2901
2902- Include the more standard sys/uio.h rather than rely upon other
f66f02cc
DH		 2903 header files to include it (fixes a BSD 4.2 compile failure).
2904
2905- Duplicate dhclient-script updates for DHCPv6 to all provided scripts.
a512d11b 2906
4ba58919
DH		 2907- DHCPv4 I/O methods that failed to sense hardware address were corrected.
2908
2909- DHCPv4 is now the default (as documented) rather than DHCPv6. The default
2910 was set to DHCPv6 to facilitate ease early development, and forgotten.
2911
2912- Corrected a segmentation violation in DHCPv4 socket processing.
2913
8ea19a71 2914- dhclient will now fork() into the background once it binds to an
45d545f0 2915 IPv6 address, or immediately if the -n flag is supplied.
8ea19a71
DH		 2916
2917- -q is now the default behaviour on dhclient, with -d or -v enabling
2918 non-quiet (stderr logging) mode.
2919
2cf8d0bd
DH		 2920- Fix documentation of the domain-search atom (quoted, with commas).
2921
2922- Document DHCPv6 options presently in the default table.
2923
fe5b0fdd
DH		 2924- Replaced ./configure shellscripting with GNU Autoconf.
2925
98bd7ca0
DH		 2926 Changes since 3.1.0 (NEW FEATURES)
2927
2928- DHCPv6 Client and Server protocol support. Use '-6' to run the daemons
2929 as v6-only. Use '-4' to run the daemons as v4-only (default. There is
2930 no support currently for both.
2931
2932- Server support for multiple IA_NA options, containing at most one
2933 IAADDR option.
2934
2935- Client support for one IA_NA option, containing any number of IAADDR
2936 options.
2937
2938- Server support for the DHCPv6 Information-request message.
2939
2940- Inappropriate unicast DHCPv6 messages sent to the server are now
2941 discarded, and this has rearchitected the IO system slightly.
2942
2943- The DHCPv6 server DUID defaults to type 1, is persistently stored in
2944 the leases database, and can be over-ridden (either completely, or by
2945 specifying type 1 or type 2).
2946
2947- The server only uses Rapid-Commit if it has been configured with the
2948 Rapid-Commit option and the client requests it.
2949
2950- DDNS support. We now update AAAA records in the same place we would
2951 update A records, if we have an IPv6 address. We also generate IP6.ARPA
2952 style names for PTR records if we're dealing with an IPv6 address. Both
2953 A and AAAA updates are done using the same 'fqdn.' virtual option space
2954 (although the DHCPv4 FQDN and DHCPv6 FQDN options are formatted
2955 differently, they both use the same code here).
2956
2957- The Linux dhclient-script attempts to set and remove assigned addresses,
2958 and to configure /etc/resolv.conf from nameserver and domain name
2959 configurations. It can be extended to configure other parameters.
2960
2961- Initial DHCPv6 lease support.
2962
2963- The IO system now tracks all local IP addresses, so that the DHCP
2964 applications (particularly the dhcrelay) can discern between what frames
2965 were transmitted to it, and what frames are being carried through it which
2966 it should not intercept.
2967
1418fd11
DH		 2968 Changes since 3.1.0 (Maintenance)
2969
2970- A bug was repaired where MAC Address Affinity for virgin leases always
2971 mapped to the primary. Virgin leases now have an interleaved preference
2972 between primary and secondary.
2973
2974- A bug was repaired where MAC Address Affinity for clients with no client
2975 identifier was sometimes mishashed to the peer. Load balancing during
2976 runtime and pool rebalancing were opposing.
2977
aa3e348e
DH		 2978- An assertion in lease counting relating to reserved leases was repaired.
2979
e9c59645
DH		 2980- The subnet-mask option inclusion now conforms with RFC2132 section 3.3;
2981 it will only appear prior to the routers option if it is present on the
2982 Parameter-Request-List. The subnet-mask option will also only be
2983 included by default (if it is not on the PRL) in response to DISCOVER
2984 or REQUEST messages.
2985
2986- The FQDN option is only supplied if the client supplied an FQDN option or
2987 if the FQDN option was explicitly requested on the PRL.
2988
c104546d
DH		 2989- Dynamic BOOTP leases are now load balanced in failover.
2990
b9d0cc05
DH		 2991 Changes since 3.1.0rc1
2992
adb95d23 2993- The parse warning that 'deny dynamic bootp;' must be configured for
b9d0cc05
DH		 2994 failover protected subnets was removed.
2995
a512cc3a
DH		 2996 Changes since 3.1.0b2
2997
2998- Failover rebalance events no longer play ping pong with round errors
2999 (moving leases between free and back to backup where there are an
3000 odd number of leases).
3001
3002- The 'pool' log line has been split into two messages, one before the
3003 rebalance run, and one after.
3004
3005- Any queued BNDACKs are transmitted before transmitting new BNDUPDs.
3006 This enforces the correct sequence of events for the remote server
3007 processing these messages.
3008
fe5b0fdd 3009 Changes since 3.1.0b1
27837f95 3010
74dc3e0b
EH		 3011- Fixed a bug that caused OMAPI clients to freeze when opening lease
3012 objects.
3013
1ba87b37
EH		 3014- A new server config option "fqdn-reply" specifies whether the server
3015 should send out option 81 (FQDN). Defaults to "on". If set to "off",
3016 the FQDN option is not sent, even if the client requested it. This is
3017 needed because some clients misbehave otherwise. Thanks to Christof Chen
3018 at Allianz.
3019
a58da042
EH		 3020- Allow trace output files (-tf option) to be overwritten, rather than
3021 crashing dhcpd if the file already exists
3022
61252edf
EH		 3023- A bug was fixed that caused dhcpd to segfault if a pool was declared
3024 outside the scope of a subnet in dhcpd.conf.
3025
27837f95
DH		 3026- Some uninitialized values were repaired in dhcpleasequery.c that
3027 caused the server to abort.
3028
4d2eaafb
DH		 3029- A new server config option, 'do-reverse-updates', has been added
3030 which causes the server to abstain from performing updates on PTR
3031 records. Thanks to a patch from Christof Chen at Allianz.
3032
06211b40
DH		 3033- A bug was repaired in subencapsulation support, where spaces separated
3034 by empty spaces would not get included.
3035
d6614ea2
DH		 3036- A bug in dhclient was repaired which caused it to send parameter request
3037 lists of 55 bytes in length no matter how long the declared PRL was.
3038
132d38f2
DH		 3039- 'dhcp.c(3953): non-null pointer' has been repaired. This fixes a flaw
3040 wherein the DHCPv4 server may ignore a configured server-identifier.
3041
fc3b9c90
DH		 3042- A flaw in failover startup sequences was repaired that sometimes left
3043 the primary DHCP server's pool rebalance schedules unscheduled.
3044
c9feb859
DH		 3045- Corrected a flaw that broke encapsulated spaces included due to presence
3046 on the parameter request list.
3047
c57db45c
SK		 3048 Changes since 3.1.0a3
3049
3050- Some spelling fixes.
98311e4b 3051
bd2bc2fa
DH		 3052 Changes since 3.1.0a2
3053
3054- A bug was fixed where attempting to permit leasequeries results in a
3055 fatal internal error, "Unable to find server option 49".
3056
85edef5c
DH		 3057- A bug was fixed in dhclient rendering the textual output form of the
3058 domain-search option syntax.
3059
bdddcb7d
DH		 3060 Changes since 3.1.0a1
3061
3062- A bug in the FQDN universe that added FQDN codes to the NWIP universe's
3063 hash table was repaired.
3064
616d67cb
DH		 3065- The servers now try harder to transmit pending binding updates when
3066 entering normal state.
3067
3068- UPDREQ/UPDREQALL handling was optimized - it no longer dequeues and
3069 requeues all pending updates. This should reduce the number of spurious
66c8f734
DH		 3070 'xid mismatch' log messages.
3071
3072- An option definition referencing leak was fixed, which resulted in early
3073 termination of dhclient upon the renewal event.
616d67cb 3074
6708d944
DH		 3075- Some default hash table sizes were tweaked, some upwards, some downwards.
3076 3.1.0a1's tables resulted in a reduction in default server memory use.
3077 The new selected values provide more of a zero sum (increasing the size
3078 of tables likely to be populated, decreasing the size of tables unlikely).
3079
45d545f0 3080- Lease structures appear in three separate hashes: by IP address, by UID,
6708d944
DH		 3081 and by hardware address. One type of table was used for all three, and
3082 improvements to IP address hashing were applied to all three (so UID and
3083 hardware addresses were treated like 4-byte integers). There are now two
3084 types of tables, and the uid/hw hashes use functions more appropriate
3085 to their needs.
3086
3087- The max-lease-misbalance percentage no longer causes scheduled rebalance
3088 runs to be skipped: it still governs the schedule, but every scheduled
3089 run will attempt balance.
3090
a7ee93fe
DH		 3091- A segfault bug in recursive encapsulation support has been corrected.
3092
98311e4b
DH		 3093 Changes since 3.0 (New Features)
3094
3095- A workaround for certain STSN servers that send a mangled domain-name
3096 option was introduced for dhclient. The client will now accept corrupted
3097 server responses, if they contain a valid DHCP_MESSAGE_TYPE (OFFER, ACK,
3098 or NAK). The server will continue to not accept corrupt client packets.
3099
98bd7ca0 3100- Support for 'reserved' (pseudo-static) and BOOTP leases via failover
a55ccdd0 3101 was introduced.
98311e4b
DH		 3102
3103- Support for adding, removing, and managing class and subclass statements
3104 via OMAPI.
3105
a55ccdd0
DH		 3106- The failover implementation was updated to comply with revision 12 of
3107 the protocol draft.
3108
98311e4b
DH		 3109- 'make install' now creates the initial zero-length dhcpd.leases file if
3110 one does not already exist on the system.
3111
b43c87ad 3112- RFC3942 compliance, site-local option spaces start at 224 now, not 128.
b43c87ad 3113
0b17f049
DH		 3114- The Load Balance Algorithm was misimplemented. The current implementation
3115 matches RFC 3074.
3116
2727c1cf
DH		 3117- lcase() and ucase() configuration expressions have been added which adjust
3118 their arguments from upper to lower and lower to upper cases respectively.
2714a8ef 3119 Thanks to a patch from Albert Herranz.
2727c1cf 3120
febbd402
DH		 3121- The dhclient 'reject ...;' statement, which rejects leases given by named
3122 server-identifiers, now permits address ranges to be specified in CIDR
7d7073e7 3123 notation. Thanks to a patch from David Boyce.
febbd402 3124
ee912528
DH		 3125- The subnet-mask option is now supplied by default, but at lowest
3126 priority. This helps a small minority of clients that provide parameter
3127 request lists, but do not list the subnet-mask option because they were
3128 designed to interoperate with a server that behaves in this manner.
3129
3130- The FQDN option is similarly supplied even if it does not appear on the
3131 parameter request list, but not to the exclusion of options that do
3132 appear at the parameter request list. Up until now it had ultimate
3133 priority over the client's parameter request list.
3134
f7fdb216 3135- Varying option space code and length bit widths (8/16/32) are now
51202707 3136 supported. This is a milestone in achieving RFC 3925 "VIVSO" and
f7fdb216
DH		 3137 DHCPv6 support.
3138
5e864416
DH		 3139- A new common (server or client) option, 'db-time-format local;', has
3140 been added which prints the local time in /var/db/dhcpd.leases rather
3141 than UTC. Thanks to a patch from Ken Lalonde.
3142
b500bd4c
DH		 3143- Some patches to improve DHCP Server startup speed from Andrew Matheson
3144 have been incorporated.
3145
2426234f
DH		 3146- Failover pairs now implement 'MAC Affinity' on leases moving from the
3147 active to free states. Leases that belonged to the failover secondary
3148 are moved to BACKUP state rather than FREE upon exiting EXPIRED state.
3149 If lease rebalancing must move leases, it tries first to move leases
3150 that belong to the peer in need.
3151
3152- The server no longer sends POOLREQ messages unless the pool is severely
3153 misbalanced in the peer's favor (see 'man dhcpd.conf' for more details).
3154
3155- Pool rebalance events no longer happen upon successfully allocating a
3156 lease. Instead, they happen on a schedule. See 'man dhcpd.conf' for the
3157 min-balance and max-balance statements for more information.
3158
334bf491
DH		 3159- The DHCP Relay Agent Information Option / Link Selection Sub-Option
3160 is now supported. (See RFC3527 for details).
3161
3004bebf
DH		 3162- A new DDNS related server option, update-conflict-detection, has been
3163 added. If this option is enabled, dhcpd will perform normal DHCID
3164 conflict resolution (the default). If this option is disabled, it will
3165 instead trust the assigned name implicitly (removing any other bindings
3166 on that name). This option has not been made available in dhclient.
3167
567e8561
DH		 3168- In those cases where the DHCP software manufactures an IP header (to
3169 transmit via bpf, lpf, etc), the IP TTL the software selects has been
3170 increased from 16 to 128. This is intended to match Microsoft Windows
3171 DHCP Client behaviour, to increase compatibility.
3172
a396d25f
DH		 3173- 'ignore client-updates;' now has behaviour that is different from
3174 'deny client-updates;'. The client's request is not truly ignored,
3175 rather it is encouraged. Should this value be configured, the server
3176 updates DNS as though client-updates were set to 'deny'. That is, it
3177 enters into DNS whatever it is configured to do already, provided it is
3178 configured to. Then it sends a response to the client that lets the
3179 client believe it is performing client updates (which it will), probably
3180 for a different name. In essence, this lets the client do as it will,
3181 ignoring this aspect of their request.
3182
dba5803b
DH		 3183- Support for compressed 'domain name list' style DHCP option contents, and
3184 in particular the domain search option (#119) was added.
3185
41e45067 3186- The DHCP LEASEQUERY protocol as defined in RFC4388 is now implemented.
6d103865
SK		 3187 LEASEQUERY lets you query the DHCP server for information about a lease,
3188 using either an IP address, MAC address, or client identifier. Thanks
3189 to a patch from Justin Haddad.
3190
41e45067
DH		 3191- DHCPD is now RFC2131 section 4.1 compliant (broadcast to all-ones ip and
3192 ethernet mac address) on the SCO platform specifically without any strange
3193 ifconfig hacks. Many thanks go to the Kroger Co. for donating the
3194 hardware and funding the development.
6d103865 3195
b543fea9
DH		 3196- A new common configuration executable statement, execute(), has been
3197 added. This permits dhcpd or dhclient to execute a named external
3198 program with command line arguments specified from other configuration
3199 language. Thanks to a patch written by Mattias Ronnblom, gotten to us
3200 via Robin Breathe.
3201
b22de500
DH		 3202- A new dhcp server option 'adaptive-lease-time-threshold' has been added
3203 which causes the server to substantially reduce lease-times if there are
3204 few (configured percentage) remaining leases. Thanks to a patch submitted
3205 from Christof Chen.
3206
96bbe8c5
SK		 3207- Encapsulated option spaces within encapsulated option spaces is now
3208 formally supported.
3209
b8221d95
DH		 3210 Changes since 3.0.6rc1
3211
3212- supersede_lease() now requeues leases in their respective hardware
3213 address hash bucket. This mirrors client identifier behaviour.
3214
c1e6c832
DH		 3215 Changes since 3.0.5
3216
f546c28b
DH		 3217- Assorted fixes for broken network devices: Packet length is now
3218 determined from the IP header length field to finally calculate the
3219 UDP payload length, because some NIC drivers return more data than
5a22eb63 3220 they actually received.
f546c28b
DH		 3221
3222- UDP packets are now stored in aligned data structures.
3223
c1e6c832
DH		 3224- A logic error in omapi interface code was repaired that might result in
3225 incorrectly indicating 'up' state when any flags were set, rather than
23e10d37
DH		 3226 specifically the INTERFACE_REQUESTED flag. Thanks to a patch from
3227 Jochen Voss which got to us via Andrew Pollock at Debian.
c1e6c832 3228
75ab3070
DH		 3229- A reference leak on binding scopes set by ddns updates was repaired.
3230
d69fb6a8 3231- A memory leak in the minires_nsendsigned() function call was repaired.
23e10d37 3232 Effectively, this leaked ~176 bytes per DDNS update.
d69fb6a8 3233
02428754
DH		 3234- In the case where an "L2" DHCP Relay Agent (one that does not set giaddr)
3235 was directly attached to the same broadcast domain as the DHCP server,
3236 the RFC3046 relay agent information option was not being returned to the
3237 relay in the server's replies. This was fixed; the dhcp server no longer
3238 requires the giaddr to reply with relay agent information. Note that
3239 this also improves compatibility with L2 devices that "intercept" DHCP
3240 packets and expect relay agent information even in unicast (renewal)
23e10d37
DH		 3241 replies. Thanks to a patch from Pekka Silvonen.
3242
3243- A bug was fixed where the BOOTP header 'sname' field had a value, the
3244 copy written to persistent storage was actually the contents of the
3245 'file' field.
02428754 3246
ecde99a3
DH		 3247- A bug was fixed where the nwip virtual option space was referencing
3248 the fqdn option's virtual option space's option cache.
3249
67674ffb
DH		 3250- Timestamp parsing errors that indicated missing "minutes" fields rather
3251 than the actually missing "seconds" fields have been repaired thanks to
3252 a patch from Kevin Steves.
3253
830ebc4c
DH		 3254- A grammar error in the dhclient.8 manpage was repaired thanks to a patch
3255 from Chris Wagner.
3256
c759db75
DH		 3257- Several spelling typos were repaired, and some cross-references to other
3258 relevant documents were included in the manpages, thanks to a patch
3259 by Andrew Pollock which got to us via Tomas Pospisek.
3260
9aa3f3a5
DH		 3261- Some bugs were fixed in the 'emergency relay agent options hologram'
3262 which is used to retain relay agent option contents from when the
3263 client was in INIT or REBIND states. This should solve problems where
3264 relay agent options were not echoed from the server, even when giaddr
3265 was set.
3266
3d0c598a
DH		 3267- dhclient now closes its descriptor to dhclient.leases prior to executing
3268 dhclient-script. Thanks to a patch from Tomas Pospisek.
3269
d5b6835f
DH		 3270- The server's "by client-id" and "by hardware address" hash table lists
3271 are now sorted according to the preference to re-allocate that lease to
3272 returning clients. This should eliminate pool starvation problems
3273 arising when "INIT" clients were given new leases rather than presently
3274 active ones.
3275
02428754 3276 Changes since 3.0.5rc1
0a73b7b6 3277
901306d5 3278- A bug was repaired in fixes to the dhclient, which sought to run the
0a73b7b6
SK		 3279 dhclient-script with the 'EXPIRE' state should it receive a NAK in
3280 response to a REQUEST. The client now iterates the PREINIT state
3281 after the EXPIRE state, so that interfaces that might be configured
3282 'down' can be brought back 'up' and initialized.
3283
87a08ccc
DH		 3284- DHCPINFORM handling for clients that properly set ciaddr and come to the
3285 server via a relay aget has been repaired.
3286
6da113fb
DH		 3287 Changes since 3.0.4
3288
3289- A warning that host statements declared within subnet or shared-network
3290 scopes are actually global has been added.
3291
3292- The default minimum lease time (if min-lease-time was not specified)
3293 was raised from 0 to 300. 0 is not thought to be sensible, and is
3294 known to be damaging.
3295
3296- Added additional fatal error sanity checks surrounding lease binding
3297 state count calculations (free/active counts used for failover pool
3298 balancing).
3299
dcc557db
DH		 3300- Some time value size fixes in 3.0.4 brought on from FreeBSD /usr/ports were
3301 misapplied to server values rather than client values. The server no longer
3302 advertises 8-byte lease-time options when on 64-bit platforms.
3303
1b2ab55f
DH		 3304- A bug where leases not in ACTIVE state would get billed to billed classes
3305 (classes with lease limitations) was fixed. Non-active leases OFFERed
3306 to clients are no longer billed (but billing is checked before offering).
3307
e48891e8
DH		 3308- The dhcpd.conf.5 manpage was updated in regard to the ddns-domainname
3309 configuration option - the default configuration and results should be
3310 more clear now.
3311
6cbc6629
DH		 3312- If the dhclient were to receive a DHCPNAK while it was in the RENEW
3313 state (and consequently, had an active, 'bound' address and related
3314 configuration options), it would fail to 'tear down' this information
3315 before proceeding into INIT state. dhclient now iterates the dhclient-
3316 script with the 'EXPIRE' action to cause these teardowns prior to entering
1d3bfb17 3317 INIT state. Thanks to a patch from Chris Zimmerman.
6cbc6629 3318
c5fec5fa
DH		 3319- The omapi.1 manpage had some formatting errors repaired thanks to a patch
3320 from Yoshihiko Sarumaru.
3321
33e1cb2b
DH		 3322- A few lines of code that were failover-specific were moved within
3323 #if defined() clauses so that compilation without failover could be
3324 made possible.
3325
2bddf829
DH		 3326- The log message emitted when the 'leased-address' value was not available
3327 in dhcpd.conf "executable statements" has been updated to be more helpful.
3328 Manpage information for this value has also been updated.
3329
87578987
DH		 3330- Abandoned or dissociated (err condition) leases now remove any related
3331 dynamic dns bindings. Thanks to a patch from Patrick Schoo.
3332
e77c575f
DH		 3333- Attempting to write a new lease file to replace a corrupt (due to
3334 encountering non-retryable errors during writing) lease file should
3335 no longer result in an infinite recursion.
3336
2178df03
DH		 3337- Host declaration hardware addresses and client identifiers may only be
3338 configured once. dhcpd will now fail to load config files that specify
3339 multiple identifiers (previous versions would silently over-ride the
3340 value with the later configured value).
3341
d5341d9b
SK		 3342- Several option codes that have been allocated since our last release
3343 have been named and documented.
3344
3345- Option names of the form "unknown-123" have been removed from the in-
3346 memory hash tables. In order to support options of these names that
3347 may appear in dhclient.leases or similar in previous versions, the
3348 parser will now find the new option code definition, or mock up a
3349 generic option code definition. This should result in a smooth
3350 transition from one name to the other, as the new name is used to
3351 write new output.
3352
6da113fb
DH		 3353 Changes since 3.0.4rc1
3354
3355- The dhcp-options.5 manpage was updated to correct indentation errors
3356 thanks to a patch from Jean Delvare.
3357
3358 Changes since 3.0.4b3
3359
3360- Some manual pages were clarified pursuant to discussion on the dhcp-server
3361 mailing list.
3362
88cd8aca
DH		 3363 Changes since 3.0.4b2
3364
45d545f0 3365- Null-termination sensing for certain clients that unfortunately require
88cd8aca
DH		 3366 it in DHCPINFORM processing was repaired.
3367
3368- The host-name option and a few others were moved from "X" format to "t"
3369 format to be compatible with new NULL handling functions.
3370
3371- DHCPINFORM processing is a little more careful about return addressing
3372 its responses, or if responding via a relay. The INFORM related
3373 messages also log the 'effective client ip address' rather than the
3374 client's supplied ciaddr (since some clients produce null ciaddrs).
3375
3376- The server was inappropriately sending leases to the RESET state in the
3377 event that multiple active leases were found to match a singly-identified
3378 client. This was changed to RELEASED (by accepting a different, ACTIVE
3379 binding, the client is implicitly releasing its lease). This repairs a
3380 bug wherein secondary servers in failover pairs detecting this condition
3381 move leases to RESET, and primaries refuse to accept that state
3382 transition (properly).
3383
3384- The memset-after-dmalloc() changes made in 3.0.4b1 have been backed out.
3385
3386 Changes since 3.0.4b1
3387
3388- Command line parsing in omshell was repaired - it no longer closes
3389 STDIN after reading one line.
3390
3391- The resolver library no longer closes the /etc/resolv.conf file
3392 descriptor it opened twice.
3393
3394- Changes to trailing NULL removal in 't' option-atoms has been rethought,
3395 it now includes 'd' (domain name) types, and tries hard not to rewind an
3396 option beyond the start of the text field it is un-terminating.
3397
3398 Changes since 3.0.3
3399
3400- A DDNS update handling function was misusing the DNS error codes, rather
3401 than the internal generic result enumeration. The result is a confusing
3402 syslog line, logging the wrong condition.
3403
3404- The DHCP Server was not checking pool balance in the case where it brought
3405 a non-ACTIVE lease out of storage for a client that was returning to use
3406 a lease it once had long ago, and had since expired.
3407
3408- Failover peers no longer bother to look for free leases to allocate when
3409 they already found the client's ACTIVE lease. DISCOVERs are load balanced
98bd7ca0 3410 whether freely-allocated or not, unless the server doubts the peer has
88cd8aca
DH		 3411 leases to allocate.
3412
3413- Fixed a bug in dhcrelay agent addition code that suppressed trailing
45d545f0 3414 PAD options - it was suppressing only one trailing PAD option, rather
88cd8aca
DH		 3415 than the entire block of them.
3416
3a16098f
DH		 3417! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
3418 option addition and stripping code. Added a few sanity checks. Although
3419 highly improbable, due to requiring the reception of a DHCP datagram well
3420 in excess of all known to be used physical MTU limitations, it is possible
3421 this may have been used in a stack overflow security vulnerability. Thanks
3422 to a patch from infamous42md.
3423
3424! Added some sanity checks to OMAPI connection/authentication code.
3425 Although highly improbable, due to having to deliver in excess of 2^32
3426 bytes of data via the OMAPI channel, not to mention requiring dhcpd to
3427 be able to malloc() a memory region 2^32 bytes in size, it was possible
3428 this might have resulted in a heap overflow security vulnerability.
3429 Thanks to a patch from infamous42md.
88cd8aca
DH		 3430
3431- dmalloc() memset()'s the non-debug (data) portion of the allocated
3432 memory to zero. Code that memset()'s the result returned by dmalloc() to
3433 zero is redundant. These redundancies were removed.
3434
3435- Some type declaration corrections to u_int16_t were made in common/tr.c
4b97eaff 3436 (Token Ring support) thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 3437
3438- A failover bug that was allowing leases that EXPIRED or were RELEASED
3439 where tsfp and tstp are identical timestamps to languish in these
3440 transitional states has been repaired. As a side effect, lease
3441 databases should be kept more consistent overall, not just for these
3442 transitional states.
3443
3444- If the lease db is deleted out from under the daemon, and it moves to rewrite
3445 the db, it will go ahead with the operation and move the new db into place
3446 once it detects the old db does not exist.
3447
3448- dhclient now ignores IRDA, SIT, and IEEE1394 network interfaces, as it
3449 is either nonsensical or (in the case of IEEE1394) is not known to support
3450 these interfaces. Thanks to Marius Gedminas and Andrew Pollock of Debian.
3451
3452- Some previously undocumented reasons for dhclient-script invoking has
45d545f0 3453 been documented in the dhclient-script.8 manpage.
88cd8aca
DH		 3454
3455- Failover potential expiry calculations (TSTP) have been corrected. Results
3456 should be substantially more consistent, and proper given the constraints.
3457
3458- Adjusted lease state validation checks in potential-conflict, to
3459 account for possible clock skew similarly to normal state, and several
3460 previously illegal transitions were made legal (ex: active->released).
3461
3462- An impossible sanity check was removed from omapi/buffer.c, thanks to a
3463 patch from 'infamous42md'.
3464
3465- An OMAPI host/network byte order problem in lease time values has been
3466 repaired.
3467
3468- Several minor bugs, largely relating to treating 8-byte time values as
3469 4-byte entities, have been repaired after careful review of the FreeBSD
3470 ports collection's patch set. Thanks to the nameless entities who have
3471 contributed to the FreeBSD ports.
3472
3473- When writing a trace file, the file is now created with permissions 0600,
3474 to help administrators avoid accidentally publicising sensitive config
3475 data.
3476
3477- The calculation of the maximum size of DHCP packets no longer includes
3478 Ethernet framing overhead. The result is that the 'Maximum Message
3479 Size' option advertised by clients, or the default value 576, is no
3480 longer reduced by 14 bytes, and instead directly reflects the IP level
3481 MTU (and the default, minimum allowed IP MTU of 576).
3482
3483- The special status of RELEASED/EXPIRED/RESET leases when a server
3484 is operating in partner-down was fixed. It no longer requires a
3485 lease be twice the MCLT beyond STOS to 'reallocate', and the expiry
3486 event to turn these into FREE leases without peer acknowledgement
3487 (after STOS+MCLT) has been repaired.
3488
3489- Compilation on older Solaris systems (lacking /usr/include/sys/int_types.h)
3490 has been repaired.
3491
3492- "append"ing a string onto the end of a "t" type option (such as the
3493 domain-name field) that had been improperly NULL-terminated by the
3494 DHCP server will no longer result in a truncated string containing
3495 only the option from the server, and not the expected appended value.
4b97eaff 3496 Thanks to a patch from Jason Vas Dias at Red Hat.
88cd8aca
DH		 3497
3498- File handlers on configuration state (config files and lease dbs) should
98bd7ca0 3499 be treated consistently, regardless of whether TRACING is defined or not.
88cd8aca 3500
45d545f0 3501- The Linux build environment has had some minor improvements - better
88cd8aca
DH		 3502 sensing of 64-bit pointer sizes (only used for establishing an icmp_id),
3503 and corrections to #if operators regarding LINUX_MAJOR should it ever
3504 move to 3.[01].x.
3505
3506- The server now tries harder to survive the condition where it is unable
3507 to open a new lease file to rewrite the lease state database.
3508
c75473d8
DH		 3509 Changes since 3.0.3b3
3510
3511- dhclient.conf documentation for interface {} was updated to reflect recent
3512 discussion on the dhcp-hackers mailing list.
3513
3514- In response to reports that the software does not compile on GCC 4.0.0,
3515 -Werror was removed from Makefile.conf for all platforms that used it.
3516 We will address the true problem in a future release; this is a temporary
3517 workaround.
3518
3519 Changes since 3.0.3b2
3520
3521- An error in code changes introduced in 3.0.3b2 was corrected, which caused
3522 static BOOTP clients to receive random addresses.
3523
3524 Changes since 3.0.3b1
3525
3526- A bug was fixed in BOOTPREQUEST handling code wherein stale references to
3527 host records would be left behind on leases that were not allocated to the
3528 client currently booting (eg in the case where the host was denied booting).
3529
3530- The dhcpd.conf.5 manpage was updated to be more clear in regards to
3531 multiple host declarations (thanks to Vincent McIntyre). 'Interim' style
3532 dynamic updates were also retouched.
3533
98311e4b
DH		 3534 Changes since 3.0.2
3535
3536- A bug was fixed where a server might load balance a DHCP REQUEST to its
45d545f0 3537 peer after already choosing not to load balance the preceding DISCOVER.
98311e4b
DH		 3538 The peer cannot allocate the originating server's lease.
3539
3540- In the case where a secondary server lost its stable storage while the
3541 primary was still in communications-interrupted, and came back online,
3542 the lease databases would not be fully transferred to the secondary.
3543 This was due to the secondary errantly sending an extra UPDREQ message
3544 when the primary made its state transition to PARTNER-DOWN known.
3545
3546- The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
3547 lease structures will be 9 bytes smaller on all platforms. Thanks to
4b97eaff 3548 Jason Vas Dias at Red Hat.
98311e4b
DH		 3549
3550- Interface discovery code in DISCOVER_UNCONFIGURED mode is now
3551 properly restricted to only detecting broadcast interfaces. Thanks
4b97eaff 3552 to a patch from Jason Vas Dias at Red Hat.
98311e4b
DH		 3553
3554- decode_udp_ip_header was changed so that the IP address was copied out
3555 to a variable, rather than referenced by a pointer. This enforces 4-byte
3556 alignment of the 32-bit IP address value. Thanks to a patch from Dr.
3557 Peter Poeml.
3558
3559- An incorrect log message was corrected thanks to a patch from
3560 Dr. Peter Poeml.
3561
3562- A bug in DDNS was repaired, where if the server's first DDNS action was
3563 a DDNS removal rather than a DDNS update, the resolver library's
3564 retransmit timer and retry timer was set to the default, implying a
3565 15 second timeout interval. Which is a little excessive in a synchronous,
3566 single-threaded system. In all cases, ISC DHCP should now hold fast to
3567 a 1-second timeout, trying only once.
3568
3569- The siaddr field was being improperly set to the server-identifier when
3570 responding to DHCP messages. RFC2131 clarified the siaddr field as
3571 meaning the 'next server in the bootstrap process', eg a tftp server.
3572 The siaddr field is now left zeroed unless next-server is configured.
3573
3574- mockup_lease() could have returned in an error condition (or in the
3575 condition where no fixed-address was found matching the shared
3576 network) with stale references to a host record. This is probably not
3577 a memory leak since host records generally never die anyway.
3578
3579- A bug was repaired where failover servers would let stale client identifiers
3580 persist on leases that were reallocated to new clients not sending an id.
3581
3582- Binding scopes ("set var = value;") are now removed from leases allocated
3583 by failover peers if the lease had expired. This should help reduce the
3584 number of stale binding scopes on leases.
3585
3586- A small memory leak was closed involving client identifiers larger than
3587 7 bytes, and failover.
3588
3589- Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
3590 cause an internal function to overflow heap. Thanks to Jason Vas Dias
4b97eaff 3591 at Red Hat.
98311e4b
DH		 3592
3593- Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
3594 or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
3595 should work better.
3596
3597- In several cases, parse warnings were being issued before the lexical
3598 token had been advanced to the token whose value was causing an error...
3599 causing parse warnings to claim the problem is on the wrong token.
3600
3601- Host declarations matching on client identifier for dynamic leases will
3602 no longer match fixed-address host declarations (this is now identical
3603 to behaviour for host records matching on hardware address).
3604
3605 Changes since 3.0.2rc3
3606
3607- A previously undocumented configuration directive, 'local-address',
3608 was documented in the dhcpd.conf manpage.
3609
3610 Changes since 3.0.2rc2
3611
45d545f0 3612- Two variables introduced in 3.0.2b1 were used without being initialized
98311e4b
DH		 3613 in the case where neither the FILE nor SNAME fields were available for
3614 overloading. This was repaired.
3615
3616- A heretofore believed to be impossible corner case of the option
3617 overloading implementation turned out to be possible ("Unable to sort
3618 overloaded options after 10 tries."). The implementation was reworked
3619 to consider the case of an option so large it would require more than
3620 three chunks to fit.
3621
3622- Many other instances of variables being used without being initialized
3623 were repaired.
3624
3625- An uninitialized variable in omapi_io_destroy() led to the discovery
3626 that this function may result in orphaned pointers (and hence, a memory
3627 leak).
3628
3629 Changes since 3.0.2rc1
3630
3631- allocate_lease() was rewritten to repair a bug in which the server would
3632 try to allocate an ABANDONED lease when FREE leases were available.
3633
3634 Changes since 3.0.2b1
3635
3636- Some dhcp-eval.5 manpage formatting was repaired.
3637
3638 Changes since 3.0.1
3639
3640- A bug was fixed in the server's 'option overloading' implementation,
3641 where options loaded into the 'file' and 'sname' packet fields were
3642 not aligned precisely as rfc2131 dictates.
3643
3644- The FreeBSD client script was changed to support the case where a domain
3645 name was not provided by the server.
3646
3647- A memory leak in 'omshell' per each command line parsed was
3648 repaired, thanks to a patch from Jarkko Torppa.
3649
3650- Log functions writing to stderr were adjusted to use the STDERR_FILENO
3651 system definition rather than '2'. This is a no-op for 90% of platforms.
3652
3653- One call to trace_write_packet_iov() counted the number of io vectors
3654 incorrectly, causing inconsistent tracefiles. This was fixed.
3655
3656- Some expression parse failure memory leaks were closed.
3657
3658- A host byte order problem in tracefiles was repaired.
3659
3660- Pools configured in DHCPD for failover possessing permission lists that
adb95d23 3661 previously were assumed to not include dynamic bootp clients are now
98311e4b
DH		 3662 a little more pessimistic. The result is, dhcpd will nag you about just
3663 about most pools that possess a 'allow' statement with no 'deny' that
3664 would definitely match a dynamic bootp client.
3665
3666- The 'ddns-update-style' configuration warning bit now insists that
3667 the configuration be globally scoped.
3668
3669- Two memory leaks in dhclient were closed thanks to a patch from Felix
3670 Farkas.
3671
3672- Some minor but excellently pedantic documentation errors were fixed
3673 thanks to a patch from Thomas Klausner.
3674
3675- Bugs in operator precedence in executable statements have been repaired
3676 once again. More legal syntaxes should be parsed legally.
3677
3678- Failing to initialize a tracefile for any reason if a tracefile was
3679 specified is now a fatal error. Thanks to a patch from Albert Herranz.
3680
3681- Corrected a bug in which the number of leases transferred as calculated
3682 by the failover primary and sent to peers in POOLRESP responses may be
3683 incorrect. This value is not believed to be used by other failover
3684 implementations, excepting perhaps as logged information.
3685
3686- Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
3687 sending POOLREQ messages instead of POOLRESP mesasges. This message
3688 was essentially ignored since failover secondaries effectively do not
3689 respond to POOLREQ messages.
3690
3691- Type definitions for various bitwidths of integers in the sunos5-5
3692 build of ISC DHCP have been fixed. It should compile and run more
3693 easily when built in 64-bit for this platform.
3694
3695- "allow known-clients;" is now a legal syntax, to avoid confusion.
3696
3697- If one dhcp server chooses to 'load balance' a request to its failover
3698 peer, it first checks to see if it believes said peer has a free
3699 lease to allocate before ignoring the DISCOVER.
3700
3701- log() was logging a work buffer, rather than the value returned by
3702 executing the statements configured by the user. In some cases,
3703 the work buffer and the intended results were the same. In some other
3704 cases, they were not. This was fixed thanks to a patch from Gunnar
3705 Fjone and directconnect.no.
3706
3707- Compiler warnings for some string type conversions was fixed, thanks
3708 to Andreas Gustafsson.
3709
3710- The netbsd build environments were simplified to one, in which
3711 -Wconversion is not used, thanks to Andreas Gustafsson.
3712
3713- How randomness in the backoff-cutoff dhclient configuration variable
3714 is implemented was better documented in the manpage, and the behaviour
3715 of dhclient in REQUEST timeout handling was changed to match that of
3716 DISCOVER timeout handling.
3717
3718- Omapi was hardened against clients that pass in null values, thanks
3719 to a patch from Mark Jason Dominus.
3720
3721- A bug was fixed in dhclient that kept it from doing client-side
3722 ddns updates. Thanks to a patch from Andreas Gustafsson, which
3723 underwent some modification after review by Jason Vas Dias.
3724
3725- Failover implementations disconnected due to the network between
3726 them (rather than one of the two shutting down) will now try to
3727 re-establish the failover connection every 5 seconds, rather than
3728 to simply try once and give up until one of them is restarted.
3729 Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
3730 by Greger V. Teigre which led to an enhancement to it.
3731
3732- A problem that kept DHCP Failover secondaries from tearing down
3733 ddns records was repaired. Thanks to a patch from Ulf Ekberg from
3734 Infoblox.
3735
3736- 64bit pointer sizes are detected properly on FreeBSD now.
3737
3738- A bug was repaired where the DHCP server would leave stale references
3739 to host records on leases it once thought about offering to certain
3740 clients. The result would be to apply host and 'known' scopes to the
3741 wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
3742 that was being circulated as a workaround is not the way this bug was
3743 fixed. If you were a victim of this bug in 3.0.1, you are cautioned
3744 to proceed carefully and see if it fixes your problem.
3745
3746- A bug was repaired in the server's DHCPINFORM handling, where it
3747 tried to divine the client's address from the source packet and
3748 would get it wrong. Thanks to Anshuman Singh Rawat.
3749
3750- A log message was introduced to help illuminate the case where the
3751 server was unable to find a lease to assign to any BOOTP client.
3752 Thanks to Daniel Baker.
3753
3754- A minor dhcpd.conf.5 manpage error was fixed.
3755
3756 Changes since 3.0.1rc14
3757
3758- The global variable 'cur_time' was centralized and is now uniformly of a
3759 type #defined in system-dependent headers. It had previously been defined
3760 in one of many places as a 32-bit value, and this causes mayhem on 64-bit
3761 big endian systems. It probably wasn't too healthy on little endian
3762 systems either.
3763
3764- A printf format string error introduced in rc14 was repaired.
3765
3766- AIX system-dependent header file was altered to only define NO_SNPRINTF
3767 if the condition used to #ifdef in vsnprintf in AIX' header files
3768 is false.
3769
3770- The Alpha/OSF system-dependent header file was altered to define
3771 NO_SNPRINTF on OS revisions older than 4.0G.
3772
3773- omapip/test.c had string.h added to its includes.
3774
3775 Changes since 3.0.1rc13
3776
3777! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
3778 in logging messages with excessively long hostnames provided by the
3779 clients. It is highly probable that these could have been used by
3780 attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
3781 release candidates 12 or 13. Special thanks to Gregory Duchemin for
3782 both finding and solving the problem.
3783
3784! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
45d545f0 3785 in log_*() functions was evidenced, on some specific platforms where
98311e4b
DH		 3786 vsnprintf() was not believed to be available and calls were wrapped to
3787 sprintf() instead. Again, credit goes to Gregory Duchemin for finding
3788 the problem. Calls to snprintf() are now linked to a distribution-local
3789 snprintf implementation, only in those cases where the architecture is
3790 not known to provide one (see includes/cf/[arch].h). If you experience
3791 linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
3792 is where to look. This vulnerability did not exist in any previously
3793 published version of ISC DHCP.
3794
3795- Compilation on hpux 11.11 was repaired.
3796
3797- 'The cross-compile bug fix' was backed out.
3798
3799 Changes since 3.0.1rc12
3800
3801- Fixed a bug in omapi lease lookup function, to form the hardware
3802 address for the hash lookup correctly, thanks to a patch from
3803 Richard Hirst.
3804
3805- Fixed a bug where dhcrelay was sending relayed responses back to the
3806 broadcast address, but with the source's unicast mac address. Should
3807 now conform to rfc2131 section 4.1.
3808
3809- Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
3810
3811- Fixed a crash bug in dhclient where dhcpd servers that do not provide
3812 renewal times results in an FPE. As a side effect, dhclient can now
3813 properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
3814 to a patch from Burt Silverman.
3815
3816- The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
45d545f0 3817 and reformatted to correct a compilation error on Solaris platforms.
98311e4b
DH		 3818
3819- A patch was applied which fixes a case where leases read from the
3820 leases database do not properly over-ride previously read leases.
3821
3822- dhcpctl.3 manpage was tweaked.
3823
3824 Changes since 3.0.1rc11
3825
3826- A patch from Steve Campbell was applied with minor modifications to
3827 permit reverse dns PTR record updates with values containing spaces.
3828
3829- A patch from Florian Lohoff was applied with some modifications to
3830 dhcrelay. It now discards packets whose hop count exceeds 10 by default,
3831 and a command-line option (-c) can be used to set this threshold.
3832
3833- A failover bug relating to identifying peers by name length instead of
3834 by name was fixed.
3835
45d545f0 3836- Declaring failover configs within shared-network statements should no
98311e4b
DH		 3837 longer result in error.
3838
3839- The -nw command line option to dhclient now works.
3840
3841- Thanks to a patch from Michael Richardson:
3842 - Some problems with long option processing have been fixed.
3843 - Some fixes to minires so that updates of KEY records will work.
3844
3845- contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
3846 see contrib/ms2isc/readme.txt for revision notes.
3847
3848- Dhclient no longer uses shell commands to kill another instance of
3849 itself, it sends the signal directly. Thanks to a patch from Martin
3850 Blapp.
3851
3852- The FreeBSD dhclient-script was changed so that a failure to write to
3853 /etc/resolv.conf does not prematurely end the script. This keeps dhclient
3854 from looping infinitely when this is the case. Thanks to a patch from
3855 Martin Blapp.
3856
3857- A patch from Bill Stephens was applied which resolves a problem with lease
3858 expiry times in failover configurations.
3859
3860- A memory leak in configuration parsing was closed thanks to a patch from
3861 Steve G.
3862
3863- The function which discovers interfaces will now skip non-broadcast or
3864 point-to-point interfaces, thanks to a patch from David Brownlee.
3865
3866- Options not yet known by the dhcpd or dhclient have had their names
3867 changed such that they do not contain # symbols, in case they should ever
3868 appear in a lease file. An option that might have been named "#144" is
3869 now "unknown-144".
3870
3871- Another patch from Bill Stephens which allows the ping-check timeout to
3872 be configured as 'ping-timeout'. Defaults to 1.
3873
3874 Changes since 3.0.1rc10
3875
3876- Potential buffer overflows in minires repaired.
3877
3878- A change to the linux client script to use /bin/bash, since /bin/sh may
3879 not be bash.
3880
3881- Some missing va_end cleanups thanks to a patch from Thomas Klausner.
3882
3883- A correction of boolean parsing syntax validation - some illegal syntaxes
3884 that worked before are now detected and produce errs, some legal syntaxes
3885 that errored before will now work properly.
3886
3887- Some search-and-replace errors that caused some options to change their
3888 names was repaired.
3889
3890- Shu-min Chang of the Intel corporation has contributed a perl script and
3891 module that converts the MS NT4 DHCP configuration to a ISC DHCP3
3892 configuration file.
3893
3894- Applied the remainder of the dhcpctl memory leak patch provided by Bill
3895 Squier at ReefEdge, Inc. (groo@reefedge.com).
3896
3897- Missing non-optional failover peer configurations will now result in a soft
3898 error rather than a null dereference.
3899
3900 Changes since 3.0.1rc9
3901
3902- A format string was corrected to fix compiler warnings.
3903
3904- A number of spelling corrections were made in the man pages.
3905
3906- The dhclient.conf.5 man page was changed to refer to do-forward-updates
3907 rather than a configuration option that doesn't exist.
3908
3909- A FreeBSD-specific bug in the interface removal handling was fixed.
3910
3911- A Linux-specific Token Ring detection problem was fixed.
3912
3913- Hashes removed from as-yet-unknown agent options, having those options
3914 appear in reality before we know about them will no longer produce
3915 self-corrupting lease databases.
3916
3917- dhclient will use the proper port numbers now when using the -g option.
3918
3919- A order-of-operations bug with 2 match clauses in 1 class statement is
3920 fixed thanks to a patch from Andrew Matheson.
3921
3922- Compilation problems on Solaris were fixed.
3923
3924- Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
3925
3926- A fix to the dhcp ack process which makes certain group options will be
3927 included in the first DHCPOFFER message was made thanks to a patch from
3928 Ling Gou.
3929
3930- A few memory leaks were repaired thanks to patches from Bill Squier at
3931 ReefEdge, Inc. (groo@reefedge.com).
3932
3933- A fix for shared-networks that sometimes give clients options for the
3934 wrong subnets (in particular, 'option routers') was applied, thanks to
3935 Ted Lemon for the patch.
3936
3937- Omshell's handling of dotted octets as values was changed such that dots
3938 one after the other produce zero values in the integer string.
3939
3940 Changes since 3.0.1rc8
3941
3942- Fix a format string vulnerability in the server that could lead to a
3943 remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
3944
3945- Add additional support for NetBSD/sparc64.
3946
3947- Fix a bug in the command-line parsing of the client. Also, resolve
3948 a memory leak.
3949
3950- Add better support for shells other than bash in the Linux client
3951 script.
3952
3953- Various build fixes for modern versions of FreeBSD and Linux.
3954
3955- Fix a bad bounds check when printing binding state names.
3956
3957- Clarify documentation about fixed-address and multiple addresses.
3958
3959- Fix a typo in the authoritative error message.
3960
3961- Make a log entry when we can't write a billing class.
3962
3963- Use conversion targets that are the right size on all architectures.
3964
3965- Increment the hop count when relaying.
3966
3967- Log a message when lease state is changed through OMAPI.
3968
3969- Don't rerun the shared_network when evaluating the pool.
3970
3971- Fix a reversed test in the parser.
3972
3973- Change the type of rbuf_max.
3974
3975- Make FTS_LAST a manifest constant to quiet warnings.
3976
3977 Changes since 3.0.1rc7
3978
3979- Fix two compiler warnings that are generated when compiling on Solaris
3980 with gcc. These stop the build, even though they weren't actually
3981 errors, because we prefer that our builds generate no warnings.
3982
3983 Changes since 3.0.1rc6
3984
3985- Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
3986 to be renewed.
3987
3988- Implement lease stealing for cases where the primary has fewer leases
3989 than the secondary, as called for by the standard.
3990
3991- Add a fudge factor to the lease expiry acceptance code, (suggested
3992 by Kevin Miller of CMU).
3993
3994- Fix a bug in permit_list_match that made it much too willing to say
3995 that two permit lists matched.
3996
3997- Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
3998 also more compact) messages about DNS updates.
3999
4000- Fix a bug in generating wire-format domain names for the FQDN option.
4001
4002- Fix a bug where the FQDN option would not be returned if the client
4003 requested it, contrary to the standard.
4004
4005- On Darwin, use the FreeBSD DHCP client script.
4006
4007- On NetBSD/sparc, don't check for casting warnings.
4008
4009- Add a flag in the DHCP client to disable updating the client's A
4010 record when sending an FQDN option indicating that the client is
4011 going to update its A record.
4012
4013- In the client, don't attempt a DNS update until one second after
4014 configuring the new IP address, and if the update times out, keep
4015 trying until a response, positive or negative, is received from the
4016 DNS server.
4017
4018- Fix an uninitialized memory bug in the DHCP client.
4019
4020- Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
4021
4022- Fix a bug in ns_parserr(), where it was returning the wrong sort
4023 of result code in some cases (suggested by Ben Harris of the
4024 NetBSD project).
4025
4026- Fix a bug in is_identifier(), where it was checking against EOF
4027 instead of the END_OF_FILE token (also suggested by Ben Harris).
4028
4029- Fix a bug where if an option universe contained no options, the
4030 DHCP server could dump core (Walter Steiner).
4031
4032- Fix a bug in the handling of encapsulated options.
4033
4034- Fix a bug that prevented NWIP suboptions from being processed.
4035
4036- Delete the FTS_BOOTP and FTS_RESERVED states and implement them
4037 as modifier flags to the FTS_ACTIVE state, as called for in the
4038 failover protocol standard.
4039
4040- Fix bugs in the pool merging code that resulted in references and
4041 dereferences of null pointers. This bug had no impact unless the
4042 POINTER_DEBUG flag was defined.
4043
4044- In the server, added a do-forward-updates flag that can be used to
4045 disable forward updates in all cases, so that sites that want the
4046 clients to take sole responsibility for updating their A record can
4047 do so.
4048
4049- Make it possible to disable optimization of PTR record updates.
4050
4051 Changes since 3.0.1rc5
4052
4053- Include some new documentation and changes provided by Karl Auer.
4054
4055- Add a workaround for some Lexmark printers that send a double-NUL-
4056 terminated host-name option, which would break DNS updates.
4057
4058- Fix an off-by-one error in the MAC-address checking code for
4059 DHCPRELEASE that was added in 3.0.1rc5.
4060
4061- Fix a bug where client-specific information was not being discarded
4062 from the lease when it expired or was released, resulting in
4063 problems if the lease was reallocated to a different client.
4064
4065- If more than one allocation pool is specified that has the same set
4066 of constraints as another allocation pool on the same shared
4067 network, merge the two pools.
4068
4069- Don't print an error in fallback_discard, since this just causes
4070 confusion and does not appear to be helping to encourage anyone to
4071 fix this bug.
4072
4073 Changes since 3.0.1rc4
4074
4075- Fix a bug that would cause the DHCP server to spin if asked to parse
4076 a certain kind of incorrect statement.
4077
4078- Fix a related bug that would prevent an error from being reported in
4079 the same case.
4080
4081- Additional documentation.
4082
4083- Make sure that the hardware address matches the lease when
4084 processing a DHCPRELEASE message.
4085
4086 Changes since 3.0.1rc3
4087
4088- A minor bug fix in the arguments to a logging function call.
4089- Documentation update for dhcpd.conf.
4090
adbef119 4091 Changes since 3.0.1rc2
98311e4b
DH		 4092
4093- Allow the primary to send a POOLREQ message. This isn't what the current
4094 failover draft says to do, so we may have to back it out if I can't get the
4095 authors to relent, but the scheme for balancing that's specified in the
4096 current draft seems needlessly hairy, so I'm floating a trial balloon.
4097 The rc1 code did not implement the method described in the draft either.
4098
adbef119 4099 Changes since 3.0.1rc1
98311e4b
DH		 4100
4101- Treat NXDOMAIN and NXRRSET as success when we are trying to delete a
4102 domain or RRSET. This allows the DHCP server to forget about a name
4103 it added to the DNS once it's been removed, even if the DHCP server
4104 wasn't the one that removed it.
4105
4106- Install defaults for failover maximum outstanding updates and maximum
4107 silent time. This prevents problems that might occur if these values
4108 were not configured.
4109
4110- Don't do DDNS deletes if ddns-update-style is none.
4111
4112- Return relay agent information options in DHCPNAK. This prevents DHCPNAK
4113 messages from being dropped when the relay agent information option contains
4114 routing information.
4115
4116- Fix a problem where coming up in recover wouldn't result in an update
4117 request being sent.
4118
4119- Add some more chatty messages when we start a recovery update and when it's
4120 done.
4121
4122- Fix a possible problem where some state might have been left around
4123 after the peer lost contact and regained contact about how many updates
4124 were pending.
4125
4126- Don't nix a lease update because of a lease conflict. This test has
4127 never (as far as I know) prevented a mistake, and it appears to cause
4128 problems with failover.
4129
4130- Add support in rc history code for keeping a selective history, rather
4131 than a history of all references and dereferences. This code is only used
4132 when extensive additional debugging is enabled.
4133
adbef119 4134 Changes since 3.0
98311e4b
DH		 4135
4136- Make allocators for hash tables. As a side effect, this fixes a memory
4137 smash in the subclass allocation code.
4138
4139- Fix a small bug in omshell where if you try to close an object when
4140 no object is open, it dumps core.
4141
4142- Fix an obscure coredump that could occur on shutdown.
4143
4144- Fix a bug in the recording of host declaration rubouts in the lease file.
4145
4146- Fix two potential spins in the host deletion code.
4147
4148- Fix a core dump that would happen if an application tried to update
4149 a host object attribute with a null value.
4150
4151 Changes since 3.0 Release Candidate 12
4152
4153- Fix a memory leak in the evaluation code.
4154
4155- Fix an obscure core dump.
4156
4157- Print a couple of new warnings when parsing the configuration file
4158 when crucial information is left out.
4159
4160- Log "no free leases" as an error.
4161
4162- Documentation updates.
4163
4164 Changes since 3.0 Release Candidate 11
4165
4166- Always return a subnet selection option if one is sent.
4167
4168- Fix a warning that was being printed because an automatic data
4169 structure wasn't zeroed.
4170
4171- Fix some failover state transitions that were being handled
4172 incorrectly.
4173
4174- When supersede_lease is called on a lease whose end time has already
4175 expired, but for which a state transition has not yet been done, do
4176 a state transition. This fixes the case where if the secondary
4177 allocated a lease to a client and the lease "expired" while the
4178 secondary was in partner-down, no expiry event would actually
4179 happen, so the lease would remain active until the primary was
4180 restarted.
4181
4182 Changes since 3.0 Release Candidate 10
4183
4184- Fix a bug that was preventing released leases from changing state
4185 in failover-enabled pools.
4186
4187- Fix a core dump in the client identifier finder code (for host
4188 declarations).
4189
4190- Finish fixing a bug where bogus data would sometimes get logged to
4191 the dhclient.leases file because it was opened as descriptor 2.
4192
4193- Fix the Linux dhclient-script according to suggestions made by
4194 several people on the dhcp-client mailing list.
4195
4196- Log successful DNS updates at LOG_INFO, not LOG_ERROR.
4197
4198- Print an error message and refuse to run if a failover peer is
4199 defined but not referenced by any pools.
4200
4201- Correct a confusing error message in failover.
4202
eaf0b302
TL		 4203 Changes since 3.0 Release Candidate 9
4204
4205- Fix a bug in lease allocation for Dynamic BOOTP clients.
4206
0db87765
TL		 4207 Changes since 3.0 Release Candidate 8 Patchlevel 2
4208
4209- Fix a bug that prevented update-static-leases from working.
4210
4211- Document failover-state OMAPI object.
4212
4213- Fix a compilation error on SunOS 4.
4214
d758ad8c
TL		 4215 Changes since 3.0 Release Candidate 8 Patchlevel 1
4216
4217- Fix a parsing bug that broke dns updates (both interim and ad-hoc).
4218 This was introduced in rc8pl1 as an unintended result of the memory
4219 leakage fixes that were in pl1.
4220
4221- Fix a long-standing bug where the server would record that an update
4222 had been done for a client with no name, even though no update had
4223 been done, and then when the client's lease expired the deletion of
4224 that nonexistant record would time out because the name was the null
9a111ee8 4225 string.
d758ad8c
TL		 4226
4227- Clean up the omshell, dhcpctl and omapi man pages a bit.
4228
d758ad8c
TL		 4229 Changes since 3.0 Release Candidate 8
4230
4231- Fix a bug that could cause the DHCP server to spin if
4232 one-lease-per-client was enabled.
4233
4234- Fix a bug that was causing core dumps on BSD/os in the presence of
4235 malformed packets.
4236
4237- In partner-down state, don't restrict lease lengths to MCLT.
4238
4239- On the failover secondary, record the MCLT received from the primary
4240 so that if we come up without a connection to the primary we don't
4241 wind up giving out zero-length leases.
4242
4243- Fix some compilation problems on BSD/os.
4244
4245- Fix a bunch of memory leaks.
4246
4247- Fix a couple of bugs in the option printer.
4248
4249- Fix an obscure error reporting bug in the dns update code, and also
4250 make the message clearer when a key algorithm isn't supported.
4251
4252- Fix a bug in the tracing code that prevented trace runs that used
4253 tcp connections from being played back.
4254
4255- Add some additional debugging capability for catching memory leaks
4256 on exit.
4257
4258- Make the client release the lease correctly on shutdown.
4259
4260- Add some configurability to the build system.
4261
4262- Install omshell manual page in man1, not man8.
4263
4264- Craig Gwydir sent in a patch that fixes a long-standing bug in the
4265 DHCP client that could cause core dumps, but that for some reason
4266 hadn't been noticed until now.
4267
4268 Changes since 3.0 Release Candidate 7
4269
4270- Fix a bug in failover where we weren't sending updates after a
4271 transition from communications-interrupted to normal.
4272
4273- Handle expired/released/reset -> free transition according to the
4274 protocol specification (this works - the other way not only wasn't
4275 conformant, but also didn't work).
4276
4277- Add a control object in both client and server that allows either
4278 daemon to be shut down cleanly.
4279
4280- When writing a lease, if we run out of disk space, shut down the
4281 output file and insist on writing a new one before proceeding.
4282
4283- In the server, if the OMAPI listener port is occupied, keep trying
4284 to get it, rather than simply giving up and exiting.
4285
4286- Support fetching variables from leases and also updating and adding
4287 variables to leases via OMAPI.
4288
4289- If two failover peers have wildly different clocks, refuse to start
4290 doing failover.
4291
4292- Fix a bug in the DNS update code that could cause core dumps when
4293 running on alpha processors.
4294
4295- Fixed a bug in ddns updates for static lease entries, thanks to a
4296 patch from Andrey M Linkevitch.
4297
4298- Add support for Darwin/MacOS X
4299
4300- Install omshell (including new documentation).
4301
4302- Support DNS updates in the client (this is a very obscure feature
4303 that most DHCP client users probably will not be able to use).
4304
4305- Somewhat cleaner status logging in the client.
4306
4307- Make OMAPI key naming syntax compatible with the way keys are
4308 actually named (key names are domain names).
4309
4310- Fix a bug in the lease file writer.
4311
4312- Install DHCP ISC headers in a different place than BIND 9 ISC
4313 headers, to avoid causing trouble in BIND 9 builds.
4314
4315- Don't send updates for attributes on an object when the attributes
4316 haven't changed. Support deleting attributes on remote objects.
4317
4318- Fix a number of bugs in omshell, and add the unset and refresh
4319 statements.
4320
4321- Handle disconnects in OMAPI a little bit more intelligently (so that
4322 the caller gets ECONNRESET instead of EINVAL).
4323
4324- Fix a bunch of bugs in the handling of clients that have existing
4325 leases when the try to renew their leases while failover is
4326 operating.
4327
eaf0b302
TL		 4328 Changes since 3.0 Release Candidate 6
4329
4330- Fix a core dump that could happen when processing a DHCPREQUEST from
4331 a client that had a host declaration that contained both a
4332 fixed-address declaration and a dhcp-client-identifier option
4333 declaration, if the client identifier was longer than nine bytes.
4334
4335- Fix a memory leak that could happen in certain obscure cases when
4336 using omapi to manipulate leases.
4337
4338- Fix some bugs and omissions in omshell.
4339
eaf0b302
TL		 4340 Changes since 3.0 Release Candidate 5
4341
4342- Fix a bug in omapi_object_dereference that prevented objects in
4343 chains from having their reference counts decreased on dereference.
4344
4345- Fix a bug in omapi_object_dereference that would prevent object
4346 chains from being freed upon removal of the last reference external
4347 to the chain.
4348
4349- Fix a number of other memory leaks in the OMAPI protocol subsystem.
4350
4351- Add code in the OMAPI protocol handler to trace memory leakage.
4352
4353- Clean up the memory allocation/reference history printer.
4354
98311e4b 4355- Support input of dotted quads and colon-separated hex lists as
eaf0b302
TL		 4356 attribute values in omshell.
4357
98311e4b 4358- Fix a typo in the Linux interface discovery code.
eaf0b302
TL		 4359
4360- Conditionalize a piece of trace code that wasn't conditional.
4361
4362 Changes since 3.0 Release Candidate 4
4363
4364- Fix a bug that would prevent leases from being abandoned properly on
4365 DHCPDECLINE.
4366
4367- Fix failover peer OMAPI support.
4368
4369- In failover, correctly handle expiration of leases. Previously,
4370 leases would never be reclaimed because they couldn't make the
4371 transition from EXPIRED to FREE.
4372
4373- Fix some broken failover state transitions.
4374
4375- Documentation fixes.
4376
4377- Take out an unnecessary check in DHCP relay agent information option
4378 stashing code that was preventing REBINDING clients from rebinding.
4379
4380- Prevent failover peers from allocating leases in DHCPREQUEST
4381 processing if the lease belongs to the other server.
4382
4383- Record server version in lease file introductory comment.
4384
4385- Correctly report connection errors in OMAPI and failover.
4386
4387- Make authentication signature algorithm name comparisons in OMAPI
4388 case-insensitive.
4389
4390- Fix compile problem on SunOS 4.x
4391
98311e4b 4392- If a signature algorithm is not terminated with '.', terminate it so
eaf0b302
TL		 4393 that comparisons between fully-qualified names will work
4394 consistently.
4395
4396- Different SIOCGIFCONF probe code, may "fix" problem on some Linux
4397 systems with the probe not working correctly.
4398
4399- Don't allow user to type omapi key on command line of omshell.
4400
0596b051
TL		 4401 Changes since 3.0 Release Candidate 3
4402
4403- Do lease billing on startup in a way that I *think* will finally do
4404 the billing correctly - the previous method could overbill as a
4405 result of duplicate leases.
4406
4407- Document OMAPI server objects.
4408
892fe689
TL		 4409 Changes since 3.0 Release Candidate 2 Patchlevel 1
4410
4411- Fix some problems in the DDNS update code. Thanks to Albert
4412 Herranz for figuring out the main problem.
4413
4414- Fix some reference counting errors on host entries that were causing
4415 core dumps.
4416
4417- Fix a byte-swap bug in the token ring code, thanks to Jochen
4418 Friedrich.
4419
4420- Fix a bug in lease billing, thanks to Jonas Bulow.
4421
4422 Changes since 3.0 Release Candidate 2
4423
4424- Change the conditions under which a DHCPRELEASE is actually
4425 committed to be consistent with lease binding states rather than
98311e4b 4426 using the lease end time. This may fix some problems with the
892fe689
TL		 4427 billing class code.
4428
4429- Fix a bug where lease updates would fail on Digital Unix (and maybe
4430 others) because malloc was called with a size of zero.
4431
4432- Fix a core dump that happens when the DHCP server can't create its
4433 trace file.
4434
79ea3de8 4435 Changes since 3.0 Release Candidate 1 Patchlevel 1
87784777 4436
79ea3de8
TL		 4437- Fix the dhcp_failover_put_message to not attempt to allocate a
4438 zero-length buffer. Some versions of malloc() fail if you try to
4439 allocate a zero-length buffer, and this was causing problems on,
4440 e.g., Digital Unix.
4441
4442- Fix a case where the failover code was printing an error message
4443 when no error had occurred.
4444
4445- Fix a problem where when a server went down and back up again, the
4446 peer would not see a state transition and so would stay in the
4447 non-communicating state.
4448
4449- Be smart about going into recover_wait.
4450
4451- Fix a problem in the failover implementation where peers would fail
4452 to come into sync if interrupted in the RECOVER state. This could
4453 have been the cause of some problems people have reported recently.
4454
4455- Fix a problem with billing classes where they would not be unbilled
4456 when the client lease expired.
4457
4458- If select fails, figure out which descriptor is bad, and cut it out
4459 of the I/O loop. This prevents a potentially nasty spin. I
4460 haven't heard any report it in a while, but it came up consistently
4461 in testing.
4462
4463- Fix a bug in the relay agent where if you specified interfaces on
4464 the command line, it would fail.
4465
4466- Fix a couple of small bugs in the omapi connection object (no known
4467 user impact).
4468
4469- Add the missing 3.0 Beta 1 lease conversion script.
4470
4471- Read dhcp client script hooks if they exist, rather than only if
4472 they're executable.
4473
4474 Changes since 3.0 Release Candidate 1
87784777
TL		 4475
4476- Fix a memory smash that happens when fixed-address leases are used.
4477 ANY SITE AT WHICH FIXED-ADDRESS STATEMENTS ARE BEING USED SHOULD
4478 UPGRADE IMMEDIATELY. This has been a long-standing bug - thanks to
4479 Alvise Nobile for discovering it and helping me to find it!
4480
79ea3de8
TL		 4481- Fix a small bug in binary-to-ascii, thanks to H. Peter Anvin of
4482 Transmeta.
4483
87784777
TL		 4484- There is a known problem with the DHCP server doing failover on
4485 Compaq Alpha systems. This patchlevel is not a release candidate
4486 because of this bug. The bug should be straightforward to fix, so
4487 a new release candidate is expected shortly.
4488
4489- There is a known problem in the DDNS update code that is probably a
4490 bug, and is not, as far as we know, fixed in this patchlevel.
4491
6d779c72
TL		 4492 Changes since 3.0 Beta 2 Patchlevel 24
4493
4494- Went over problematic failover state transitions and made them all
4495 work, so that failover should now much less fragile.
4496
4497- Add some dhcpctl and omapi documentation
4498
4499- Fix compile errors when compiling with unusual predefines.
4500
4501- Make Token Ring work on Linux 2.4
4502
4503- Fix the Digital Unix BPF_WORDALIGN bug.
4504
4505- Fix some dhcp client documentation errors.
4506
4507- Update some parts of the README file.
4508
4509- Support GCC on SCO.
4510
adbef119 4511 Changes since 3.0 Beta 2 Patchlevel 23
de57e64b
TL		 4512
4513- Fix a bug in the DNS update code where a status code was not being
4514 checked. This may have been causing core dumps.
4515
4516- When parsing the lease file, if a lease declaration includes a
4517 billing class statement, and the lease already has a billing class,
4518 unbill the old class.
4519
4520- When processing failover transactions, where acks will be deferred,
4521 process the state transition immediately.
4522
4523- Don't try to use the new SIOCGIFCONF buffer size detection code on
4524 Linux 2.0, which doesn't provide this functionality.
4525
4526- Apply a patch suggested by Tuan Uong for a problem in dlpi.c.
4527
4528- Fix a problem in using the which command in the configure script.
4529
4530- Fix a parse error in the client when setting up an omapi listener.
4531
4532- Document the -n and -g flags to the client.
4533
4534- Make sure there is always a stdin and stdout on startup. This
4535 prevents shell scripts from accidentally writing error messages into
4536 configuration files that happen to be opened as stderr.
4537
4538- If an interface is removed, the client will now notice that it is
4539 gone rather than spinning. This has only been tested on NetBSD.
4540
4541- The client will attempt to get an address even if it can't create a
4542 lease file.
4543
4544- Don't overwrite tracefiles.
4545
4546- Fix some memory allocation bugs in failover.
2aa36519 4547
adbef119 4548 Changes since 3.0 Beta 2 Patchlevel 22
140158d3
TL		 4549
4550- Apply some patches suggested by Cyrille Lefevre, who is maintaining
4551 the FreeBSD ISC DHCP Distribution port.
4552
4553- Fix a core dump in DHCPRELEASE.
4554
adbef119 4555 Changes since 3.0 Beta 2 Patchlevel 21
3a395e60
TL		 4556
4557- This time for sure: fix the spin described in the changes for pl20.
4558
adbef119 4559 Changes since 3.0 Beta 2 Patchlevel 20
fc74dd0c
TL		 4560
4561- Fix a problem with Linux detecting large numbers of interfaces (Ben)
4562
4563- Fix a memory smash in the quotify code, which was introduced in
4564 pl19.
4565
4566- Actually fix the spin described in the changes for pl20. The
4567 previous fix only partially fixed the problem - enough to get it
4568 past the regression test.
4569
adbef119 4570 Changes since 3.0 Beta 2 Patchlevel 19
ed5ee591
TL		 4571
4572- Fix a bug that could cause the server to abort if compiled with
4573 POINTER_DEBUG enabled.
4574
4575- Fix a bug that could cause the server to spin when responding to a
4576 DHCPREQUEST.
4577
4578- Apply Joost Mulders' suggested patches for DLPI on x86.
4579
4580- Support NUL characters in quoted strings.
4581
4582- Install unformatted man pages on SunOS.
4583
adbef119 4584 Changes since 3.0 Beta 2 Patchlevel 18
b3fad8ac 4585
3350f5b7
TL		 4586- Allow the server to be placed in partner-down state using OMAPI.
4587 (Damien Neil)
4588
4589- Implement omshell, which can be used to do arbitrary things to the
4590 server (in theory). (Damien Neil)
4591
4592- Fix a case where if a client had two different leases the server could
4593 actually dereference the second one when it hadn't been referenced,
4594 leading to memory corruption and a core dump. (James Brister)
4595
4596- Fix a case where a client could request the address of another client's
4597 lease, but find_lease wouldn't detect that the other client had it, and
4598 would attempt to allocate it to the client, resulting in a lease conflict
4599 message.
4600
4601- Fix a case where a client with more than one client identifier could be
4602 given a lease where the hardware address was correct but the client
4603 identifier was not, resulting in a lease conflict message.
4604
98311e4b 4605- Fix a problem where the server could write out a colon-separated
3350f5b7
TL		 4606 hex list as a value for a variable, which would then not parse.
4607 The fix is to always write strings as quoted strings, with any
4608 non-printable characters quoted as octal escape sequences. So
4609 a file written the old way still won't work, but new files written
4610 this way will work.
4611
b3fad8ac
TL		 4612- Fix documentation for sending non-standard options.
4613
4614- Use unparsable names for unknown options. WARNING: this will
4615 break any configuration files that use the option-nnn convention.
4616 If you want to continue to use this convention for some options,
4617 please be sure to write a definition, like this:
4618
4619 option option-nnn code nnn = string;
4620
4621 You can use a descriptive name instead of option-nnn if you like.
4622
4623- Fix a problem where we would see a DHCPDISCOVER/DHCPOFFER/
4624 DHCPREQUEST/DHCPACK/DHCPREQUEST/DHCPNAK sequence. This was the
4625 result of a deceptively silly bug in supersede_lease.
4626
4627- Fix client script exit status check, according to a fix supplied by
4628 Hermann Lauer.
4629
4630- Fix an endianness bug in the tracefile support, regarding ICMP
4631 messages.
4632
3350f5b7
TL		 4633- Fix a bug in the client where the medium would not work correctly if
4634 it contained quoted strings.
4635
b3fad8ac
TL		 4636 ** there was no pl17 **
4637
adbef119 4638 Changes since 3.0 Beta 2 Patchlevel 16
e6d30fd6 4639
6da9db9d
TL		 4640- Add support for transaction tracing. This allows the state of the
4641 DHCP server on startup, and all the subsequent transactions, to be
4642 recorded in a file which can then be played back to reproduce the
4643 behaviour of the DHCP server. This can be used to quickly
4644 reproduce bugs that cause core dumps or corruption, and also for
4645 tracking down memory leaks.
4646
4647- Incorporate some bug fixes provided by Joost Mulders for the DLPI
4648 package which should clear up problems people have been seeing on
4649 Solaris.
4650
4651- Fix bugs in the handling of options stored as linked lists (agent
4652 options, fqdn options and nwip options) that could cause memory
4653 corruption and core dumps.
4654
4655- Fix a bug in DHCPREQUEST handling that resulted in DHCPNAK messages
4656 not being send in some cases when they were needed.
4657
4658- Make the lease structure somewhat more compact.
4659
4660- Make initial failover startup *much* faster. This was researched
4661 and implemented by Damien Neil.
4662
4663- Add a --version flag to all executables, which prints the program
4664 name and version to standard output.
4665
4666- Don't rewrite the lease file every thousand leases.
4667
e6d30fd6
TL		 4668- A bug in nit.c for older SunOS machines was fixed by a patch sent in
4669 by Takeshi Hagiwara.
4670
6da9db9d
TL		 4671- Fix a memory corruption bug in the DHCP client.
4672
4673- Lots of documentation updates.
4674
4675- Add a feature allowing environment variables to be passed to the
4676 DHCP client script on the DHCP client command line.
4677
4678- Fix client medium support, which had been broken for some time.
4679
4680- Fix a bug in the DHCP client initial startup backoff interval, which
4681 would cause two DHCPDISCOVERS to be sent back-to-back on startup.
4682
adbef119 4683 Changes since 3.0 Beta 2 Patchlevel 15
af49fdff
TL		 4684
4685- Some documentation tweaks.
4686
4687- Maybe fix a problem in the DLPI code.
4688
4689- Fix some error code space inconsistencies in ddns update code.
4690
4691- Support relay agents that intercept unicast DHCP messages to stuff
4692 agent options into them.
4693
4694- Fix a small memory leak in the relay agent option support code.
4695
c5b569f8
TL		 4696- Fix a core dump that would occur if a packet was sent with no
4697 options.
4698
adbef119 4699 Changes since 3.0 Beta 2 Patchlevel 14
754ae3e9
TL		 4700
4701- Finish fixing a long-standing bug in the agent options code. This
4702 was causing core dumps and failing to operate correctly - in
4703 particular, agent option stashing wasn't working. Agent option
4704 stashing should now be working, meaning that agent options can be
4705 used in class statements to control address allocation.
4706
4707- Fix up documentation.
4708
4709- Fix a couple of small memory leaks that would have added up
4710 significantly in a high-demand situation.
4711
4712- Add a log-facility configuration parameter.
4713
4714- Fix a compile error on some older operating systems.
4715
4716- Add the ability in the client to execute certain statements before
4717 transmitting packets to the server. Handy for debugging; not much
4718 practical use otherwise.
4719
4720- Don't send faked-out giaddr when renewing or bound - again, useful
4721 for debugging.
4722
adbef119 4723 Changes since 3.0 Beta 2 Patchlevel 13
2f2e7960
TL		 4724
4725- Fixed a problem where the fqdn decoder would sometimes try to store
4726 an option with an (unsigned) negative length, resulting in a core
4727 dump on some systems.
4728
4729- Work around the Win98 DHCP client, which NUL-terminates the FQDN
4730 option.
4731
4732- Work around Win98 and Win2k clients that will claim they want to do
4733 the update even when they don't have any way to do it.
4734
4735- Fix some log messages that can be printed when failover is operating
4736 that were not printing enough information.
4737
4738- It was possible for a DHCPDISCOVER to get an allocation even when
4739 the state machine said the server shouldn't be responding.
4740
4741- Don't load balance DHCPREQUESTs from clients in RENEWING and
4742 REBINDING, since in RENEWING, if we heard it, it's for us, and in
4743 REBINDING, the client wouldn't have got to REBINDING if its primary
4744 were answering.
4745
4746- When we get a bogus state lease binding state transition, don't do
4747 the transition.
9a111ee8 4748
2f2e7960 4749
adbef119 4750 Changes since 3.0 Beta 2 Patchlevel 12
66e98927
TL		 4751
4752- Fixed a couple of silly compile errors.
4753
a1e2e3d6
TL		 4754 Changes since 3.0 Beta 2 Patchlevel 11
4755
4756- Albert Herranz tracked down and fixed a subtle bug in the base64
4757 decoder that would prevent any key with an 'x' in its base64
4758 representation from working correctly.
4759
4760- Thanks to Chris Cheney and Michael Sanders, we have a fix for the
4761 hang that they both spotted in the DHCP server - when
4762 one-lease-per-client was set, the code to release the "other" lease
4763 could spin.
4764
4765- Fix a problem with alignment of the input buffer in bpf in cases
4766 where two packets arrive in the same bpf read.
4767
4768- Fix a problem where the relay agent would crash if you specified an
4769 interface name on the command line.
4770
4771- Add the ability to conditionalize client behaviour based on the
4772 client state.
4773
4774- Add support for the FQDN option, and added support for a new way of
4775 doing ddns updates (ddns update style interim) that allows more than
4776 one DHCP server to update the DNS for the same network(s). This
4777 was implemented by Damien Neil with some additional functionality
4778 added by Ted Lemon.
4779
4780- Damien added a "log" statement, so that the configuration file can
4781 be made to log debugging information and other information.
4782
4783- Fixed a bug that caused option buffers not to be terminated with an
4784 end option.
4785
4786- Fixed a long-standing bug in the support for option spaces where the
4787 options are stored as an ordered list rather than in a hash table,
4788 which could theoretically result in memory pool corruption.
4789
4790- Prevent hardware declarations with no actual hardware address from
4791 being written as something unparsable, and behave correctly in the
4792 face of a null hardware address on input.
4793
4794- Allow key names to be FQDNs, and qualify the algorithm name if it is
4795 specified unqualified.
4796
4797- Modify the DDNS update code so that it never prints the "resolver
4798 failed" message, but instead says *why* the resolver failed.
4799
4800- Officially support the subnet selection option, which now has an
4801 RFC.
4802
4803- Fix a build bug on MacOS X.
4804
4805- Allow administrator to disable ping checking.
4806
4807- Clean up dhcpd.conf documentation and add more information about how
4808 it works.
4809
6c68ec36
TL		 4810 Changes since 3.0 Beta 2 Patchlevel 10
4811
4812- Fix a bug introduced during debugging (!) and accidentally committed
4813 to CVS.
4814
9fd337e7
TL		 4815 Changes since 3.0 Beta 2 Patchlevel 9
4816
4817- Fix DHCP client handling of vendor encapsulated options.
4818
4819- Fix a bug in the handling of relay agent information options introduced
4820 in patchlevel 9.
4821
4822- Stash agent options on client leases by default, and use the stashed
4823 options at renewal time.
4824
4825- Add the ability to test the client's binding state in the client
4826 configuration language.
4827
4828- Fix a core dump in the DNS update code.
4829
4830- Fix some expression evaluation bugs that were causing updates to be
4831 done when no client hostname was received.
4832
4833- Fix expression evaluation debugging printfs.
4834
4835- Teach pretty_print_option to print options in option spaces other than
4836 the DHCP option space.
4837
4838- Add a warning message if the RHS of a not is not boolean.
4839
4840- Never select for more than a day, because some implementations of
4841 select will just fail if the timeout is too long (!).
4842
4843- Fix a case where a DHCPDISCOVER from an unknown network would be
4844 silently dropped.
4845
4846- Fix a bug where if a client requested an IP address for which a different
4847 client had the lease, the DHCP server would reallocate it anyway.
4848
4849- Fix the DNS update code so that if the client changes its name, the DNS
4850 will be correctly updated.
4851
3922772a
TL		 4852 Changes since 3.0 Beta 2 Patchlevel 8
4853
4854- Oops, there was another subtle math error in the header-length
4855 bounds-checking.
4856
4857 Changes since 3.0 Beta 2 Patchlevel 7
848c2547
TL		 4858
4859- Oops, forgot to byte-swap udp header length before bounds-checking it.
4860
3922772a 4861 Changes since 3.0 Beta 2 Patchlevel 6
0f6045f8 4862
f8572308
TL		 4863- Fix a possible DoS attack where a client could cause the checksummer
4864 to dump core. This was a read, not a write, so it shouldn't be
4865 possible to exploit it any further than that.
4866
4867- Implement client- and server-side support for using the Client FQDN
4868 option.
4869
4870- Support for other option spaces in the client has been added. This
4871 means that it is now possible to define a vendor option space on the
4872 client, request options in that space from the server (which must
4873 define the same option space), and then use those options in the
4874 client. This also allows NWIP and Client FQDN options to be used
4875 meaningfully.
4876
4877- Add object initializer support. This means that objects can now be
4878 initialized to something other than all-zeros when allocated, which
4879 makes, e.g., the interface object support code a little more robust.
4880
4881- Fix an off-by-one bug in the host stuffer. This was causing host
4882 deletes not the work, and may also have been causing OMAPI
4883 connections to get dropped. Thanks to James Brister for tracking
4884 this one down!
4885
4886- Fixed a core dump in the interface discovery code that is triggered
4887 when there is no subnet declaration for an interface, but the server
4888 decides to continue running. Thanks to Shane Kerr for tracking
4889 down and fixing this problem.
4890
4891 Changes since 3.0 Beta 2 Patchlevel 5
4892
0f6045f8
TL		 4893- Fix a bug in the recent enhancement to the interface discovery code
4894 to support arbitrary-length interface lists.
4895
4896- Support NUL-terminated DHCP options when initializing client-script
4897 environment.
4898
4899- Fix suffix operator.
4900
4901- Fix NetWare/IP option parsing.
4902
4903- Better error/status checking in dhcpctl initialization and omapi
4904 connection code.
4905
4906- Fix a potential memory smash in dhcpctl code.
4907
4908- Fix SunOS4 and (maybe) Ultrix builds.
4909
4910- Fix a bug where a certain sort of incoming packet could cause a core
4911 dump on Solaris (and probably elsewhere).
4912
4913- Add some more safety checks in error logging code.
4914
4915- Add support for ISC_R_INCOMPLETE in OMAPI protocol connection code.
4916
4917- Fix relay agent so that if an interface is specified on the command
4918 line, the relay agent does not dump core.
4919
4920- Fix class matching so that match if can be combined with match or
4921 spawn with.
4922
4923- Do not allow spurious leases in the lease database to introduce
4924 potentially bogus leases into the in-memory database.
4925
4926- Fix a byte-order problem in the client hardware address type code
4927 for OMAPI.
4928
4929- Be slightly less picky about what sort of hardware addresses OMAPI
4930 can install in host declarations.
4931
801de092
TL		 4932 Changes since 3.0 Beta 2 Patchlevel 4
4933
4934- Incorporated Peter Marschall's proposed change to array/record
4935 parsing, which allows things like the slp-agent option to be encoded
4936 correctly. Thanks very much to Peter for taking the initiative to
4937 do this, and for doing such a careful job of it (e.g., updating the
4938 comments)!
4939
4940- Added an encoding for the slp-agent option. :')
4941
6ed7a93d
TL		 4942- Fixed SunOS 4 build. Thanks to Robert Elz for responding to my
4943 request for help on this with patches!
4944
4945- Incorporated a change that should fix a problem reported by Philippe
4946 Jumelle where when the network connection between two servers is
4947 lost, they never reconnect.
4948
4949- Fix client script files other than that for NetBSD to actually use
4950 make_resolv_conf as documented in the manual page.
4951
4952- Fix a bug in the packet handling code that could result in a core
4953 dump.
4954
4955- Fix a bug in the bootp code where responses on the local net would
4956 be sent to the wrong MAC address. Thanks to Jerry Schave for
4957 catching this one.
4958
490eb5e7
TL		 4959 Changes since 3.0 Beta 2 Patchlevel 3
4960
4961- In the DHCP client, execute client statements prior to using the values
45d545f0 4962 of options, so that the client configuration can overridden, e.g., the
490eb5e7
TL		 4963 lease renewal time.
4964
4965- Fix a reference counting error that would result in very reproducible
4966 failures in updates, as well as occasional core dumps, if a zone was
4967 declared without a key.
4968
4969- Fix some Linux 2.0 compilation problems.
4970
4971- Fix a bug in scope evaluation during execution of "on" statements that
4972 caused values not to be recorded on leases.
4973
4974- If the dhcp-max-message-size option is specified in scope, and the
4975 client didn't send this option, use the one specified in scope to
4976 determine the maximum size of the response.
4977
592d8153
TL		 4978 Changes since 3.0 Beta 2 Patchlevel 2
4979
359b023e
TL		 4980- Fix a case where spawning subclasses were being allocated
4981 incorrectly, resulting in a core dump.
4982
592d8153
TL		 4983- Fix a case where the DHCP server might inappropriately NAK a
4984 RENEWING client.
4985
4986- Fix a place dhcprequest() where static leases could leak.
4987
4988- Include memory.h in omapip_p.h so that we don't get warnings about
4989 using memcmp().
4990
2aa36519
TL		 4991 Changes since 3.0 Beta 2 Patchlevel 1
4992
4993- Notice when SIOCFIGCONF returns more data than fit in the buffer -
4994 allocate a larger buffer, and retry. Thanks to Greg Fausak for
4995 pointing this out.
4996
4997- In the server, if no interfaces were configured, report an error and
4998 exit.
4999
5000- Don't ever record a state of 'startup'.
5001
5002- Don't try to evaluate the local failover binding address if none was
5003 specified. Thanks to Joseph Breu for finding this.
Mirror of https://github.com/isc-projects/dhcp.git