Internet Systems Consortium DHCP Distribution
- Version 4.4.0-dev
- 29 March 2016
+ Version 4.4.3-P1
+ ? ????? 2022
+ Release Notes
- Release Notes
+ NEW FEATURES
- NEW FEATURES
+Please note that that ISC DHCP is licensed under the Mozilla Public
+License, MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read
+the MPL 2.0 license terms.
-The major "theme" for ISC DHCP 4.4.x ....
+NOTE: The client and relay components are now End-Of-Life.
+4.4.3 is the final release for those components.
- <TBD PRIOR TO RELEASE OF 4.4.0>
-
-For information on how to install, configure and run this software, as
+For information on how to install, configure, and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
-ISC DHCP uses standard GNU configure for installation. Please review the
-output of "./configure --help" to see what options are available.
+ISC DHCP uses the standard GNU configure command for installation. Please review the
+output of `./configure --help` to see what options are available.
-The system has only been tested on Linux, FreeBSD, and Solaris, and may not
-work on other platforms. Please report any problems and suggested fixes to
-<dhcp-users@isc.org>.
+The system has only been tested on Linux and FreeBSD, and may not work on
+other platforms. Please subscribe to the dhcp-users mailing list at
+https://lists.isc.org/mailman/listinfo/dhcp-users and report any problems
+and/or suggested fixes to dhcp-users@lists.isc.org.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
-Please note that as of version 4.4.0, ISC DHCP is licensed under the Mozilla
-Public License, MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/
-to read the MPL 2.0 license terms.
+ Changes since 4.4.3 (Bug Fixes)
+
+! Corrected a reference count leak that occurs when the server builds
+ responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
+ Lab for reporting the issue.
+ [Gitblab #253]
+ CVE: CVS-2022-2928
+
+ Changes since 4.4.2-P1 (New Features)
+
+- Two new OMAPI function calls were added, `dhcpctl_timed_connect()`
+ and `dhcpctl_timed_wait_for_completion()`. These provide timed
+ versions of creating a connection and waiting for an operation
+ to complete.
+ [GitLab #76]
+
+- The BIND libraries have been updated to the latest version, 9.11.36. This fixes a number
+ of compilation issues on various systems, including OpenWRT. Thanks to
+ Philip Prindeville for testing on OpenWRT.
+ [GitLab #218, #171, #180, #192]
+
+- Support was added for the new DHCPv4 option v6-only-preferred, specified
+ in RFC 8925. A new reason code, V6ONLY, was added to the client script
+ and the client Linux script sample was updated.
+ [GitLab #132]
+
+ Changes since 4.4.2-P1 (Bug Fixes)
+
+- Minor corrections were made to allow compilation under gcc 10.
+ [GitLab #117]
+
+- The logic in dhclient that causes it to decline DHCPv4 leases if the
+ client script exits abnormally (i.e. crashes) has been corrected.
+ [GitLab #123]
+
+- The limit on the size of a lease file that can be loaded at startup
+ is now only enforced on 32-bit systems.
+ [GitLab #92]
+
+- The PRNG initialization has been improved. It now uses the configure flag
+ `--with-randomdev=PATH`, which specifies the device from which to read the
+ initial seed. That is typically `/dev/random` (the default value) or
+ `/dev/urandom`, but may be specified otherwise on the local system. The old
+ behavior can be forced by disabling this feature (`--with-randomdev=no`).
+ If the initialization is disabled or reading from the random device fails,
+ the previous algorithm (retrieve the last four bytes of hardware addresses
+ from all network interfaces that have them, and use the current time and
+ process ID) is used.
+ [GitLab #197]
+
+- A minor dhclient code fix was made to remove compilation warnings.
+ [GitLab #190]
+
+- The hard-coded MD5 algorithm name was removed in OMAPI connection logic.
+ Previously, using any other algorithm via a key-algorithm statement would
+ allow OMAPI connections to be made, but subsequent actions such as updating
+ an object would fail.
+ [GitLab #148]
+
+- The parallel build has been improved. Thanks to Sergei Trofimovich for
+ the patch. The parallel build is still experimental, as officially the
+ BIND 9 code does not support the parallel build for libraries.
+ [GitLab #91]
+
+- Handling of LDAP options (`ldap-gssapi-principal` and `ldap-gssapi-keytab`)
+ has been improved. This is contributed code that has not been tested by ISC. Thank
+ you to Petr Mensik and Pavel Zhukov for the patches!
+ [GitLab !56,!75]
+
+- It is now possible to use `option -g ipaddr` in the dhcrelay to replace the giaddr sent to
+ clients with the given ipaddr, to work around bogus clients like Solaris 11
+ grub which use giaddr instead of the announced router (3) to set up their
+ default route. Thanks to Jens Elkner for the patch!
+ [GitLab #223, !86, !92]
+
+ Changes since 4.4.2 (Bug Fixes)
+
+- Corrected a buffer overwrite possible when parsing hexadecimal
+ literals with more than 1024 octets.
+ [Gitlab #182]
+ CVE: CVE-2021-25217
+
+ Changes since 4.4.2b1 (Bug Fixes)
+
+- Added a clarification on DHCPINFORMs and server authority to
+ dhcpd.conf.5
+ [Gitlab #37]
+
+- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
+ is defined.
+ [Gitlab #72]
+
+- Added the interface name to socket initialization failure log messages.
+ Prior to this the log messages stated only the error reason without
+ stating the target interface.
+ [Gitlab #75]
+
+- Corrected buffer pointer logic in dhcrelay functions that manipulate
+ agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
+ & Mitigations for reporting the issue.
+ [Gitlab #71]
+
+- Corrected unresolved symbol errors building relay_unittests when
+ configured to build using libtool.
+ [Gitlab #80]
+
+ Changes since 4.4.1 (New Features)
+
+- A new configuration parameter, ping-cltt-secs (v4 operation only), has
+ been added to allow the user to specify the number of seconds that must
+ elapse since CLTT before a ping check is conducted. Prior to this, the
+ value was hard coded at 60 seconds. Please see the server man pages for
+ a more detailed discussion.
+ [ISC-Bugs #36283]
+
+- A new configuration parameter, ping-timeout-ms (v4 operation only),
+ has been added that allows the user to specify the amount of time
+ the server waits for a ping-check response in milliseconds rather
+ than in seconds (via ping-timeout). When greater than zero, the value
+ of ping-timeout-ms will override the value of ping-timeout. Thanks
+ to Jay Doran from Bluecat Networks for suggesting this feature.
+ [Gitlab #10]
+
+- An experimental tool called, Keama (KEA Migration Assistant), which helps
+ translate ISC DHCP configurations to Kea configurations, is now included
+ in the distribution.
+ [Gitlab #34]
+
+ Changes since 4.4.1 (Bug Fixes)
+
+- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
+ carried out over TCP rather than UDP. The coding error was exposed by
+ migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
+ reporting the issue.
+ [ISC-Bugs #47757]
+
+- Bind9 now defaults to requiring python to build. The Makefile for
+ building Bind9 when bundled with ISC DHCP was modified to turn off
+ this dependency.
+ [Gitlab #3]
+
+- Corrected a dual-stack mixed-mode issue that occurs when both
+ ddns-guard-id-must-match and ddns-other-guard-is-dynamic
+ are enabled and that caused the server to incorrectly interpret
+ the presence of a guard record belonging to another client as
+ a case of no guard record at all. Thanks to Fernando Soto
+ from BlueCat Networks for reporting this issue.
+ [Gitlab #1]
+
+- Corrected a compilation issue that occurred when building without DNS
+ update ability (e.g. by undefining NSUPDATE).
+ [Gitlab #16]
+
+- Corrected an issue that was causing the server, when running in
+ DHPCv4 mode, to segfault when class lease limits are reached.
+ Thanks to Peter Nagy at Porion-Digital for reporting the matter
+ and submitting a patch.
+ [Gitlab #13]
+
+- Made minor changes to eliminate warnings when compiled with GCC 9.
+ Thanks to Brett Neumeier for bringing the matter to our attention.
+ [Gitlab #15]
+
+- Fixed potential memory leaks in parser error message generation
+ spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
+ [Gitlab #30]
+
+- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
+ to Tommy Smith for contributing the patch.
+ [Gitlab #26]
+
+- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
+ reporting the issue.
+ [GitLab #19]
-Older versions already published under the ISC license will remain under the
-ISC license. Those unsure whether or not the license change affects their use
-of ISC DHCP, or who wish to discuss how to comply with the license may contact
-ISC at info@isc.org or use https://www.isc.org/mission/contact/.
+- Applied a patch from OpenBSD to always set the scope id of outbound
+ DHPCv6 packets. Note this change only applies when compiling under
+ OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our
+ attention.
+ [Gitlab #33]
+
+- Modified dhclient to not discard config file leases that are
+ duplicates of server-provided leases and to retain such leases
+ after they have been used as the fallback active lease and
+ DHCP service has been restored. This allows them to be used
+ more than once during the lifetime of a dhclient instance.
+ This applies to DHCPv4 operation only.
+ [Gitlab #9]
+
+- Corrected a number of reference counter and zero-length buffer leaks.
+ Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
+ pointing them out.
+ [Gitlab #57]
+
+- Closed a small window of time between the installation of graceful
+ shutdown signal handlers and application context startup, during which
+ the receipt of shutdown signal would cause a REQUIRE() assertion to
+ occur. Note this issue is only visible when compiling with
+ ENABLE_GENTLE_SHUTDOWN defined.
+ [Gitlab #53]
+
+- Corrected a buffer overflow that can occur when retrieving zone
+ names that are more than 255 characters in length.
+ [Gitlab #20]
+
+- The "d" domain name option format was incorrectly handled as text
+ instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
+ for reporting this issue.
+ [Gitlab #2]
+
+- Improved the error message issued when a host declaration has both
+ a uid and a dhcp-client-identifier. Server configuration parsing will
+ now fail if a host declaration specifies more than one uid.
+ [Gitlab #7]
+
+- Updated developer's documentation on building and running unit tests.
+ Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
+ source.
+ [Gitlab #35]
+
+- Fixed a syntax error in ldap.c which cropped up under Ubuntu
+ 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
+ [Gitlab #51]
+
+- Added clarification to dhcp-options.5 section on ip-address values
+ describing the first-use DNS resolution of options with hostnames as
+ values (e.g. next-server).
+ [Gitlab #28]
+
+- The option format for the server option omapi-key was changed to a
+ format type 'k' (key name); while server options ldap-port and
+ ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
+ three options were inadvertantly broken when the 'd' format content
+ was changed to comply with RFC 1035 wire format (see Gitlab #2).
+ [Gitlab #68]
+
+ Changes since 4.4.0 (New Features)
+- none
+ Changes since 4.4.0 (Bug Fixes)
+
+- A delayed-ack value of 0 (the default), now correctly disables the delayed
+ feature. A change in 4.4.0 prohibited lease updates marking leases active
+ from be written to the lease file when delayed-ack is 0. This in turn,
+ caused servers to lose active lease assignments upon restart.
+ [ISC-Bugs #47141]
+
+! Option reference count was not correctly decremented in error path
+ when parsing buffer for options. Reported by Felix Wilhelm, Google
+ Security Team.
+ [ISC-Bugs #47140]
+ CVE: CVE-2018-5733
+
+! Corrected an issue where large sized 'X/x' format options were causing
+ option handling logic to overwrite memory when expanding them to human
+ readable form. Reported by Felix Wilhelm, Google Security Team.
+ [ISC-Bugs #47139]
+ CVE: CVE-2018-5732
+
+- Added use of new Bind9 compatibility header files, that are now necessary
+ to supply type definitions for primitive data types, removed from Bind9
+ proper. Altered util/bind.sh to pull from Bind9 repo on gitlab.
+ [ISC-Bugs #48072]
+ [ISC-Bugs #48071]
+
+ Changes since 4.4.0b1 (New Features)
+
+- Duplicate address detection when binding to a new IPv6 address was added
+ to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
+ The scripts will check for DAD errors after binding to a new IPv6 address
+ for at most --dad-wait-time seconds. If a DAD error is detected the script
+ will exit with a value of 3, instructing dhclient to decline the address. If
+ dad-wait-time is zero (the default), DAD error checking is not peformed.
+ [ISC-Bugs 46805]
+
+- Support for sending and receiving additional DHCP4 options has been added
+ to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97
+ (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071).
+ Beyond configuring, sending, requesting, and receiving these options neither
+ server nor client apply any additional logic based on their values.
+ Thanks to Peter Lewis for requesting this change.
+ [ISC-Bugs 47062]
+
+ Changes since 4.4.0b1 (Bug Fixes)
+
+- Added clarifying text to dhcpd.conf.5 explaining the class match expressions
+ cannot rely on the results of executable statements.
+ [ISC-Bugs #45451]
+
+- Fixed a bug which causes dhcpd and dhclient to crash on certain
+ systems when given relative path names for lease or pid files on
+ the command line. Affected systems are those on which the C library
+ function, realpath() does not support a second parameter value of
+ NULL (see manpages for realpath(3)).
+ [ISC-Bugs #46957]
+
+- Fixed a build issue when building with embedded BIND9 under OpenBSD that
+ was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
+ [ISC-Bugs #46971]
+
+- Added <dhcp>/m4/README to the distribution tarball. Some versions of
+ ac_local() treat the absence of the m4 subdirectory as error rather than
+ warning. This was causing the call to autoreconf, necessary for building
+ with libtool, to fail.
+ [ISC-Bugs #47075]
+
+ Changes since 4.4.0a1 (New Features)
+
+- Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
+ feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be
+ enabled at compile time via --enable-relay-port and is fully backward
+ compatible (i.e. works with previous implementations of servers and relays
+ using the standard ports). A new --rp <relay-port> command line option
+ specifies to dhcrelay an alternate source port for upstream (i.e. toward
+ the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco
+ systems for submitting these patches.
+ [ISC-Bugs #44535]
+
+- Added --release-on-roam to dhcpd server. When enabled and the server detects
+ that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
+ the pre-existing leases on the old network and emit a log statement similar
+ to the following:
-We welcome comments from DHCP users, about this or anything else we do. Email
-Vicky Risk, Product Manager at vicky@isc.org or discuss on
-dhcp-users@lists.isc.org.
+ "Client: <id> roamed to new network, releasing lease: <address>"
- Changes since 4.3.0 (new features)
+ The server will carry out all of the same steps that would normally occur
+ when a client explicitly releases a lease. This behavior is disabled by
+ default and may only be specified globally. Prior to this the server renders
+ the leases unavailable until they expire or the server is restarted. Clients
+ that need leases in multiple networks must supply a unique IAID in each IA.
+ When release-on-roam is disabled (the default) the server maintains the
+ prior behavior of making such leases unavailable until they expire or the
+ server is restarted. Clients that need leases in multiple networks must
+ supply a unique IAID in each IA. This parameter may only be specified at
+ the global level. Thanks to Fernando Soto from BlueCat Networks for
+ suggesting this change.
+ [ISC-Bugs #44576]
+ [ISC-Bugs #46849]
+
+- Support for delayed-ack is now compiled in by default. Prior to this
+ it had to be enabled at compile time via --enable-delayed-acks. The
+ default value for delayed-ack, however, has been changed from 28 to 0
+ (i.e. disabled). This was done to minimize the impact on users not
+ currently using the feature. Please note that the delayed-ack feature
+ is not currently compatible with support for DHPCv4-over-DHCPv6 so
+ when a 4to6 port command line argument enables this in the server the
+ delayed-ack value is reset to 0.
+ [ISC-Bugs #42446]
+
+- The server (-6) now honors the parameter, update-static-leases, for static
+ (fixed-address6) DHCPv6 leases. It is worth noting that because stateful
+ data is not retained by the server for static leases, each time a client
+ requests or renews a static lease, the server will perform DDNS updates for
+ it. This may have significant performance implications for environments
+ with many clients that request or renew static leases often. Similarly,
+ the DNS entries will not be removed by server when a client issues a RELEASE
+ nor if the lease is deleted from the configuration. In such cases the DNS
+ entries must be removed manually. This feature is disabled by default.
+ Thanks to both Bill Shirley and dgutier-at-cern-dot-ch for requesting
+ this change.
+ [ISC-Bugs #34097]
+ [ISC-Bugs #41054]
+ [ISC-Bugs #41450]
+
+- Added to the server (-6) a new statement, local-address6, which specifies
+ the source address of packets sent by the server. An additional flag,
+ bind-local-address6, disabled by default, binds the service socket to
+ to local-address6. Note that bind-local-address does not work with direct
+ clients: a relay has to forward packets to the server using the
+ local-address6 destination.
+ [ISC-Bugs #46084]
+
+ Changes since 4.4.0a1 (Bugs)
+
+- The server now recognizes environment variables PATH_DHCPD_DB and
+ PATH_DHCPD_PID. These had been incorrectly compiled out of the code
+ unless DHCPv6 support was disabled. Additionally, the server man
+ pages were corrected to accurately reflect how the server chooses
+ file names (see lease-file-name and pid-file-name statements). Thanks
+ to Fernando Soto at Bluecat Networks for bringing this matter to our
+ attention.
+ [ISC-Bugs #46859]
-- Insert the raw data from a fully encapsualted option into the option cache.
- This allows "exists" to check for the option if any sub options exist. It
- also adds the raw data to the environment variables supplied to the client
- script.
- [ISC-Bugs #39863]
-
-- Pass configure arguments which begin with an upper case letter, e.g.
- CFLAGS, to the embedded bind configure, so it is no longer required
- to use environment variables to get the same effect.
- [ISC-Bugs #35143]
-
-- Added --enable-kqueue, --enable-epoll, --enable-devpoll and a more
- general --with-bind-extra-config to pass extra options to the
- embedded bind configure. Note we had mixed experiences with this
- so it is at the user risk, i.e., they are NOT SUPPORTED yet.
- [ISC-Bugs #20890]
-
-- Changed the way the embedded bind Makefile is updated by configure.
- The only user visible side effect is that --with-libbind now requires
- either "no" or an (absolute) path, i.e. "yes" is no longer valid.
- [ISC-Bugs #43227]
-
-- Added the support for git repositories in the util/bind.sh script.
- When you build ISC DHCP from a git repo, i.e., without a "bind"
- directory populated as in the release distribution file, you may now
- create the bind directory, change to it and clone the private
- (repo.isc.org/proj/git/prod/bind9.git) or the public
- (https://source.isc.org/git/bind9.git) git repository into
- bind/bind9 and then invoke the util/bind.sh script as usual.
- Note this option is incompatible with "make dist" (and make "distcheck")
- because no bind/bind.tar.gz nor bind/version.tmp files are available.
- [ISC-Bugs #43236]
-
-- Use the embedded bind libraries where they are built (vs where they
- are installed).
- [ISC-Bugs #39319]
-
-- Use last version (9.11) of plain embedded bind libraries in place of
- older (9.9) version of export bind libraries.
- [ISC-Bugs #43215]
-
-- Using "make distcheck" now works with external bind libraries (aka
- configure --with-libbind).
- [ISC-Bugs #43285]
+- Removed an "Impossible condition" error upon exit in the dhcpd server that
+ has been shutdown via OMAPI. This condition was only apparent under Solaris
+ when building with --enable-use-sockets and --enable-ipv4-pktinfo.
+ [ISC-Bugs #36118]
-- The server now allows the client identifier (option 61) to own leases
- in more than one subnet concurrently. Prior to this the server would
- incorrectly release an existing lease in one subnet prior to assigning
- a lease in another subnet. Note that the prior behavior can be still
- be achieved by enabling one-lease-per-client. Thanks to both David Zych at
- the University of Illinois and Norm Proffitt of Infoblox for reporting
- the issue; and Norm for suggesting a solution.
- [ISC-Bugs #41358]
+- Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
+ [ISC-Bugs #46836]
+
+- Added missing text to dhclient.8 and expanded release note coverage
+ for --address-prefix-len changes.
+
+ Changes since 4.3.6 (New Features)
- Added --enable-bind-install to install embedded bind includes and
libraries. Default is to not install them (it was the previous
includes/site.h. This flag is undefined by default.
[ISC-Bugs #43927]
-- Added new compile time option --with-srv-conf-file which specifies a
- default location of the server configuration file.
- [ISC-Bugs #44765]
-
-- Added --dad-wait-time parameter to dhclient. It specifies the maximum time,
- in seconds, that the client process should wait for the duplicate address
- detection to complete before initiating DHCP requests. This value is
- propagated to the dhclient script and the script is responsible for waiting
- the specified amount of time or until DAD has completed. If the script does
- not support it, specifying this parameter has no effect. The default value
- is 0 which specifies that the script should not wait for DAD. With this
- change the following scripts have been modified to support the new parameter:
- freebsd, linux, macos, netbsd, openbsd.
- [ISC-Bugs #36169]
-
-- Modified DDNS support initialization such that DNS related ports will only be
- opened by the server (dhcpd) at startup if ddns-update-style is not "none";
- by dhclient only if and when the it first attempts an update; and never by
- dhcrelay. Prior to this all three always did the initialization at startup
- which causes them to always open on and listen for traffic on two random
- ports. Thanks to Rodney Beede for reporting the issue.
- [ISC-Bugs #45290]
- [ISC-Bugs #33377]
-
-- Added error logging to two memory allocation failure checks. Thanks to Bill
- Parker (wp02855 at gmail dot com) for reporting the issue.
- [ISC-Bugs #41185]
-
-- Corrected a dhclient -6 issue that caused the client to crash with an
- "Impossible condition" error after de-preferencing its only IA binding.
- The crash occurred when server configuration changes rendered the existing
- binding out-of-range and no other leases were available to offer. Thanks
- to Pierre Clerissi for bringing this issue to our attention.
- [ISC-Bugs #44373]
-
-- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will
- now call the script with reason set to FAIL when run with -1 (one try) and
- there are no server responses. This applies to IPv4 mode only. Thanks for a
- patch by Martin Pitt which got to us via Andrew Pollock.
- [ISC-bugs #18183]
-
-- Linux script updated. The script is now based on Debian version. It uses
- ip tool from iproute2 package and ifconfig is no longer used. This also
- addresses an issue of calling arping with inappropriate parameter.
- [ISC-bugs #19430]
- [ISC-bugs #18111]
-
-- The directory minires has been removed from the source tree. It has
- long been obsolete for branches other than v4_1_esv. Additionally,
- includes/minires.h was renamed includes/ns_name.h.
- [ISC-bugs #45471]
-
- The directory includes/isc-dhcp and it's only occupant, dst.h, have
been removed from the source tree. They are obsolete for branches
other than v4_1_esv.
- Added a new dhclient command line parameter, --prefix-len-hint <length>.
When used in conjunction with -P, it directs dhclient to use the given
- length as the prefix length hint when requesting prefixes. Thanks to
- H. Peter Anvin for suggesting this change.
- [ISC-Bugs #43792]
- [ISC-Bugs #35112]
- [ISC-Bugs #32228]
- [ISC-Bugs #29470]
+ length as the prefix length hint when requesting prefixes. Thanks to both
+ Indy, of the FireballISO open source project and H. Peter Anvin for
+ suggesting this change.
+ [ISC-Bugs #43792]
+ [ISC-Bugs #35112]
+ [ISC-Bugs #32228]
+ [ISC-Bugs #29470]
- dhclient will now wait for 10 seconds after declining an IPv4 address
before issuing a discover. This is in keeping with RFC 2131, section 3.1.5.
waits can be specified via a new command line parameter:
--decline-wait-time <seconds>. A value of zero equates to no wait at all.
Thanks to Pavel Kankovsky for bringing this matter to our attention.
+ **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
[ISC-Bugs #45457]
-- Corrected dhclient command line parsing for --dad-wait-time that causes
- even valid values to fail as invalid on some environments.
- [ISC-Bugs #46535]
-
- dhclient will now include the lease address when logging DHCPOFFERs,
DHCPREQUESTs, DHCPACKs, DHCPRELEASEs, and DHCPDECLINEs. Additionally,
DHCPOFFERs will be logged before their corresponding DHCPREQUESTs are
Note, the client script must exit with a value of 3 to signify that the
address failed DAD. Thanks to Jiri Popelka of Red Hat for submitting the
patch that was the foundation for this change.
+ **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
[ISC-Bugs #21237]
[ISC-Bugs #23357]
[ISC-Bugs #36966]
doing load balancing within failover.
[ISC-Bugs #45364]
-- If the server detects that a DHCPv6 client (IAID+DUID) has roamed to a new
- network, it will now automatically release pre-existing leases on the old
- network. When this occurs the server will emit a log statement:
-
- "Client: <id> roamed to new network, releasing lease: <address>"
-
- The server will carry out all of the same steps that would normally occur
- when a client explicitly releases a lease. Prior to this the server simply
- dropped the pre-existing leases on the floor without doing the appropriate
- clean-up. Clients that need leases in multiple networks must supply a
- unique IAID in each IA. Thanks to Fernando Soto from BlueCat Networks for
- reporting the issue.
- [ISC-Bugs #44576]
-
-- The ability of the server to send back dhcp6.vendor-opts values has been
- restored. A change in 4.3.5 (see #29246) which enabled it to send back the
- FQDN option unfortunately broke its ability send back dhcp6.vendor-opts.
- Thanks to Sumant Gupta (sumantgupta at gmail dot com) of Landis+Gry for
- bringing this issue to our attention.
- [ISC-Bugs #46427]
-
- The default value for server (-6) parameter, prefix-length-mode, has been
changed from "exact" to "prefer". In "prefer" mode the server will offer
the first available prefix with the same length as that requested by the
client. If none are found then it will offer the first available prefix of
any length. This is more in line with with RFC 8168 and should improve
the out-of-the-box user experience.
+ **NOTE: THIS IS CHANGE IN DEFAULT BEHAVIOR.
[ISC-Bugs #45615]
- Added support for 'dhcp-cache-threshold' to IPv6 operation: If a client
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
- 3. ddns-other-guard is-dynamic - alters dual-stack-mixed-mode behavior to
+ 3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
[ISC-Bugs #42620]
[ISC-Bugs #42621]
[ISC-Bugs #45046]
- Changed the default value of the prefix length passed by dhclient into the
- client script for each IPv6 address, from 64 to 128. In addition, dhclient
- now supports a command line argument, --address-prefix-len <len>, which may
- be used to override the default value. PLEASE NOTE: If your DHCPv6 clients
- require a value other than 128, you MUST specify the value via this new
- command line argument. Prior to this the only way to alter the value was at
- compile time by changing DHCLIENT_DEFAULT_PREFIX_LEN in include/sites.h.
+ client script for each IPv6 address from 64 to 128. This was done to comply
+ with RFC3315bis draft (-09, page 64) and RFC5942, Section 4, point 1.
+ In addition, dhclient now supports a command line argument,
+ --address-prefix-len, which may be used to override the default value.
+ **WARNING**: This change may not be backwardly compatible with your
+ environment. If you are operating without a router, such as between VMs on
+ a host, you may find they cannot see each with prefix length of 128. In
+ such cases, you'll need to either provide routing or use the command line
+ parameter to set the value to 64. Alternatively you may change the default
+ at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN in includes/site.h.
[ISC-Bugs #23252]
[ISC-Bugs #37221]
- Changes since 4.3.0 (bug fixes)
+- Modified dhclient (-6) to bypass sending a confirm (INIT REBOOT) when it has
+ only expired address associations. Thanks to Jiri Popelka at Red Hat for
+ raising the issue and submitting the patch.
+ [ISC-Bugs #22675]
+ Changes since 4.3.6 (Bugs):
-- Tidy up several small tickets.
- Correct parsing of DUID from config file, previously the LL type
- was put in the wrong place in the DUID string.
- [ISC-Bugs #20962]
+- Corrected an issue where the server would return a client's previously
+ released prefix lease even when the client provides a prefix length
+ hint that does not match the prior lease. Now the server will only
+ return the previous lease if it exactly matches the hint. If not
+ it will attempt to allocate a new prefix based on the hint and the
+ prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications
+ for pointing out the error of our ways.
+ [ISC-bugs #45780]
- Add code to parse "do-forward-updates" as well as "do-forward-update"
- Thanks to Jiri Popelka at Red Hat.
- [ISC-Bugs #31328]
+- Added explicit include of BIND9 isc/util.h to adapt to revisions
+ in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing
+ with implicit function declarations errors for POST() and INSIST().
+ [ISC-bugs #46332]
- Remove log_priority as it isn't currently used.
- [ISC-Bugs #33397]
+- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132
+ states the option cannot be empty, some clients are apparently capable of
+ sending it. Prior to this the server was attempting to use it and store it
+ in the lease file causing issues with DDNS and so forth.
+ [ISC-bugs #43786]
- Increase the size of the buffer used for reading interface information.
- [ISC-Bugs #34858]
+- Corrected dhclient command line parsing for --dad-wait-time that causes
+ even valid values to fail as invalid on some environments.
+ [ISC-Bugs #46535]
-- Remove an extra set of the msg_controllen variable.
- [ISC-Bugs #21035]
+- Replaced iasubopt::heap_index with separate values for active and inactive
+ heaps: iasubopt::active_index and iasubopt::inactive_index. This was done
+ to accommodate a change in behavior in BIND9 isc_heap_delete().
+ [ISC-bugs #46719]
-- Add a more understandable error message if a configuration attempts
- to add multiple keys for a single zone. Thanks to a patch from Jiri
- Popelka at Red Hat.
- [ISC-Bugs #31892]
+! Plugged a socket descriptor leak in OMAPI, that can occur when there is
+ data pending to be written to an OMAPI connection, when the connection
+ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
+ this issue to our attention and whose patch helped guide us in the right
+ direction.
+ [ISC-Bugs #46767]
-- Fix some minor issues in the dst code.
- [ISC-Bugs #34172]
+- The ability of the server to send back dhcp6.vendor-opts values has been
+ restored. A change in 4.3.5 (see #29246) which enabled it to send back the
+ FQDN option unfortunately broke its ability send back dhcp6.vendor-opts.
+ Thanks to Sumant Gupta (sumantgupta at gmail dot com) of Landis+Gry for
+ bringing this issue to our attention.
+ [ISC-Bugs #46427]
-- Properly #ifdef functions so that the code can compile without NSUPDATE.
- [ISC-Bugs #35058]
+ Changes since 4.3.6b1
-- Update the partner's stos (start time of state, basically when we last
- heard from this partner) field when updating the state in failover.
- [ISC-Bugs #35549]
+- None
-- Modify the overload processing to allow space for the remote agent ID.
- [ISC-Bugs #35569]
- Handle the ordering of the SUBNET_MASK option even if it is the last
- option in the list.
- [ISC-Bugs #24580]
+ Changes since 4.3.5
-- Remove the code that allows a server to follow RFC3315 instead of
- the subsequent errata from August 2010 when determining which IAs
- to include if no addresses will be assigned.
- [ISC-Bugs #28938]
+- The server now allows the client identifier (option 61) to own leases
+ in more than one subnet concurrently. Prior to this the server would
+ incorrectly release an existing lease in one subnet prior to assigning
+ a lease in another subnet. Note that the prior behavior can be still
+ be achieved by enabling one-lease-per-client. Thanks to both David Zych at
+ the University of Illinois and Norm Proffitt of Infoblox for reporting
+ the issue; and Norm for suggesting a solution.
+ [ISC-Bugs #41358]
-- Remove unused RCSID tags.
- [ISC-Bugs #35846]
+- When replying to a DHCPINFORM, the server will now include options specified
+ at the pool scope, provided the ciaddr field of the DHCPINFORM is populated.
+ Prior to this the server only evaluated options down to the subnet scope.
+ Thanks to Fernando Soto at BlueCat Networks for reporting the issue.
+ [ISC-Bugs #43219]
+ [ISC-Bugs #45051]
-- Correct the v6 client timing code. When doing the timing backoff
- for MRT limit it to MRD.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #21238
+- When memory allocation fails in a repeated way the process writes
+ "Run out of memory." on the standard error and exists with status 1.
+ [ISC-Bugs #32744]
-- Add a log entry when killing a client and remove the PID files
- when a server, relay or client are killed.
- [ISC-Bugs #16970]
- [ISC-Bugs #17258]
+- The new lmdb (Lightning Memory DataBase) bind9 configure option is
+ now disabled by default to avoid the presence of this library to be
+ detected which can lead to a link failure.
+ [ISC-Bugs #45069]
-- Some minor cleanups in the client code.
- In addition to checking for dhcpc check for bootpc in the services list.
- [ISC-Bugs #18933]
- Correct the client code to only try to get a lease once when the
- given the "-1" argument.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #26735]
- When asked for the version don't send the output to syslog.
- [ISC-Bugs #29772]
- Add the next server information to the environment variables for
- use by the client script. In order to avoid changing the client
- lease file the next server information isn't written to it.
- Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
- [ISC-Bugs #33098]
+- The linux interface discovery code has been modified to use getifaddrs()
+ as is done for BSD and OS-X. Prior to this the code would only recognize
+ the first address on an interface and thereby omit vlans.
+ Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei
+ Kong at Novell, who all submitted patches.
+ [ISC-Bugs #28761]
+ [ISC-Bugs #31992]
+ [ISC-Bugs #25428]
+ [ISC-Bugs #31940]
+ [ISC-Bugs #32935]
-- Several updates to the dhcp server code.
- When not in quiet mode print out the files being used.
- [ISC-Bugs #17551]
- As accessing some pid files may require privileges move the dropping
- of permission bits due to the paranoia patch to be after the pid code.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #25806]
- When processing a "--version" request don't output the version information
- to syslog.
+- Fixed a bug in OMAPI that causes omshell to crash when a name-value
+ pair with a zero length value is shipped in an object. Thanks to
+ Fernando Soto at BlueCat Networks for reporting the issue and
+ supplying the patch.
+ [ISC-Bugs #29108]
-- Add the "enable-log-pid" build option to the configure script. When enabled
- this causes the client, server and relay programs to include the PID
- number in syslog messages.
- Thanks to Marius Tomaschewski for the suggestion and proto-patch.
- [ISC-Bugs #29713]
+- On 64-bit platforms, dhclient now generates the correct value for the
+ script environment variable, "expiry", the lease expiry value exceeds
+ 0x7FFFFFFF. Prior to this such values would produce negative values
+ for expiry in the script environment.
+ [ISC-Bugs #43326]
-- Add a #define to specify the prefix length used when a client attempts
- to configure an address. This can be modified by editing includes/site.h.
- By default it is set to 64. While 128 might be a better choice it would
- also be a change for currently running systems, so we have left it at 64.
- [ISC-Bugs #DHCP-2]
+- Common timer logic was modified to cap the maximum timeout values at
+ 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of
+ range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for
+ reporting the issue.
+ [ISC-Bugs #28038]
-- Add a run time option to the client "-df" to allow the administrator to
- point to a second lease file the client can search for a DUID. This can
- be used to allow a v4 and a v6 instance of the client to share a DUID.
- The second file will only be searched if there isn't a DUID in the main
- lease file and the DUID will be written out to the main lease file.
- [ISC-Bugs #34886]
+- DHCP6 FQDN option unpacking code now correctly handles values that contain
+ spaces, special, or non-printable characters. Prior to this the buffer
+ size needed was underestimated causing a conversion error message to
+ be logged and DNS updates to be skipped. Thanks to Fernando Soto at
+ BlueCat Networks for bringing the matter to our attention.
+ [ISC-Bugs #43592]
-- Have the client fsync the lease file to avoid lease corruption if the
- client hibernates or otherwise shuts down.
- [ISC-Bugs #35894]
+- When running in -6 mode, dhclient can enforce the require option statement
+ and will discard offered leases that do not contain all the required
+ options specified in the client configuration. If not enabled the client
+ will still consider such leases. This must be enabled at compile time
+ (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to
+ Mritunjaykumar Dubey at Nokia for reporting the issue.
+ [ISC-Bugs #41473]
-- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
- Thanks to Steinar Haug for the suggestion.
- [ISC-Bugs #36033]
+- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit
+ OS systems when using -1 or large values for default-lease-time. Rollover
+ values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally
+ short expiration times being handed out when infinite lease times (-1) in
+ conjunction with failover. Our thanks to Alessandro Gherardi for bringing
+ the issue to our attention.
+ [ISC-Bugs #41976]
-- Modify the handling of the resolv.conf file to allow the DHCP
- process to start up even if the resolv.conf file has problems.
- [ISC-Bugs #35989]
+- Added new compile time option --with-srv-conf-file which specifies a
+ default location of the server configuration file.
+ [ISC-Bugs #44765]
-- Add threshold logging functionality. Two new options,
- log-threshold-low and log-threshold-high, indicate to the
- server if and when it should log an error message as addresses
- in a pool are used.
- [ISC-Bugs #34487]
+- Added --dad-wait-time parameter to dhclient. It specifies the maximum time,
+ in seconds, that the client process should wait for the duplicate address
+ detection to complete before initiating DHCP requests. This value is
+ propagated to the dhclient script and the script is responsible for waiting
+ the specified amount of time or until DAD has completed. If the script does
+ not support it, specifying this parameter has no effect. The default value
+ is 0 which specifies that the script should not wait for DAD. With this
+ change the following scripts have been modified to support the new parameter:
+ freebsd, linux, macos, netbsd, openbsd.
+ [ISC-Bugs #36169]
-- Add code to properly dereference a pointer in the dhclient code
- on an error condition.
- [ISC-Bugs #36194]
+- The server nows checks both the address and length of a prefix delegation
+ when attempting to match it to a prefix pool. This ensures the server
+ responds properly when pool configurations change such that once valid,
+ "in-pool" delegations are now treated as being invalid. During lease
+ file loading at startup, the server will discard any PD leases that
+ are deemed "out-of-pool" either by address or mis-matched prefix length.
+ Clients seeking to renew or rebind such leases will get a response of
+ No Binding in the case of the former, and the prefix delegation with
+ lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo
+ at TDS Telecom for reporting this issue.
+ [ISC-Bugs #35378]
-- Add code to help clean up soft leases.
- [ISC-Bugs #36304]
+- Modified DDNS support initialization such that DNS related ports will only be
+ opened by the server (dhcpd) at startup if ddns-update-style is not "none";
+ by dhclient only if and when the it first attempts an update; and never by
+ dhcrelay. Prior to this all three always did the initialization at startup
+ which causes them to always open on and listen for traffic on two random
+ ports. Thanks to Rodney Beede for reporting this issue.
+ [ISC-Bugs #45290]
+ [ISC-Bugs #33377]
-- Disable the gentle shutdown functionality until we can determine
- the best way to present it to remove or reduce the side effects.
- [ISC-Bugs #36066]
+- Added error logging to two memory allocation failure checks. Thanks to Bill
+ Parker (wp02855 at gmail dot com) for reporting the issue.
+ [ISC-Bugs #41185]
-- Modify the message displayed when a process hits a fatal error.
- The new message is much shorter and simply points to the README
- and our website for directions on bug submissions.
- [ISC-Bugs #24789]
+- Corrected a dhclient -6 issue that caused the client to crash with an
+ "Impossible condition" error after de-preferencing its only IA binding.
+ The crash occurred when server configuration changes rendered the existing
+ binding out-of-range and no other leases were available to offer. Thanks
+ to Pierre Clerissi for bringing this issue to our attention.
+ [ISC-Bugs #44373]
-- Handle an absent resolv.conf file better.
- [ISC-Bugs #35194]
+- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will
+ now call the script with reason set to FAIL when run with -1 (one try) and
+ there are no server responses. This applies to IPv4 mode only. Thanks for a
+ patch by Martin Pitt which got to us via Andrew Pollock.
+ [ISC-bugs #18183]
-- Tidy up receive packet processing.
- Thanks to Brad Plank of GTA for reporting the issue and suggesting
- a possible patch.
- [ISC-Bugs #34447]
+- The server now detects failover peers that are not referenced in at least
+ one pool when run with the command line option for test mode, -T. Prior to
+ this the check was performed too far down stream to be detected in test mode.
+ [ISC-Bugs #29892]
-- Corrected parser's right brace matching when a statement contains an error.
- [ISC-Bugs #36021]
+- Linux script updated. The script is now based on Debian version. It uses
+ ip tool from iproute2 package and ifconfig is no longer used. This also
+ addresses an issue of calling arping with inappropriate parameter.
+ [ISC-bugs #19430]
+ [ISC-bugs #18111]
-- TSIG-authenticated dynamic DNS updates now support the use of these
- additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
- and hmac-sha512
- [ISC-Bugs #36947]
+- Changed severity of the log message indicating UDP checksum errors in
+ the received packets from 'info' to 'debug' to avoid logging excessive
+ number of false positives when UDP checksum offloading is enabled.
+ [ISC-bugs #41757]
-- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
- working with the OpenBSD project who spotted the issue and provided the
- patch.
- [ISC-Bugs #36653]
+- The directory minires has been removed from the source tree. It has
+ long been obsolete for branches other than v4_1_esv. Additionally,
+ includes/minires.h was renamed includes/ns_name.h.
+ [ISC-bugs #45471]
-- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
- Stoeckmann working with the OpenBSD project who spotted the issue and
- provided the patch.
- [ISC-Bugs #36897]
+- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias"
+ for IPv6 mode in the client scripts, netbsd and openbsd. This was
+ preventing IPv6 addresses from being added or removed from interfaces.
+ Thanks to Tim Dean for reporting this issue.
+ [ISC-bugs #31573]
-- Log statements depicting what files will be used by the server now occur
- after the configuration file has been processed.
- [ISC-Bugs #36671]
+ Changes since 4.3.5b1
-- Addressed Coverity issues reported as of 07-31-2014:
- [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
- [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
- [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
- compilers that was introduced by #36712
+- Corrected a bug which could cause the server to sporadically crash while
+ loading lease files with the lease-id-format is set to "hex". Our thanks
+ to Jay Ford, University of Iowa for reporting the issue.
+ [ISC-Bugs #43185]
-- Server now supports a failover split value of 256.
- [ISC-Bugs] #36664]
+- Eliminated a noisy, but otherwise harmless debug log statment that may
+ appear during server startup when building with --enable-binary-leases
+ and configuring multiple pools in a shared network. Thanks to Fernando
+ Soto from BlueCat Networks for reporting the issue and supplying a patch.
+ [ISC-Bugs #43262]
-- Remove unneeded error #defines. These defines were included in case
- external programs required the older versions of the macro. They
- have been #ifdeffed for now and will be removed at a future date.
- See site.h for the #define to include them again, but you should
- switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
- Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
- [ISC-Bugs #37128]
+ Changes since 4.3.4
-- Added checks in range6 and prefix6 statement parsing to ensure addresses
- are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
- bug report and patch.
- [ISC-Bugs #32453]
- [ISC-Bugs #17766]
- [ISC-Bugs #18510]
- [ISC-Bugs #23698]
- [ISC-Bugs #28883]
+- Fixed util/bindvar.sh error handling.
+ [ISC-Bugs #41973]
-- Addressed checksum issues:
- Added checksum readiness check to Linux packet filtering which eliminates
- invalid packet drops due to checksum errors when checksum offloading is
- in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
- [ISC-Bugs #22806]
- [ISC-Bugs #15902]
- [ISC-Bugs #17739]
- [ISC-Bugs #18010]
- [ISC-Bugs #22556]
- [ISC-Bugs #29769]
- Inbound packets with UDP checksums of 0xffff now validate correctly rather
- than being dropped.
- [ISC-Bugs #24216]
- [ISC-Bugs #25587]
+- Correct error message in relay to use remote id length instead
+ of circuit id length.
+ [ISC-Bugs #42556]
-- Added the echo-client-id configuration parameter to the server configuration.
- The server now supports RFC 6842 compliant behavior by setting a new
- configuration parameter, echo-client-id. When enabled, the server will
- include the client identifier option (Option code 61) if received, in its
- responses. The server identifier returned in NAKs (if enabled) will now
- be the globally defined value (if one) if the server cannot attribute the
- inbound request to a known subnet.
- [ISC-Bugs #35958]
- [ISC-Bugs #32545]
+- Add logic to test directory Makefiles to avoid copying Attfile(s)
+ when building within the source tree. This eliminates a noisy but
+ otherwise harmless error message when running "make check".
+ [ISC-Bugs #41883]
-- Added support of the configuration parameter, use-host-decl-names, to
- BOOTP request handling.
- [ISC-Bugs #36233]
+- Leases are now scrubbed of certain prior use information when pool
+ re-balancing reassigns them from one FO peer to the other. This
+ corrects an issue where leases that were offered but not used
+ by the client retained the client hostname from the original
+ client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
+ for reporting the issue.
+ [ISC-Bugs #42008]
-- Added logic to ignore the signal, SIGPIPE, which ensures write failures
- will be delivered as errors rather than as SIGPIPE signals on all OSs.
- Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
- the patch upon which the fix is based.
- [ISC-Bugs #32222]
+- In the LDAP code and schema add some missing '6' characters to use
+ the v6 instead of the v4 versions. Thanks to Denis Taranushin for
+ reporting this issue and supplying its patch.
+ [ISC-Bugs #42666]
-- In the failover code, handle the case of communications being interrupted
- when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
- the primary to accept the secondary moving from POTENTIAL-CONFLICT to
- RESOLUTION-INTERRUPTED as well as handling the bind update process better.
- In addition the code to resend update or update all requests has been
- modified to send requests more often.
- [ISC-Bugs #36810]
- [ISC-Bugs #20352]
+- Correct how the pick-first-value expression is written to a lease
+ file. Previously it was written as a concat expression due to
+ a cut and paste error.
+ [ISC-Bugs #42253]
-- By default, the server will now choose the value to use in the forward DNS
- name from the following in order of preference:
+- Modify the DDNS code to clean up the PTR record even if there
+ are issues while cleaning up the A or AAAA records.
+ [ISC-Bugs #23954]
- 1. FQDN option if provided by the client
- 2. Host name option if provided by the client
- 3. Configured option host-name if defined
+- Added global configuration parameter, abandon-lease-time, which determines
+ the amount of time a lease remains abandoned. The default is 84600 seconds.
+ Additionaly, the server now conducts a ping check (if ping checks are
+ enabled) prior to offering an abandoned lease to client. Our thanks to
+ David Zych at University of Illinois for reporting the issue and working
+ with us to produce a viable solution.
+ [ISC-Bugs #41815]
- As before, this may be overridden by defining ddns-hostname to the desired
- value (or expression). In addition, the server logic has been extended to
- use the value of the host name declaration if use-host-decl-names is enabled
- and no other value is available.
- [ISC-Bugs #21323]
+- Correct handling of interface names during interface discovery. This
+ addresses an issue where interface names of 15 characters in length
+ could lead to crashes or interface recognition errors during startup
+ of dhcpd, dhclient, and dhcrelay.
+ [ISC-Bugs #42226]
-- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
- the existing lease and the forward DNS name had not changed. This has been
- corrected.
- [ISC-Bugs #37368]
- [ISC-Bugs #38636]
+- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
+ The updates are: looking for the lease file in more places and skipping
+ the "processing complete" output when creating machine readable
+ output. Thanks to Cameron Paine (cbp at null dot net) for the
+ patch.
+ [ISC-Bugs #42113]
-- Corrected an issue which caused dhclient to incorrectly form the result when
- prepending or appending to the IPv4 domain-search option, received from the
- server, when either of the values being combined contain compressed
- components.
- [ISC-Bugs #20558]
-
-- Added the server-id-check parameter to the server configuration.
- This parameter allows run-time control over whether or not a server,
- participating in failover, verifies the dhcp-server-identifier option in
- DHCP REQUESTs against the server's id before processing the request.
- Formerly, enabling this behavior was done at compilation time through
- the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
- The functionality is now only available through the new runtime parameter.
- [ISC-Bugs #37551]
+- When reusing a lease for dhcp-cache-threshold return the hostname
+ to the original lease. Also if the host pointer, UID or hardware address
+ change don't allow reuse of the lease.
+ Thanks to Michael Vincent for reporting this and helping us
+ verify the problem and fix.
+ [ISC-Bugs #42849]
-- During startup, when the server encounters a lease whose binding state is
- FTS_BACKUP but whose pool has no configured failover peer, it will reset the
- lease's binding state to FTS_FREE. This allows the leases to be reclaimed
- by the server after a pool's configuration has changed from failover to
- standalone. Prior to this such leases would remain stuck in the backup state
- making them unavailable for assignment. Note this conversion will occur
- whether or not the server is compiled for failover.
- [ISC-Bugs #36960]
+- Change dmalloc to use a size_t as the length argument to bring it
+ in line with the call it will make to malloc().
+ [ISC-Bugs #40843]
-- Fixed a small issue in the treatment of hosts in the inform processing
- that could cause the response to an inform to include information from
- the wrong scope. The two examples we've heard of are getting subnet
- instead of group information associated with a host entry, or getting
- global information instead of subnet if the host entry was built via
- omapi. Thanks to Julien Soula at University of Lille for finding the
- bug and supplying a patch.
- [ISC-Bugs #35712]
+- If the failover socket can't be bound, close it. Otherwise if the
+ user configures an incorrect address in the failover stanza the
+ server will continue to open new sockets every 90 seconds until
+ it runs out.
+ [ISC-Bugs #42452]
-- Avoid calling pool_timer() recursively from supersede_lease(). This could
- result in leases changing state incorrectly or delaying the running of the
- leae expiration code.
- [ISC-Bugs #38002]
+- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
+ allow interfaces to be upstream or downstream respectively. Upstream
+ interfaces will accept and forward only BOOTP replies, while downstream
+ interfaces will accept and forward only BOOTP requests.
+ [ISC-Bugs #41547]
-- Move the check for a PID file and process to be before we rewrite the
- lease file. This avoids the possibility of starting a second instance
- of a server which changes the current lease file confusing the first
- instance. This check is only included if the admin hasn't disabled PID
- files.
- [ISC-Bugs #38078]
- [ISC-Bugs #38143]
+- Clean up some memory references in the vendor-class construct.
+ [ISC-Bugs #42984]
-- In the client code change the way preferred_life and max_life are printed
- for environment variables to be unsigned rather than signed.
- Thanks to Jiri Popelka at Red Hat for the bug report and patch.
- [ISC-Bugs #37084]
+ Changes since 4.3.4b1
-- Modified Linux packet handling such that packets received via VLAN are now
- seen only by the VLAN interface. Prior to this, such packets were seen by
- both the VLAN interface and its parent (physical) interface, causing the
- server to respond to both. Note this remains an issue for non-Linux OSs.
- Thanks to Jiri Popelka at Red Hat for the patch.
- [ISC-Bugs #37415]
- [ISC-Bugs #37133]
- [ISC-Bugs #36668]
- [ISC-Bugs #36652]
+- None
-- Log content has been changed to more directly suggest that admins should
- check for multiple IPv6 clients attempting to use the same DUID when only
- abandoned addresses are available. Debug level logging will now emit counts
- of the total number of, in-use, and abandoned addresses in a shared subnet
- when the server finds no addresses available for a given DUID. Lastly,
- threshold logging is now automatically disabled for shared subnets whose
- total number of possible addresses exceeds (2^64)-1.
- [ISC-Bugs #26376]
- [ISC-Bugs #38131]
+ Changes since 4.3.3
-- Added a global parameter, prefix-length-mode, which may be used to determine
- how the server uses a non-zero value for prefix-length supplied by clients
- when soliciting DHCPv6 prefixes. The server supports selection modes of:
- ignore, prefer, exact, minimum and maximum which are described in detail in
- the server man pages. The prior behavior of the server was to only offer a
- prefix whose length exactly matched the prefix-length value requested. If
- no such prefixes were available, the server returned a status of none
- available. Note the default mode, "exact", provides this same behavior.
- [ISC-Bugs #36780]
- [ISC-Bugs #32228]
+- Corrected a static analyzer warning in common/execute.c
+ [ISC-Bugs #40374]
-- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
- limit such that it now sets it to 32 when the upstream address is a multicast
- address per RFC 3315 Section 20. Prior to this if the -u argument preceded
- the -l argument on the command line or if the same interface was specified
- for both; the logic to set the hop limit count for the upper interface was
- skipped. This caused the hop count limit to be set to the default value
- (typically 1) in the outbound upstream packets.
- [ISC-Bugs #37426]
+- ISC DHCP now follows the common convention to use the base name a
+ program is invoked with (aka argv[0], vs. a builtin name) for
+ logs. This should help differentiate syslog entries for DHCPv4 and
+ DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
+ keep the previous behavior.
+ [ISC-Bugs #38692]
-- Modify the linux and openwrt dhclient scripts to process information
- from a stateless request. Thanks to Jiri Popelka at Red Hat for the
- bug report and patch.
- [ISC-Bugs #36102]
+- The Linux packet filter code now correctly treats only the least significant
+ 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
+ Prior to this it was using the entire 16 bit value as the VLAN id and
+ incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
+ reporting this issue and supplying its patch.
+ [ISC-Bugs #40591]
-- Remove more unused RCSID tags. These weren't noticed in 4.3 as
- the code isn't used anymore but we remove them here to keep the
- code consistent across versions.
- [ISC-Bugs #36451]
+- Fixed several static analysis issues such as potential null
+ references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
+ gmail dot com) who identified these issues and supplied patches to
+ address them.
+ [ISC-Bugs #40754]
+ [ISC-Bugs #40823]
-- The server now does a better check to see if it can allocate the memory
- for large blocks of v4 leases and should provide a slightly better error
- message. Note well: the server pre-allocates v4 addresses, if you use
- a large range, such as a /8, the server will attempt to use a large
- amount of memory and may not start if there either isn't enough memory
- or the size exceeds what the code supports.
- [ISC-Bugs #38637]
+- Corrected compilation errors that prohibited building the server
+ and its ATF unit tests when failover is disabled.
+ [ISC-Bugs #40372]
-- The server will now reject unicast Request, Renew, Decline, and Release
- messages from a client unless the server would have sent that client the
- dhcp6.unicast option. This behavior is in compliance with paragraph 1 in
- each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
- to this, the server would simply accept the messages. Now, in order for
- the server to accept such a message, the server configuration must include
- the dhcp6.unicast option either globally or within the shared network to
- which the requested lease belongs. In other words, the server will map
- the first IA_XX address found within the client message to a shared-network
- and look for the presence of the unicast option there and then globally.
- Thanks to Jiri Popelka at Red Hat for this issue and his patch which
- inspired the fix.
- [ISC-Bugs #21235]
+- Added the lease address to the end of the debug level log message
+ emitted when an existing lease is renewed within the dhcp-cache-threshold.
+ Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
+ [ISC-Bugs #40598]
-- The ATF (Automated Testing Framework) tools used for optional unit tests
- can now be built from its embedded sources in bind, solving the
- atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
- The new configuration option is "./configure --with-atf=bind".
- [ISC-Bugs #38754, #39300]
+- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
+ section of the configure script output. Additionally, all of the
+ features reported on will now always show either a "yes" or "no"
+ value. Prior to this features left to their default setting would
+ not show a value.
+ [ISC-Bugs #40381]
-- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
- On older linuxes that do not include the tpacket_auxdata structure don't
- bother allocating the cmsgbuf as it isn't necessary and we don't have
- a proper length for it.
- [ISC-Bugs #39209]
+- Added a parameter, authoring-byte-order, to the lease file. This value
+ is automatically added to the top of new lease files by the server and
+ indicates the internal byte order (big endian or little endian) of the
+ server. This permits lease files generated on a server with one form of
+ byte order to be used on a server with the opposite form. Our thanks to
+ Timothe Litt for calling this to our attention and for the suggestions
+ he provided.
+ [ISC-Bugs #38396]
-- Remove the dst directory. This was replaced in 4.2.0 with the dst
- code from the Bind libraries but we continued to include it for
- backwards compatibility. As we have now released 4.3.x it seems
- reasonable to remove it.
- [ISC-Buts #39019]
+- Fixed a small memory leak in the DHCPv6 version of the client code.
+ This is unlikely to cause significant issues in actual use.
+ [ISC-Bugs #40990]
-- Write out the DUID server id on startup in all cases, previously if it
- was read in from server-duid option in the config or lease files for
- DHCPv4 it would not be written to the new lease file.
- [ISC-Bugs #37791]
+- Corrected a few minor memory leaks in omapi's dereferencing of
+ host objects. Thanks to Jiri Popelka at Red Hat for reporting
+ the issue and supplying the patches.
+ [ISC-Bugs #33990]
+ [ISC-Bugs #41325]
-- When parsing dates for leases convert dates past 2038 to "never".
- This avoids problems with integer overflows in the date and time
- handling code for people that decide to use very large lease times
- or add a lease entry with a date far in the future.
- [ISC-Bugs #33056]
+- Cleaned up some of the Make infrastructure to make --with-libbind
+ work better. Though it still only works with an absolute path.
+ [ISC-Bugs #39210]
-- Leave the siaddr field clear when sending a NACK as per RFC 2131
- table 3.
- [ISC-Bugs #38769]
+- Made the embedded bind libraries able to be cross compiled
+ (please refer to the bind9 documentation to learn how to cross
+ compile DHCP and its bind library dependency).
+ [ISC-Bugs #38836]
-- In the client don't send expired addresses to the script as part of
- the binding process. Thanks to Sven Trenkel at Google for reporting
- the issue and suggesting the patch.
- [ISC-Bugs #38631]
+- Update the client code to better support getting IA_NAs and IA_PDs
+ in the same packet, see RFC7550 for some discussion.
+ [ISC-Bugs #40190]
-- While parsing IPv6 addresses treat "add" as part of the address instead
- of as a token.
- [ISC-Bugs #39529]
+! Update the bounds checking when receiving a packet.
+ Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
+ patch.
+ [ISC-Bugs #41267]
+ CVE: CVE-2015-8605
-- Add support for accessing the v4 lease queues (active, free etc) in a
- binary fashion instead of needing to walk through a linear list to
- insert, find or remove an entry from the queues. In addition add a
- compile time option "--enable-binary-leases" to enable the new code
- or to continue using the old code. The old code is the default.
- Thanks to Fernando Soto from BlueCat Networks for the patch.
- [ISC-Bugs #39078]
+- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
+ print out a specific error message about the first error in addition
+ to the usage string. This may be disabled by editing includes/site.h.
+ [ISC-Bugs #40321]
+ [ISC-Bugs #41454]
-- Delayed-ack now works properly with Failover. Prior to this, bind updates
- post startup were being queued but never delivered. Among other things, this
- was causing leases to not transition from expired or released to free.
- [ISC-Bugs #31474]
+- The configure script will now exit with an error message if it cannot find
+ a GNU-style make tool (needed when building BIND libraries) or pkg-config
+ (needed to locate ATF used for building unit tests). Prior to this the
+ script would exit indicating success causing subsequent attempts to build
+ the software to fail.
+ [ISC-Bugs #40371]
-- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
- lease file is corrupt in certain ways.
- [ISC-Bugs #39760]
-
-- Corrected a crash in dhclient that occurs during lease renewal if the
- client is performing its own DNS updates. Thanks to Jiri Popelka at Red Hat
- for the bug report.
- [ISC-Bugs #38639]
-
-- Corrected an issue in v6 lease file parsing. Prior to this, when encountering
- a lease with an address for which no configured pool exists, the server was
- declaring the lease file corrupt and incorrectly skipping over the subsequent
- entry in the file. The server will now emit a log message indicating that
- no pool was found for the address (or prefix) and correctly resume parsing
- with the next entry in the lease file. Our thanks to Michal Žejdl for
- reporting the issue.
- [ISC-Bugs #39314]
-
-- Be more liberal in finding a subnet group associated with a static
- prefix. When we added the class matching code for v6 we also added
- a requirement that the static prefix must be within a subnet the
- client was in, in order to find the proper statements. We now
- look for a subnet based on the prefix, failing that on the static
- address for the client and failing that on the shared network
- itself.
- [ISC-Bugs #38329]
-
-- Add a new action expression "parse_vendor_options", which can be used
- to parse a vendor-encapsualted-option received by the server based on
- the encoding specified by the vendor-option-space statement.
- [ISC-Bugs #36449]
-
-- Enhance the PARANOIA patch to include fchown() the lease file to
- allow it to be manipulated after the server does a chown().
- Thanks to Jiri Popelka at Red Hat for the patch.
- [ISC-Bugs #36978]
-
-- Relax the requirement that prefix pools must be within the subnet.
- This was added in as part of #32453 in order to avoid configuration
- mistakes but is being removed as prefixes aren't required to be
- within the same subnet and many people configure them in that fashion.
- [ISC-Bugs #40077]
-
-- Fixed a server crash that could occur when the server attempts to remove
- the billing class from the last lease billed to a dynamic class after said
- class has been deleted. Our thanks to Lasse Pesonen for reporting the
- issue.
- [ISC-Bugs #39978]
-
-- LDAP Patches - Numerous small patches submitted by contributors have
- been applied to the contributed code which supplies LDAP support.
- In addition, two larger submissions have also been included. The
- first adds support for IPv6 configuration and the second provides
- GSSAPI authentication. We would like to thank the following for their
- contributions (alphabetically):
- Alex Novak at SUSE
- Bill Parker (wp02855 at gmail dot com)
- Jiri Popelka at Red Hat
- Marius Tomaschewski at SUSE
- (william at adelaide.edu.au), The University of Adelaide
- [ISC-Bugs #39056]
- [ISC-Bugs #22742]
- [ISC-Bugs #24449]
- [ISC-Bugs #28545]
- [ISC-Bugs #29873]
- [ISC-Bugs #30183]
- [ISC-Bugs #30402]
- [ISC-Bugs #32217]
- [ISC-Bugs #32240]
- [ISC-Bugs #33176]
- [ISC-Bugs #33178]
- [ISC-Bugs #36409]
- [ISC-Bugs #36774]
- [ISC-Bugs #37876]
-
-- Handle an out of memory condition in the client a bit better.
- Thanks to Frédéric Perrin from Brocade for finding the issue
- and suggesting a patch.
- [ISC-Bugs #39279]
-
-- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
- The error occurs on Linux variants that do not support VLAN tag information
- in packet auxiliary data. The configure script now only enables inclusion
- of the VLAN tag-based logic if it is supported by the underlying OS.
- [ISC-Bugs #38677]
-
-- Specifying the option, --disable-debug, on the configure script command line
- now disables debug features. Prior to this, specifying --disable-debug
- incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
- the issue.
- [ISC-Bugs #37780]
-
-- Unit test execution now uses a path augmented during configuration
- processing of the --with-atf option to locate ATF runtime tools, atf-run
- and atf-report. For most installations of ATF, this should alleviate the
- need to manually include them in the PATH, as was formerly required.
- If the configure script cannot locate the tools it will emit a warning,
- informing the user that the tools must be in the PATH when running unit
- tests.
- Secondly, please note that "make check" will now exit with a failure status
- code (non-zero) if one or more unit tests fail. This means that invoking
- "make check" from an upper level directory will cause the make process to
- STOP after the first test subdirectory with failed test(s). To force all
- tests in all subdirectories to run, regardless of individual test outcome,
- use the command "make -k check".
- [ISC-Bugs #38619]
-
-- Corrected a static analyzer warning in common/execute.c
- [ISC-Bugs #40374]
-
-- ISC DHCP now follows the common convention to use the base name a
- program is invoked with (aka argv[0], vs. a builtin name) for
- logs. This should help differentiate syslog entries for DHCPv4 and
- DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
- keep the previous behavior.
- [ISC-Bugs #38692]
-
-- The Linux packet filter code now correctly treats only the least significant
- 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
- Prior to this it was using the entire 16 bit value as the VLAN id and
- incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
- reporting this issue and supplying its patch.
- [ISC-Bugs #40591]
-
-- Fixed several static analysis issues such as potential null
- references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
- gmail dot com) who identified these issues and supplied patches to
- address them.
- [ISC-Bugs #40754]
- [ISC-Bugs #40823]
-
-- Corrected compilation errors that prohibited building the server
- and its ATF unit tests when failover is disabled.
- [ISC-Bugs #40372]
-
-- Added the lease address to the end of the debug level log message
- emitted when an existing lease is renewed within the dhcp-cache-threshold.
- Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
- [ISC-Bugs #40598]
-
-- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
- section of the configure script output. Additionally, all of the
- features reported on will now always show either a "yes" or "no"
- value. Prior to this features left to their default setting would
- not show a value.
- [ISC-Bugs #40381]
-
-- Added a parameter, authoring-byte-order, to the lease file. This value
- is automatically added to the top of new lease files by the server and
- indicates the internal byte order (big endian or little endian) of the
- server. This permits lease files generated on a server with one form of
- byte order to be used on a server with the opposite form. Our thanks to
- Timothe Litt for calling this to our attention and for the suggestions
- he provided.
- [ISC-Bugs #38396]
-
-- Fixed a small memory leak in the DHCPv6 version of the client code.
- This is unlikely to cause significant issues in actual use.
- [ISC-Bugs #40990]
-
-- Corrected a few minor memory leaks in omapi's dereferencing of
- host objects. Thanks to Jiri Popelka at Red Hat for reporting
- the issue and supplying the patches.
- [ISC-Bugs #33990]
- [ISC-Bugs #41325]
-
-- Cleaned up some of the Make infrastructure to make --with-libbind
- work better. Though it still only works with an absolute path.
- [ISC-Bugs #39210]
-
-- Made the embedded bind libraries able to be cross compiled
- (please refer to the bind9 documentation to learn how to cross
- compile DHCP and its bind library dependency).
- [ISC-Bugs #38836]
-
-- Update the client code to better support getting IA_NAs and IA_PDs
- in the same packet, see RFC7550 for some discussion.
- [ISC-Bugs #40190]
-
-! Update the bounds checking when receiving a packet.
- Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
- patch.
- [ISC-Bugs #41267]
- CVE: CVE-2015-8605
-
-- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
- print out a specific error message about the first error in addition
- to the usage string. This may be disabled by editing includes/site.h.
- [ISC-Bugs #40321]
- [ISC-Bugs #41454]
-
-- The configure script will now exit with an error message if it cannot find
- a GNU-style make tool (needed when building BIND libraries) or pkg-config
- (needed to locate ATF used for building unit tests). Prior to this the
- script would exit indicating success causing subsequent attempts to build
- the software to fail.
- [ISC-Bugs #40371]
-
-- Properly terminate strings before passing them to regex and fix
- a boundary error when creating certain new data strings.
- Thanks to Andrey Jr. Melnikov for the bug report.
- [ISC-Bugs #41217]
+- Properly terminate strings before passing them to regex and fix
+ a boundary error when creating certain new data strings.
+ Thanks to Andrey Jr. Melnikov for the bug report.
+ [ISC-Bugs #41217]
- Option expressions, such as prepend and append, are now supported when
running dhclient for IPv6. Prior to this such statements in the
[ISC-Bugs #41845]
CVE: CVE-2016-2774
-- Fixed util/bindvar.sh error handling.
- [ISC-Bugs #41973]
-
-- Correct error message in relay to use remote id length instead
- of circuit id length.
- [ISC-Bugs #42556]
+ Changes since 4.3.3b1
-- Add support for including an encapsulated option in a response
- from the DHCPv6 server. This allows the v6 FQDN option to be
- returned in responses.
- [ISC-Bugs #29246]
+- None
-- Add logic to test directory Makefiles to avoid copying Attfile(s)
- when building within the source tree. This eliminates a noisy but
- otherwise harmless error message when running "make check".
- [ISC-Bugs #41883]
+ Changes since 4.3.2
-- Leases are now scrubbed of certain prior use information when pool
- re-balancing reassigns them from one FO peer to the other. This
- corrects an issue where leases that were offered but not used
- by the client retained the client hostname from the original
- client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
- for reporting the issue.
- [ISC-Bugs #42008]
+- The server now does a better check to see if it can allocate the memory
+ for large blocks of v4 leases and should provide a slightly better error
+ message. Note well: the server pre-allocates v4 addresses, if you use
+ a large range, such as a /8, the server will attempt to use a large
+ amount of memory and may not start if there either isn't enough memory
+ or the size exceeds what the code supports.
+ [ISC-Bugs #38637]
-- In the LDAP code and schema add some missing '6' characters to use
- the v6 instead of the v4 versions. Thanks to Denis Taranushin for
- reporting this issue and supplying its patch.
- [ISC-Bugs #42666]
+- The server will now reject unicast Request, Renew, Decline, and Release
+ messages from a client unless the server would have sent that client the
+ dhcp6.unicast option. This behavior is in compliance with paragraph 1 in
+ each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
+ to this, the server would simply accept the messages. Now, in order for
+ the server to accept such a message, the server configuration must include
+ the dhcp6.unicast option either globally or within the shared network to
+ which the requested lease belongs. In other words, the server will map
+ the first IA_XX address found within the client message to a shared-network
+ and look for the presence of the unicast option there and then globally.
+ Thanks to Jiri Popelka at Red Hat for this issue and his patch which
+ inspired the fix.
+ [ISC-Bugs #21235]
-- Correct how the pick-first-value expression is written to a lease
- file. Previously it was written as a concat expression due to
- a cut and paste error.
- [ISC-Bugs #42253]
+- The ATF (Automated Testing Framework) tools used for optional unit tests
+ can now be built from its embedded sources in bind, solving the
+ atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
+ The new configuration option is "./configure --with-atf=bind".
+ [ISC-Bugs #38754, #39300]
-- Modify the DDNS code to clean up the PTR record even if there
- are issues while cleaning up the A or AAAA records.
- [ISC-Bugs #23954]
+- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
+ On older linuxes that do not include the tpacket_auxdata structure don't
+ bother allocating the cmsgbuf as it isn't necessary and we don't have
+ a proper length for it.
+ [ISC-Bugs #39209]
-- Added global configuration parameter, abandon-lease-time, which determines
- the amount of time a lease remains abandoned. The default is 84600 seconds.
- Additionaly, the server now conducts a ping check (if ping checks are
- enabled) prior to offering an abandoned lease to client. Our thanks to
- David Zych at University of Illinois for reporting the issue and working
- with us to produce a viable solution.
- [ISC-Bugs #41815]
+- Remove the dst directory. This was replaced in 4.2.0 with the dst
+ code from the Bind libraries but we continued to include it for
+ backwards compatibility. As we have now released 4.3.x it seems
+ reasonable to remove it.
+ [ISC-Buts #39019]
-- Correct handling of interface names during interface discovery. This
- addresses an issue where interface names of 15 characters in length
- could lead to crashes or interface recognition errors during startup
- of dhcpd, dhclient, and dhcrelay.
- [ISC-Bugs #42226]
+- Write out the DUID server id on startup in all cases, previously if it
+ was read in from server-duid option in the config or lease files for
+ DHCPv4 it would not be written to the new lease file.
+ [ISC-Bugs #37791]
+
+- When parsing dates for leases convert dates past 2038 to "never".
+ This avoids problems with integer overflows in the date and time
+ handling code for people that decide to use very large lease times
+ or add a lease entry with a date far in the future.
+ [ISC-Bugs #33056]
+
+- Leave the siaddr field clear when sending a NACK as per RFC 2131
+ table 3.
+ [ISC-Bugs #38769]
+
+- In the client don't send expired addresses to the script as part of
+ the binding process. Thanks to Sven Trenkel at Google for reporting
+ the issue and suggesting the patch.
+ [ISC-Bugs #38631]
+
+- While parsing IPv6 addresses treat "add" as part of the address instead
+ of as a token.
+ [ISC-Bugs #39529]
+
+- Add support for accessing the v4 lease queues (active, free etc) in a
+ binary fashion instead of needing to walk through a linear list to
+ insert, find or remove an entry from the queues. In addition add a
+ compile time option "--enable-binary-leases" to enable the new code
+ or to continue using the old code. The old code is the default.
+ Thanks to Fernando Soto from BlueCat Networks for the patch.
+ [ISC-Bugs #39078]
+
+- Delayed-ack now works properly with Failover. Prior to this, bind updates
+ post startup were being queued but never delivered. Among other things, this
+ was causing leases to not transition from expired or released to free.
+ [ISC-Bugs #31474]
+
+- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
+ lease file is corrupt in certain ways.
+ [ISC-Bugs #39760]
+
+- Corrected a crash in dhclient that occurs during lease renewal if the
+ client is performing its own DNS updates. Thanks to Jiri Popelka at Red Hat
+ for the bug report.
+ [ISC-Bugs #38639]
+
+- Corrected an issue in v6 lease file parsing. Prior to this, when encountering
+ a lease with an address for which no configured pool exists, the server was
+ declaring the lease file corrupt and incorrectly skipping over the subsequent
+ entry in the file. The server will now emit a log message indicating that
+ no pool was found for the address (or prefix) and correctly resume parsing
+ with the next entry in the lease file. Our thanks to Michal Žejdl for
+ reporting the issue.
+ [ISC-Bugs #39314]
+
+- Be more liberal in finding a subnet group associated with a static
+ prefix. When we added the class matching code for v6 we also added
+ a requirement that the static prefix must be within a subnet the
+ client was in, in order to find the proper statements. We now
+ look for a subnet based on the prefix, failing that on the static
+ address for the client and failing that on the shared network
+ itself.
+ [ISC-Bugs #38329]
+
+- Add a new action expression "parse_vendor_options", which can be used
+ to parse a vendor-encapsualted-option received by the server based on
+ the encoding specified by the vendor-option-space statement.
+ [ISC-Bugs #36449]
+
+- Enhance the PARANOIA patch to include fchown() the lease file to
+ allow it to be manipulated after the server does a chown().
+ Thanks to Jiri Popelka at Red Hat for the patch.
+ [ISC-Bugs #36978]
+
+- Relax the requirement that prefix pools must be within the subnet.
+ This was added in as part of #32453 in order to avoid configuration
+ mistakes but is being removed as prefixes aren't required to be
+ within the same subnet and many people configure them in that fashion.
+ [ISC-Bugs #40077]
+
+- Fixed a server crash that could occur when the server attempts to remove
+ the billing class from the last lease billed to a dynamic class after said
+ class has been deleted. Our thanks to Lasse Pesonen for reporting the
+ issue.
+ [ISC-Bugs #39978]
+
+- LDAP Patches - Numerous small patches submitted by contributors have
+ been applied to the contributed code which supplies LDAP support.
+ In addition, two larger submissions have also been included. The
+ first adds support for IPv6 configuration and the second provides
+ GSSAPI authentication. We would like to thank the following for their
+ contributions (alphabetically):
+ Alex Novak at SUSE
+ Bill Parker (wp02855 at gmail dot com)
+ Jiri Popelka at Red Hat
+ Marius Tomaschewski at SUSE
+ (william at adelaide.edu.au), The University of Adelaide
+ [ISC-Bugs #39056]
+ [ISC-Bugs #22742]
+ [ISC-Bugs #24449]
+ [ISC-Bugs #28545]
+ [ISC-Bugs #29873]
+ [ISC-Bugs #30183]
+ [ISC-Bugs #30402]
+ [ISC-Bugs #32217]
+ [ISC-Bugs #32240]
+ [ISC-Bugs #33176]
+ [ISC-Bugs #33178]
+ [ISC-Bugs #36409]
+ [ISC-Bugs #36774]
+ [ISC-Bugs #37876]
+
+- Handle an out of memory condition in the client a bit better.
+ Thanks to Frédéric Perrin from Brocade for finding the issue
+ and suggesting a patch.
+ [ISC-Bugs #39279]
+
+ Changes since 4.3.2rc2
+- None
+
+ Changes since 4.3.2rc1
+
+- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
+ The error occurs on Linux variants that do not support VLAN tag information
+ in packet auxiliary data. The configure script now only enables inclusion
+ of the VLAN tag-based logic if it is supported by the underlying OS.
+ [ISC-Bugs #38677]
+
+ Changes since 4.3.2b1
+
+- Specifying the option, --disable-debug, on the configure script command line
+ now disables debug features. Prior to this, specifying --disable-debug
+ incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
+ the issue.
+ [ISC-Bugs #37780]
+
+- Unit test execution now uses a path augmented during configuration
+ processing of the --with-atf option to locate ATF runtime tools, atf-run
+ and atf-report. For most installations of ATF, this should alleviate the
+ need to manually include them in the PATH, as was formerly required.
+ If the configure script cannot locate the tools it will emit a warning,
+ informing the user that the tools must be in the PATH when running unit
+ tests.
+ Secondly, please note that "make check" will now exit with a failure status
+ code (non-zero) if one or more unit tests fail. This means that invoking
+ "make check" from an upper level directory will cause the make process to
+ STOP after the first test subdirectory with failed test(s). To force all
+ tests in all subdirectories to run, regardless of individual test outcome,
+ use the command "make -k check".
+ [ISC-Bugs #38619]
+
+ Changes since 4.3.1
+
+- Corrected parser's right brace matching when a statement contains an error.
+ [ISC-Bugs #36021]
+
+- TSIG-authenticated dynamic DNS updates now support the use of these
+ additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+ and hmac-sha512
+ [ISC-Bugs #36947]
+
+- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
+ working with the OpenBSD project who spotted the issue and provided the
+ patch.
+ [ISC-Bugs #36653]
+
+- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
+ Stoeckmann working with the OpenBSD project who spotted the issue and
+ provided the patch.
+ [ISC-Bugs #36897]
+
+- Log statements depicting what files will be used by the server now occur
+ after the configuration file has been processed.
+ [ISC-Bugs #36671]
+
+- Addressed Coverity issues reported as of 07-31-2014:
+ [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
+ [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
+ [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
+ compilers that was introduced by #36712
+
+- Server now supports a failover split value of 256.
+ [ISC-Bugs] #36664]
+
+- Remove unneeded error #defines. These defines were included in case
+ external programs required the older versions of the macro. They
+ have been #ifdeffed for now and will be removed at a future date.
+ See site.h for the #define to include them again, but you should
+ switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
+ Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
+ [ISC-Bugs #37128]
+
+- Added checks in range6 and prefix6 statement parsing to ensure addresses
+ are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
+ bug report and patch.
+ [ISC-Bugs #32453]
+ [ISC-Bugs #17766]
+ [ISC-Bugs #18510]
+ [ISC-Bugs #23698]
+ [ISC-Bugs #28883]
+
+- Addressed checksum issues:
+ Added checksum readiness check to Linux packet filtering which eliminates
+ invalid packet drops due to checksum errors when checksum offloading is
+ in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
+ [ISC-Bugs #22806]
+ [ISC-Bugs #15902]
+ [ISC-Bugs #17739]
+ [ISC-Bugs #18010]
+ [ISC-Bugs #22556]
+ [ISC-Bugs #29769]
+ Inbound packets with UDP checksums of 0xffff now validate correctly rather
+ than being dropped.
+ [ISC-Bugs #24216]
+ [ISC-Bugs #25587]
+
+- Added the echo-client-id configuration parameter to the server configuration.
+ The server now supports RFC 6842 compliant behavior by setting a new
+ configuration parameter, echo-client-id. When enabled, the server will
+ include the client identifier option (Option code 61) if received, in its
+ responses. The server identifier returned in NAKs (if enabled) will now
+ be the globally defined value (if one) if the server cannot attribute the
+ inbound request to a known subnet.
+ [ISC-Bugs #35958]
+ [ISC-Bugs #32545]
+
+- Added support of the configuration parameter, use-host-decl-names, to
+ BOOTP request handling.
+ [ISC-Bugs #36233]
+
+- Added logic to ignore the signal, SIGPIPE, which ensures write failures
+ will be delivered as errors rather than as SIGPIPE signals on all OSs.
+ Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
+ the patch upon which the fix is based.
+ [ISC-Bugs #32222]
+
+- In the failover code, handle the case of communications being interrupted
+ when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
+ the primary to accept the secondary moving from POTENTIAL-CONFLICT to
+ RESOLUTION-INTERRUPTED as well as handling the bind update process better.
+ In addition the code to resend update or update all requests has been
+ modified to send requests more often.
+ [ISC-Bugs #36810]
+ [ISC-Bugs #20352]
+
+- By default, the server will now choose the value to use in the forward DNS
+ name from the following in order of preference:
+
+ 1. FQDN option if provided by the client
+ 2. Host name option if provided by the client
+ 3. Configured option host-name if defined
+
+ As before, this may be overridden by defining ddns-hostname to the desired
+ value (or expression). In addition, the server logic has been extended to
+ use the value of the host name declaration if use-host-decl-names is enabled
+ and no other value is available.
+ [ISC-Bugs #21323]
+
+- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
+ the existing lease and the forward DNS name had not changed. This has been
+ corrected.
+ [ISC-Bugs #37368]
+ [ISC-Bugs #38636]
+
+- Corrected an issue which caused dhclient to incorrectly form the result when
+ prepending or appending to the IPv4 domain-search option, received from the
+ server, when either of the values being combined contain compressed
+ components.
+ [ISC-Bugs #20558]
+
+- Added the server-id-check parameter to the server configuration.
+ This parameter allows run-time control over whether or not a server,
+ participating in failover, verifies the dhcp-server-identifier option in
+ DHCP REQUESTs against the server's id before processing the request.
+ Formerly, enabling this behavior was done at compilation time through
+ the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
+ The functionality is now only available through the new runtime parameter.
+ [ISC-Bugs #37551]
+
+- During startup, when the server encounters a lease whose binding state is
+ FTS_BACKUP but whose pool has no configured failover peer, it will reset the
+ lease's binding state to FTS_FREE. This allows the leases to be reclaimed
+ by the server after a pool's configuration has changed from failover to
+ standalone. Prior to this such leases would remain stuck in the backup state
+ making them unavailable for assignment. Note this conversion will occur
+ whether or not the server is compiled for failover.
+ [ISC-Bugs #36960]
+
+- Fixed a small issue in the treatment of hosts in the inform processing
+ that could cause the response to an inform to include information from
+ the wrong scope. The two examples we've heard of are getting subnet
+ instead of group information associated with a host entry, or getting
+ global information instead of subnet if the host entry was built via
+ omapi. Thanks to Julien Soula at University of Lille for finding the
+ bug and supplying a patch.
+ [ISC-Bugs #35712]
+
+- Avoid calling pool_timer() recursively from supersede_lease(). This could
+ result in leases changing state incorrectly or delaying the running of the
+ leae expiration code.
+ [ISC-Bugs #38002]
+
+- Move the check for a PID file and process to be before we rewrite the
+ lease file. This avoids the possibility of starting a second instance
+ of a server which changes the current lease file confusing the first
+ instance. This check is only included if the admin hasn't disabled PID
+ files.
+ [ISC-Bugs #38078]
+ [ISC-Bugs #38143]
+
+- In the client code change the way preferred_life and max_life are printed
+ for environment variables to be unsigned rather than signed.
+ Thanks to Jiri Popelka at Red Hat for the bug report and patch.
+ [ISC-Bugs #37084]
+
+- Modified Linux packet handling such that packets received via VLAN are now
+ seen only by the VLAN interface. Prior to this, such packets were seen by
+ both the VLAN interface and its parent (physical) interface, causing the
+ server to respond to both. Note this remains an issue for non-Linux OSs.
+ Thanks to Jiri Popelka at Red Hat for the patch.
+ [ISC-Bugs #37415]
+ [ISC-Bugs #37133]
+ [ISC-Bugs #36668]
+ [ISC-Bugs #36652]
+
+- Log content has been changed to more directly suggest that admins should
+ check for multiple IPv6 clients attempting to use the same DUID when only
+ abandoned addresses are available. Debug level logging will now emit counts
+ of the total number of, in-use, and abandoned addresses in a shared subnet
+ when the server finds no addresses available for a given DUID. Lastly,
+ threshold logging is now automatically disabled for shared subnets whose
+ total number of possible addresses exceeds (2^64)-1.
+ [ISC-Bugs #26376]
+ [ISC-Bugs #38131]
+
+- Added a global parameter, prefix-length-mode, which may be used to determine
+ how the server uses a non-zero value for prefix-length supplied by clients
+ when soliciting DHCPv6 prefixes. The server supports selection modes of:
+ ignore, prefer, exact, minimum and maximum which are described in detail in
+ the server man pages. The prior behavior of the server was to only offer a
+ prefix whose length exactly matched the prefix-length value requested. If
+ no such prefixes were available, the server returned a status of none
+ available. Note the default mode, "exact", provides this same behavior.
+ [ISC-Bugs #36780]
+ [ISC-Bugs #32228]
+
+- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
+ limit such that it now sets it to 32 when the upstream address is a multicast
+ address per RFC 3315 Section 20. Prior to this if the -u argument preceded
+ the -l argument on the command line or if the same interface was specified
+ for both; the logic to set the hop limit count for the upper interface was
+ skipped. This caused the hop count limit to be set to the default value
+ (typically 1) in the outbound upstream packets.
+ [ISC-Bugs #37426]
+
+ Changes since 4.3.1b1
+
+- Modify the linux and openwrt dhclient scripts to process information
+ from a stateless request. Thanks to Jiri Popelka at Red Hat for the
+ bug report and patch.
+ [ISC-Bugs #36102]
-- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
- The updates are: looking for the lease file in more places and skipping
- the "processing complete" output when creating machine readable
- output. Thanks to Cameron Paine (cbp at null dot net) for the
- patch.
- [ISC-Bugs #42113]
+- Remove more unused RCSID tags. These weren't noticed in 4.3 as
+ the code isn't used anymore but we remove them here to keep the
+ code consistent across versions.
+ [ISC-Bugs #36451]
-- When reusing a lease for dhcp-cache-threshold return the hostname
- to the original lease. Also if the host pointer, UID or hardware address
- change don't allow reuse of the lease.
- Thanks to Michael Vincent for reporting this and helping us
- verify the problem and fix.
- [ISC-Bugs #42849]
+ Changes since 4.3.0
-- Change dmalloc to use a size_t as the length argument to bring it
- in line with the call it will make to malloc().
- [ISC-Bugs #40843]
+- Tidy up several small tickets.
+ Correct parsing of DUID from config file, previously the LL type
+ was put in the wrong place in the DUID string.
+ [ISC-Bugs #20962]
+ Add code to parse "do-forward-updates" as well as "do-forward-update"
+ Thanks to Jiri Popelka at Red Hat.
+ [ISC-Bugs #31328]
+ Remove log_priority as it isn't currently used.
+ [ISC-Bugs #33397]
+ Increase the size of the buffer used for reading interface information.
+ [ISC-Bugs #34858]
-- If the failover socket can't be bound, close it. Otherwise if the
- user configures an incorrect address in the failover stanza the
- server will continue to open new sockets every 90 seconds until
- it runs out.
- [ISC-Bugs #42452]
+- Remove an extra set of the msg_controllen variable.
+ [ISC-Bugs #21035]
-- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
- allow interfaces to be upstream or downstream respectively. Upstream
- interfaces will accept and forward only BOOTP replies, while downstream
- interfaces will accept and forward only BOOTP requests.
- [ISC-Bugs #41547]
+- Add a more understandable error message if a configuration attempts
+ to add multiple keys for a single zone. Thanks to a patch from Jiri
+ Popelka at Red Hat.
+ [ISC-Bugs #31892]
-- Clean up some memory references in the vendor-class construct.
- [ISC-Bugs #42984]
+- Fix some minor issues in the dst code.
+ [ISC-Bugs #34172]
-- Removed an extraneous expression in omapi socket callback function. Prior
- to this change, the logic was techinically incorrect but other factors
- ensured the outcome itself was correct. This change was made primarily
- for code clarity. Thanks to Ganesh Pinjala for bringing the issue to our
- attention.
- [ISC-Bugs #42834]
+- Properly #ifdef functions so that the code can compile without NSUPDATE.
+ [ISC-Bugs #35058]
-- Corrected a bug which could cause the server to sporadically crash while
- loading lease files with the lease-id-format is set to "hex". Our thanks
- to Jay Ford, University of Iowa for reporting the issue.
- [ISC-Bugs #43185]
+- Update the partner's stos (start time of state, basically when we last
+ heard from this partner) field when updating the state in failover.
+ [ISC-Bugs #35549]
-- Eliminated a noisy, but otherwise harmless debug log statment that may
- appear during server startup when building with --enable-binary-leases
- and configuring multiple pools in a shared network. Thanks to Fernando
- Soto from BlueCat Networks for reporting the issue and supplying a patch.
- [ISC-Bugs #43262]
+- Modify the overload processing to allow space for the remote agent ID.
+ [ISC-Bugs #35569]
+ Handle the ordering of the SUBNET_MASK option even if it is the last
+ option in the list.
+ [ISC-Bugs #24580]
-- The configure script for use with libtool now catches a failure to
- execute autoreconf. Prior to this, autoreconf failures would go undetected
- causing the legacy configure script to loop when run with --enable-libtool.
- [ISC-Bugs #43546]
+- Remove the code that allows a server to follow RFC3315 instead of
+ the subsequent errata from August 2010 when determining which IAs
+ to include if no addresses will be assigned.
+ [ISC-Bugs #28938]
-- When replying to a DHCPINFORM, the server will now include options specified
- at the pool scope, provided the ciaddr field of the DHCPINFORM is populated.
- Prior to this the server only evaluated options down to the subnet scope.
- Thanks to Fernando Soto at BlueCat Networks for reporting the issue.
- [ISC-Bugs #43219]
- [ISC-Bugs #45051]
+- Remove unused RCSID tags.
+ [ISC-Bugs #35846]
-- When memory allocation fails in a repeated way the process writes
- "Run out of memory." on the standard error and exists with status 1.
- [ISC-Bugs #32744]
+- Correct the v6 client timing code. When doing the timing backoff
+ for MRT limit it to MRD.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #21238
-- The new lmdb (Lightning Memory DataBase) bind9 configure option is
- now disabled by default to avoid the presence of this library to be
- detected which can lead to a link failure.
- [ISC-Bugs #45069]
+- Add a log entry when killing a client and remove the PID files
+ when a server, relay or client are killed.
+ [ISC-Bugs #16970]
+ [ISC-Bugs #17258]
-- The linux interface discovery code has been modified to use getifaddrs()
- as is done for BSD and OS-X. Prior to this the code would only recognize
- the first address on an interface and thereby omit vlans.
- Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei
- Kong at Novell, who all submitted patches.
- [ISC-Bugs #28761]
- [ISC-Bugs #31992]
- [ISC-Bugs #25428]
- [ISC-Bugs #31940]
- [ISC-Bugs #32935]
+- Some minor cleanups in the client code.
+ In addition to checking for dhcpc check for bootpc in the services list.
+ [ISC-Bugs #18933]
+ Correct the client code to only try to get a lease once when the
+ given the "-1" argument.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #26735]
+ When asked for the version don't send the output to syslog.
+ [ISC-Bugs #29772]
+ Add the next server information to the environment variables for
+ use by the client script. In order to avoid changing the client
+ lease file the next server information isn't written to it.
+ Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
+ [ISC-Bugs #33098]
-- Fixed a bug in OMAPI that causes omshell to crash when a name-value
- pair with a zero length value is shipped in an object. Thanks to
- Fernando Soto at BlueCat Networks for reporting the issue and
- supplying the patch.
- [ISC-Bugs #29108]
+- Several updates to the dhcp server code.
+ When not in quiet mode print out the files being used.
+ [ISC-Bugs #17551]
+ As accessing some pid files may require privileges move the dropping
+ of permission bits due to the paranoia patch to be after the pid code.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #25806]
+ When processing a "--version" request don't output the version information
+ to syslog.
-- On 64-bit platforms, dhclient now generates the correct value for the
- script environment variable, "expiry", the lease expiry value exceeds
- 0x7FFFFFFF. Prior to this such values would produce negative values
- for expiry in the script environment.
- [ISC-Bugs #43326]
+- Add the "enable-log-pid" build option to the configure script. When enabled
+ this causes the client, server and relay programs to include the PID
+ number in syslog messages.
+ Thanks to Marius Tomaschewski for the suggestion and proto-patch.
+ [ISC-Bugs #29713]
-- Common timer logic was modified to cap the maximum timeout values at
- 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of
- range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for
- reporting the issue.
- [ISC-Bugs #28038]
+- Add a #define to specify the prefix length used when a client attempts
+ to configure an address. This can be modified by editing includes/site.h.
+ By default it is set to 64. While 128 might be a better choice it would
+ also be a change for currently running systems, so we have left it at 64.
+ [ISC-Bugs #DHCP-2]
-- DHCP6 FQDN option unpacking code now correctly handles values that contain
- spaces, special, or non-printable characters. Prior to this the buffer
- size needed was underestimated causing a conversion error message to
- be logged and DNS updates to be skipped. Thanks to Fernando Soto at
- BlueCat Networks for bringing the matter to our attention.
- [ISC-Bugs #43592]
+- Add a run time option to the client "-df" to allow the administrator to
+ point to a second lease file the client can search for a DUID. This can
+ be used to allow a v4 and a v6 instance of the client to share a DUID.
+ The second file will only be searched if there isn't a DUID in the main
+ lease file and the DUID will be written out to the main lease file.
+ [ISC-Bugs #34886]
-- When running in -6 mode, dhclient now enforces the require option statement
- and will discard offered leases that do not contain all the required
- options specified in the client configuration. Prior to this the client
- would still consider such leases. This may be disabled at compile time
- (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to
- Mritunjaykumar Dubey at Nokia for reporting the issue.
- [ISC-Bugs #41473]
+- Have the client fsync the lease file to avoid lease corruption if the
+ client hibernates or otherwise shuts down.
+ [ISC-Bugs #35894]
-- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit
- OS systems when using -1 or large values for default-lease-time. Rollover
- values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally
- short expiration times being handed out when infinite lease times (-1) in
- conjunction with failover. Our thanks to Alessandro Gherardi for bringing
- the issue to our attention.
- [ISC-Bugs #41976]
+- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
+ Thanks to Steinar Haug for the suggestion.
+ [ISC-Bugs #36033]
-- The server nows checks both the address and length of a prefix delegation
- when attempting to match it to a prefix pool. This ensures the server
- responds properly when pool configurations change such that once valid,
- "in-pool" delegations are now treated as being invalid. During lease
- file loading at startup, the server will discard any PD leases that
- are deemed "out-of-pool" either by address or mis-matched prefix length.
- Clients seeking to renew or rebind such leases will get a response of
- No Binding in the case of the former, and the prefix delegation with
- lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo
- at TDS Telecom for reporting this issue.
- [ISC-Bugs #35378]
+- Modify the handling of the resolv.conf file to allow the DHCP
+ process to start up even if the resolv.conf file has problems.
+ [ISC-Bugs #35989]
-- The server now detects failover peers that are not referenced in at least
- one pool when run with the command line option for test mode, -T. Prior to
- this the check was performed too far down stream to be detected in test mode.
- [ISC-Bugs #29892]
+- Add threshold logging functionality. Two new options,
+ log-threshold-low and log-threshold-high, indicate to the
+ server if and when it should log an error message as addresses
+ in a pool are used.
+ [ISC-Bugs #34487]
-- Changed severity of the log message indicating UDP checksum errors in
- the received packets from 'info' to 'debug' to avoid logging excessive
- number of false positives when UDP checksum offloading is enabled.
- [ISC-bugs #41757]
+- Add code to properly dereference a pointer in the dhclient code
+ on an error condition.
+ [ISC-Bugs #36194]
-- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias"
- for IPv6 mode in the client scripts, netbsd and openbsd. This was
- preventing IPv6 addresses from being added or removed from interfaces.
- Thanks to Tim Dean for reporting this issue.
- [ISC-bugs #31573]
+- Add code to help clean up soft leases.
+ [ISC-Bugs #36304]
-- Corrected an issue where the server would return a client's previously
- released prefix lease even when the client provides a prefix length
- hint that does not match the prior lease. Now the server will only
- return the previous lease if it exactly matches the hint. If not
- it will attempt to allocate a new prefix based on the hint and the
- prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications
- for pointing out the error of our ways.
- [ISC-bugs #45780]
+- Disable the gentle shutdown functionality until we can determine
+ the best way to present it to remove or reduce the side effects.
+ [ISC-Bugs #36066]
-- Added explicit include of BIND9 isc/util.h to adapt to revisisions
- in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing
- with implicit function declarations errors for POST() and INSIST().
- [ISC-bugs #46332]
+ Changes since 4.3.0rc1
-- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132
- states the option cannot be empty, some clients are apparently capable of
- sending it. Prior to this the server was attempting to use it and store it
- in the lease file causing issues with DDNS and so forth.
- [ISC-bugs #43786]
+- None
+ Changes since 4.3.0b1
-- Replaced iasubopt::heap_index with separate values for active and inactive
- heaps: iasubopt::active_index and iasubopt::inactive_index. This was done
- to accomodate a change in behavior in BIND9 isc_heap_delete().
- [ISC-bugs #46719]
+- Tidy up receive packet processing.
+ Thanks to Brad Plank of GTA for reporting the issue and suggesting
+ a possible patch.
+ [ISC-Bugs #34447]
-! Plugged a socket descriptor leak in OMAPI, that can occur when there is
- data pending to be written to an OMAPI connection, when the connection
- is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
- this issue to our attention and whose patch helped guide us in the right
- direction.
- [ISc-Bugs #46767]
+ Changes since 4.3.0a1
+
+- Modify the message displayed when a process hits a fatal error.
+ The new message is much shorter and simply points to the README
+ and our website for directions on bug submissions.
+ [ISC-Bugs #24789]
Changes since 4.2.0 (new features)
projects / thirdparty / dhcp.git / blobdiff