Internet Systems Consortium DHCP Distribution
- Version 4.3.4
+ Version 4.4.0-pre-alpha
29 March 2016
Release Notes
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
- Changes since 4.3.4
+ Changes since 4.3.0 (new features)
-- Fixed util/bindvar.sh error handling.
- [ISC-Bugs #41973]
-
-- Correct error message in relay to use remote id length instead
- of circuit id length.
- [ISC-Bugs #42556]
+ Changes since 4.3.0 (bug fixes)
-- Add support for including an encapsulated option in a response
- from the DHCPv6 server. This allows the v6 FQDN option to be
- returned in responses.
- [ISC-Bugs #29246]
+- Tidy up several small tickets.
+ Correct parsing of DUID from config file, previously the LL type
+ was put in the wrong place in the DUID string.
+ [ISC-Bugs #20962]
+ Add code to parse "do-forward-updates" as well as "do-forward-update"
+ Thanks to Jiri Popelka at Red Hat.
+ [ISC-Bugs #31328]
+ Remove log_priority as it isn't currently used.
+ [ISC-Bugs #33397]
+ Increase the size of the buffer used for reading interface information.
+ [ISC-Bugs #34858]
-- Add logic to test directory Makefiles to avoid copying Attfile(s)
- when building within the source tree. This eliminates a noisy but
- otherwise harmless error message when running "make check".
- [ISC-Bugs #41883]
+- Remove an extra set of the msg_controllen variable.
+ [ISC-Bugs #21035]
-- Leases are now scrubbed of certain prior use information when pool
- re-balancing reassigns them from one FO peer to the other. This
- corrects an issue where leases that were offered but ignored retained
- the client hostname from the original client. Thanks to Pavel Polacek,
- Jan Evangelista Purkyne University for reporting the issue.
- [ISC-Bugs #42008]
+- Add a more understandable error message if a configuration attempts
+ to add multiple keys for a single zone. Thanks to a patch from Jiri
+ Popelka at Red Hat.
+ [ISC-Bugs #31892]
-- In the LDAP code and schema add some missing '6' characters to use
- the v6 instead of the v4 versions. Thanks to Denis Taranushin for
- reporting this issue and supplying its patch.
- [ISC-Bugs #42666]
+- Fix some minor issues in the dst code.
+ [ISC-Bugs #34172]
-- Correct how the pick-first-value expression is written to a lease
- file. Previously it was written as a concat expression due to
- a cut and paste error.
- [ISC-Bugs #42253]
+- Properly #ifdef functions so that the code can compile without NSUPDATE.
+ [ISC-Bugs #35058]
-- Modify the DDNS code to clean up the PTR record even if there
- are issues while cleaning up the A or AAAA records.
- [ISC-Bugs #23954]
+- Update the partner's stos (start time of state, basically when we last
+ heard from this partner) field when updating the state in failover.
+ [ISC-Bugs #35549]
-- Added global configuration parameter, abandon-lease-time, which determines
- the amount of time a lease remains abandoned. The default is 84600 seconds.
- Additionaly, the server now conducts a ping check (if ping checks are
- enabled) prior to offering an abandoned lease to client.
- [ISC-Bugs #41815]
+- Modify the overload processing to allow space for the remote agent ID.
+ [ISC-Bugs #35569]
+ Handle the ordering of the SUBNET_MASK option even if it is the last
+ option in the list.
+ [ISC-Bugs #24580]
-- Correct handling of interface names during interface discovery. This
- addresses an issue where interface names of 15 characters in length
- could lead to crashes or interface recognition errors during startup
- of dhcpd, dhclient, and dhcrelay.
- [ISC-Bugs #42226]
+- Remove the code that allows a server to follow RFC3315 instead of
+ the subsequent errata from August 2010 when determining which IAs
+ to include if no addresses will be assigned.
+ [ISC-Bugs #28938]
-- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
- They are looking for the lease file in more places and skipping
- the "processing complete" output when creating machine readable
- output.
- [ISC-Bugs #42113]
+- Remove unused RCSID tags.
+ [ISC-Bugs #35846]
-- When reusing a lease for dhcp-cache-threshold return the hostname
- to the original lease. Also if the host pointer, UID or hardware address
- change don't allow reuse of the lease.
- Thanks to Michael Vincent for reporting this and helping us
- verify the problem and fix.
- [ISC-Bugs #42849]
+- Correct the v6 client timing code. When doing the timing backoff
+ for MRT limit it to MRD.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #21238
-- Change dmalloc to use a size_t as the length argument to bring it
- in line with the call it will make to malloc().
- [ISC-Bugs #40843]
+- Add a log entry when killing a client and remove the PID files
+ when a server, relay or client are killed.
+ [ISC-Bugs #16970]
+ [ISC-Bugs #17258]
-- If the failover socket can't be bound close it, otherwise if the
- user configures an incorrect address in the failover stanza the
- server will continue to open new sockets every 90 seconds until
- it runs out.
- [ISC-Bugs #42452]
+- Some minor cleanups in the client code.
+ In addition to checking for dhcpc check for bootpc in the services list.
+ [ISC-Bugs #18933]
+ Correct the client code to only try to get a lease once when the
+ given the "-1" argument.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #26735]
+ When asked for the version don't send the output to syslog.
+ [ISC-Bugs #29772]
+ Add the next server information to the environment variables for
+ use by the client script. In order to avoid changing the client
+ lease file the next server information isn't written to it.
+ Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
+ [ISC-Bugs #33098]
- Changes since 4.3.4b1
+- Several updates to the dhcp server code.
+ When not in quiet mode print out the files being used.
+ [ISC-Bugs #17551]
+ As accessing some pid files may require privileges move the dropping
+ of permission bits due to the paranoia patch to be after the pid code.
+ Thanks to Jiri Popelka at Red Hat for the bug report and fix.
+ [ISC-Bugs #25806]
+ When processing a "--version" request don't output the version information
+ to syslog.
-- None
+- Add the "enable-log-pid" build option to the configure script. When enabled
+ this causes the client, server and relay programs to include the PID
+ number in syslog messages.
+ Thanks to Marius Tomaschewski for the suggestion and proto-patch.
+ [ISC-Bugs #29713]
- Changes since 4.3.3
+- Add a #define to specify the prefix length used when a client attempts
+ to configure an address. This can be modified by editing includes/site.h.
+ By default it is set to 64. While 128 might be a better choice it would
+ also be a change for currently running systems, so we have left it at 64.
+ [ISC-Bugs #DHCP-2]
-- Corrected a static analyzer warning in common/execute.c
- [ISC-Bugs #40374]
+- Add a run time option to the client "-df" to allow the administrator to
+ point to a second lease file the client can search for a DUID. This can
+ be used to allow a v4 and a v6 instance of the client to share a DUID.
+ The second file will only be searched if there isn't a DUID in the main
+ lease file and the DUID will be written out to the main lease file.
+ [ISC-Bugs #34886]
-- ISC DHCP now follows the common convention to use the base name a
- program is invoked with (aka argv[0], vs. a builtin name) for
- logs. This should help differentiate syslog entries for DHCPv4 and
- DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
- keep the previous behavior.
- [ISC-Bugs #38692]
+- Have the client fsync the lease file to avoid lease corruption if the
+ client hibernates or otherwise shuts down.
+ [ISC-Bugs #35894]
-- The Linux packet filter code now correctly treats only the least significant
- 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
- Prior to this it was using the entire 16 bit value as the VLAN id and
- incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
- reporting this issue and supplying its patch.
- [ISC-Bugs #40591]
+- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
+ Thanks to Steinar Haug for the suggestion.
+ [ISC-Bugs #36033]
-- Fixed several static analysis issues such as potential null
- references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
- gmail dot com) who identified these issues and supplied patches to
- address them.
- [ISC-Bugs #40754]
- [ISC-Bugs #40823]
+- Modify the handling of the resolv.conf file to allow the DHCP
+ process to start up even if the resolv.conf file has problems.
+ [ISC-Bugs #35989]
-- Corrected compilation errors that prohibited building the server
- and its ATF unit tests when failover is disabled.
- [ISC-Bugs #40372]
+- Add threshold logging functionality. Two new options,
+ log-threshold-low and log-threshold-high, indicate to the
+ server if and when it should log an error message as addresses
+ in a pool are used.
+ [ISC-Bugs #34487]
-- Added the lease address to the end of the debug level log message
- emitted when an existing lease is renewed within the dhcp-cache-threshold.
- Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
- [ISC-Bugs #40598]
+- Add code to properly dereference a pointer in the dhclient code
+ on an error condition.
+ [ISC-Bugs #36194]
-- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
- section of the configure script output. Additionally, all of the
- features reported on will now always show either a "yes" or "no"
- value. Prior to this features left to their default setting would
- not show a value.
- [ISC-Bugs #40381]
+- Add code to help clean up soft leases.
+ [ISC-Bugs #36304]
-- Added a parameter, authoring-byte-order, to the lease file. This value
- is automatically added to the top of new lease files by the server and
- indicates the internal byte order (big endian or little endian) of the
- server. This permits lease files generated on a server with one form of
- byte order to be used on a server with the opposite form. Our thanks to
- Timothe Litt for calling this to our attention and for the suggestions
- he provided.
- [ISC-Bugs #38396]
+- Disable the gentle shutdown functionality until we can determine
+ the best way to present it to remove or reduce the side effects.
+ [ISC-Bugs #36066]
-- Fixed a small memory leak in the DHCPv6 version of the client code.
- This is unlikely to cause significant issues in actual use.
- [ISC-Bugs #40990]
+- Modify the message displayed when a process hits a fatal error.
+ The new message is much shorter and simply points to the README
+ and our website for directions on bug submissions.
+ [ISC-Bugs #24789]
-- Corrected a few minor memory leaks in omapi's dereferencing of
- host objects. Thanks to Jiri Popelka at Red Hat for reporting
- the issue and supplying the patches.
- [ISC-Bugs #33990]
- [ISC-Bugs #41325]
+- Handle an absent resolv.conf file better.
+ [ISC-Bugs #35194]
-- Cleaned up some of the Make infrastructure to make --with-libbind
- work better. Though it still only works with an absolute path.
- [ISC-Bugs #39210]
+- Tidy up receive packet processing.
+ Thanks to Brad Plank of GTA for reporting the issue and suggesting
+ a possible patch.
+ [ISC-Bugs #34447]
-- Made the embedded bind libraries able to be cross compiled
- (please refer to the bind9 documentation to learn how to cross
- compile DHCP and its bind library dependency).
- [ISC-Bugs #38836]
+- Corrected parser's right brace matching when a statement contains an error.
+ [ISC-Bugs #36021]
-- Update the client code to better support getting IA_NAs and IA_PDs
- in the same packet, see RFC7550 for some discussion.
- [ISC-Bugs #40190]
+- TSIG-authenticated dynamic DNS updates now support the use of these
+ additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+ and hmac-sha512
+ [ISC-Bugs #36947]
-! Update the bounds checking when receiving a packet.
- Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
+- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
+ working with the OpenBSD project who spotted the issue and provided the
patch.
- [ISC-Bugs #41267]
- CVE: CVE-2015-8605
+ [ISC-Bugs #36653]
-- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
- print out a specific error message about the first error in addition
- to the usage string. This may be disabled by editing includes/site.h.
- [ISC-Bugs #40321]
- [ISC-Bugs #41454]
+- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
+ Stoeckmann working with the OpenBSD project who spotted the issue and
+ provided the patch.
+ [ISC-Bugs #36897]
-- The configure script will now exit with an error message if it cannot find
- a GNU-style make tool (needed when building BIND libraries) or pkg-config
- (needed to locate ATF used for building unit tests). Prior to this the
- script would exit indicating success causing subsequent attempts to build
- the software to fail.
- [ISC-Bugs #40371]
-
-- Properly terminate strings before passing them to regex and fix
- a boundary error when creating certain new data strings.
- Thanks to Andrey Jr. Melnikov for the bug report.
- [ISC-Bugs #41217]
+- Log statements depicting what files will be used by the server now occur
+ after the configuration file has been processed.
+ [ISC-Bugs #36671]
-- Option expressions, such as prepend and append, are now supported when
- running dhclient for IPv6. Prior to this such statements in the
- client configuration file would be parsed but have no affect. Thanks
- to Jiri Popelka at Red Hat for reporting the issue.
- [ISC-Bugs #39952]
+- Addressed Coverity issues reported as of 07-31-2014:
+ [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
+ [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
+ [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
+ compilers that was introduced by #36712
-- A failover primary server will now accept a binding status update from the
- secondary which transitions a lease from ACTIVE to ABANDONED. This accounts
- for instances in which a client declines a lease and only the secondary
- server receives it. Prior to this the primary server would reject such an
- update as an "invalid state transition".
- [ISC_BUGS #25189]
+- Server now supports a failover split value of 256.
+ [ISC-Bugs] #36664]
-- Properly allocate memory for a bpf filter.
- Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue.
- [ISC-Bugs #41485]
+- Remove unneeded error #defines. These defines were included in case
+ external programs required the older versions of the macro. They
+ have been #ifdeffed for now and will be removed at a future date.
+ See site.h for the #define to include them again, but you should
+ switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
+ Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
+ [ISC-Bugs #37128]
-- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better
- and to print out the hostnames a bit better.
- Thanks to Antoine Beaupré from Debian for the suggested patch.
- [ISC-Bugs #41288]
+- Added checks in range6 and prefix6 statement parsing to ensure addresses
+ are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
+ bug report and patch.
+ [ISC-Bugs #32453]
+ [ISC-Bugs #17766]
+ [ISC-Bugs #18510]
+ [ISC-Bugs #23698]
+ [ISC-Bugs #28883]
-- The DHCPv6 server now handles long valid and preferred lease times better.
- Values that would cause the internal end time of the lease to wrap are
- modified to work as infinite.
- [ISC-Bugs #40773]
+- Addressed checksum issues:
+ Added checksum readiness check to Linux packet filtering which eliminates
+ invalid packet drops due to checksum errors when checksum offloading is
+ in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
+ [ISC-Bugs #22806]
+ [ISC-Bugs #15902]
+ [ISC-Bugs #17739]
+ [ISC-Bugs #18010]
+ [ISC-Bugs #22556]
+ [ISC-Bugs #29769]
+ Inbound packets with UDP checksums of 0xffff now validate correctly rather
+ than being dropped.
+ [ISC-Bugs #24216]
+ [ISC-Bugs #25587]
-- Updated support for cross compiling by allowing the library archiver
- to be set at configure time via the environment variable 'AR'.
- [ISC-Bugs #41536]
+- Added the echo-client-id configuration parameter to the server configuration.
+ The server now supports RFC 6842 compliant behavior by setting a new
+ configuration parameter, echo-client-id. When enabled, the server will
+ include the client identifier option (Option code 61) if received, in its
+ responses. The server identifier returned in NAKs (if enabled) will now
+ be the globally defined value (if one) if the server cannot attribute the
+ inbound request to a known subnet.
+ [ISC-Bugs #35958]
+ [ISC-Bugs #32545]
-- The server will now match DHCPv6 relayed clients to host declarations
- which include the "hardware" statement, if the relay connected to the
- client supplies the client's hardware address via client-linklayer-address
- option as per RFC 6939.
- [ISC-Bugs #40334]
+- Added support of the configuration parameter, use-host-decl-names, to
+ BOOTP request handling.
+ [ISC-Bugs #36233]
-- Allow a filename to be specified instead of /dev/random during
- configuration. This is passed to the BIND configuration to allow
- for cross compilation.
- [ISC-Bugs #33835]
+- Added logic to ignore the signal, SIGPIPE, which ensures write failures
+ will be delivered as errors rather than as SIGPIPE signals on all OSs.
+ Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
+ the patch upon which the fix is based.
+ [ISC-Bugs #32222]
-- Add more option definitions.
- [ISC-Bugs #40562]
+- In the failover code, handle the case of communications being interrupted
+ when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
+ the primary to accept the secondary moving from POTENTIAL-CONFLICT to
+ RESOLUTION-INTERRUPTED as well as handling the bind update process better.
+ In addition the code to resend update or update all requests has been
+ modified to send requests more often.
+ [ISC-Bugs #36810]
+ [ISC-Bugs #20352]
-- Correct outputting of long lines in the lease file when writing
- a lease that includes long strings in an execute statement.
- [ISC-Bugs #40994]
+- By default, the server will now choose the value to use in the forward DNS
+ name from the following in order of preference:
-- The server will now correctly treat a lease as reserved when the client
- requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved"
- is enabled. Prior to this the server would halt. In addition, corrections
- were made to the server to allow a lease's flags field to be set via omapi.
- Prior to this, the server, depending on the host architecture, would
- incorrectly parse the new flags value from the omapi message.
- [ISC-Bugs #31179]
+ 1. FQDN option if provided by the client
+ 2. Host name option if provided by the client
+ 3. Configured option host-name if defined
-- ISC DHCP can now be configured and built from a directory other than
- the top level source directory. Note that "make distcheck" uses this
- feature.
- [ISC-Bugs #39262]
+ As before, this may be overridden by defining ddns-hostname to the desired
+ value (or expression). In addition, the server logic has been extended to
+ use the value of the host name declaration if use-host-decl-names is enabled
+ and no other value is available.
+ [ISC-Bugs #21323]
-- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument,
- "-U <interface>" enables the addition of a RFC 3527 compliant link selection
- suboption to the agent option added for clients directly connected to the
- relay.
- [ISC-Bugs #34875]
- [ISC-Bugs #41708]
+- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
+ the existing lease and the forward DNS name had not changed. This has been
+ corrected.
+ [ISC-Bugs #37368]
+ [ISC-Bugs #38636]
-- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled
- instructs the server to calculate T1 and T2 as recommended in RFC 3315,
- Section 22.4.
- [ISC-Bugs #25687]
+- Corrected an issue which caused dhclient to incorrectly form the result when
+ prepending or appending to the IPv4 domain-search option, received from the
+ server, when either of the values being combined contain compressed
+ components.
+ [ISC-Bugs #20558]
-- Corrected minor Coverity issues.
- [ISC-Bugs #35144]
+- Added the server-id-check parameter to the server configuration.
+ This parameter allows run-time control over whether or not a server,
+ participating in failover, verifies the dhcp-server-identifier option in
+ DHCP REQUESTs against the server's id before processing the request.
+ Formerly, enabling this behavior was done at compilation time through
+ the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
+ The functionality is now only available through the new runtime parameter.
+ [ISC-Bugs #37551]
-- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration
- option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support
- and is not compatible with delayed-ack. Both client and server use 2
- processes which communicate over UDP on a pair of sockets. The new
- "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support
- and specifies the consecutive ports to use for inter-process communication.
- Please look at doc/DHCPv4-over-DHCPv6 for more details.
- [ISC-Bugs #35711]
+- During startup, when the server encounters a lease whose binding state is
+ FTS_BACKUP but whose pool has no configured failover peer, it will reset the
+ lease's binding state to FTS_FREE. This allows the leases to be reclaimed
+ by the server after a pool's configuration has changed from failover to
+ standalone. Prior to this such leases would remain stuck in the backup state
+ making them unavailable for assignment. Note this conversion will occur
+ whether or not the server is compiled for failover.
+ [ISC-Bugs #36960]
-- Correct interface name formation when using DLPI under Solaris 11. As of
- Solaris 11, ethernet device files are located in "/dev/net". The configure
- script has been modified to detect this situation and adjust the directory
- used accordingly. Thanks to Jarkko Torppa for reporting this issue and
- submitting a patch
- [ISC-Bugs #37954]
- [ISC-Bugs #40752]
+- Fixed a small issue in the treatment of hosts in the inform processing
+ that could cause the response to an inform to include information from
+ the wrong scope. The two examples we've heard of are getting subnet
+ instead of group information associated with a host entry, or getting
+ global information instead of subnet if the host entry was built via
+ omapi. Thanks to Julien Soula at University of Lille for finding the
+ bug and supplying a patch.
+ [ISC-Bugs #35712]
-- Add a dereference call when handling an error condition while
- decoding a packet.
- [ISC-Bugs #41774]
+- Avoid calling pool_timer() recursively from supersede_lease(). This could
+ result in leases changing state incorrectly or delaying the running of the
+ leae expiration code.
+ [ISC-Bugs #38002]
-- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The
- parameter controls the format in which certain values are written to lease
- files. Formats supported are octal - quoted string containing octal
- escapes, and hex - unquoted, colon separated hex digits. Thanks to
- Jay Ford, University of Iowa for bringing the issue to our attention.
- [ISC-Bugs #26378]
+- Move the check for a PID file and process to be before we rewrite the
+ lease file. This avoids the possibility of starting a second instance
+ of a server which changes the current lease file confusing the first
+ instance. This check is only included if the admin hasn't disabled PID
+ files.
+ [ISC-Bugs #38078]
+ [ISC-Bugs #38143]
-! Add an option in site.h to limit the number of failover and control
- connections the server will accept. By default this is 200.
- [ISC-Bugs #41845]
- CVE: CVE-2016-2774
+- In the client code change the way preferred_life and max_life are printed
+ for environment variables to be unsigned rather than signed.
+ Thanks to Jiri Popelka at Red Hat for the bug report and patch.
+ [ISC-Bugs #37084]
- Changes since 4.3.3b1
+- Modified Linux packet handling such that packets received via VLAN are now
+ seen only by the VLAN interface. Prior to this, such packets were seen by
+ both the VLAN interface and its parent (physical) interface, causing the
+ server to respond to both. Note this remains an issue for non-Linux OSs.
+ Thanks to Jiri Popelka at Red Hat for the patch.
+ [ISC-Bugs #37415]
+ [ISC-Bugs #37133]
+ [ISC-Bugs #36668]
+ [ISC-Bugs #36652]
-- None
+- Log content has been changed to more directly suggest that admins should
+ check for multiple IPv6 clients attempting to use the same DUID when only
+ abandoned addresses are available. Debug level logging will now emit counts
+ of the total number of, in-use, and abandoned addresses in a shared subnet
+ when the server finds no addresses available for a given DUID. Lastly,
+ threshold logging is now automatically disabled for shared subnets whose
+ total number of possible addresses exceeds (2^64)-1.
+ [ISC-Bugs #26376]
+ [ISC-Bugs #38131]
- Changes since 4.3.2
+- Added a global parameter, prefix-length-mode, which may be used to determine
+ how the server uses a non-zero value for prefix-length supplied by clients
+ when soliciting DHCPv6 prefixes. The server supports selection modes of:
+ ignore, prefer, exact, minimum and maximum which are described in detail in
+ the server man pages. The prior behavior of the server was to only offer a
+ prefix whose length exactly matched the prefix-length value requested. If
+ no such prefixes were available, the server returned a status of none
+ available. Note the default mode, "exact", provides this same behavior.
+ [ISC-Bugs #36780]
+ [ISC-Bugs #32228]
-- The server now does a better check to see if it can allocate the memory
- for large blocks of v4 leases and should provide a slightly better error
- message. Note well: the server pre-allocates v4 addresses, if you use
- a large range, such as a /8, the server will attempt to use a large
- amount of memory and may not start if there either isn't enough memory
+- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
+ limit such that it now sets it to 32 when the upstream address is a multicast
+ address per RFC 3315 Section 20. Prior to this if the -u argument preceded
+ the -l argument on the command line or if the same interface was specified
+ for both; the logic to set the hop limit count for the upper interface was
+ skipped. This caused the hop count limit to be set to the default value
+ (typically 1) in the outbound upstream packets.
+ [ISC-Bugs #37426]
+
+- Modify the linux and openwrt dhclient scripts to process information
+ from a stateless request. Thanks to Jiri Popelka at Red Hat for the
+ bug report and patch.
+ [ISC-Bugs #36102]
+
+- Remove more unused RCSID tags. These weren't noticed in 4.3 as
+ the code isn't used anymore but we remove them here to keep the
+ code consistent across versions.
+ [ISC-Bugs #36451]
+
+- The server now does a better check to see if it can allocate the memory
+ for large blocks of v4 leases and should provide a slightly better error
+ message. Note well: the server pre-allocates v4 addresses, if you use
+ a large range, such as a /8, the server will attempt to use a large
+ amount of memory and may not start if there either isn't enough memory
or the size exceeds what the code supports.
[ISC-Bugs #38637]
and suggesting a patch.
[ISC-Bugs #39279]
- Changes since 4.3.2rc2
-- None
-
- Changes since 4.3.2rc1
-
- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
The error occurs on Linux variants that do not support VLAN tag information
in packet auxiliary data. The configure script now only enables inclusion
of the VLAN tag-based logic if it is supported by the underlying OS.
[ISC-Bugs #38677]
- Changes since 4.3.2b1
-
- Specifying the option, --disable-debug, on the configure script command line
now disables debug features. Prior to this, specifying --disable-debug
incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
use the command "make -k check".
[ISC-Bugs #38619]
- Changes since 4.3.1
-
-- Corrected parser's right brace matching when a statement contains an error.
- [ISC-Bugs #36021]
-
-- TSIG-authenticated dynamic DNS updates now support the use of these
- additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
- and hmac-sha512
- [ISC-Bugs #36947]
-
-- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
- working with the OpenBSD project who spotted the issue and provided the
- patch.
- [ISC-Bugs #36653]
-
-- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
- Stoeckmann working with the OpenBSD project who spotted the issue and
- provided the patch.
- [ISC-Bugs #36897]
-
-- Log statements depicting what files will be used by the server now occur
- after the configuration file has been processed.
- [ISC-Bugs #36671]
-
-- Addressed Coverity issues reported as of 07-31-2014:
- [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
- [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
- [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
- compilers that was introduced by #36712
-
-- Server now supports a failover split value of 256.
- [ISC-Bugs] #36664]
-
-- Remove unneeded error #defines. These defines were included in case
- external programs required the older versions of the macro. They
- have been #ifdeffed for now and will be removed at a future date.
- See site.h for the #define to include them again, but you should
- switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
- Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
- [ISC-Bugs #37128]
-
-- Added checks in range6 and prefix6 statement parsing to ensure addresses
- are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
- bug report and patch.
- [ISC-Bugs #32453]
- [ISC-Bugs #17766]
- [ISC-Bugs #18510]
- [ISC-Bugs #23698]
- [ISC-Bugs #28883]
-
-- Addressed checksum issues:
- Added checksum readiness check to Linux packet filtering which eliminates
- invalid packet drops due to checksum errors when checksum offloading is
- in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
- [ISC-Bugs #22806]
- [ISC-Bugs #15902]
- [ISC-Bugs #17739]
- [ISC-Bugs #18010]
- [ISC-Bugs #22556]
- [ISC-Bugs #29769]
- Inbound packets with UDP checksums of 0xffff now validate correctly rather
- than being dropped.
- [ISC-Bugs #24216]
- [ISC-Bugs #25587]
-
-- Added the echo-client-id configuration parameter to the server configuration.
- The server now supports RFC 6842 compliant behavior by setting a new
- configuration parameter, echo-client-id. When enabled, the server will
- include the client identifier option (Option code 61) if received, in its
- responses. The server identifier returned in NAKs (if enabled) will now
- be the globally defined value (if one) if the server cannot attribute the
- inbound request to a known subnet.
- [ISC-Bugs #35958]
- [ISC-Bugs #32545]
-
-- Added support of the configuration parameter, use-host-decl-names, to
- BOOTP request handling.
- [ISC-Bugs #36233]
+- Corrected a static analyzer warning in common/execute.c
+ [ISC-Bugs #40374]
-- Added logic to ignore the signal, SIGPIPE, which ensures write failures
- will be delivered as errors rather than as SIGPIPE signals on all OSs.
- Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
- the patch upon which the fix is based.
- [ISC-Bugs #32222]
+- ISC DHCP now follows the common convention to use the base name a
+ program is invoked with (aka argv[0], vs. a builtin name) for
+ logs. This should help differentiate syslog entries for DHCPv4 and
+ DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
+ keep the previous behavior.
+ [ISC-Bugs #38692]
-- In the failover code, handle the case of communications being interrupted
- when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
- the primary to accept the secondary moving from POTENTIAL-CONFLICT to
- RESOLUTION-INTERRUPTED as well as handling the bind update process better.
- In addition the code to resend update or update all requests has been
- modified to send requests more often.
- [ISC-Bugs #36810]
- [ISC-Bugs #20352]
+- The Linux packet filter code now correctly treats only the least significant
+ 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
+ Prior to this it was using the entire 16 bit value as the VLAN id and
+ incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for
+ reporting this issue and supplying its patch.
+ [ISC-Bugs #40591]
-- By default, the server will now choose the value to use in the forward DNS
- name from the following in order of preference:
+- Fixed several static analysis issues such as potential null
+ references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at
+ gmail dot com) who identified these issues and supplied patches to
+ address them.
+ [ISC-Bugs #40754]
+ [ISC-Bugs #40823]
- 1. FQDN option if provided by the client
- 2. Host name option if provided by the client
- 3. Configured option host-name if defined
+- Corrected compilation errors that prohibited building the server
+ and its ATF unit tests when failover is disabled.
+ [ISC-Bugs #40372]
- As before, this may be overridden by defining ddns-hostname to the desired
- value (or expression). In addition, the server logic has been extended to
- use the value of the host name declaration if use-host-decl-names is enabled
- and no other value is available.
- [ISC-Bugs #21323]
+- Added the lease address to the end of the debug level log message
+ emitted when an existing lease is renewed within the dhcp-cache-threshold.
+ Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
+ [ISC-Bugs #40598]
-- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
- the existing lease and the forward DNS name had not changed. This has been
- corrected.
- [ISC-Bugs #37368]
- [ISC-Bugs #38636]
+- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
+ section of the configure script output. Additionally, all of the
+ features reported on will now always show either a "yes" or "no"
+ value. Prior to this features left to their default setting would
+ not show a value.
+ [ISC-Bugs #40381]
-- Corrected an issue which caused dhclient to incorrectly form the result when
- prepending or appending to the IPv4 domain-search option, received from the
- server, when either of the values being combined contain compressed
- components.
- [ISC-Bugs #20558]
+- Added a parameter, authoring-byte-order, to the lease file. This value
+ is automatically added to the top of new lease files by the server and
+ indicates the internal byte order (big endian or little endian) of the
+ server. This permits lease files generated on a server with one form of
+ byte order to be used on a server with the opposite form. Our thanks to
+ Timothe Litt for calling this to our attention and for the suggestions
+ he provided.
+ [ISC-Bugs #38396]
-- Added the server-id-check parameter to the server configuration.
- This parameter allows run-time control over whether or not a server,
- participating in failover, verifies the dhcp-server-identifier option in
- DHCP REQUESTs against the server's id before processing the request.
- Formerly, enabling this behavior was done at compilation time through
- the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
- The functionality is now only available through the new runtime parameter.
- [ISC-Bugs #37551]
+- Fixed a small memory leak in the DHCPv6 version of the client code.
+ This is unlikely to cause significant issues in actual use.
+ [ISC-Bugs #40990]
-- During startup, when the server encounters a lease whose binding state is
- FTS_BACKUP but whose pool has no configured failover peer, it will reset the
- lease's binding state to FTS_FREE. This allows the leases to be reclaimed
- by the server after a pool's configuration has changed from failover to
- standalone. Prior to this such leases would remain stuck in the backup state
- making them unavailable for assignment. Note this conversion will occur
- whether or not the server is compiled for failover.
- [ISC-Bugs #36960]
+- Corrected a few minor memory leaks in omapi's dereferencing of
+ host objects. Thanks to Jiri Popelka at Red Hat for reporting
+ the issue and supplying the patches.
+ [ISC-Bugs #33990]
+ [ISC-Bugs #41325]
-- Fixed a small issue in the treatment of hosts in the inform processing
- that could cause the response to an inform to include information from
- the wrong scope. The two examples we've heard of are getting subnet
- instead of group information associated with a host entry, or getting
- global information instead of subnet if the host entry was built via
- omapi. Thanks to Julien Soula at University of Lille for finding the
- bug and supplying a patch.
- [ISC-Bugs #35712]
+- Cleaned up some of the Make infrastructure to make --with-libbind
+ work better. Though it still only works with an absolute path.
+ [ISC-Bugs #39210]
-- Avoid calling pool_timer() recursively from supersede_lease(). This could
- result in leases changing state incorrectly or delaying the running of the
- leae expiration code.
- [ISC-Bugs #38002]
+- Made the embedded bind libraries able to be cross compiled
+ (please refer to the bind9 documentation to learn how to cross
+ compile DHCP and its bind library dependency).
+ [ISC-Bugs #38836]
-- Move the check for a PID file and process to be before we rewrite the
- lease file. This avoids the possibility of starting a second instance
- of a server which changes the current lease file confusing the first
- instance. This check is only included if the admin hasn't disabled PID
- files.
- [ISC-Bugs #38078]
- [ISC-Bugs #38143]
+- Update the client code to better support getting IA_NAs and IA_PDs
+ in the same packet, see RFC7550 for some discussion.
+ [ISC-Bugs #40190]
-- In the client code change the way preferred_life and max_life are printed
- for environment variables to be unsigned rather than signed.
- Thanks to Jiri Popelka at Red Hat for the bug report and patch.
- [ISC-Bugs #37084]
+! Update the bounds checking when receiving a packet.
+ Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
+ patch.
+ [ISC-Bugs #41267]
+ CVE: CVE-2015-8605
-- Modified Linux packet handling such that packets received via VLAN are now
- seen only by the VLAN interface. Prior to this, such packets were seen by
- both the VLAN interface and its parent (physical) interface, causing the
- server to respond to both. Note this remains an issue for non-Linux OSs.
- Thanks to Jiri Popelka at Red Hat for the patch.
- [ISC-Bugs #37415]
- [ISC-Bugs #37133]
- [ISC-Bugs #36668]
- [ISC-Bugs #36652]
+- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
+ print out a specific error message about the first error in addition
+ to the usage string. This may be disabled by editing includes/site.h.
+ [ISC-Bugs #40321]
+ [ISC-Bugs #41454]
-- Log content has been changed to more directly suggest that admins should
- check for multiple IPv6 clients attempting to use the same DUID when only
- abandoned addresses are available. Debug level logging will now emit counts
- of the total number of, in-use, and abandoned addresses in a shared subnet
- when the server finds no addresses available for a given DUID. Lastly,
- threshold logging is now automatically disabled for shared subnets whose
- total number of possible addresses exceeds (2^64)-1.
- [ISC-Bugs #26376]
- [ISC-Bugs #38131]
+- The configure script will now exit with an error message if it cannot find
+ a GNU-style make tool (needed when building BIND libraries) or pkg-config
+ (needed to locate ATF used for building unit tests). Prior to this the
+ script would exit indicating success causing subsequent attempts to build
+ the software to fail.
+ [ISC-Bugs #40371]
-- Added a global parameter, prefix-length-mode, which may be used to determine
- how the server uses a non-zero value for prefix-length supplied by clients
- when soliciting DHCPv6 prefixes. The server supports selection modes of:
- ignore, prefer, exact, minimum and maximum which are described in detail in
- the server man pages. The prior behavior of the server was to only offer a
- prefix whose length exactly matched the prefix-length value requested. If
- no such prefixes were available, the server returned a status of none
- available. Note the default mode, "exact", provides this same behavior.
- [ISC-Bugs #36780]
- [ISC-Bugs #32228]
+- Properly terminate strings before passing them to regex and fix
+ a boundary error when creating certain new data strings.
+ Thanks to Andrey Jr. Melnikov for the bug report.
+ [ISC-Bugs #41217]
-- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
- limit such that it now sets it to 32 when the upstream address is a multicast
- address per RFC 3315 Section 20. Prior to this if the -u argument preceded
- the -l argument on the command line or if the same interface was specified
- for both; the logic to set the hop limit count for the upper interface was
- skipped. This caused the hop count limit to be set to the default value
- (typically 1) in the outbound upstream packets.
- [ISC-Bugs #37426]
+- Option expressions, such as prepend and append, are now supported when
+ running dhclient for IPv6. Prior to this such statements in the
+ client configuration file would be parsed but have no affect. Thanks
+ to Jiri Popelka at Red Hat for reporting the issue.
+ [ISC-Bugs #39952]
- Changes since 4.3.1b1
+- A failover primary server will now accept a binding status update from the
+ secondary which transitions a lease from ACTIVE to ABANDONED. This accounts
+ for instances in which a client declines a lease and only the secondary
+ server receives it. Prior to this the primary server would reject such an
+ update as an "invalid state transition".
+ [ISC_BUGS #25189]
-- Modify the linux and openwrt dhclient scripts to process information
- from a stateless request. Thanks to Jiri Popelka at Red Hat for the
- bug report and patch.
- [ISC-Bugs #36102]
+- Properly allocate memory for a bpf filter.
+ Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue.
+ [ISC-Bugs #41485]
-- Remove more unused RCSID tags. These weren't noticed in 4.3 as
- the code isn't used anymore but we remove them here to keep the
- code consistent across versions.
- [ISC-Bugs #36451]
+- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better
+ and to print out the hostnames a bit better.
+ Thanks to Antoine Beaupré from Debian for the suggested patch.
+ [ISC-Bugs #41288]
- Changes since 4.3.0
+- The DHCPv6 server now handles long valid and preferred lease times better.
+ Values that would cause the internal end time of the lease to wrap are
+ modified to work as infinite.
+ [ISC-Bugs #40773]
-- Tidy up several small tickets.
- Correct parsing of DUID from config file, previously the LL type
- was put in the wrong place in the DUID string.
- [ISC-Bugs #20962]
- Add code to parse "do-forward-updates" as well as "do-forward-update"
- Thanks to Jiri Popelka at Red Hat.
- [ISC-Bugs #31328]
- Remove log_priority as it isn't currently used.
- [ISC-Bugs #33397]
- Increase the size of the buffer used for reading interface information.
- [ISC-Bugs #34858]
+- Updated support for cross compiling by allowing the library archiver
+ to be set at configure time via the environment variable 'AR'.
+ [ISC-Bugs #41536]
-- Remove an extra set of the msg_controllen variable.
- [ISC-Bugs #21035]
+- The server will now match DHCPv6 relayed clients to host declarations
+ which include the "hardware" statement, if the relay connected to the
+ client supplies the client's hardware address via client-linklayer-address
+ option as per RFC 6939.
+ [ISC-Bugs #40334]
-- Add a more understandable error message if a configuration attempts
- to add multiple keys for a single zone. Thanks to a patch from Jiri
- Popelka at Red Hat.
- [ISC-Bugs #31892]
+- Allow a filename to be specified instead of /dev/random during
+ configuration. This is passed to the BIND configuration to allow
+ for cross compilation.
+ [ISC-Bugs #33835]
-- Fix some minor issues in the dst code.
- [ISC-Bugs #34172]
+- Add more option definitions.
+ [ISC-Bugs #40562]
-- Properly #ifdef functions so that the code can compile without NSUPDATE.
- [ISC-Bugs #35058]
+- Correct outputting of long lines in the lease file when writing
+ a lease that includes long strings in an execute statement.
+ [ISC-Bugs #40994]
-- Update the partner's stos (start time of state, basically when we last
- heard from this partner) field when updating the state in failover.
- [ISC-Bugs #35549]
+- The server will now correctly treat a lease as reserved when the client
+ requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved"
+ is enabled. Prior to this the server would halt. In addition, corrections
+ were made to the server to allow a lease's flags field to be set via omapi.
+ Prior to this, the server, depending on the host architecture, would
+ incorrectly parse the new flags value from the omapi message.
+ [ISC-Bugs #31179]
-- Modify the overload processing to allow space for the remote agent ID.
- [ISC-Bugs #35569]
- Handle the ordering of the SUBNET_MASK option even if it is the last
- option in the list.
- [ISC-Bugs #24580]
+- ISC DHCP can now be configured and built from a directory other than
+ the top level source directory. Note that "make distcheck" uses this
+ feature.
+ [ISC-Bugs #39262]
-- Remove the code that allows a server to follow RFC3315 instead of
- the subsequent errata from August 2010 when determining which IAs
- to include if no addresses will be assigned.
- [ISC-Bugs #28938]
+- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument,
+ "-U <interface>" enables the addition of a RFC 3527 compliant link selection
+ suboption to the agent option added for clients directly connected to the
+ relay.
+ [ISC-Bugs #34875]
+ [ISC-Bugs #41708]
-- Remove unused RCSID tags.
- [ISC-Bugs #35846]
+- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled
+ instructs the server to calculate T1 and T2 as recommended in RFC 3315,
+ Section 22.4.
+ [ISC-Bugs #25687]
-- Correct the v6 client timing code. When doing the timing backoff
- for MRT limit it to MRD.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #21238
+- Corrected minor Coverity issues.
+ [ISC-Bugs #35144]
-- Add a log entry when killing a client and remove the PID files
- when a server, relay or client are killed.
- [ISC-Bugs #16970]
- [ISC-Bugs #17258]
+- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration
+ option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support
+ and is not compatible with delayed-ack. Both client and server use 2
+ processes which communicate over UDP on a pair of sockets. The new
+ "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support
+ and specifies the consecutive ports to use for inter-process communication.
+ Please look at doc/DHCPv4-over-DHCPv6 for more details.
+ [ISC-Bugs #35711]
-- Some minor cleanups in the client code.
- In addition to checking for dhcpc check for bootpc in the services list.
- [ISC-Bugs #18933]
- Correct the client code to only try to get a lease once when the
- given the "-1" argument.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #26735]
- When asked for the version don't send the output to syslog.
- [ISC-Bugs #29772]
- Add the next server information to the environment variables for
- use by the client script. In order to avoid changing the client
- lease file the next server information isn't written to it.
- Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
- [ISC-Bugs #33098]
+- Correct interface name formation when using DLPI under Solaris 11. As of
+ Solaris 11, ethernet device files are located in "/dev/net". The configure
+ script has been modified to detect this situation and adjust the directory
+ used accordingly. Thanks to Jarkko Torppa for reporting this issue and
+ submitting a patch
+ [ISC-Bugs #37954]
+ [ISC-Bugs #40752]
-- Several updates to the dhcp server code.
- When not in quiet mode print out the files being used.
- [ISC-Bugs #17551]
- As accessing some pid files may require privileges move the dropping
- of permission bits due to the paranoia patch to be after the pid code.
- Thanks to Jiri Popelka at Red Hat for the bug report and fix.
- [ISC-Bugs #25806]
- When processing a "--version" request don't output the version information
- to syslog.
+- Add a dereference call when handling an error condition while
+ decoding a packet.
+ [ISC-Bugs #41774]
-- Add the "enable-log-pid" build option to the configure script. When enabled
- this causes the client, server and relay programs to include the PID
- number in syslog messages.
- Thanks to Marius Tomaschewski for the suggestion and proto-patch.
- [ISC-Bugs #29713]
+- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The
+ parameter controls the format in which certain values are written to lease
+ files. Formats supported are octal - quoted string containing octal
+ escapes, and hex - unquoted, colon separated hex digits. Thanks to
+ Jay Ford, University of Iowa for bringing the issue to our attention.
+ [ISC-Bugs #26378]
-- Add a #define to specify the prefix length used when a client attempts
- to configure an address. This can be modified by editing includes/site.h.
- By default it is set to 64. While 128 might be a better choice it would
- also be a change for currently running systems, so we have left it at 64.
- [ISC-Bugs #DHCP-2]
+! Add an option in site.h to limit the number of failover and control
+ connections the server will accept. By default this is 200.
+ [ISC-Bugs #41845]
+ CVE: CVE-2016-2774
-- Add a run time option to the client "-df" to allow the administrator to
- point to a second lease file the client can search for a DUID. This can
- be used to allow a v4 and a v6 instance of the client to share a DUID.
- The second file will only be searched if there isn't a DUID in the main
- lease file and the DUID will be written out to the main lease file.
- [ISC-Bugs #34886]
+- Fixed util/bindvar.sh error handling.
+ [ISC-Bugs #41973]
-- Have the client fsync the lease file to avoid lease corruption if the
- client hibernates or otherwise shuts down.
- [ISC-Bugs #35894]
+- Correct error message in relay to use remote id length instead
+ of circuit id length.
+ [ISC-Bugs #42556]
-- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
- Thanks to Steinar Haug for the suggestion.
- [ISC-Bugs #36033]
+- Add support for including an encapsulated option in a response
+ from the DHCPv6 server. This allows the v6 FQDN option to be
+ returned in responses.
+ [ISC-Bugs #29246]
-- Modify the handling of the resolv.conf file to allow the DHCP
- process to start up even if the resolv.conf file has problems.
- [ISC-Bugs #35989]
+- Add logic to test directory Makefiles to avoid copying Attfile(s)
+ when building within the source tree. This eliminates a noisy but
+ otherwise harmless error message when running "make check".
+ [ISC-Bugs #41883]
-- Add threshold logging functionality. Two new options,
- log-threshold-low and log-threshold-high, indicate to the
- server if and when it should log an error message as addresses
- in a pool are used.
- [ISC-Bugs #34487]
+- Leases are now scrubbed of certain prior use information when pool
+ re-balancing reassigns them from one FO peer to the other. This
+ corrects an issue where leases that were offered but ignored retained
+ the client hostname from the original client. Thanks to Pavel Polacek,
+ Jan Evangelista Purkyne University for reporting the issue.
+ [ISC-Bugs #42008]
-- Add code to properly dereference a pointer in the dhclient code
- on an error condition.
- [ISC-Bugs #36194]
+- In the LDAP code and schema add some missing '6' characters to use
+ the v6 instead of the v4 versions. Thanks to Denis Taranushin for
+ reporting this issue and supplying its patch.
+ [ISC-Bugs #42666]
-- Add code to help clean up soft leases.
- [ISC-Bugs #36304]
+- Correct how the pick-first-value expression is written to a lease
+ file. Previously it was written as a concat expression due to
+ a cut and paste error.
+ [ISC-Bugs #42253]
-- Disable the gentle shutdown functionality until we can determine
- the best way to present it to remove or reduce the side effects.
- [ISC-Bugs #36066]
+- Modify the DDNS code to clean up the PTR record even if there
+ are issues while cleaning up the A or AAAA records.
+ [ISC-Bugs #23954]
- Changes since 4.3.0rc1
+- Added global configuration parameter, abandon-lease-time, which determines
+ the amount of time a lease remains abandoned. The default is 84600 seconds.
+ Additionaly, the server now conducts a ping check (if ping checks are
+ enabled) prior to offering an abandoned lease to client.
+ [ISC-Bugs #41815]
-- None
- Changes since 4.3.0b1
+- Correct handling of interface names during interface discovery. This
+ addresses an issue where interface names of 15 characters in length
+ could lead to crashes or interface recognition errors during startup
+ of dhcpd, dhclient, and dhcrelay.
+ [ISC-Bugs #42226]
-- Tidy up receive packet processing.
- Thanks to Brad Plank of GTA for reporting the issue and suggesting
- a possible patch.
- [ISC-Bugs #34447]
+- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
+ They are looking for the lease file in more places and skipping
+ the "processing complete" output when creating machine readable
+ output.
+ [ISC-Bugs #42113]
- Changes since 4.3.0a1
+- When reusing a lease for dhcp-cache-threshold return the hostname
+ to the original lease. Also if the host pointer, UID or hardware address
+ change don't allow reuse of the lease.
+ Thanks to Michael Vincent for reporting this and helping us
+ verify the problem and fix.
+ [ISC-Bugs #42849]
-- Modify the message displayed when a process hits a fatal error.
- The new message is much shorter and simply points to the README
- and our website for directions on bug submissions.
- [ISC-Bugs #24789]
+- Change dmalloc to use a size_t as the length argument to bring it
+ in line with the call it will make to malloc().
+ [ISC-Bugs #40843]
-- Handle an absent resolv.conf file better.
- [ISC-Bugs #35194]
+- If the failover socket can't be bound close it, otherwise if the
+ user configures an incorrect address in the failover stanza the
+ server will continue to open new sockets every 90 seconds until
+ it runs out.
+ [ISC-Bugs #42452]
Changes since 4.2.0 (new features)
projects / thirdparty / dhcp.git / commitdiff
