diff options
author | Thomas Markwalder <tmark@isc.org> | 2017-12-13 10:29:11 -0500 |
---|---|---|
committer | Thomas Markwalder <tmark@isc.org> | 2017-12-13 10:29:11 -0500 |
commit | 0e76cb9115382febca52ace07523bdeaced35871 (patch) | |
tree | 26395cace98aa11fef9dd5fe05c89633496c2da8 | |
parent | 0353dac43214a075daf459d6b14a9f57640777af (diff) | |
download | isc-dhcp-0e76cb9115382febca52ace07523bdeaced35871.tar.gz |
[master] Reformatted RELNOTES to restore 4.3.x change history
The Release notes for 4.4.0 had been aggregated into changes
since 4.3.0. While this is in keeping with preceent, the sheer
number of changes made any sense of chronology difficult. I have
reformatted them such that changes for 4.4.0 are done relative
to 4.3.6 as we would have done with a maintenance release.
-rw-r--r-- | RELNOTES | 1487 |
1 files changed, 756 insertions, 731 deletions
@@ -38,61 +38,7 @@ We welcome comments from DHCP users, about this or anything else we do. Email Vicky Risk, Product Manager at vicky@isc.org or discuss on dhcp-users@lists.isc.org. - Changes since 4.3.0 (new features) - -- Insert the raw data from a fully encapsualted option into the option cache. - This allows "exists" to check for the option if any sub options exist. It - also adds the raw data to the environment variables supplied to the client - script. - [ISC-Bugs #39863] - -- Pass configure arguments which begin with an upper case letter, e.g. - CFLAGS, to the embedded bind configure, so it is no longer required - to use environment variables to get the same effect. - [ISC-Bugs #35143] - -- Added --enable-kqueue, --enable-epoll, --enable-devpoll and a more - general --with-bind-extra-config to pass extra options to the - embedded bind configure. Note we had mixed experiences with this - so it is at the user risk, i.e., they are NOT SUPPORTED yet. - [ISC-Bugs #20890] - -- Changed the way the embedded bind Makefile is updated by configure. - The only user visible side effect is that --with-libbind now requires - either "no" or an (absolute) path, i.e. "yes" is no longer valid. - [ISC-Bugs #43227] - -- Added the support for git repositories in the util/bind.sh script. - When you build ISC DHCP from a git repo, i.e., without a "bind" - directory populated as in the release distribution file, you may now - create the bind directory, change to it and clone the private - (repo.isc.org/proj/git/prod/bind9.git) or the public - (https://source.isc.org/git/bind9.git) git repository into - bind/bind9 and then invoke the util/bind.sh script as usual. - Note this option is incompatible with "make dist" (and make "distcheck") - because no bind/bind.tar.gz nor bind/version.tmp files are available. - [ISC-Bugs #43236] - -- Use the embedded bind libraries where they are built (vs where they - are installed). - [ISC-Bugs #39319] - -- Use last version (9.11) of plain embedded bind libraries in place of - older (9.9) version of export bind libraries. - [ISC-Bugs #43215] - -- Using "make distcheck" now works with external bind libraries (aka - configure --with-libbind). - [ISC-Bugs #43285] - -- The server now allows the client identifier (option 61) to own leases - in more than one subnet concurrently. Prior to this the server would - incorrectly release an existing lease in one subnet prior to assigning - a lease in another subnet. Note that the prior behavior can be still - be achieved by enabling one-lease-per-client. Thanks to both David Zych at - the University of Illinois and Norm Proffitt of Infoblox for reporting - the issue; and Norm for suggesting a solution. - [ISC-Bugs #41358] + Changes since 4.3.6 (New Features) - Added --enable-bind-install to install embedded bind includes and libraries. Default is to not install them (it was the previous @@ -318,362 +264,516 @@ dhcp-users@lists.isc.org. raising the issue and submitting the patch. [ISC-Bugs #22675] - Changes since 4.3.0 (bug fixes) + Changes since 4.3.6 (Bugs): -- Tidy up several small tickets. - Correct parsing of DUID from config file, previously the LL type - was put in the wrong place in the DUID string. - [ISC-Bugs #20962] +- Corrected an issue where the server would return a client's previously + released prefix lease even when the client provides a prefix length + hint that does not match the prior lease. Now the server will only + return the previous lease if it exactly matches the hint. If not + it will attempt to allocate a new prefix based on the hint and the + prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications + for pointing out the error of our ways. + [ISC-bugs #45780] - Add code to parse "do-forward-updates" as well as "do-forward-update" - Thanks to Jiri Popelka at Red Hat. - [ISC-Bugs #31328] +- Added explicit include of BIND9 isc/util.h to adapt to revisisions + in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing + with implicit function declarations errors for POST() and INSIST(). + [ISC-bugs #46332] - Remove log_priority as it isn't currently used. - [ISC-Bugs #33397] +- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132 + states the option cannot be empty, some clients are apparently capable of + sending it. Prior to this the server was attempting to use it and store it + in the lease file causing issues with DDNS and so forth. + [ISC-bugs #43786] - Increase the size of the buffer used for reading interface information. - [ISC-Bugs #34858] +- Replaced iasubopt::heap_index with separate values for active and inactive + heaps: iasubopt::active_index and iasubopt::inactive_index. This was done + to accomodate a change in behavior in BIND9 isc_heap_delete(). + [ISC-bugs #46719] -- Remove an extra set of the msg_controllen variable. - [ISC-Bugs #21035] +! Plugged a socket descriptor leak in OMAPI, that can occur when there is + data pending to be written to an OMAPI connection, when the connection + is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing + this issue to our attention and whose patch helped guide us in the right + direction. + [ISC-Bugs #46767] -- Add a more understandable error message if a configuration attempts - to add multiple keys for a single zone. Thanks to a patch from Jiri - Popelka at Red Hat. - [ISC-Bugs #31892] + Changes since 4.3.6b1 -- Fix some minor issues in the dst code. - [ISC-Bugs #34172] +- None -- Properly #ifdef functions so that the code can compile without NSUPDATE. - [ISC-Bugs #35058] + Changes since 4.3.5 -- Update the partner's stos (start time of state, basically when we last - heard from this partner) field when updating the state in failover. - [ISC-Bugs #35549] +- The server now allows the client identifier (option 61) to own leases + in more than one subnet concurrently. Prior to this the server would + incorrectly release an existing lease in one subnet prior to assigning + a lease in another subnet. Note that the prior behavior can be still + be achieved by enabling one-lease-per-client. Thanks to both David Zych at + the University of Illinois and Norm Proffitt of Infoblox for reporting + the issue; and Norm for suggesting a solution. + [ISC-Bugs #41358] -- Modify the overload processing to allow space for the remote agent ID. - [ISC-Bugs #35569] - Handle the ordering of the SUBNET_MASK option even if it is the last - option in the list. - [ISC-Bugs #24580] +- When replying to a DHCPINFORM, the server will now include options specified + at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. + Prior to this the server only evaluated options down to the subnet scope. + Thanks to Fernando Soto at BlueCat Networks for reporting the issue. + [ISC-Bugs #43219] + [ISC-Bugs #45051] -- Remove the code that allows a server to follow RFC3315 instead of - the subsequent errata from August 2010 when determining which IAs - to include if no addresses will be assigned. - [ISC-Bugs #28938] +- When memory allocation fails in a repeated way the process writes + "Run out of memory." on the standard error and exists with status 1. + [ISC-Bugs #32744] -- Remove unused RCSID tags. - [ISC-Bugs #35846] +- The new lmdb (Lightning Memory DataBase) bind9 configure option is + now disabled by default to avoid the presence of this library to be + detected which can lead to a link failure. + [ISC-Bugs #45069] -- Correct the v6 client timing code. When doing the timing backoff - for MRT limit it to MRD. - Thanks to Jiri Popelka at Red Hat for the bug report and fix. - [ISC-Bugs #21238 +- The linux interface discovery code has been modified to use getifaddrs() + as is done for BSD and OS-X. Prior to this the code would only recognize + the first address on an interface and thereby omit vlans. + Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei + Kong at Novell, who all submitted patches. + [ISC-Bugs #28761] + [ISC-Bugs #31992] + [ISC-Bugs #25428] + [ISC-Bugs #31940] + [ISC-Bugs #32935] -- Add a log entry when killing a client and remove the PID files - when a server, relay or client are killed. - [ISC-Bugs #16970] - [ISC-Bugs #17258] +- Fixed a bug in OMAPI that causes omshell to crash when a name-value + pair with a zero length value is shipped in an object. Thanks to + Fernando Soto at BlueCat Networks for reporting the issue and + supplying the patch. + [ISC-Bugs #29108] -- Some minor cleanups in the client code. - In addition to checking for dhcpc check for bootpc in the services list. - [ISC-Bugs #18933] - Correct the client code to only try to get a lease once when the - given the "-1" argument. - Thanks to Jiri Popelka at Red Hat for the bug report and fix. - [ISC-Bugs #26735] - When asked for the version don't send the output to syslog. - [ISC-Bugs #29772] - Add the next server information to the environment variables for - use by the client script. In order to avoid changing the client - lease file the next server information isn't written to it. - Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix. - [ISC-Bugs #33098] +- On 64-bit platforms, dhclient now generates the correct value for the + script environment variable, "expiry", the lease expiry value exceeds + 0x7FFFFFFF. Prior to this such values would produce negative values + for expiry in the script environment. + [ISC-Bugs #43326] -- Several updates to the dhcp server code. - When not in quiet mode print out the files being used. - [ISC-Bugs #17551] - As accessing some pid files may require privileges move the dropping - of permission bits due to the paranoia patch to be after the pid code. - Thanks to Jiri Popelka at Red Hat for the bug report and fix. - [ISC-Bugs #25806] - When processing a "--version" request don't output the version information - to syslog. +- Common timer logic was modified to cap the maximum timeout values at + 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of + range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for + reporting the issue. + [ISC-Bugs #28038] -- Add the "enable-log-pid" build option to the configure script. When enabled - this causes the client, server and relay programs to include the PID - number in syslog messages. - Thanks to Marius Tomaschewski for the suggestion and proto-patch. - [ISC-Bugs #29713] +- DHCP6 FQDN option unpacking code now correctly handles values that contain + spaces, special, or non-printable characters. Prior to this the buffer + size needed was underestimated causing a conversion error message to + be logged and DNS updates to be skipped. Thanks to Fernando Soto at + BlueCat Networks for bringing the matter to our attention. + [ISC-Bugs #43592] -- Add a #define to specify the prefix length used when a client attempts - to configure an address. This can be modified by editing includes/site.h. - By default it is set to 64. While 128 might be a better choice it would - also be a change for currently running systems, so we have left it at 64. - [ISC-Bugs #DHCP-2] +- When running in -6 mode, dhclient can enforce the require option statement + and will discard offered leases that do not contain all the required + options specified in the client configuration. If not enabled the client + will still consider such leases. This must be enabled at compile time + (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to + Mritunjaykumar Dubey at Nokia for reporting the issue. + [ISC-Bugs #41473] -- Add a run time option to the client "-df" to allow the administrator to - point to a second lease file the client can search for a DUID. This can - be used to allow a v4 and a v6 instance of the client to share a DUID. - The second file will only be searched if there isn't a DUID in the main - lease file and the DUID will be written out to the main lease file. - [ISC-Bugs #34886] +- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit + OS systems when using -1 or large values for default-lease-time. Rollover + values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally + short expiration times being handed out when infinite lease times (-1) in + conjunction with failover. Our thanks to Alessandro Gherardi for bringing + the issue to our attention. + [ISC-Bugs #41976] -- Have the client fsync the lease file to avoid lease corruption if the - client hibernates or otherwise shuts down. - [ISC-Bugs #35894] +- Added new compile time option --with-srv-conf-file which specifies a + default location of the server configuration file. + [ISC-Bugs #44765] -- Add a check for L2VLAN in bpf.c to help support VLAN interfaces - Thanks to Steinar Haug for the suggestion. - [ISC-Bugs #36033] +- Added --dad-wait-time parameter to dhclient. It specifies the maximum time, + in seconds, that the client process should wait for the duplicate address + detection to complete before initiating DHCP requests. This value is + propagated to the dhclient script and the script is responsible for waiting + the specified amount of time or until DAD has completed. If the script does + not support it, specifying this parameter has no effect. The default value + is 0 which specifies that the script should not wait for DAD. With this + change the following scripts have been modified to support the new parameter: + freebsd, linux, macos, netbsd, openbsd. + [ISC-Bugs #36169] -- Modify the handling of the resolv.conf file to allow the DHCP - process to start up even if the resolv.conf file has problems. - [ISC-Bugs #35989] +- The server nows checks both the address and length of a prefix delegation + when attempting to match it to a prefix pool. This ensures the server + responds properly when pool configurations change such that once valid, + "in-pool" delegations are now treated as being invalid. During lease + file loading at startup, the server will discard any PD leases that + are deemed "out-of-pool" either by address or mis-matched prefix length. + Clients seeking to renew or rebind such leases will get a response of + No Binding in the case of the former, and the prefix delegation with + lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo + at TDS Telecom for reporting this issue. + [ISC-Bugs #35378] -- Add threshold logging functionality. Two new options, - log-threshold-low and log-threshold-high, indicate to the - server if and when it should log an error message as addresses - in a pool are used. - [ISC-Bugs #34487] +- Modified DDNS support initialization such that DNS related ports will only be + opened by the server (dhcpd) at startup if ddns-update-style is not "none"; + by dhclient only if and when the it first attempts an update; and never by + dhcrelay. Prior to this all three always did the initialization at startup + which causes them to always open on and listen for traffic on two random + ports. Thanks to Rodney Beede for reporting this issue. + [ISC-Bugs #45290] + [ISC-Bugs #33377] -- Add code to properly dereference a pointer in the dhclient code - on an error condition. - [ISC-Bugs #36194] +- Added error logging to two memory allocation failure checks. Thanks to Bill + Parker (wp02855 at gmail dot com) for reporting the issue. + [ISC-Bugs #41185] -- Add code to help clean up soft leases. - [ISC-Bugs #36304] +- Corrected a dhclient -6 issue that caused the client to crash with an + "Impossible condition" error after de-preferencing its only IA binding. + The crash occurred when server configuration changes rendered the existing + binding out-of-range and no other leases were available to offer. Thanks + to Pierre Clerissi for bringing this issue to our attention. + [ISC-Bugs #44373] -- Disable the gentle shutdown functionality until we can determine - the best way to present it to remove or reduce the side effects. - [ISC-Bugs #36066] +- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will + now call the script with reason set to FAIL when run with -1 (one try) and + there are no server responses. This applies to IPv4 mode only. Thanks for a + patch by Martin Pitt which got to us via Andrew Pollock. + [ISC-bugs #18183] -- Modify the message displayed when a process hits a fatal error. - The new message is much shorter and simply points to the README - and our website for directions on bug submissions. - [ISC-Bugs #24789] +- The server now detects failover peers that are not referenced in at least + one pool when run with the command line option for test mode, -T. Prior to + this the check was performed too far down stream to be detected in test mode. + [ISC-Bugs #29892] -- Handle an absent resolv.conf file better. - [ISC-Bugs #35194] +- Linux script updated. The script is now based on Debian version. It uses + ip tool from iproute2 package and ifconfig is no longer used. This also + addresses an issue of calling arping with inappropriate parameter. + [ISC-bugs #19430] + [ISC-bugs #18111] -- Tidy up receive packet processing. - Thanks to Brad Plank of GTA for reporting the issue and suggesting - a possible patch. - [ISC-Bugs #34447] +- Changed severity of the log message indicating UDP checksum errors in + the received packets from 'info' to 'debug' to avoid logging excessive + number of false positives when UDP checksum offloading is enabled. + [ISC-bugs #41757] -- Corrected parser's right brace matching when a statement contains an error. - [ISC-Bugs #36021] +- The directory minires has been removed from the source tree. It has + long been obsolete for branches other than v4_1_esv. Additionally, + includes/minires.h was renamed includes/ns_name.h. + [ISC-bugs #45471] -- TSIG-authenticated dynamic DNS updates now support the use of these - additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, - and hmac-sha512 - [ISC-Bugs #36947] +- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias" + for IPv6 mode in the client scripts, netbsd and openbsd. This was + preventing IPv6 addresses from being added or removed from interfaces. + Thanks to Tim Dean for reporting this issue. + [ISC-bugs #31573] -- Added check for invalid failover message type. Thanks to Tobias Stoeckmann - working with the OpenBSD project who spotted the issue and provided the + Changes since 4.3.5b1 + +- Corrected a bug which could cause the server to sporadically crash while + loading lease files with the lease-id-format is set to "hex". Our thanks + to Jay Ford, University of Iowa for reporting the issue. + [ISC-Bugs #43185] + +- Eliminated a noisy, but otherwise harmless debug log statment that may + appear during server startup when building with --enable-binary-leases + and configuring multiple pools in a shared network. Thanks to Fernando + Soto from BlueCat Networks for reporting the issue and supplying a patch. + [ISC-Bugs #43262] + + Changes since 4.3.4 + +- Fixed util/bindvar.sh error handling. + [ISC-Bugs #41973] + +- Correct error message in relay to use remote id length instead + of circuit id length. + [ISC-Bugs #42556] + +- Add logic to test directory Makefiles to avoid copying Attfile(s) + when building within the source tree. This eliminates a noisy but + otherwise harmless error message when running "make check". + [ISC-Bugs #41883] + +- Leases are now scrubbed of certain prior use information when pool + re-balancing reassigns them from one FO peer to the other. This + corrects an issue where leases that were offered but not used + by the client retained the client hostname from the original + client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University + for reporting the issue. + [ISC-Bugs #42008] + +- In the LDAP code and schema add some missing '6' characters to use + the v6 instead of the v4 versions. Thanks to Denis Taranushin for + reporting this issue and supplying its patch. + [ISC-Bugs #42666] + +- Correct how the pick-first-value expression is written to a lease + file. Previously it was written as a concat expression due to + a cut and paste error. + [ISC-Bugs #42253] + +- Modify the DDNS code to clean up the PTR record even if there + are issues while cleaning up the A or AAAA records. + [ISC-Bugs #23954] + +- Added global configuration parameter, abandon-lease-time, which determines + the amount of time a lease remains abandoned. The default is 84600 seconds. + Additionaly, the server now conducts a ping check (if ping checks are + enabled) prior to offering an abandoned lease to client. Our thanks to + David Zych at University of Illinois for reporting the issue and working + with us to produce a viable solution. + [ISC-Bugs #41815] + +- Correct handling of interface names during interface discovery. This + addresses an issue where interface names of 15 characters in length + could lead to crashes or interface recognition errors during startup + of dhcpd, dhclient, and dhcrelay. + [ISC-Bugs #42226] + +- Updates to contrib/dhcp-lease-list.pl to make it more friendly. + The updates are: looking for the lease file in more places and skipping + the "processing complete" output when creating machine readable + output. Thanks to Cameron Paine (cbp at null dot net) for the patch. - [ISC-Bugs #36653] + [ISC-Bugs #42113] -- Corrected rate limiting checks for bad packet logging. Thanks to Tobias - Stoeckmann working with the OpenBSD project who spotted the issue and - provided the patch. - [ISC-Bugs #36897] +- When reusing a lease for dhcp-cache-threshold return the hostname + to the original lease. Also if the host pointer, UID or hardware address + change don't allow reuse of the lease. + Thanks to Michael Vincent for reporting this and helping us + verify the problem and fix. + [ISC-Bugs #42849] -- Log statements depicting what files will be used by the server now occur - after the configuration file has been processed. - [ISC-Bugs #36671] +- Change dmalloc to use a size_t as the length argument to bring it + in line with the call it will make to malloc(). + [ISC-Bugs #40843] -- Addressed Coverity issues reported as of 07-31-2014: - [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues. - [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues - [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older - compilers that was introduced by #36712 +- If the failover socket can't be bound, close it. Otherwise if the + user configures an incorrect address in the failover stanza the + server will continue to open new sockets every 90 seconds until + it runs out. + [ISC-Bugs #42452] -- Server now supports a failover split value of 256. - [ISC-Bugs] #36664] +- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that + allow interfaces to be upstream or downstream respectively. Upstream + interfaces will accept and forward only BOOTP replies, while downstream + interfaces will accept and forward only BOOTP requests. + [ISC-Bugs #41547] -- Remove unneeded error #defines. These defines were included in case - external programs required the older versions of the macro. They - have been #ifdeffed for now and will be removed at a future date. - See site.h for the #define to include them again, but you should - switch to using the DHCP_R_* versions instead of the ISC_R_* versions. - Also ISC_R_MULTIPLE has been removed as it is also defined in bind. - [ISC-Bugs #37128] +- Clean up some memory references in the vendor-class construct. + [ISC-Bugs #42984] -- Added checks in range6 and prefix6 statement parsing to ensure addresses - are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the - bug report and patch. - [ISC-Bugs #32453] - [ISC-Bugs #17766] - [ISC-Bugs #18510] - [ISC-Bugs #23698] - [ISC-Bugs #28883] + Changes since 4.3.4b1 -- Addressed checksum issues: - Added checksum readiness check to Linux packet filtering which eliminates - invalid packet drops due to checksum errors when checksum offloading is - in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project. - [ISC-Bugs #22806] - [ISC-Bugs #15902] - [ISC-Bugs #17739] - [ISC-Bugs #18010] - [ISC-Bugs #22556] - [ISC-Bugs #29769] - Inbound packets with UDP checksums of 0xffff now validate correctly rather - than being dropped. - [ISC-Bugs #24216] - [ISC-Bugs #25587] +- None -- Added the echo-client-id configuration parameter to the server configuration. - The server now supports RFC 6842 compliant behavior by setting a new - configuration parameter, echo-client-id. When enabled, the server will - include the client identifier option (Option code 61) if received, in its - responses. The server identifier returned in NAKs (if enabled) will now - be the globally defined value (if one) if the server cannot attribute the - inbound request to a known subnet. - [ISC-Bugs #35958] - [ISC-Bugs #32545] + Changes since 4.3.3 -- Added support of the configuration parameter, use-host-decl-names, to - BOOTP request handling. - [ISC-Bugs #36233] +- Corrected a static analyzer warning in common/execute.c + [ISC-Bugs #40374] -- Added logic to ignore the signal, SIGPIPE, which ensures write failures - will be delivered as errors rather than as SIGPIPE signals on all OSs. - Thanks to Marius Tomaschewski from SUSE who reported the issue and provided - the patch upon which the fix is based. - [ISC-Bugs #32222] +- ISC DHCP now follows the common convention to use the base name a + program is invoked with (aka argv[0], vs. a builtin name) for + logs. This should help differentiate syslog entries for DHCPv4 and + DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to + keep the previous behavior. + [ISC-Bugs #38692] -- In the failover code, handle the case of communications being interrupted - when the servers are dealing with POTENTIAL-CONFLICT. This patch allows - the primary to accept the secondary moving from POTENTIAL-CONFLICT to - RESOLUTION-INTERRUPTED as well as handling the bind update process better. - In addition the code to resend update or update all requests has been - modified to send requests more often. - [ISC-Bugs #36810] - [ISC-Bugs #20352] +- The Linux packet filter code now correctly treats only the least significant + 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q). + Prior to this it was using the entire 16 bit value as the VLAN id and + incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for + reporting this issue and supplying its patch. + [ISC-Bugs #40591] -- By default, the server will now choose the value to use in the forward DNS - name from the following in order of preference: +- Fixed several static analysis issues such as potential null + references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at + gmail dot com) who identified these issues and supplied patches to + address them. + [ISC-Bugs #40754] + [ISC-Bugs #40823] - 1. FQDN option if provided by the client - 2. Host name option if provided by the client - 3. Configured option host-name if defined +- Corrected compilation errors that prohibited building the server + and its ATF unit tests when failover is disabled. + [ISC-Bugs #40372] - As before, this may be overridden by defining ddns-hostname to the desired - value (or expression). In addition, the server logic has been extended to - use the value of the host name declaration if use-host-decl-names is enabled - and no other value is available. - [ISC-Bugs #21323] +- Added the lease address to the end of the debug level log message + emitted when an existing lease is renewed within the dhcp-cache-threshold. + Thanks to Nathan Neulinger at Missouri S&T for suggesting the change. + [ISC-Bugs #40598] -- DNS updates were being attempted when dhcp-cache-threshold enabled the use of - the existing lease and the forward DNS name had not changed. This has been - corrected. - [ISC-Bugs #37368] - [ISC-Bugs #38636] +- Added dhcpv6 and delayed-ack to settings listed in the "Features:" + section of the configure script output. Additionally, all of the + features reported on will now always show either a "yes" or "no" + value. Prior to this features left to their default setting would + not show a value. + [ISC-Bugs #40381] -- Corrected an issue which caused dhclient to incorrectly form the result when - prepending or appending to the IPv4 domain-search option, received from the - server, when either of the values being combined contain compressed - components. - [ISC-Bugs #20558] +- Added a parameter, authoring-byte-order, to the lease file. This value + is automatically added to the top of new lease files by the server and + indicates the internal byte order (big endian or little endian) of the + server. This permits lease files generated on a server with one form of + byte order to be used on a server with the opposite form. Our thanks to + Timothe Litt for calling this to our attention and for the suggestions + he provided. + [ISC-Bugs #38396] -- Added the server-id-check parameter to the server configuration. - This parameter allows run-time control over whether or not a server, - participating in failover, verifies the dhcp-server-identifier option in - DHCP REQUESTs against the server's id before processing the request. - Formerly, enabling this behavior was done at compilation time through - the use of the #define, SERVER_ID_CHECK, which has been removed from site.h - The functionality is now only available through the new runtime parameter. - [ISC-Bugs #37551] +- Fixed a small memory leak in the DHCPv6 version of the client code. + This is unlikely to cause significant issues in actual use. + [ISC-Bugs #40990] -- During startup, when the server encounters a lease whose binding state is - FTS_BACKUP but whose pool has no configured failover peer, it will reset the - lease's binding state to FTS_FREE. This allows the leases to be reclaimed - by the server after a pool's configuration has changed from failover to - standalone. Prior to this such leases would remain stuck in the backup state - making them unavailable for assignment. Note this conversion will occur - whether or not the server is compiled for failover. - [ISC-Bugs #36960] +- Corrected a few minor memory leaks in omapi's dereferencing of + host objects. Thanks to Jiri Popelka at Red Hat for reporting + the issue and supplying the patches. + [ISC-Bugs #33990] + [ISC-Bugs #41325] -- Fixed a small issue in the treatment of hosts in the inform processing - that could cause the response to an inform to include information from - the wrong scope. The two examples we've heard of are getting subnet - instead of group information associated with a host entry, or getting - global information instead of subnet if the host entry was built via - omapi. Thanks to Julien Soula at University of Lille for finding the - bug and supplying a patch. - [ISC-Bugs #35712] +- Cleaned up some of the Make infrastructure to make --with-libbind + work better. Though it still only works with an absolute path. + [ISC-Bugs #39210] -- Avoid calling pool_timer() recursively from supersede_lease(). This could - result in leases changing state incorrectly or delaying the running of the - leae expiration code. - [ISC-Bugs #38002] +- Made the embedded bind libraries able to be cross compiled + (please refer to the bind9 documentation to learn how to cross + compile DHCP and its bind library dependency). + [ISC-Bugs #38836] -- Move the check for a PID file and process to be before we rewrite the - lease file. This avoids the possibility of starting a second instance - of a server which changes the current lease file confusing the first - instance. This check is only included if the admin hasn't disabled PID - files. - [ISC-Bugs #38078] - [ISC-Bugs #38143] +- Update the client code to better support getting IA_NAs and IA_PDs + in the same packet, see RFC7550 for some discussion. + [ISC-Bugs #40190] -- In the client code change the way preferred_life and max_life are printed - for environment variables to be unsigned rather than signed. - Thanks to Jiri Popelka at Red Hat for the bug report and patch. - [ISC-Bugs #37084] +! Update the bounds checking when receiving a packet. + Thanks to Sebastian Poehn from Sophos for the bug report and a suggested + patch. + [ISC-Bugs #41267] + CVE: CVE-2015-8605 -- Modified Linux packet handling such that packets received via VLAN are now - seen only by the VLAN interface. Prior to this, such packets were seen by - both the VLAN interface and its parent (physical) interface, causing the - server to respond to both. Note this remains an issue for non-Linux OSs. - Thanks to Jiri Popelka at Red Hat for the patch. - [ISC-Bugs #37415] - [ISC-Bugs #37133] - [ISC-Bugs #36668] - [ISC-Bugs #36652] +- When handling an incorrect command line for dhcpd, dhclient or dhcrelay + print out a specific error message about the first error in addition + to the usage string. This may be disabled by editing includes/site.h. + [ISC-Bugs #40321] + [ISC-Bugs #41454] -- Log content has been changed to more directly suggest that admins should - check for multiple IPv6 clients attempting to use the same DUID when only - abandoned addresses are available. Debug level logging will now emit counts - of the total number of, in-use, and abandoned addresses in a shared subnet - when the server finds no addresses available for a given DUID. Lastly, - threshold logging is now automatically disabled for shared subnets whose - total number of possible addresses exceeds (2^64)-1. - [ISC-Bugs #26376] - [ISC-Bugs #38131] +- The configure script will now exit with an error message if it cannot find + a GNU-style make tool (needed when building BIND libraries) or pkg-config + (needed to locate ATF used for building unit tests). Prior to this the + script would exit indicating success causing subsequent attempts to build + the software to fail. + [ISC-Bugs #40371] -- Added a global parameter, prefix-length-mode, which may be used to determine - how the server uses a non-zero value for prefix-length supplied by clients - when soliciting DHCPv6 prefixes. The server supports selection modes of: - ignore, prefer, exact, minimum and maximum which are described in detail in - the server man pages. The prior behavior of the server was to only offer a - prefix whose length exactly matched the prefix-length value requested. If - no such prefixes were available, the server returned a status of none - available. Note the default mode, "exact", provides this same behavior. - [ISC-Bugs #36780] - [ISC-Bugs #32228] +- Properly terminate strings before passing them to regex and fix + a boundary error when creating certain new data strings. + Thanks to Andrey Jr. Melnikov for the bug report. + [ISC-Bugs #41217] -- Corrected inconsistencies in dhcrelay's setting the upper interface hop count - limit such that it now sets it to 32 when the upstream address is a multicast - address per RFC 3315 Section 20. Prior to this if the -u argument preceded - the -l argument on the command line or if the same interface was specified - for both; the logic to set the hop limit count for the upper interface was - skipped. This caused the hop count limit to be set to the default value - (typically 1) in the outbound upstream packets. - [ISC-Bugs #37426] +- Option expressions, such as prepend and append, are now supported when + running dhclient for IPv6. Prior to this such statements in the + client configuration file would be parsed but have no affect. Thanks + to Jiri Popelka at Red Hat for reporting the issue. + [ISC-Bugs #39952] -- Modify the linux and openwrt dhclient scripts to process information - from a stateless request. Thanks to Jiri Popelka at Red Hat for the - bug report and patch. - [ISC-Bugs #36102] +- A failover primary server will now accept a binding status update from the + secondary which transitions a lease from ACTIVE to ABANDONED. This accounts + for instances in which a client declines a lease and only the secondary + server receives it. Prior to this the primary server would reject such an + update as an "invalid state transition". + [ISC_BUGS #25189] -- Remove more unused RCSID tags. These weren't noticed in 4.3 as - the code isn't used anymore but we remove them here to keep the - code consistent across versions. - [ISC-Bugs #36451] +- Properly allocate memory for a bpf filter. + Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue. + [ISC-Bugs #41485] + +- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better + and to print out the hostnames a bit better. + Thanks to Antoine Beaupré from Debian for the suggested patch. + [ISC-Bugs #41288] + +- The DHCPv6 server now handles long valid and preferred lease times better. + Values that would cause the internal end time of the lease to wrap are + modified to work as infinite. + [ISC-Bugs #40773] + +- Updated support for cross compiling by allowing the library archiver + to be set at configure time via the environment variable 'AR'. + [ISC-Bugs #41536] + +- The server will now match DHCPv6 relayed clients to host declarations + which include the "hardware" statement, if the relay connected to the + client supplies the client's hardware address via client-linklayer-address + option as per RFC 6939. + [ISC-Bugs #40334] + +- Allow a filename to be specified instead of /dev/random during + configuration. This is passed to the BIND configuration to allow + for cross compilation. + [ISC-Bugs #33835] + +- Add more option definitions. + [ISC-Bugs #40562] + +- Correct outputting of long lines in the lease file when writing + a lease that includes long strings in an execute statement. + [ISC-Bugs #40994] + +- The server will now correctly treat a lease as reserved when the client + requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved" + is enabled. Prior to this the server would halt. In addition, corrections + were made to the server to allow a lease's flags field to be set via omapi. + Prior to this, the server, depending on the host architecture, would + incorrectly parse the new flags value from the omapi message. + [ISC-Bugs #31179] + +- ISC DHCP can now be configured and built from a directory other than + the top level source directory. Note that "make distcheck" uses this + feature. + [ISC-Bugs #39262] + +- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument, + "-U <interface>" enables the addition of a RFC 3527 compliant link selection + suboption to the agent option added for clients directly connected to the + relay. + [ISC-Bugs #34875] + [ISC-Bugs #41708] + +- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled + instructs the server to calculate T1 and T2 as recommended in RFC 3315, + Section 22.4. + [ISC-Bugs #25687] + +- Corrected minor Coverity issues. + [ISC-Bugs #35144] + +- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration + option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support + and is not compatible with delayed-ack. Both client and server use 2 + processes which communicate over UDP on a pair of sockets. The new + "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support + and specifies the consecutive ports to use for inter-process communication. + Please look at doc/DHCPv4-over-DHCPv6 for more details. + [ISC-Bugs #35711] + +- Correct interface name formation when using DLPI under Solaris 11. As of + Solaris 11, ethernet device files are located in "/dev/net". The configure + script has been modified to detect this situation and adjust the directory + used accordingly. Thanks to Jarkko Torppa for reporting this issue and + submitting a patch + [ISC-Bugs #37954] + [ISC-Bugs #40752] + +- Add a dereference call when handling an error condition while + decoding a packet. + [ISC-Bugs #41774] + +- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The + parameter controls the format in which certain values are written to lease + files. Formats supported are octal - quoted string containing octal + escapes, and hex - unquoted, colon separated hex digits. Thanks to + Jay Ford, University of Iowa for bringing the issue to our attention. + [ISC-Bugs #26378] + +! Add an option in site.h to limit the number of failover and control + connections the server will accept. By default this is 200. + [ISC-Bugs #41845] + CVE: CVE-2016-2774 + + Changes since 4.3.3b1 + +- None + + Changes since 4.3.2 - The server now does a better check to see if it can allocate the memory for large blocks of v4 leases and should provide a slightly better error @@ -832,12 +932,19 @@ dhcp-users@lists.isc.org. and suggesting a patch. [ISC-Bugs #39279] + Changes since 4.3.2rc2 +- None + + Changes since 4.3.2rc1 + - Corrected a compilation error introduced by the fix for ISC-Bugs #37415. The error occurs on Linux variants that do not support VLAN tag information in packet auxiliary data. The configure script now only enables inclusion of the VLAN tag-based logic if it is supported by the underlying OS. [ISC-Bugs #38677] + Changes since 4.3.2b1 + - Specifying the option, --disable-debug, on the configure script command line now disables debug features. Prior to this, specifying --disable-debug incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting @@ -859,449 +966,367 @@ dhcp-users@lists.isc.org. use the command "make -k check". [ISC-Bugs #38619] -- Corrected a static analyzer warning in common/execute.c - [ISC-Bugs #40374] + Changes since 4.3.1 -- ISC DHCP now follows the common convention to use the base name a - program is invoked with (aka argv[0], vs. a builtin name) for - logs. This should help differentiate syslog entries for DHCPv4 and - DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to - keep the previous behavior. - [ISC-Bugs #38692] - -- The Linux packet filter code now correctly treats only the least significant - 12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q). - Prior to this it was using the entire 16 bit value as the VLAN id and - incorrectly discarding packets. Thanks to Jiri Popelka at Red Hat for - reporting this issue and supplying its patch. - [ISC-Bugs #40591] - -- Fixed several static analysis issues such as potential null - references, unchecked strdup returns. Thanks to Bill Parker (wp02855 at - gmail dot com) who identified these issues and supplied patches to - address them. - [ISC-Bugs #40754] - [ISC-Bugs #40823] - -- Corrected compilation errors that prohibited building the server - and its ATF unit tests when failover is disabled. - [ISC-Bugs #40372] - -- Added the lease address to the end of the debug level log message - emitted when an existing lease is renewed within the dhcp-cache-threshold. - Thanks to Nathan Neulinger at Missouri S&T for suggesting the change. - [ISC-Bugs #40598] - -- Added dhcpv6 and delayed-ack to settings listed in the "Features:" - section of the configure script output. Additionally, all of the - features reported on will now always show either a "yes" or "no" - value. Prior to this features left to their default setting would - not show a value. - [ISC-Bugs #40381] - -- Added a parameter, authoring-byte-order, to the lease file. This value - is automatically added to the top of new lease files by the server and - indicates the internal byte order (big endian or little endian) of the - server. This permits lease files generated on a server with one form of - byte order to be used on a server with the opposite form. Our thanks to - Timothe Litt for calling this to our attention and for the suggestions - he provided. - [ISC-Bugs #38396] - -- Fixed a small memory leak in the DHCPv6 version of the client code. - This is unlikely to cause significant issues in actual use. - [ISC-Bugs #40990] - -- Corrected a few minor memory leaks in omapi's dereferencing of - host objects. Thanks to Jiri Popelka at Red Hat for reporting - the issue and supplying the patches. - [ISC-Bugs #33990] - [ISC-Bugs #41325] - -- Cleaned up some of the Make infrastructure to make --with-libbind - work better. Though it still only works with an absolute path. - [ISC-Bugs #39210] - -- Made the embedded bind libraries able to be cross compiled - (please refer to the bind9 documentation to learn how to cross - compile DHCP and its bind library dependency). - [ISC-Bugs #38836] +- Corrected parser's right brace matching when a statement contains an error. + [ISC-Bugs #36021] -- Update the client code to better support getting IA_NAs and IA_PDs - in the same packet, see RFC7550 for some discussion. - [ISC-Bugs #40190] +- TSIG-authenticated dynamic DNS updates now support the use of these + additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, + and hmac-sha512 + [ISC-Bugs #36947] -! Update the bounds checking when receiving a packet. - Thanks to Sebastian Poehn from Sophos for the bug report and a suggested +- Added check for invalid failover message type. Thanks to Tobias Stoeckmann + working with the OpenBSD project who spotted the issue and provided the patch. - [ISC-Bugs #41267] - CVE: CVE-2015-8605 - -- When handling an incorrect command line for dhcpd, dhclient or dhcrelay - print out a specific error message about the first error in addition - to the usage string. This may be disabled by editing includes/site.h. - [ISC-Bugs #40321] - [ISC-Bugs #41454] - -- The configure script will now exit with an error message if it cannot find - a GNU-style make tool (needed when building BIND libraries) or pkg-config - (needed to locate ATF used for building unit tests). Prior to this the - script would exit indicating success causing subsequent attempts to build - the software to fail. - [ISC-Bugs #40371] - -- Properly terminate strings before passing them to regex and fix - a boundary error when creating certain new data strings. - Thanks to Andrey Jr. Melnikov for the bug report. - [ISC-Bugs #41217] - -- Option expressions, such as prepend and append, are now supported when - running dhclient for IPv6. Prior to this such statements in the - client configuration file would be parsed but have no affect. Thanks - to Jiri Popelka at Red Hat for reporting the issue. - [ISC-Bugs #39952] + [ISC-Bugs #36653] -- A failover primary server will now accept a binding status update from the - secondary which transitions a lease from ACTIVE to ABANDONED. This accounts - for instances in which a client declines a lease and only the secondary - server receives it. Prior to this the primary server would reject such an - update as an "invalid state transition". - [ISC_BUGS #25189] +- Corrected rate limiting checks for bad packet logging. Thanks to Tobias + Stoeckmann working with the OpenBSD project who spotted the issue and + provided the patch. + [ISC-Bugs #36897] -- Properly allocate memory for a bpf filter. - Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue. - [ISC-Bugs #41485] +- Log statements depicting what files will be used by the server now occur + after the configuration file has been processed. + [ISC-Bugs #36671] -- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better - and to print out the hostnames a bit better. - Thanks to Antoine Beaupré from Debian for the suggested patch. - [ISC-Bugs #41288] +- Addressed Coverity issues reported as of 07-31-2014: + [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues. + [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues + [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older + compilers that was introduced by #36712 -- The DHCPv6 server now handles long valid and preferred lease times better. - Values that would cause the internal end time of the lease to wrap are - modified to work as infinite. - [ISC-Bugs #40773] +- Server now supports a failover split value of 256. + [ISC-Bugs] #36664] -- Updated support for cross compiling by allowing the library archiver - to be set at configure time via the environment variable 'AR'. - [ISC-Bugs #41536] +- Remove unneeded error #defines. These defines were included in case + external programs required the older versions of the macro. They + have been #ifdeffed for now and will be removed at a future date. + See site.h for the #define to include them again, but you should + switch to using the DHCP_R_* versions instead of the ISC_R_* versions. + Also ISC_R_MULTIPLE has been removed as it is also defined in bind. + [ISC-Bugs #37128] -- The server will now match DHCPv6 relayed clients to host declarations - which include the "hardware" statement, if the relay connected to the - client supplies the client's hardware address via client-linklayer-address - option as per RFC 6939. - [ISC-Bugs #40334] +- Added checks in range6 and prefix6 statement parsing to ensure addresses + are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the + bug report and patch. + [ISC-Bugs #32453] + [ISC-Bugs #17766] + [ISC-Bugs #18510] + [ISC-Bugs #23698] + [ISC-Bugs #28883] -- Allow a filename to be specified instead of /dev/random during - configuration. This is passed to the BIND configuration to allow - for cross compilation. - [ISC-Bugs #33835] +- Addressed checksum issues: + Added checksum readiness check to Linux packet filtering which eliminates + invalid packet drops due to checksum errors when checksum offloading is + in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project. + [ISC-Bugs #22806] + [ISC-Bugs #15902] + [ISC-Bugs #17739] + [ISC-Bugs #18010] + [ISC-Bugs #22556] + [ISC-Bugs #29769] + Inbound packets with UDP checksums of 0xffff now validate correctly rather + than being dropped. + [ISC-Bugs #24216] + [ISC-Bugs #25587] -- Add more option definitions. - [ISC-Bugs #40562] +- Added the echo-client-id configuration parameter to the server configuration. + The server now supports RFC 6842 compliant behavior by setting a new + configuration parameter, echo-client-id. When enabled, the server will + include the client identifier option (Option code 61) if received, in its + responses. The server identifier returned in NAKs (if enabled) will now + be the globally defined value (if one) if the server cannot attribute the + inbound request to a known subnet. + [ISC-Bugs #35958] + [ISC-Bugs #32545] -- Correct outputting of long lines in the lease file when writing - a lease that includes long strings in an execute statement. - [ISC-Bugs #40994] +- Added support of the configuration parameter, use-host-decl-names, to + BOOTP request handling. + [ISC-Bugs #36233] -- The server will now correctly treat a lease as reserved when the client - requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved" - is enabled. Prior to this the server would halt. In addition, corrections - were made to the server to allow a lease's flags field to be set via omapi. - Prior to this, the server, depending on the host architecture, would - incorrectly parse the new flags value from the omapi message. - [ISC-Bugs #31179] +- Added logic to ignore the signal, SIGPIPE, which ensures write failures + will be delivered as errors rather than as SIGPIPE signals on all OSs. + Thanks to Marius Tomaschewski from SUSE who reported the issue and provided + the patch upon which the fix is based. + [ISC-Bugs #32222] -- ISC DHCP can now be configured and built from a directory other than - the top level source directory. Note that "make distcheck" uses this - feature. - [ISC-Bugs #39262] +- In the failover code, handle the case of communications being interrupted + when the servers are dealing with POTENTIAL-CONFLICT. This patch allows + the primary to accept the secondary moving from POTENTIAL-CONFLICT to + RESOLUTION-INTERRUPTED as well as handling the bind update process better. + In addition the code to resend update or update all requests has been + modified to send requests more often. + [ISC-Bugs #36810] + [ISC-Bugs #20352] -- Add support for RFC 3527 to dhcrelay. A new, dhcrelay command line argument, - "-U <interface>" enables the addition of a RFC 3527 compliant link selection - suboption to the agent option added for clients directly connected to the - relay. - [ISC-Bugs #34875] - [ISC-Bugs #41708] +- By default, the server will now choose the value to use in the forward DNS + name from the following in order of preference: -- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled - instructs the server to calculate T1 and T2 as recommended in RFC 3315, - Section 22.4. - [ISC-Bugs #25687] + 1. FQDN option if provided by the client + 2. Host name option if provided by the client + 3. Configured option host-name if defined -- Corrected minor Coverity issues. - [ISC-Bugs #35144] + As before, this may be overridden by defining ddns-hostname to the desired + value (or expression). In addition, the server logic has been extended to + use the value of the host name declaration if use-host-decl-names is enabled + and no other value is available. + [ISC-Bugs #21323] -- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration - option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support - and is not compatible with delayed-ack. Both client and server use 2 - processes which communicate over UDP on a pair of sockets. The new - "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support - and specifies the consecutive ports to use for inter-process communication. - Please look at doc/DHCPv4-over-DHCPv6 for more details. - [ISC-Bugs #35711] +- DNS updates were being attempted when dhcp-cache-threshold enabled the use of + the existing lease and the forward DNS name had not changed. This has been + corrected. + [ISC-Bugs #37368] + [ISC-Bugs #38636] -- Correct interface name formation when using DLPI under Solaris 11. As of - Solaris 11, ethernet device files are located in "/dev/net". The configure - script has been modified to detect this situation and adjust the directory - used accordingly. Thanks to Jarkko Torppa for reporting this issue and - submitting a patch - [ISC-Bugs #37954] - [ISC-Bugs #40752] +- Corrected an issue which caused dhclient to incorrectly form the result when + prepending or appending to the IPv4 domain-search option, received from the + server, when either of the values being combined contain compressed + components. + [ISC-Bugs #20558] -- Add a dereference call when handling an error condition while - decoding a packet. - [ISC-Bugs #41774] +- Added the server-id-check parameter to the server configuration. + This parameter allows run-time control over whether or not a server, + participating in failover, verifies the dhcp-server-identifier option in + DHCP REQUESTs against the server's id before processing the request. + Formerly, enabling this behavior was done at compilation time through + the use of the #define, SERVER_ID_CHECK, which has been removed from site.h + The functionality is now only available through the new runtime parameter. + [ISC-Bugs #37551] -- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The - parameter controls the format in which certain values are written to lease - files. Formats supported are octal - quoted string containing octal - escapes, and hex - unquoted, colon separated hex digits. Thanks to - Jay Ford, University of Iowa for bringing the issue to our attention. - [ISC-Bugs #26378] +- During startup, when the server encounters a lease whose binding state is + FTS_BACKUP but whose pool has no configured failover peer, it will reset the + lease's binding state to FTS_FREE. This allows the leases to be reclaimed + by the server after a pool's configuration has changed from failover to + standalone. Prior to this such leases would remain stuck in the backup state + making them unavailable for assignment. Note this conversion will occur + whether or not the server is compiled for failover. + [ISC-Bugs #36960] -! Add an option in site.h to limit the number of failover and control - connections the server will accept. By default this is 200. - [ISC-Bugs #41845] - CVE: CVE-2016-2774 +- Fixed a small issue in the treatment of hosts in the inform processing + that could cause the response to an inform to include information from + the wrong scope. The two examples we've heard of are getting subnet + instead of group information associated with a host entry, or getting + global information instead of subnet if the host entry was built via + omapi. Thanks to Julien Soula at University of Lille for finding the + bug and supplying a patch. + [ISC-Bugs #35712] -- Fixed util/bindvar.sh error handling. - [ISC-Bugs #41973] +- Avoid calling pool_timer() recursively from supersede_lease(). This could + result in leases changing state incorrectly or delaying the running of the + leae expiration code. + [ISC-Bugs #38002] -- Correct error message in relay to use remote id length instead - of circuit id length. - [ISC-Bugs #42556] +- Move the check for a PID file and process to be before we rewrite the + lease file. This avoids the possibility of starting a second instance + of a server which changes the current lease file confusing the first + instance. This check is only included if the admin hasn't disabled PID + files. + [ISC-Bugs #38078] + [ISC-Bugs #38143] -- Add support for including an encapsulated option in a response - from the DHCPv6 server. This allows the v6 FQDN option to be - returned in responses. - [ISC-Bugs #29246] +- In the client code change the way preferred_life and max_life are printed + for environment variables to be unsigned rather than signed. + Thanks to Jiri Popelka at Red Hat for the bug report and patch. + [ISC-Bugs #37084] -- Add logic to test directory Makefiles to avoid copying Attfile(s) - when building within the source tree. This eliminates a noisy but - otherwise harmless error message when running "make check". - [ISC-Bugs #41883] +- Modified Linux packet handling such that packets received via VLAN are now + seen only by the VLAN interface. Prior to this, such packets were seen by + both the VLAN interface and its parent (physical) interface, causing the + server to respond to both. Note this remains an issue for non-Linux OSs. + Thanks to Jiri Popelka at Red Hat for the patch. + [ISC-Bugs #37415] + [ISC-Bugs #37133] + [ISC-Bugs #36668] + [ISC-Bugs #36652] -- Leases are now scrubbed of certain prior use information when pool - re-balancing reassigns them from one FO peer to the other. This - corrects an issue where leases that were offered but not used - by the client retained the client hostname from the original - client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University - for reporting the issue. - [ISC-Bugs #42008] +- Log content has been changed to more directly suggest that admins should + check for multiple IPv6 clients attempting to use the same DUID when only + abandoned addresses are available. Debug level logging will now emit counts + of the total number of, in-use, and abandoned addresses in a shared subnet + when the server finds no addresses available for a given DUID. Lastly, + threshold logging is now automatically disabled for shared subnets whose + total number of possible addresses exceeds (2^64)-1. + [ISC-Bugs #26376] + [ISC-Bugs #38131] -- In the LDAP code and schema add some missing '6' characters to use - the v6 instead of the v4 versions. Thanks to Denis Taranushin for - reporting this issue and supplying its patch. - [ISC-Bugs #42666] +- Added a global parameter, prefix-length-mode, which may be used to determine + how the server uses a non-zero value for prefix-length supplied by clients + when soliciting DHCPv6 prefixes. The server supports selection modes of: + ignore, prefer, exact, minimum and maximum which are described in detail in + the server man pages. The prior behavior of the server was to only offer a + prefix whose length exactly matched the prefix-length value requested. If + no such prefixes were available, the server returned a status of none + available. Note the default mode, "exact", provides this same behavior. + [ISC-Bugs #36780] + [ISC-Bugs #32228] -- Correct how the pick-first-value expression is written to a lease - file. Previously it was written as a concat expression due to - a cut and paste error. - [ISC-Bugs #42253] +- Corrected inconsistencies in dhcrelay's setting the upper interface hop count + limit such that it now sets it to 32 when the upstream address is a multicast + address per RFC 3315 Section 20. Prior to this if the -u argument preceded + the -l argument on the command line or if the same interface was specified + for both; the logic to set the hop limit count for the upper interface was + skipped. This caused the hop count limit to be set to the default value + (typically 1) in the outbound upstream packets. + [ISC-Bugs #37426] -- Modify the DDNS code to clean up the PTR record even if there - are issues while cleaning up the A or AAAA records. - [ISC-Bugs #23954] + Changes since 4.3.1b1 -- Added global configuration parameter, abandon-lease-time, which determines - the amount of time a lease remains abandoned. The default is 84600 seconds. - Additionaly, the server now conducts a ping check (if ping checks are - enabled) prior to offering an abandoned lease to client. Our thanks to - David Zych at University of Illinois for reporting the issue and working - with us to produce a viable solution. - [ISC-Bugs #41815] +- Modify the linux and openwrt dhclient scripts to process information + from a stateless request. Thanks to Jiri Popelka at Red Hat for the + bug report and patch. + [ISC-Bugs #36102] -- Correct handling of interface names during interface discovery. This - addresses an issue where interface names of 15 characters in length - could lead to crashes or interface recognition errors during startup - of dhcpd, dhclient, and dhcrelay. - [ISC-Bugs #42226] +- Remove more unused RCSID tags. These weren't noticed in 4.3 as + the code isn't used anymore but we remove them here to keep the + code consistent across versions. + [ISC-Bugs #36451] -- Updates to contrib/dhcp-lease-list.pl to make it more friendly. - The updates are: looking for the lease file in more places and skipping - the "processing complete" output when creating machine readable - output. Thanks to Cameron Paine (cbp at null dot net) for the - patch. - [ISC-Bugs #42113] + Changes since 4.3.0 -- When reusing a lease for dhcp-cache-threshold return the hostname - to the original lease. Also if the host pointer, UID or hardware address - change don't allow reuse of the lease. - Thanks to Michael Vincent for reporting this and helping us - verify the problem and fix. - [ISC-Bugs #42849] +- Tidy up several small tickets. + Correct parsing of DUID from config file, previously the LL type + was put in the wrong place in the DUID string. + [ISC-Bugs #20962] + Add code to parse "do-forward-updates" as well as "do-forward-update" + Thanks to Jiri Popelka at Red Hat. + [ISC-Bugs #31328] + Remove log_priority as it isn't currently used. + [ISC-Bugs #33397] + Increase the size of the buffer used for reading interface information. + [ISC-Bugs #34858] -- Change dmalloc to use a size_t as the length argument to bring it - in line with the call it will make to malloc(). - [ISC-Bugs #40843] +- Remove an extra set of the msg_controllen variable. + [ISC-Bugs #21035] -- If the failover socket can't be bound, close it. Otherwise if the - user configures an incorrect address in the failover stanza the - server will continue to open new sockets every 90 seconds until - it runs out. - [ISC-Bugs #42452] +- Add a more understandable error message if a configuration attempts + to add multiple keys for a single zone. Thanks to a patch from Jiri + Popelka at Red Hat. + [ISC-Bugs #31892] -- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that - allow interfaces to be upstream or downstream respectively. Upstream - interfaces will accept and forward only BOOTP replies, while downstream - interfaces will accept and forward only BOOTP requests. - [ISC-Bugs #41547] +- Fix some minor issues in the dst code. + [ISC-Bugs #34172] -- Clean up some memory references in the vendor-class construct. - [ISC-Bugs #42984] +- Properly #ifdef functions so that the code can compile without NSUPDATE. + [ISC-Bugs #35058] -- Removed an extraneous expression in omapi socket callback function. Prior - to this change, the logic was techinically incorrect but other factors - ensured the outcome itself was correct. This change was made primarily - for code clarity. Thanks to Ganesh Pinjala for bringing the issue to our - attention. - [ISC-Bugs #42834] +- Update the partner's stos (start time of state, basically when we last + heard from this partner) field when updating the state in failover. + [ISC-Bugs #35549] -- Corrected a bug which could cause the server to sporadically crash while - loading lease files with the lease-id-format is set to "hex". Our thanks - to Jay Ford, University of Iowa for reporting the issue. - [ISC-Bugs #43185] +- Modify the overload processing to allow space for the remote agent ID. + [ISC-Bugs #35569] + Handle the ordering of the SUBNET_MASK option even if it is the last + option in the list. + [ISC-Bugs #24580] -- Eliminated a noisy, but otherwise harmless debug log statment that may - appear during server startup when building with --enable-binary-leases - and configuring multiple pools in a shared network. Thanks to Fernando - Soto from BlueCat Networks for reporting the issue and supplying a patch. - [ISC-Bugs #43262] +- Remove the code that allows a server to follow RFC3315 instead of + the subsequent errata from August 2010 when determining which IAs + to include if no addresses will be assigned. + [ISC-Bugs #28938] -- The configure script for use with libtool now catches a failure to - execute autoreconf. Prior to this, autoreconf failures would go undetected - causing the legacy configure script to loop when run with --enable-libtool. - [ISC-Bugs #43546] +- Remove unused RCSID tags. + [ISC-Bugs #35846] -- When replying to a DHCPINFORM, the server will now include options specified - at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. - Prior to this the server only evaluated options down to the subnet scope. - Thanks to Fernando Soto at BlueCat Networks for reporting the issue. - [ISC-Bugs #43219] - [ISC-Bugs #45051] +- Correct the v6 client timing code. When doing the timing backoff + for MRT limit it to MRD. + Thanks to Jiri Popelka at Red Hat for the bug report and fix. + [ISC-Bugs #21238 -- When memory allocation fails in a repeated way the process writes - "Run out of memory." on the standard error and exists with status 1. - [ISC-Bugs #32744] +- Add a log entry when killing a client and remove the PID files + when a server, relay or client are killed. + [ISC-Bugs #16970] + [ISC-Bugs #17258] -- The new lmdb (Lightning Memory DataBase) bind9 configure option is - now disabled by default to avoid the presence of this library to be - detected which can lead to a link failure. - [ISC-Bugs #45069] +- Some minor cleanups in the client code. + In addition to checking for dhcpc check for bootpc in the services list. + [ISC-Bugs #18933] + Correct the client code to only try to get a lease once when the + given the "-1" argument. + Thanks to Jiri Popelka at Red Hat for the bug report and fix. + [ISC-Bugs #26735] + When asked for the version don't send the output to syslog. + [ISC-Bugs #29772] + Add the next server information to the environment variables for + use by the client script. In order to avoid changing the client + lease file the next server information isn't written to it. + Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix. + [ISC-Bugs #33098] -- The linux interface discovery code has been modified to use getifaddrs() - as is done for BSD and OS-X. Prior to this the code would only recognize - the first address on an interface and thereby omit vlans. - Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei - Kong at Novell, who all submitted patches. - [ISC-Bugs #28761] - [ISC-Bugs #31992] - [ISC-Bugs #25428] - [ISC-Bugs #31940] - [ISC-Bugs #32935] +- Several updates to the dhcp server code. + When not in quiet mode print out the files being used. + [ISC-Bugs #17551] + As accessing some pid files may require privileges move the dropping + of permission bits due to the paranoia patch to be after the pid code. + Thanks to Jiri Popelka at Red Hat for the bug report and fix. + [ISC-Bugs #25806] + When processing a "--version" request don't output the version information + to syslog. -- Fixed a bug in OMAPI that causes omshell to crash when a name-value - pair with a zero length value is shipped in an object. Thanks to - Fernando Soto at BlueCat Networks for reporting the issue and - supplying the patch. - [ISC-Bugs #29108] +- Add the "enable-log-pid" build option to the configure script. When enabled + this causes the client, server and relay programs to include the PID + number in syslog messages. + Thanks to Marius Tomaschewski for the suggestion and proto-patch. + [ISC-Bugs #29713] -- On 64-bit platforms, dhclient now generates the correct value for the - script environment variable, "expiry", the lease expiry value exceeds - 0x7FFFFFFF. Prior to this such values would produce negative values - for expiry in the script environment. - [ISC-Bugs #43326] +- Add a #define to specify the prefix length used when a client attempts + to configure an address. This can be modified by editing includes/site.h. + By default it is set to 64. While 128 might be a better choice it would + also be a change for currently running systems, so we have left it at 64. + [ISC-Bugs #DHCP-2] -- Common timer logic was modified to cap the maximum timeout values at - 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of - range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for - reporting the issue. - [ISC-Bugs #28038] +- Add a run time option to the client "-df" to allow the administrator to + point to a second lease file the client can search for a DUID. This can + be used to allow a v4 and a v6 instance of the client to share a DUID. + The second file will only be searched if there isn't a DUID in the main + lease file and the DUID will be written out to the main lease file. + [ISC-Bugs #34886] -- DHCP6 FQDN option unpacking code now correctly handles values that contain - spaces, special, or non-printable characters. Prior to this the buffer - size needed was underestimated causing a conversion error message to - be logged and DNS updates to be skipped. Thanks to Fernando Soto at - BlueCat Networks for bringing the matter to our attention. - [ISC-Bugs #43592] +- Have the client fsync the lease file to avoid lease corruption if the + client hibernates or otherwise shuts down. + [ISC-Bugs #35894] -- When running in -6 mode, dhclient now enforces the require option statement - and will discard offered leases that do not contain all the required - options specified in the client configuration. Prior to this the client - would still consider such leases. This may be disabled at compile time - (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to - Mritunjaykumar Dubey at Nokia for reporting the issue. - [ISC-Bugs #41473] +- Add a check for L2VLAN in bpf.c to help support VLAN interfaces + Thanks to Steinar Haug for the suggestion. + [ISC-Bugs #36033] -- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit - OS systems when using -1 or large values for default-lease-time. Rollover - values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally - short expiration times being handed out when infinite lease times (-1) in - conjunction with failover. Our thanks to Alessandro Gherardi for bringing - the issue to our attention. - [ISC-Bugs #41976] +- Modify the handling of the resolv.conf file to allow the DHCP + process to start up even if the resolv.conf file has problems. + [ISC-Bugs #35989] -- The server nows checks both the address and length of a prefix delegation - when attempting to match it to a prefix pool. This ensures the server - responds properly when pool configurations change such that once valid, - "in-pool" delegations are now treated as being invalid. During lease - file loading at startup, the server will discard any PD leases that - are deemed "out-of-pool" either by address or mis-matched prefix length. - Clients seeking to renew or rebind such leases will get a response of - No Binding in the case of the former, and the prefix delegation with - lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo - at TDS Telecom for reporting this issue. - [ISC-Bugs #35378] +- Add threshold logging functionality. Two new options, + log-threshold-low and log-threshold-high, indicate to the + server if and when it should log an error message as addresses + in a pool are used. + [ISC-Bugs #34487] -- The server now detects failover peers that are not referenced in at least - one pool when run with the command line option for test mode, -T. Prior to - this the check was performed too far down stream to be detected in test mode. - [ISC-Bugs #29892] +- Add code to properly dereference a pointer in the dhclient code + on an error condition. + [ISC-Bugs #36194] -- Changed severity of the log message indicating UDP checksum errors in - the received packets from 'info' to 'debug' to avoid logging excessive - number of false positives when UDP checksum offloading is enabled. - [ISC-bugs #41757] +- Add code to help clean up soft leases. + [ISC-Bugs #36304] -- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias" - for IPv6 mode in the client scripts, netbsd and openbsd. This was - preventing IPv6 addresses from being added or removed from interfaces. - Thanks to Tim Dean for reporting this issue. - [ISC-bugs #31573] +- Disable the gentle shutdown functionality until we can determine + the best way to present it to remove or reduce the side effects. + [ISC-Bugs #36066] -- Corrected an issue where the server would return a client's previously - released prefix lease even when the client provides a prefix length - hint that does not match the prior lease. Now the server will only - return the previous lease if it exactly matches the hint. If not - it will attempt to allocate a new prefix based on the hint and the - prefix-length-mode. Thanks to Tim DeNike - Lightspeed Communications - for pointing out the error of our ways. - [ISC-bugs #45780] + Changes since 4.3.0rc1 -- Added explicit include of BIND9 isc/util.h to adapt to revisisions - in BIND9 (see BIND9 ticket #46311). Prior to this the build was failing - with implicit function declarations errors for POST() and INSIST(). - [ISC-bugs #46332] +- None + Changes since 4.3.0b1 -- Added to code ignore empty IPv4 host name option (code 12). While RFC 2132 - states the option cannot be empty, some clients are apparently capable of - sending it. Prior to this the server was attempting to use it and store it - in the lease file causing issues with DDNS and so forth. - [ISC-bugs #43786] +- Tidy up receive packet processing. + Thanks to Brad Plank of GTA for reporting the issue and suggesting + a possible patch. + [ISC-Bugs #34447] -- Replaced iasubopt::heap_index with separate values for active and inactive - heaps: iasubopt::active_index and iasubopt::inactive_index. This was done - to accomodate a change in behavior in BIND9 isc_heap_delete(). - [ISC-bugs #46719] + Changes since 4.3.0a1 -! Plugged a socket descriptor leak in OMAPI, that can occur when there is - data pending to be written to an OMAPI connection, when the connection - is closed by the reader. Thanks to both Konstantin Orekhov at eBay and - Pavel Zhukov at RedHat for bringing this issue to our attention, and to - Pavel whose patch helped guide us in the right direction. - [ISC-Bugs #46767] - [ISC-Bugs #41861] +- Modify the message displayed when a process hits a fatal error. + The new message is much shorter and simply points to the README + and our website for directions on bug submissions. + [ISC-Bugs #24789] Changes since 4.2.0 (new features) |