RELNOTES 182 KB
Newer Older
1
                Internet Systems Consortium DHCP Distribution
2
                             Version 4.4.0-pre-alpha
3
                             29 March 2016
Ted Lemon's avatar
Ted Lemon committed
4

5
                             Release Notes
Ted Lemon's avatar
Ted Lemon committed
6

7
                              NEW FEATURES
8

Shawn Routhier's avatar
Shawn Routhier committed
9
The major "theme" for ISC DHCP 4.3.x was to update the support for
10
11
DHCPv6 to include several of the features that have been available
for DHCPv4.  These include:
12

13
14
15
16
- Support the use of classes

- Support for on_commit, on_expiry and on_release statements

17
- Better logging of address assignments
18
19
20

- Support for using DHCPv6 relay options in expressions

21
This release also adds support for the standard DDNS as described in the
22
23
current RFCs as well as enhancing support for dynamically adding and removing
subclasses via OMAPI.
24

Evan Hunt's avatar
Evan Hunt committed
25
26
There are a number of DHCPv6 limitations and features missing in this
release, which will be addressed in the future:
David Hankins's avatar
David Hankins committed
27

Evan Hunt's avatar
Evan Hunt committed
28
- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
29

30
31
- DHCPv6 includes human-readable text in status code messages, in
  English.  A method to reconfigure or support other languages would
Shawn Routhier's avatar
Shawn Routhier committed
32
  be preferable.
David Hankins's avatar
David Hankins committed
33
34
35
36

- The "host-identifier" option is limited to a simple token.

- The client and server can only operate DHCPv4 or DHCPv6 at a time,
Shane Kerr's avatar
Shane Kerr committed
37
  not both.  To use both protocols simultaneously, two instances of the
David Hankins's avatar
David Hankins committed
38
  relevant daemon are required, one with the '-6' command line option.
39

Evan Hunt's avatar
Evan Hunt committed
40
41
42
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
43

Evan Hunt's avatar
Evan Hunt committed
44
45
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
46

Evan Hunt's avatar
Evan Hunt committed
47
48
49
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
David Hankins's avatar
David Hankins committed
50

51
52
53
54
ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).

55
			Changes since 4.3.0 (new features)
56

57
58
59
60
61
62
- Insert the raw data from a fully encapsualted option into the option cache.
  This allows "exists" to check for the option if any sub options exist.  It
  also adds the raw data to the environment variables supplied to the client
  script.
  [ISC-Bugs #39863]

63
64
65
66
67
68
- Removed an extraneous expression in omapi socket callback function. Prior
  to this change, the logic was techinically incorrect but other factors
  ensured the outcome itself was correct.  This change was made primarily
  for code clarity.
  [ISC-Bugs #42834]

Francis Dupont's avatar
Francis Dupont committed
69
70
71
- Added --enable-kqueue, --enable-epoll, --enable-devpoll and a more
  general --with-bind-extra-config to pass extra options to the
  embedded bind configure. Note we had mixed experiences with this
Francis Dupont's avatar
Francis Dupont committed
72
  so it is at the user risk, i.e., they are NOT SUPPORTED yet.
Francis Dupont's avatar
Francis Dupont committed
73
  [ISC-Bugs #20890]
Francis Dupont's avatar
Francis Dupont committed
74

75
			Changes since 4.3.0 (bug fixes)
76

77
78
79
80
81
82
83
84
85
86
87
- Tidy up several small tickets.
  Correct parsing of DUID from config file, previously the LL type
  was put in the wrong place in the DUID string.
  [ISC-Bugs #20962]
  Add code to parse "do-forward-updates" as well as "do-forward-update"
  Thanks to Jiri Popelka at Red Hat.
  [ISC-Bugs #31328]
  Remove log_priority as it isn't currently used.
  [ISC-Bugs #33397]
  Increase the size of the buffer used for reading interface information.
  [ISC-Bugs #34858]
88

89
90
- Remove an extra set of the msg_controllen variable.
  [ISC-Bugs #21035]
91

92
93
94
95
- Add a more understandable error message if a configuration attempts
  to add multiple keys for a single zone.  Thanks to a patch from Jiri
  Popelka at Red Hat.
  [ISC-Bugs #31892]
96

97
98
- Fix some minor issues in the dst code.
  [ISC-Bugs #34172]
99

100
101
- Properly #ifdef functions so that the code can compile without NSUPDATE.
  [ISC-Bugs #35058]
102

103
104
105
- Update the partner's stos (start time of state, basically when we last
  heard from this partner) field when updating the state in failover.
  [ISC-Bugs #35549]
106

107
108
109
110
111
- Modify the overload processing to allow space for the remote agent ID.
  [ISC-Bugs #35569]
  Handle the ordering of the SUBNET_MASK option even if it is the last
  option in the list.
  [ISC-Bugs #24580]
112

113
114
115
116
- Remove the code that allows a server to follow RFC3315 instead of
  the subsequent errata from August 2010 when determining which IAs
  to include if no addresses will be assigned.
  [ISC-Bugs #28938]
117

118
119
- Remove unused RCSID tags.
  [ISC-Bugs #35846]
120

121
122
123
124
- Correct the v6 client timing code.  When doing the timing backoff
  for MRT limit it to MRD.
  Thanks to Jiri Popelka at Red Hat for the bug report and fix.
  [ISC-Bugs #21238
125

126
127
128
129
- Add a log entry when killing a client and remove the PID files
  when a server, relay or client are killed.
  [ISC-Bugs #16970]
  [ISC-Bugs #17258]
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
- Some minor cleanups in the client code.
  In addition to checking for dhcpc check for bootpc in the services list.
  [ISC-Bugs #18933]
  Correct the client code to only try to get a lease once when the
  given the "-1" argument.
  Thanks to Jiri Popelka at Red Hat for the bug report and fix.
  [ISC-Bugs #26735]
  When asked for the version don't send the output to syslog.
  [ISC-Bugs #29772]
  Add the next server information to the environment variables for
  use by the client script.  In order to avoid changing the client
  lease file the next server information isn't written to it.
  Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
  [ISC-Bugs #33098]
145

146
147
148
149
150
151
152
153
154
- Several updates to the dhcp server code.
  When not in quiet mode print out the files being used.
  [ISC-Bugs #17551]
  As accessing some pid files may require privileges move the dropping
  of permission bits due to the paranoia patch to be after the pid code.
  Thanks to Jiri Popelka at Red Hat for the bug report and fix.
  [ISC-Bugs #25806]
  When processing a "--version" request don't output the version information
  to syslog.
155

156
157
158
159
160
- Add the "enable-log-pid" build option to the configure script.  When enabled
  this causes the client, server and relay programs to include the PID
  number in syslog messages.
  Thanks to Marius Tomaschewski for the suggestion and proto-patch.
  [ISC-Bugs #29713]
161

162
163
164
165
166
- Add a #define to specify the prefix length used when a client attempts
  to configure an address.  This can be modified by editing includes/site.h.
  By default it is set to 64.  While 128 might be a better choice it would
  also be a change for currently running systems, so we have left it at 64.
  [ISC-Bugs #DHCP-2]
167

168
169
170
171
172
173
- Add a run time option to the client "-df" to allow the administrator to
  point to a second lease file the client can search for a DUID.  This can
  be used to allow a v4 and a v6 instance of the client to share a DUID.
  The second file will only be searched if there isn't a DUID in the main
  lease file and the DUID will be written out to the main lease file.
  [ISC-Bugs #34886]
174

175
176
177
- Have the client fsync the lease file to avoid lease corruption if the
  client hibernates or otherwise shuts down.
  [ISC-Bugs #35894]
178

179
180
181
- Add a check for L2VLAN in bpf.c to help support VLAN interfaces
  Thanks to Steinar Haug for the suggestion.
  [ISC-Bugs #36033]
182

183
184
185
- Modify the handling of the resolv.conf file to allow the DHCP
  process to start up even if the resolv.conf file has problems.
  [ISC-Bugs #35989]
186

187
188
189
190
191
- Add threshold logging functionality.  Two new options,
  log-threshold-low and log-threshold-high, indicate to the
  server if and when it should log an error message as addresses
  in a pool are used.
  [ISC-Bugs #34487]
192

193
194
195
- Add code to properly dereference a pointer in the dhclient code
  on an error condition.
  [ISC-Bugs #36194]
196

197
198
- Add code to help clean up soft leases.
  [ISC-Bugs #36304]
199

200
201
202
- Disable the gentle shutdown functionality until we can determine
  the best way to present it to remove or reduce the side effects.
  [ISC-Bugs #36066]
203

204
205
206
207
- Modify the message displayed when a process hits a fatal error.
  The new message is much shorter and simply points to the README
  and our website for directions on bug submissions.
  [ISC-Bugs #24789]
208

209
210
- Handle an absent resolv.conf file better.
  [ISC-Bugs #35194]
211

212
213
214
215
- Tidy up receive packet processing.
  Thanks to Brad Plank of GTA for reporting the issue and suggesting
  a possible patch.
  [ISC-Bugs #34447]
216

217
218
- Corrected parser's right brace matching when a statement contains an error.
  [ISC-Bugs #36021]
219

220
221
222
223
- TSIG-authenticated dynamic DNS updates now support the use of these
  additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
  and hmac-sha512
  [ISC-Bugs #36947]
224

225
226
- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
  working with the OpenBSD project who spotted the issue and provided the
227
  patch.
228
  [ISC-Bugs #36653]
229

230
231
232
233
- Corrected rate limiting checks for bad packet logging.  Thanks to Tobias
  Stoeckmann working with the OpenBSD project who spotted the issue and
  provided the patch.
  [ISC-Bugs #36897]
234

235
236
237
- Log statements depicting what files will be used by the server now occur
  after the configuration file has been processed.
  [ISC-Bugs #36671]
238

239
240
241
242
243
- Addressed Coverity issues reported as of 07-31-2014:
  [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
  [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
  [ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
  compilers that was introduced by #36712
244

245
246
- Server now supports a failover split value of 256.
  [ISC-Bugs] #36664]
247

248
249
250
251
252
253
254
- Remove unneeded error #defines.  These defines were included in case
  external programs required the older versions of the macro.  They
  have been #ifdeffed for now and will be removed at a future date.
  See site.h for the #define to include them again, but you should
  switch to using the DHCP_R_* versions instead of the ISC_R_* versions.
  Also ISC_R_MULTIPLE has been removed as it is also defined in bind.
  [ISC-Bugs #37128]
255

256
257
258
259
260
261
262
263
- Added checks in range6 and prefix6 statement parsing to ensure addresses
  are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
  bug report and patch.
  [ISC-Bugs #32453]
  [ISC-Bugs #17766]
  [ISC-Bugs #18510]
  [ISC-Bugs #23698]
  [ISC-Bugs #28883]
264

265
266
267
268
269
270
271
272
273
274
275
276
277
278
- Addressed checksum issues:
  Added checksum readiness check to Linux packet filtering which eliminates
  invalid packet drops due to checksum errors when checksum offloading is
  in use.  Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora project.
  [ISC-Bugs #22806]
  [ISC-Bugs #15902]
  [ISC-Bugs #17739]
  [ISC-Bugs #18010]
  [ISC-Bugs #22556]
  [ISC-Bugs #29769]
  Inbound packets with UDP checksums of 0xffff now validate correctly rather
  than being dropped.
  [ISC-Bugs #24216]
  [ISC-Bugs #25587]
279

280
281
282
283
284
285
286
287
288
- Added the echo-client-id configuration parameter to the server configuration.
  The server now supports RFC 6842 compliant behavior by setting a new
  configuration parameter, echo-client-id.  When enabled, the server will
  include the client identifier option (Option code 61) if received, in its
  responses.  The server identifier returned in NAKs (if enabled) will now
  be the globally defined value (if one) if the server cannot attribute the
  inbound request to a known subnet.
  [ISC-Bugs #35958]
  [ISC-Bugs #32545]
Francis Dupont's avatar
Francis Dupont committed
289

290
291
292
- Added support of the configuration parameter, use-host-decl-names, to
  BOOTP request handling.
  [ISC-Bugs #36233]
293

294
295
296
297
298
- Added logic to ignore the signal, SIGPIPE, which ensures write failures
  will be delivered as errors rather than as SIGPIPE signals on all OSs.
  Thanks to Marius Tomaschewski from SUSE who reported the issue and provided
  the patch upon which the fix is based.
  [ISC-Bugs #32222]
299

300
301
302
303
304
305
306
307
- In the failover code, handle the case of communications being interrupted
  when the servers are dealing with POTENTIAL-CONFLICT.  This patch allows
  the primary to accept the secondary moving from POTENTIAL-CONFLICT to
  RESOLUTION-INTERRUPTED as well as handling the bind update process better.
  In addition the code to resend update or update all requests has been
  modified to send requests more often.
  [ISC-Bugs #36810]
  [ISC-Bugs #20352]
Shawn Routhier's avatar
Shawn Routhier committed
308

309
310
- By default, the server will now choose the value to use in the forward DNS
  name from the following in order of preference:
311

312
313
314
    1. FQDN option if provided by the client
    2. Host name option if provided by the client
    3. Configured option host-name if defined
315

316
317
318
319
320
  As before, this may be overridden by defining ddns-hostname to the desired
  value (or expression).  In addition, the server logic has been extended to
  use the value of the host name declaration if use-host-decl-names is enabled
  and no other value is available.
  [ISC-Bugs #21323]
321

322
323
324
325
326
- DNS updates were being attempted when dhcp-cache-threshold enabled the use of
  the existing lease and the forward DNS name had not changed.  This has been
  corrected.
  [ISC-Bugs #37368]
  [ISC-Bugs #38636]
327

328
329
330
331
332
- Corrected an issue which caused dhclient to incorrectly form the result when
  prepending or appending to the IPv4 domain-search option, received from the
  server, when either of the values being combined contain compressed
  components.
  [ISC-Bugs #20558]
333

334
335
336
337
338
339
340
341
- Added the server-id-check parameter to the server configuration.
  This parameter allows run-time control over whether or not a server,
  participating in failover, verifies the dhcp-server-identifier option in
  DHCP REQUESTs against the server's id before processing the request.
  Formerly, enabling this behavior was done at compilation time through
  the use of the #define, SERVER_ID_CHECK, which has been removed from site.h
  The functionality is now only available through the new runtime parameter.
  [ISC-Bugs #37551]
342

343
344
345
346
347
348
349
350
- During startup, when the server encounters a lease whose binding state is
  FTS_BACKUP but whose pool has no configured failover peer, it will reset the
  lease's binding state to FTS_FREE.  This allows the leases to be reclaimed
  by the server after a pool's configuration has changed from failover to
  standalone. Prior to this such leases would remain stuck in the backup state
  making them unavailable for assignment.  Note this conversion will occur
  whether or not the server is compiled for failover.
  [ISC-Bugs #36960]
351

352
353
354
355
356
357
358
359
- Fixed a small issue in the treatment of hosts in the inform processing
  that could cause the response to an inform to include information from
  the wrong scope.  The two examples we've heard of are getting subnet
  instead of group information associated with a host entry, or getting
  global information instead of subnet if the host entry was built via
  omapi.  Thanks to Julien Soula at University of Lille for finding the
  bug and supplying a patch.
  [ISC-Bugs #35712]
360

361
362
363
364
- Avoid calling pool_timer() recursively from supersede_lease().  This could
  result in leases changing state incorrectly or delaying the running of the
  leae expiration code.
  [ISC-Bugs #38002]
365

366
367
368
369
370
371
372
- Move the check for a PID file and process to be before we rewrite the
  lease file.  This avoids the possibility of starting a second instance
  of a server which changes the current lease file confusing the first
  instance.  This check is only included if the admin hasn't disabled PID
  files.
  [ISC-Bugs #38078]
  [ISC-Bugs #38143]
373

374
375
376
377
- In the client code change the way preferred_life and max_life are printed
  for environment variables to be unsigned rather than signed.
  Thanks to Jiri Popelka at Red Hat for the bug report and patch.
  [ISC-Bugs #37084]
378

379
380
381
382
383
384
385
386
387
- Modified Linux packet handling such that packets received via VLAN are now
  seen only by the VLAN interface. Prior to this, such packets were seen by
  both the VLAN interface and its parent (physical) interface, causing the
  server to respond to both.  Note this remains an issue for non-Linux OSs.
  Thanks to Jiri Popelka at Red Hat for the patch.
  [ISC-Bugs #37415]
  [ISC-Bugs #37133]
  [ISC-Bugs #36668]
  [ISC-Bugs #36652]
388

389
390
391
392
393
394
395
396
397
- Log content has been changed to more directly suggest that admins should
  check for multiple IPv6 clients attempting to use the same DUID when only
  abandoned addresses are available.  Debug level logging will now emit counts
  of the total number of, in-use, and abandoned addresses in a shared subnet
  when the server finds no addresses available for a given DUID.  Lastly,
  threshold logging is now automatically disabled for shared subnets whose
  total number of possible addresses exceeds (2^64)-1.
  [ISC-Bugs #26376]
  [ISC-Bugs #38131]
398

399
400
401
402
403
404
405
406
407
408
- Added a global parameter, prefix-length-mode, which may be used to determine
  how the server uses a non-zero value for prefix-length supplied by clients
  when soliciting DHCPv6 prefixes.  The server supports selection modes of:
  ignore, prefer, exact, minimum and maximum which are described in detail in
  the server man pages.  The prior behavior of the server was to only offer a
  prefix whose length exactly matched the prefix-length value requested. If
  no such prefixes were available, the server returned a status of none
  available.  Note the default mode, "exact", provides this same behavior.
  [ISC-Bugs #36780]
  [ISC-Bugs #32228]
409

410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
- Corrected inconsistencies in dhcrelay's setting the upper interface hop count
  limit such that it now sets it to 32 when the upstream address is a multicast
  address per RFC 3315 Section 20. Prior to this if the -u argument preceded
  the -l argument on the command line or if the same interface was specified
  for both; the logic to set the hop limit count for the upper interface was
  skipped.  This caused the hop count limit to be set to the default value
  (typically 1) in the outbound upstream packets.
  [ISC-Bugs #37426]

- Modify the linux and openwrt dhclient scripts to process information
  from a stateless request.  Thanks to Jiri Popelka at Red Hat for the
  bug report and patch.
  [ISC-Bugs #36102]

- Remove more unused RCSID tags.  These weren't noticed in 4.3 as
  the code isn't used anymore but we remove them here to keep the
  code consistent across versions.
  [ISC-Bugs #36451]

- The server now does a better check to see if it can allocate the memory
  for large blocks of v4 leases and should provide a slightly better error
  message.  Note well: the server pre-allocates v4 addresses, if you use
  a large range, such as a /8, the server will attempt to use a large
  amount of memory and may not start if there either isn't enough memory
434
435
436
  or the size exceeds what the code supports.
  [ISC-Bugs #38637]

437
438
439
440
441
442
443
444
445
446
- The server will now reject unicast Request, Renew, Decline, and Release
  messages from a client unless the server would have sent that client the
  dhcp6.unicast option.  This behavior is in compliance with paragraph 1 in
  each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
  to this, the server would simply accept the messages.  Now, in order for
  the server to accept such a message, the server configuration must include
  the dhcp6.unicast option either globally or within the shared network to
  which the requested lease belongs. In other words, the server will map
  the first IA_XX address found within the client message to a shared-network
  and look for the presence of the unicast option there and then globally.
Thomas Markwalder's avatar
Thomas Markwalder committed
447
448
  Thanks to Jiri Popelka at Red Hat for this issue and his patch which
  inspired the fix.
449
  [ISC-Bugs #21235]
Shawn Routhier's avatar
Shawn Routhier committed
450

451
452
453
454
- The ATF (Automated Testing Framework) tools used for optional unit tests
  can now be built from its embedded sources in bind, solving the
  atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
  The new configuration option is "./configure --with-atf=bind".
455
  [ISC-Bugs #38754, #39300]
456

457
458
459
460
461
462
- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
  On older linuxes that do not include the tpacket_auxdata structure don't
  bother allocating the cmsgbuf as it isn't necessary and we don't have
  a proper length for it.
  [ISC-Bugs #39209]

463
464
465
466
467
468
- Remove the dst directory.  This was replaced in 4.2.0 with the dst
  code from the Bind libraries but we continued to include it for
  backwards compatibility.  As we have now released 4.3.x it seems
  reasonable to remove it.
  [ISC-Buts #39019]

469
- Write out the DUID server id on startup in all cases, previously if it
470
  was read in from server-duid option in the config or lease files for
471
472
473
  DHCPv4 it would not be written to the new lease file.
  [ISC-Bugs #37791]

474
475
476
477
478
479
- When parsing dates for leases convert dates past 2038 to "never".
  This avoids problems with integer overflows in the date and time
  handling code for people that decide to use very large lease times
  or add a lease entry with a date far in the future.
  [ISC-Bugs #33056]

480
481
482
483
- Leave the siaddr field clear when sending a NACK as per RFC 2131
  table 3.
  [ISC-Bugs #38769]

484
485
486
487
488
- In the client don't send expired addresses to the script as part of
  the binding process.  Thanks to Sven Trenkel at Google for reporting
  the issue and suggesting the patch.
  [ISC-Bugs #38631]

489
490
491
492
- While parsing IPv6 addresses treat "add" as part of the address instead
  of as a token.
  [ISC-Bugs #39529]

493
494
495
496
497
498
499
500
- Add support for accessing the v4 lease queues (active, free etc) in a
  binary fashion instead of needing to walk through a linear list to
  insert, find or remove an entry from the queues.  In addition add a
  compile time option "--enable-binary-leases" to enable the new code
  or to continue using the old code.  The old code is the default.
  Thanks to Fernando Soto from BlueCat Networks for the patch.
  [ISC-Bugs #39078]

501
502
503
504
505
- Delayed-ack now works properly with Failover. Prior to this, bind updates
  post startup were being queued but never delivered. Among other things, this
  was causing leases to not transition from expired or released to free.
  [ISC-Bugs #31474]

506
507
508
509
- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
  lease file is corrupt in certain ways.
  [ISC-Bugs #39760]

510
- Corrected a crash in dhclient that occurs during lease renewal if the
511
512
  client is performing its own DNS updates.  Thanks to Jiri Popelka at Red Hat
  for the bug report.
513
514
  [ISC-Bugs #38639]

515
516
517
518
519
- Corrected an issue in v6 lease file parsing. Prior to this, when encountering
  a lease with an address for which no configured pool exists, the server was
  declaring the lease file corrupt and incorrectly skipping over the subsequent
  entry in the file.  The server will now emit a log message indicating that
  no pool was found for the address (or prefix) and correctly resume parsing
520
  with the next entry in the lease file.  Our thanks to Michal Žejdl for
521
  reporting the issue.
522
523
  [ISC-Bugs #39314]

524
525
526
527
528
529
530
531
532
- Be more liberal in finding a subnet group associated with a static
  prefix.  When we added the class matching code for v6 we also added
  a requirement that the static prefix must be within a subnet the
  client was in, in order to find the proper statements.  We now
  look for a subnet based on the prefix, failing that on the static
  address for the client and failing that on the shared network
  itself.
  [ISC-Bugs #38329]

533
534
535
536
537
- Add a new action expression "parse_vendor_options", which can be used
  to parse a vendor-encapsualted-option received by the server based on
  the encoding specified by the vendor-option-space statement.
  [ISC-Bugs #36449]

538
539
540
541
542
- Enhance the PARANOIA patch to include fchown() the lease file to
  allow it to be manipulated after the server does a chown().
  Thanks to Jiri Popelka at Red Hat for the patch.
  [ISC-Bugs #36978]

543
544
545
546
547
548
- Relax the requirement that prefix pools must be within the subnet.
  This was added in as part of #32453 in order to avoid configuration
  mistakes but is being removed as prefixes aren't required to be
  within the same subnet and many people configure them in that fashion.
  [ISC-Bugs #40077]

549
550
- Fixed a server crash that could occur when the server attempts to remove
  the billing class from the last lease billed to a dynamic class after said
551
552
  class has been deleted.  Our thanks to Lasse Pesonen for reporting the
  issue.
553
554
  [ISC-Bugs #39978]

555
556
- LDAP Patches - Numerous small patches submitted by contributors have
  been applied to the contributed code which supplies LDAP support.
557
558
  In addition, two larger submissions have also been included.  The
  first adds support for IPv6 configuration and the second provides
559
560
561
  GSSAPI authentication. We would like to thank the following for their
  contributions (alphabetically):
    Alex Novak at SUSE
562
    Bill Parker (wp02855 at gmail dot com)
563
564
    Jiri Popelka at Red Hat
    Marius Tomaschewski at SUSE
565
    (william at adelaide.edu.au), The University of Adelaide
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
  [ISC-Bugs #39056]
  [ISC-Bugs #22742]
  [ISC-Bugs #24449]
  [ISC-Bugs #28545]
  [ISC-Bugs #29873]
  [ISC-Bugs #30183]
  [ISC-Bugs #30402]
  [ISC-Bugs #32217]
  [ISC-Bugs #32240]
  [ISC-Bugs #33176]
  [ISC-Bugs #33178]
  [ISC-Bugs #36409]
  [ISC-Bugs #36774]
  [ISC-Bugs #37876]

581
- Handle an out of memory condition in the client a bit better.
582
583
  Thanks to Frédéric Perrin from Brocade for finding the issue
  and suggesting a patch.
584
  [ISC-Bugs #39279]
585

586
587
588
589
590
591
- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
  The error occurs on Linux variants that do not support VLAN tag information
  in packet auxiliary data.  The configure script now only enables inclusion
  of the VLAN tag-based logic if it is supported by the underlying OS.
  [ISC-Bugs #38677]

592
- Specifying the option, --disable-debug, on the configure script command line
593
  now disables debug features.  Prior to this, specifying --disable-debug
594
595
  incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
  the issue.
596
  [ISC-Bugs #37780]
597

598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
- Unit test execution now uses a path augmented during configuration
  processing of the --with-atf option to locate ATF runtime tools, atf-run
  and atf-report. For most installations of ATF, this should alleviate the
  need to manually include them in the PATH, as was formerly required.
  If the configure script cannot locate the tools it will emit a warning,
  informing the user that the tools must be in the PATH when running unit
  tests.
  Secondly, please note that "make check" will now exit with a failure status
  code (non-zero) if one or more unit tests fail.  This means that invoking
  "make check" from an upper level directory will cause the make process to
  STOP after the first test subdirectory with failed test(s).  To force all
  tests in all subdirectories to run, regardless of individual test outcome,
  use the command "make -k check".
  [ISC-Bugs #38619]

613
614
- Corrected a static analyzer warning in common/execute.c
  [ISC-Bugs #40374]
615

616
617
618
619
620
621
- ISC DHCP now follows the common convention to use the base name a
  program is invoked with (aka argv[0], vs. a builtin name) for
  logs. This should help differentiate syslog entries for DHCPv4 and
  DHCPv6 servers. You can define OLD_LOG_NAME in includes/site.h to
  keep the previous behavior.
  [ISC-Bugs #38692]
622

623
624
625
626
627
628
- The Linux packet filter code now correctly treats only the least significant
  12 bits in an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
  Prior to this it was using the entire 16 bit value as the VLAN id and
  incorrectly discarding packets.  Thanks to Jiri Popelka at Red Hat for
  reporting this issue and supplying its patch.
  [ISC-Bugs #40591]
629

630
631
632
633
634
635
- Fixed several static analysis issues such as potential null
  references, unchecked strdup returns.  Thanks to Bill Parker (wp02855 at
  gmail dot com) who identified these issues and supplied patches to
  address them.
  [ISC-Bugs #40754]
  [ISC-Bugs #40823]
636

637
638
639
- Corrected compilation errors that prohibited building the server
  and its ATF unit tests when failover is disabled.
  [ISC-Bugs #40372]
640

641
642
643
644
- Added the lease address to the end of the debug level log message
  emitted when an existing lease is renewed within the dhcp-cache-threshold.
  Thanks to Nathan Neulinger at Missouri S&T for suggesting the change.
  [ISC-Bugs #40598]
645

646
647
648
649
650
651
- Added dhcpv6 and delayed-ack to settings listed in the "Features:"
  section of the configure script output.  Additionally, all of the
  features reported on will now always show either a "yes" or "no"
  value.  Prior to this features left to their default setting would
  not show a value.
  [ISC-Bugs #40381]
652

653
654
655
656
657
658
659
660
- Added a parameter, authoring-byte-order, to the lease file. This value
  is automatically added to the top of new lease files by the server and
  indicates the internal byte order (big endian or little endian) of the
  server.  This permits lease files generated on a server with one form of
  byte order to be used on a server with the opposite form. Our thanks to
  Timothe Litt for calling this to our attention and for the suggestions
  he provided.
  [ISC-Bugs #38396]
661

662
663
664
- Fixed a small memory leak in the DHCPv6 version of the client code.
  This is unlikely to cause significant issues in actual use.
  [ISC-Bugs #40990]
665

666
667
668
669
670
- Corrected a few minor memory leaks in omapi's dereferencing of
  host objects. Thanks to Jiri Popelka at Red Hat for reporting
  the issue and supplying the patches.
  [ISC-Bugs #33990]
  [ISC-Bugs #41325]
671

672
673
674
- Cleaned up some of the Make infrastructure to make --with-libbind
  work better.  Though it still only works with an absolute path.
  [ISC-Bugs #39210]
675

676
677
678
679
- Made the embedded bind libraries able to be cross compiled
  (please refer to the bind9 documentation to learn how to cross
   compile DHCP and its bind library dependency).
  [ISC-Bugs #38836]
680

681
682
683
- Update the client code to better support getting IA_NAs and IA_PDs
  in the same packet, see RFC7550 for some discussion.
  [ISC-Bugs #40190]
684

685
686
687
688
689
! Update the bounds checking when receiving a packet.
  Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
  patch.
  [ISC-Bugs #41267]
  CVE: CVE-2015-8605
690

691
692
693
694
695
- When handling an incorrect command line for dhcpd, dhclient or dhcrelay
  print out a specific error message about the first error in addition
  to the usage string.  This may be disabled by editing includes/site.h.
  [ISC-Bugs #40321]
  [ISC-Bugs #41454]
696

697
698
699
700
701
702
- The configure script will now exit with an error message if it cannot find
  a GNU-style make tool (needed when building BIND libraries) or pkg-config
  (needed to locate ATF used for building unit tests). Prior to this the
  script would exit indicating success causing subsequent attempts to build
  the software to fail.
  [ISC-Bugs #40371]
703

704
705
706
707
- Properly terminate strings before passing them to regex and fix
  a boundary error when creating certain new data strings.
  Thanks to Andrey Jr. Melnikov for the bug report.
  [ISC-Bugs #41217]
708

709
710
711
712
713
- Option expressions, such as prepend and append, are now supported when
  running dhclient for IPv6.  Prior to this such statements in the
  client configuration file would be parsed but have no affect.  Thanks
  to Jiri Popelka at Red Hat for reporting the issue.
  [ISC-Bugs #39952]
714

715
716
717
718
719
720
- A failover primary server will now accept a binding status update from the
  secondary which transitions a lease from ACTIVE to ABANDONED. This accounts
  for instances in which a client declines a lease and only the secondary
  server receives it.  Prior to this the primary server would reject such an
  update as an "invalid state transition".
  [ISC_BUGS #25189]
721

722
723
724
- Properly allocate memory for a bpf filter.
  Thanks to Bill Parker (wp02855 at gmail dot com) who identified this issue.
  [ISC-Bugs #41485]
725

726
727
728
729
- Updated contrib/dhcp-lease-list.pl to handle garbage in the oui file better
  and to print out the hostnames a bit better.
  Thanks to Antoine Beaupré from Debian for the suggested patch.
  [ISC-Bugs #41288]
730

731
732
733
734
- The DHCPv6 server now handles long valid and preferred lease times better.
  Values that would cause the internal end time of the lease to wrap are
  modified to work as infinite.
  [ISC-Bugs #40773]
735

736
737
738
- Updated support for cross compiling by allowing the library archiver
  to be set at configure time via the environment variable 'AR'.
  [ISC-Bugs #41536]
739

740
741
742
743
744
- The server will now match DHCPv6 relayed clients to host declarations
  which include the "hardware" statement, if the relay connected to the
  client supplies the client's hardware address via client-linklayer-address
  option as per RFC 6939.
  [ISC-Bugs #40334]
745

746
747
748
749
- Allow a filename to be specified instead of /dev/random during
  configuration.  This is passed to the BIND configuration to allow
  for cross compilation.
  [ISC-Bugs #33835]
750

751
752
- Add more option definitions.
  [ISC-Bugs #40562]
753

754
755
756
- Correct outputting of long lines in the lease file when writing
  a lease that includes long strings in an execute statement.
  [ISC-Bugs #40994]
757

758
759
760
761
762
763
764
- The server will now correctly treat a lease as reserved when the client
  requests an infinite lease time (i.e. OxFFFFFFFF) and "infinite-is-reserved"
  is enabled.  Prior to this the server would halt.  In addition, corrections
  were made to the server to allow a lease's flags field to be set via omapi.
  Prior to this, the server, depending on the host architecture,  would
  incorrectly parse the new flags value from the omapi message.
  [ISC-Bugs #31179]
765

766
767
768
769
- ISC DHCP can now be configured and built from a directory other than
  the top level source directory. Note that "make distcheck" uses this
  feature.
  [ISC-Bugs #39262]
770

771
772
773
774
775
776
- Add support for RFC 3527 to dhcrelay.  A new, dhcrelay command line argument,
  "-U <interface>" enables the addition of a RFC 3527 compliant link selection
  suboption to the agent option added for clients directly connected to the
  relay.
  [ISC-Bugs #34875]
  [ISC-Bugs #41708]
777

778
779
780
781
- Add a new global DHCPv6 option, dhcpv6-set-tee-times, which when enabled
  instructs the server to calculate T1 and T2 as recommended in RFC 3315,
  Section 22.4.
  [ISC-Bugs #25687]
782

783
784
- Corrected minor Coverity issues.
  [ISC-Bugs #35144]
785

786
787
788
789
790
791
792
793
- Add support for RFC 7341 DHCPv4 over DHCPv6 with a new configuration
  option "--enable-dhcpv4o6". Note this feature requires DHCPv6 support
  and is not compatible with delayed-ack. Both client and server use 2
  processes which communicate over UDP on a pair of sockets. The new
  "-4o6 <port>" command line argument enables DHCPv4 over DHCPv6 support
  and specifies the consecutive ports to use for inter-process communication.
  Please look at doc/DHCPv4-over-DHCPv6 for more details.
  [ISC-Bugs #35711]
794

795
796
797
798
799
800
801
- Correct interface name formation when using DLPI under Solaris 11. As of
  Solaris 11, ethernet device files are located in "/dev/net".  The configure
  script has been modified to detect this situation and adjust the directory
  used accordingly. Thanks to Jarkko Torppa for reporting this issue and
  submitting a patch 
  [ISC-Bugs #37954]
  [ISC-Bugs #40752]
802

803
804
805
- Add a dereference call when handling an error condition while
  decoding a packet.
  [ISC-Bugs #41774]
806

807
808
809
810
811
812
- Add a new parameter, lease-id-format, to both dhcpd and dhclient. The
  parameter controls the format in which certain values are written to lease
  files.  Formats supported are octal - quoted string containing octal
  escapes, and hex - unquoted, colon separated hex digits.  Thanks to
  Jay Ford, University of Iowa for bringing the issue to our attention.
  [ISC-Bugs #26378]
813

814
815
816
817
! Add an option in site.h to limit the number of failover and control
  connections the server will accept.  By default this is 200.
  [ISC-Bugs #41845]
  CVE: CVE-2016-2774
818

819
820
- Fixed util/bindvar.sh error handling.
  [ISC-Bugs #41973]
821

822
823
824
- Correct error message in relay to use remote id length instead
  of circuit id length.
  [ISC-Bugs #42556]
825

826
827
828
829
- Add support for including an encapsulated option in a response
  from the DHCPv6 server.  This allows the v6 FQDN option to be
  returned in responses.
  [ISC-Bugs #29246]
830

831
832
833
834
- Add logic to test directory Makefiles to avoid copying Attfile(s)
  when building within the source tree.  This eliminates a noisy but
  otherwise harmless error message when running "make check".
  [ISC-Bugs #41883]
835

836
837
- Leases are now scrubbed of certain prior use information when pool
  re-balancing reassigns them from one FO peer to the other.  This
838
839
840
841
  corrects an issue where leases that were offered but not used
  by the client retained the client hostname from the original
  client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
  for reporting the issue.
842
  [ISC-Bugs #42008]
843

844
845
846
847
- In the LDAP code and schema add some missing '6' characters to use
  the v6 instead of the v4 versions.  Thanks to Denis Taranushin for
  reporting this issue and supplying its patch.
  [ISC-Bugs #42666]
848

849
850
851
852
- Correct how the pick-first-value expression is written to a lease
  file.  Previously it was written as a concat expression due to
  a cut and paste error.
  [ISC-Bugs #42253]
853

854
855
856
- Modify the DDNS code to clean up the PTR record even if there
  are issues while cleaning up the A or AAAA records.
  [ISC-Bugs #23954]
857

858
859
860
- Added global configuration parameter, abandon-lease-time, which determines
  the amount of time a lease remains abandoned.  The default is 84600 seconds.
  Additionaly, the server now conducts a ping check (if ping checks are
861
862
863
  enabled) prior to offering an abandoned lease to client. Our thanks to
  David Zych at University of Illinois for reporting the issue and working
  with us to produce a viable solution.
864
  [ISC-Bugs #41815]
865

866
867
868
869
870
- Correct handling of interface names during interface discovery. This
  addresses an issue where interface names of 15 characters in length
  could lead to crashes or interface recognition errors during startup 
  of dhcpd, dhclient, and dhcrelay.
  [ISC-Bugs #42226]
871

872
- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
873
  The updates are: looking for the lease file in more places and skipping
874
  the "processing complete" output when creating machine readable
875
876
  output.  Thanks to Cameron Paine (cbp at null dot net) for the
  patch.
877
  [ISC-Bugs #42113]
878

879
880
881
882
883
884
- When reusing a lease for dhcp-cache-threshold return the hostname
  to the original lease.  Also if the host pointer, UID or hardware address
  change don't allow reuse of the lease.
  Thanks to Michael Vincent for reporting this and helping us
  verify the problem and fix.
  [ISC-Bugs #42849]
885

886
887
888
- Change dmalloc to use a size_t as the length argument to bring it
  in line with the call it will make to malloc().
  [ISC-Bugs #40843]
889

890
- If the failover socket can't be bound, close it.  Otherwise if the
891
892
893
894
  user configures an incorrect address in the failover stanza the
  server will continue to open new sockets every 90 seconds until
  it runs out.
  [ISC-Bugs #42452]
895

896
897
898
899
- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
  allow interfaces to be upstream or downstream respectively.  Upstream
  interfaces will accept and forward only BOOTP replies, while downstream
  interfaces will accept and forward only BOOTP requests.
900
901
  [ISC-Bugs #41547]

902
903
904
- Clean up some memory references in the vendor-class construct.
  [ISC-Bugs #42984]

905
			Changes since 4.2.0 (new features)
906
907
908
909
910
911
912

- If a client renews before 'dhcp-cache-threshold' percent of its lease
  has elapsed (default 25%), the server will reuse the allocated lease
  (provide a lease within the currently allocated lease-time) rather
  than extend or renew the lease.  This absolves the server of needing
  to perform an fsync() operation on the lease database before reply,
  which improves performance. [ISC-Bugs #22228]
Shawn Routhier's avatar
Shawn Routhier committed
913
  Updated this patch to support asynchronous DDNS.  If the server is
Jeremy C. Reed's avatar
Jeremy C. Reed committed
914
  attempting to do DDNS on a lease it should be updated and written to
915
  disk even if that wouldn't be necessary due to the thresholding.
Shawn Routhier's avatar
Shawn Routhier committed
916
  [ISC-Bugs #26311]
917

918
919
920
921
- The 'no available billing' log line now also logs the name of the last
  matching billing class tried before failing to provide a billing.
  [ISC-Bugs #21759]

922
923
924
925
- A problem with missing get_hw_addr function when --enable-use-sockets
  was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
  that use-sockets feature was not tested on those systems. Client and
  server code no longer use MAX_PATH constant that is not defined on
Shawn Routhier's avatar
Shawn Routhier committed
926
  GNU/Hurd systems. [ISC-Bugs #25979]
927

Shawn Routhier's avatar
Shawn Routhier committed
928
929
930
931
932
933
934
- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
  can parse v4 lease files and output the lease information in a more
  human friendly manner.  This was written by Christian Hammers with
  some updates by vom and ISC.  This is contributed code and is not
  supported by ISC; however it may be useful to some users.
  [ISC-Bugs #20680]

Shawn Routhier's avatar
Shawn Routhier committed
935
- Add support in v6 for on-commit, on-expire and on-release.
936
  [ISC-Bugs #27912]
Shawn Routhier's avatar
Shawn Routhier committed
937

Shawn Routhier's avatar
Shawn Routhier committed
938
939
940
- Add support for using classes with v6.
  [ISC-Bugs #26510]

Shawn Routhier's avatar
Shawn Routhier committed
941
942
943
944
945
946
947
- Update the DDNS code to current standards and allow for sharing
  of DDNS entries between v4 and v6 clients.  The new code is used
  if the ddns-update-style is set to "standard", the older code is
  still available if ddns-update-style is set to "interim".  The
  oldest DDNS code "ad-hoc" has been removed.  Thanks to Thomas Pegeot
  who submitted a patch for this issue.  This patch is based on
  that work with some modifications.
948
  [ISC-Bugs #21139]
Shawn Routhier's avatar
Shawn Routhier committed
949

950
951
952
953
954
955
- Add a configuration option to the server to suppress using fsync().
  Enabling this option will mean that fsync() is never called.  This
  may provide better performance but there is also a risk that a lease
  will not be properly written to the disk after it has been issued
  to a client and before the server stops.  Using this option is
  not recommended.
956
  [ISC-Bugs #34810]
957

958
959
960
961
962
963
964
- Add some logging statements to indicate when the server is ready
  to serve.  One statement is emitted after the server has finished
  reading its files and is about to enter the dispatch loop.
  This is "Server starting service.".
  The second is emitted when a server determines that both it and
  its failover peer are in the normal state.
  This is "failover peer <name>: Both servers normal."
965
  [ISC-Bugs #33208]
966

967
968
969
- Add support for accessing options from v6 relays.  The v6relay
  statement allows the administrator to choose which relay to
  use when searching for an option, see the dhcp-options man page
Shawn Routhier's avatar
Shawn Routhier committed
970
971
  for a description.  The host-identifier option has also been
  updated to support the use of relay options, see the dhcpd.conf
972
973
974
  man page for a description.
  [ISC-Bugs #19598]

975
- When doing DDNS if there isn't an appropriate zone statement attempt
Shawn Routhier's avatar
Shawn Routhier committed
976
  to find a reasonable nameserver via a DNS resolver.  This restores
977
978
979
980
981
982
  some functionality that was lost in the transition to asynchronous
  DDNS.  Due to the lack of security and increase in fragility of the
  system when using this feature we strongly recommend the use of
  appropriate zone statements rather than using this functionality.
  [ISC-Bugs #30461]

983
984
985
986
987
- Add support for specifying the address from which to send
  DDNS updates on the DHCP server.  There are two new options
  "ddns-local-address4" and "ddns-local-address6" that each take
  one instance of their respective address types.
  [ISC-Bugs #34779]
988

Shawn Routhier's avatar
Shawn Routhier committed
989
990
991
992
- Add ignore-client-uids option in the server.  This option causes
  the server to not record a client's uid in its lease.  This
  violates the specification but may also be useful when a client
  can dual boot using different client ids but the same mac address.
Shawn Routhier's avatar
Shawn Routhier committed
993
  Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
Shawn Routhier's avatar
Shawn Routhier committed
994
995
  [ISC-Bugs #32427]
  [ISC-Bugs #35066]
996
997
998
999
1000
1001

- Extend the DHCPINFORM processing to honor the subnet selection option
  and take host declarations into account.
  Thanks to Christof Chen for testing and submitting the patch.
  [ISC-Bugs #35015]

1002
1003
1004
1005
- Extend the hardware expression to look into the lease structure
  for a hardware address if there is no packet.  This allows the
  server to find the hardware address during on-expiry processing.
  [ISC-Bugs #24584]
1006

1007
1008
- Add definitions for some options that have been specified by the IETF.
  [ISC-Bugs #29268]
1009
  [ISC-Bugs #35198]
1010

1011
			Changes since 4.2.0 (bug fixes)
1012

1013
1014
- When using 'ignore client-updates;', the FQDN returned to the client
  is no longer truncated to one octet.
1015

1016
- Cleaned up an unused hardware address variable in nak_lease().
1017

1018
1019
- Manpage entries for the ia-pd and ia-prefix options were updated to
  reflect support for prefix delegation.
1020

1021
- Cleaned up some compiler warnings
1022

1023
1024
1025
1026
1027
1028
- An optimization described in the failover protocol draft is now included,
  which permits a DHCP server operating in communications-interrupted state
  to 'rewind' a lease to the state most recently transmitted to its peer,
  greatly increasing a server's endurance in communications-interrupted.
  This is supported using a new 'rewind state' record on the dhcpd.leases
  entry for each lease.
Shawn Routhier's avatar
Shawn Routhier committed
1029

1030
- Fix the trace code which was broken by the changes to the DDNS code.
1031

1032
1033
- Update the fsync code to work with the changes to the DDNS code.  It now
  uses a timer instead of noticing if there are no more packets to process.
1034

1035
1036
1037
1038
- When constructing the DNS name structure from a text string append
  the root to relative names.  This satisfies a requirement in the DNS
  library that names be absolute instead of relative and prevents DHCP
  from crashing.  [ISC-Bugs #21054]
1039

1040
1041
1042
1043
1044
1045
1046
1047
1048
- "The LDAP Patch" that has been circulating for some time, written by
  Brian Masney and S.Kalyanasundraram and maintained for application to
  the DHCP-4 sources by David Cantrell has been included.  Please be
  advised that these sources were contributed, and do not yet meet the
  high standards we place on production sources we include by default.
  As a result, the LDAP features are only included by using a compile-time
  option which defaults off, and if you enable it you do so under your
  own recognizance.  We will be improving this software over time.
  [ISC-Bugs #17741]
Shawn Routhier's avatar
Shawn Routhier committed
1049

1050
1051
- Prohibit including lease time information in a response to a DHCP INFORM.
  [ISC-Bugs #21092]
Shawn Routhier's avatar
Shawn Routhier committed
1052

1053
1054
1055
1056
! Accept a client id of length 0 while hashing.  Previously the server would
  exit if it attempted to hash a zero length client id, providing attackers
  with a simple denial of service attack.  [ISC-Bugs #21253]
  CERT: VU#541921 - CVE: CVE-2010-2156
Shawn Routhier's avatar
Shawn Routhier committed
1057

1058
- A memory leak in ddns processing was closed.  [ISC-Bugs #21377]
Shawn Routhier's avatar
Shawn Routhier committed
1059

1060
1061
1062
1063
1064
- Modify the exception handling for initial context creation.  Previously
  we would try and clean up before exiting.  This could present problems
  when the cleanup required part of the context that wasn't available.  It
  also didn't do much as we exited afterwards anyway.   Now we simply log
  the error and exit. [ISC-Bugs #21093]
Shawn Routhier's avatar
Shawn Routhier committed
1065

1066
1067
1068
1069
1070
- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
  previously allocated (active) lease to a client that has changed subnets,
  despite being on different shared networks.  Dynamic prefixes specifically
  allocated in shared networks also now are not offered if the client has
  moved.  [ISC-Bugs #21152]
Shawn Routhier's avatar
Shawn Routhier committed
1071

1072
- Add some debugging output for use with the DDNS code. [ISC-Bugs #20916]
Shawn Routhier's avatar
Shawn Routhier committed
1073

1074
1075
- Fix the trace code to handle timing events better and to truncate a file
  before using instead of overwriting it.  [ISC-Bugs #20969]
Shawn Routhier's avatar
Shawn Routhier committed
1076

1077
1078
1079
1080
1081
1082
- Modify the determination of the default TTL to use for DDNS updates.
  The user may still configure the ttl via ddns-ttl.  The default for
  both v4 and v6 is now 1/2 the (preferred) lease time with a limit.  The
  previous defaults (1/2 lease time without a limit for v4 and a default
  value for v6) may be used by defining USE_OLD_DDNS_TTL in site.h
  [ISC-Bugs #21126]
Shawn Routhier's avatar
Shawn Routhier committed
1083

1084
1085
- libisc/libdns is now brought up to version 9.7.1rc1.  This corrects
  three reported flaws in ISC DHCP;
Shawn Routhier's avatar
Shawn Routhier committed
1086

1087
1088
  o DHCP processes (dhcpd, dhclient) fail to start if one of either the
    IPv4 or IPv6 address families is not present.  [ISC-Bugs #21122]
1089

1090
1091
  o Assertion failure when attempting to cancel a previously running DDNS
    update.  [ISC-Bugs #21133]
1092

1093
1094
  o Compilation failure of libisc/libdns due to the use of a flexible
    array member.  [ISC-Bugs #21316]
1095

1096
- Add declaration for variable in debug code in alloc.c.  [ISC-Bugs #21472]
1097

1098
1099
1100
1101
1102
1103
- Documentation cleanup covering multiple tickets
  [ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
  [ISC-Bugs #20263] add text describing some default values
  [ISC-Bugs #20193] single quotes at the start of a line indicate a control
  line to nroff, escape them if we actually want a quote.
  [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
1104

1105
1106
1107
1108
1109
1110
- 'get-host-names true;' now also works even if 'use-host-decl-names true;'
  was also configured.  The nature of this repair also fixes another
  error; the host-name supplied by a client is no longer overridden by a
  reverse lookup of the lease address.  Thanks to a patch from Wilco Baan
  Hofman supplied to us by the Debian package maintenance team.
  [ISC-Bugs #21691] {Debian Bug#509445}
1111

1112
1113
1114
- The .TH tag for the dhcp-options manpage was typo repaired
  thanks to a report from jidanni and the Debian package maintenance
  team.  [ISC-Bugs #21676] {Debian Bug#563613}
1115

1116
1117
1118
1119
- More documentation changes - primarily to put the options in the dhclient
  and dhcpd man pages into the standard form.  Thanks in part to a patch
  from David Cantrell at Red Hat.
  [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
1120

1121
1122
- Add code to clear the pointer to an object in an OMAPI handle when the
  object is freed due to a dereference.  [ISC-Bugs #21306]
Shawn Routhier's avatar
Shawn Routhier committed
1123

1124
1125
1126
- Fixed a bug that leaks host record references onto lease structures,
  causing the server to apply configuration intended for one host to any
  other innocent clients that come along later.  [ISC-Bugs #22018]
Shawn Routhier's avatar
Shawn Routhier committed
1127

1128
1129
1130
1131
1132
1133
1134
- Minor code fixes
  [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
  the name to be at the apex of the zone.
  [ISC-Bugs #19617] Restrict length of interface name read from command line
  in dhcpd - based on a patch from David Cantrell at Red Hat.
  [ISC-Bugs #20039] Correct some error messages in dhcpd.c
  [ISC-Bugs #20070] Better range check on values when creating a DHCID.
1135
  [ISC-Bugs #20198] Avoid writing past the end of the field when adding
1136
1137
1138
1139
1140
  overly long file or server names to a packet and add a log message
  if the configuration supplied overly long names for these fields.
  Thanks to Martin Pala.
  [ISC-Bugs #21497] Add a little more randomness to rng seed in client
  thanks to a patch from Jeremiah Jinno.
Shawn Routhier's avatar
Shawn Routhier committed
1141

1142
- Correct error handling in DLPI [ISC-Bugs #20378]
Shawn Routhier's avatar
Shawn Routhier committed
1143

1144
1145
- Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
  checked in configure.  [ISC-Bugs #20443]
Shawn Routhier's avatar
Shawn Routhier committed
1146

1147
1148
- Modify how the cmsg header is allocated the v6 send and received routines
  to compile on more compilers.  [ISC-Bugs #20524]
Shawn Routhier's avatar
Shawn Routhier committed
1149

1150
1151
- When parsing a domain name free the memory for the name after we are
  done with it.  [ISC-Bugs #20824]
1152

1153
1154
1155
- Add an elapsed time option to the release message and refactor the
  code to move most of the common code to a single routine.
  [ISC-Bugs #21171].
1156

1157
1158
- Two identical log messages for commit_leases() have been disambiguated.
  [ISC-Bugs #18915]
1159

1160
1161
1162
- Parse date strings more properly - the code now handles semi-colons in
  date strings correctly.  Thanks to a patch from Jiri Popelka at Red Hat.
  [ISC-Bugs #21501, #20598]
1163

1164
1165
1166
1167
1168
1169
1170
- Fixes to lease input and output.
  [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
  strftime, paste together the same string using mktime instead.
  [ISC-Bugs #19596] - When parsing iaid values accept printable
  characters.
  [ISC-Bugs #21585] - Always print time values in omshell as hex
  instead of ascii if the values happen to be printable characters.
1171

1172
1173
1174
1175
1176
1177
1178
- Minor changes for scripts, configure.ac and Makefiles
  [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
                    example conf file.  Thanks to a patch from David Cantrell
                    at Red Hat.
  [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
  [ISC-Bugs #19945] Properly close the quote on some arguments.
  [ISC-Bugs #20952] Add 64 bit types to configure.ac
Jeremy C. Reed's avatar
Jeremy C. Reed committed
1179
  [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH environment variable
1180

1181
1182
1183
1184
- Update the code to parse dhcpv6 lease files to accept a semi-colon at
  the end of the max-life and preferred-life clauses.  In order to be
  backwards compatible with older lease files not finding a semi-colon
  is also accepted.  [ISC-Bugs #22303].
1185

1186
1187
! Handle a relay forward message with an unspecified address in the
  link address field.  Previously such a message would cause the
1188
  server to crash.  Thanks to a report from John Gibbins.  [ISC-Bugs #21992]
1189
  CERT: VU#102047 CVE: CVE-2010-3611
1190

1191
1192
1193
- ./configure on longer searches for -lcrypto to explicitly link against.
  This fixes a bug where 'dhclient' would have shared library dependencies
  on '/usr/lib'.  [ISC-Bugs #21967]
1194

1195
1196
1197
1198
1199
- Handle pipe failures more gracefully.  Some OSes pass a SIGPIPE
  signal to a process and will kill the process if the signal isn't
  caught.  This patch adds code to turn off the SIGPIPE signal via
  a setsockopt() call.  The signal is already being ignored as part
  of the ISC library.  [ISC-Bugs #22269]
1200

1201
1202
1203
1204
1205
- Restore printing of values in omshell to the style pre 21585.  For
  21585 we changed the print routines to always display time values
  as a hex list.  This had a side effect of printing all data strings
  as a hex list.  We shall investigate other ways of displaying time
  values more usefully.  [ISC-Bugs #22626]
Shawn Routhier's avatar
Shawn Routhier committed
1206

1207
1208
1209
1210
1211
! Fix the handling of connection requests on the failover port.
  Previously a connection request from a source that wasn't
  listed as a failover peer would cause the server to become
  non-responsive.  Thanks to a report from Brad Bendily, brad@bendily.com.
  [ISC-Bugs #22679]
1212
  CERT: VU#159528 CVE: CVE-2010-3616
1213

1214
1215
1216
- Don't pass the ISC_R_INPROGRESS status to the omapi signal handlers.
  Passing it through to the handlers caused the omshell program to fail
  to connect to the server.  [ISC-Bugs #21839]
1217

Jeremy C. Reed's avatar
Jeremy C. Reed committed
1218
- Fix the parenthesis in the code to process configuration statements
1219
1220
  beginning with "auth".  The previous arrangement caused
  "auto-partner-down" to be processed incorrectly.  [ISC-Bugs #21854]
1221

1222
1223
1224
- Limit the timeout period allowed in the dispatch code to 2^^32-1 seconds.
  Thanks to a report from Jiri Popelka at Red Hat.
  [ISC-Bugs #22033], [Red Hat Bug #628258]
1225

1226
1227
1228
1229
1230
- When processing the format flags for a given option consume the
  flag indicating an optional value correctly.  A symptom of this
  bug was an infinite loop when trying to parse the slp-service-scope
  option.  Thanks to a patch from Marius Tomaschewski.
  [ISC-Bugs #22055]
1231

1232
1233
1234
1235
- Disable the use of kqueue in the ISC library.  This avoids a problem
  between the fork and socket code that caused the dhcpd process to
  use all available cpu if the program daemonized itself.
  [ISC-Bugs #21911]
1236

1237
1238
1239
1240
1241
1242
1243
! When processing a request in the DHCPv6 server code that specifies
  an address that is tagged as abandoned (meaning we received a
  decline request for it previously) don't attempt to move it from
  the inactive to active pool as doing so can result in the server
  crashing on an assert failure.  Also retag the lease as active
  and reset its timeout value.
  [ISC-Bugs #21921]
1244

1245
1246
1247
1248
- Removed the restriction on using IPv6 addresses in IPv4 mode.  This
  allows IPv4 options which contain IPv6 addresses to be specified.  For
  example the 6rd option can be specified and used like this:
  [ISC-Bugs #23039]
1249

1250
1251
1252
	option 6rd code 212 = { integer 8, integer 8,
				ip6-address, array of ip-address };
	option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
Shawn Routhier's avatar