Annotation of embedaddon/dhcp/RELNOTES, revision 1.1
1.1 ! misho 1: Internet Systems Consortium DHCP Distribution
! 2: Version 4.1-ESV-R4
! 3: 29 November 2011
! 4:
! 5: Release Notes
! 6:
! 7: NEW FEATURES
! 8:
! 9: Version 4.1-ESV-R4 is an extended support version (ESV) release.
! 10: ESVs are intended for users who have longer upgrade constraints.
! 11: Please see our web page http://www.isc.org/downloads/extended-support for
! 12: more information on ESVs.
! 13:
! 14: ISC DHCP 4.1.x includes several new DHCPv6 features that were not included
! 15: in DHCP 4.0.x. These include:
! 16:
! 17: - Support for the rapid-commit option on the client side
! 18:
! 19: - Prefix Delegation support
! 20:
! 21: - IA_TA address support
! 22:
! 23: - A basic DHCPv6 relay agent
! 24:
! 25: - Basic and partial DHCPv6 leasequery support
! 26:
! 27: There are a number of DHCPv6 limitations and features missing in this
! 28: release, which will be addressed in the future:
! 29:
! 30: - Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
! 31:
! 32: - Only a single address is supported per IA.
! 33:
! 34: - DHCPv6 includes human-readable text in status code messages. These
! 35: should be configurable, and probably localized via gettext() or the
! 36: like.
! 37:
! 38: - The "host-identifier" option is limited to a simple token.
! 39:
! 40: - The client and server can only operate DHCPv4 or DHCPv6 at a time,
! 41: not both. To use both protocols simultaneously, two instances of the
! 42: relevant daemon are required, one with the '-6' command line option.
! 43:
! 44: For information on how to install, configure and run this software, as
! 45: well as how to find documentation and report bugs, please consult the
! 46: README file.
! 47:
! 48: ISC DHCP uses standard GNU configure for installation. Please review the
! 49: output of "./configure --help" to see what options are available.
! 50:
! 51: The system has only been tested on Linux, FreeBSD, and Solaris, and may not
! 52: work on other platforms. Please report any problems and suggested fixes to
! 53: <dhcp-users@isc.org>.
! 54:
! 55: Changes since 4.1-ESV-R3
! 56:
! 57: - Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
! 58: configuration files. [ISC-Bugs #24107]
! 59:
! 60: ! Add a check for a null pointer before calling the regexec function.
! 61: Without out this check we could, under some circumstances, pass
! 62: a null pointer to the regexec function causing it to segfault.
! 63: Thanks to a report from BlueCat Networks.
! 64: [ISC-Bugs #26704].
! 65: CVE: CVE-2011-4539
! 66:
! 67: Changes since 4.1-ESV-R3b1
! 68:
! 69: - Compilation fix for gcc 4.5 or newer in server/ddns.c
! 70: [ISC-Bugs #24973]
! 71:
! 72: - Strict checks for content of domain-name DHCPv4 option can now be
! 73: configured during compilation time. Even though RFC2132 does not allow
! 74: to store more than one domain in domain-name option, such behavior is
! 75: now enabled by default, but this may change some time in the future.
! 76: See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
! 77: [ISC-Bugs #24167]
! 78:
! 79: ! Two packets were found that cause a server to halt. The code
! 80: has been updated to properly process or reject the packets as
! 81: appropriate. Thanks to David Zych at University of Illinois
! 82: for reporting this issue. [ISC-Bugs #24960]
! 83: One CVE number for each class of packet.
! 84: CVE-2011-2748
! 85: CVE-2011-2749
! 86:
! 87: Changes since 4.1-ESV-R2
! 88:
! 89: - DHCPv6 server now responds properly if client asks for a prefix that
! 90: is already assigned to a different client. [ISC-Bugs #23948]
! 91:
! 92: - Fix the handling of connection requests on the failover port.
! 93: This was a security issue in 4.2.0 but is not in 4.1.x.
! 94: [ISC-Bugs #22679]
! 95:
! 96: - When processing the format flags for a given option consume the
! 97: flag indicating an optional value correctly. A symptom of this
! 98: bug was an infinite loop when trying to parse the slp-service-scope
! 99: option. Thanks to a patch from Marius Tomaschewski.
! 100: [ISC-Bugs #22055]
! 101:
! 102: - Modify the dlpi code to accept getmsg() returning a positive value.
! 103: [ISC-Bugs #22824]
! 104:
! 105: - Removed the restriction on using IPv6 addresses in IPv4 mode. This
! 106: allows IPv4 options which contain IPv6 addresses to be specified. For
! 107: example the 6rd option can be specified and used like this:
! 108: [ISC-Bugs #23039]
! 109:
! 110: option 6rd code 212 = { integer 8, integer 8,
! 111: ip6-address, array of ip-address };
! 112: option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
! 113:
! 114: - Add the option "--no-pid" to the client, relay and server code,
! 115: to disable writing a pid file. Add the option "-pf pidfile"
! 116: to the relay to allow the user to supply the pidfile name at
! 117: runtime. Add the "with-relay6-pid-file" option to configure
! 118: to allow the user to supply the pidfile name for the relay
! 119: in v6 mode at configure time.
! 120: [ISC-Bugs #23351] [ISC-Bugs #17541]
! 121:
! 122: - 'dhclient' no longer waits a random interval after first starting up to
! 123: begin in the INIT state. This conforms to RFC 2131, but elects not to
! 124: implement a 'SHOULD' direction in section 4.1. [ISC-Bugs #19660]
! 125:
! 126: - Added 'initial-delay' parameter that specifies maximum amount of time
! 127: before client goes to the INIT state. The default value is 0. In previous
! 128: versions of the code client could wait up to 5 seconds. The old behavior
! 129: may be restored by using 'initial-delay 5;' in the client config file.
! 130: [ISC-Bugs #19660]
! 131:
! 132: - ICMP ping-check should now sit closer to precisely the number of seconds
! 133: configured (or default 1), due to making use of the new microsecond
! 134: scale timer internally to dhcpd. This corrects a bug where the server
! 135: may immediately timeout an ICMP ping-check if it was made late in the
! 136: current second. [ISC-Bugs #19660]
! 137:
! 138: - The DHCP client will schedule renewal and rebinding events in
! 139: microseconds if the DHCP server provided a lease-time that would result
! 140: in sub-1-second timers. This corrects a bug where a 2-second or lower
! 141: lease-time would cause the DHCP client to enter an infinite loop by
! 142: scheduling renewal at zero seconds. [ISC-Bugs #19660]
! 143:
! 144: - Client lease records are recorded at most once every 15 seconds. This
! 145: keeps the client from filling the lease database disk quickly on very small
! 146: lease times. [ISC-Bugs #19660]
! 147:
! 148: - To defend against RFC 2131 non-compliant DHCP servers which fail to
! 149: advertise a lease-time (either mangled, or zero in value) the DHCP
! 150: client now adds the server to the reject list ACL and returns to INIT
! 151: state to hopefully find an RFC 2131 compliant server (or retry in INIT
! 152: forever). [ISC-Bugs #19660]
! 153:
! 154: - Parameters configured to evaluate from user defined function calls can
! 155: now be correctly written to dhcpd.leases (as on 'on events' or dynamic
! 156: host records inserted via OMAPI). [ISC-Bugs #22266]
! 157:
! 158: - If a 'next-server' parameter is configured in a dynamic host record via
! 159: OMAPI as a domain name, the syntax written to disk is now correctly parsed
! 160: upon restart. [ISC-Bugs #22266]
! 161:
! 162: - The DHCP server now responds to DHCPLEASEQUERY messages from agents using
! 163: IP addresses not covered by a subnet in configuration. Whether or not to
! 164: respond to such an agent is still governed by the 'allow leasequery;'
! 165: configuration parameter, in the case of an agent not covered by a configured
! 166: subnet the root configuration area is examined. Server now also returns
! 167: vendor-class-id option, if client sent it. [ISC-Bugs #21094]
! 168:
! 169: - Documentation fixes
! 170: [ISC-Bugs #17959] add text to AIX section describing how to have it send
! 171: responses to the all-ones address.
! 172: [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
! 173: [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
! 174:
! 175: - Relay no longer crashes, when DHCP packet is received over interface without
! 176: any IPv4 address assigned. [ISC-Bugs #22409]
! 177:
! 178: - Linux Packet Filter interface improvement. sockaddr_pkt structure is used,
! 179: rather than sockaddr. Packet etherType is now forced to ETH_P_IP.
! 180: [ISC-Bugs #18975]
! 181:
! 182: - Minor code cleanups - but note port change for #23196
! 183: [ISC-Bugs #23470] - Modify when an ignore return macro is defined to
! 184: handle unsed error return warnings for more versions of gcc.
! 185: [ISC-Bugs #23196] - Modify the reply handling in the server code to
! 186: send to a specified port rather than to the source port for the incoming
! 187: message. Sending to the source port was test code that should have
! 188: been removed. The previous functionality may be restored by defining
! 189: REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
! 190: enable this except for testing purposes.
! 191: [ISC-Bugs #22695] - Close a file descriptor in an error path.
! 192: [ISC-Bugs #19368] - Tidy up variable types in validate_port.
! 193:
! 194: - Code cleanup
! 195: [ISC-Bugs #13151] remove obsolete PROTO, KandR, INLINE and ANSI_DECL macros
! 196:
! 197: - Compilation problem with gcc4.5 and omshell.c resolved. [ISC-Bugs #23831]
! 198:
! 199: - Client Script fixes
! 200: [ISC-Bugs #23045] Typos in client/scripts/openbsd
! 201: [ISC-Bugs #23565] In the client scripts add a zone id (interface id) if
! 202: the domain search address is link local.
! 203: [ISC-Bugs #1277] In some of the client scripts add code to handle the
! 204: case of the default router information being changed without the address
! 205: being changed.
! 206:
! 207: - Enlarge the buffer size used by the Omshell code and some of the
! 208: print routines to allow for greater than 60 characters or, when
! 209: printing as hex strings, 20 characters. [ISC-Bugs #22743]
! 210:
! 211: - In Solaris 11 switch to using sockets instead of DLPI, thanks
! 212: to a patch form Oracle. [ISC-Bugs #24634].
! 213:
! 214: Changes since 4.1-ESV-R1
! 215:
! 216: ! In dhclient check the data for some string options for
! 217: reasonableness before passing it along to the script that
! 218: interfaces with the OS.
! 219: [ISC-Bugs #23722]
! 220: CVE: CVE-2011-0997
! 221:
! 222: Changes since 4.1-ESV
! 223:
! 224: ! When processing a request in the DHCPv6 server code that specifies
! 225: an address that is tagged as abandoned (meaning we received a
! 226: decline request for it previously) don't attempt to move it from
! 227: the inactive to active pool as doing so can result in the server
! 228: crshing on an assert failure. Also retag the lease as active
! 229: and reset its timeout value.
! 230: [ISC-Bugs #21921]
! 231:
! 232: Changes since 4.1.2
! 233:
! 234: - ./configure on longer searches for -lcrypto to explicitly link against.
! 235: This fixes a bug where 'dhclient' would have shared library dependencies
! 236: on '/usr/lib'. [ISC-Bugs #21967]
! 237:
! 238: - Restore printing of values in omshell to the style pre 21585. For
! 239: 21585 we changed the print routines to always display time values
! 240: as a hex list. This had a side effect of printing all data strings
! 241: as a hex list. We shall investigate other ways of displaying time
! 242: values more usefully. [ISC-Bugs #22626]
! 243:
! 244: Changes since 4.1.2rc1
! 245:
! 246: ! Handle a relay forward message with an unspecified address in the
! 247: link address field. Previously such a message would cause the
! 248: server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992]
! 249: CERT: VU#102047 CVE: CVE-2010-3611
! 250:
! 251: Changes since 4.1.2b1
! 252:
! 253: - Update the code to parse dhcpv6 lease files to accept a semi-colon at
! 254: the end of the max-life and preferred-life clauses. In order to be
! 255: backwards compatible with older lease files not finding a semi-colon
! 256: is also accepted. [ISC-Bugs #22303].
! 257:
! 258: Changes since 4.1.1
! 259:
! 260: - Cleaned up some compiler warnings
! 261:
! 262: - Prohibit including lease time information in a response to a DHCP INFORM
! 263: Bug ticket 21092.
! 264:
! 265: ! Accept a client id of length 0 while hashing. Previously the server would
! 266: exit if it attempted to hash a zero length client id, providing attackers
! 267: with a simple denial of service attack. Bug ticket 21253.
! 268: CERT: VU#541921 - CVE: CVE-2010-2156
! 269:
! 270: - A bug was fixed that could cause the DHCPv6 server to advertise/assign a
! 271: previously allocated (active) lease to a client that has changed subnets,
! 272: despite being on different shared networks. Dynamic prefixes specifically
! 273: allocated in shared networks also now are not offered if the client has
! 274: moved. [ISC-Bugs #21152]
! 275:
! 276: - Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472]
! 277:
! 278: - Documentation cleanup covering multiple tickets
! 279: [ISC-Bugs #20265] [ISC-Bugs #20259] [ISC-Bugs #19536] minor cleanup
! 280: [ISC-Bugs #20263] add text describing some default values
! 281: [ISC-Bugs #20193] single quotes at the start of a line indicate a control
! 282: line to nroff, escape them if we actually want a quote.
! 283: [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
! 284: [ISC-Bugs #20107] clarify description of ia-pd and ia-prefix.
! 285: [ISC-Bugs #20245] clarify editing the failover state in a lease file to put
! 286: a server into the PARTNER-DOWN state.
! 287:
! 288: - 'get-host-names true;' now also works even if 'use-host-decl-names true;'
! 289: was also configured. The nature of this repair also fixes another
! 290: error; the host-name supplied by a client is no longer overridden by a
! 291: reverse lookup of the lease address. Thanks to a patch from Wilco Baan
! 292: Hofman supplied to us by the Debian package maintenance team.
! 293: [ISC-Bugs #21691] {Debian Bug#509445}
! 294:
! 295: - The .TH tag for the dhcp-options manpage was typo repaired
! 296: thanks to a report from jidanni and the Debian package maintenance
! 297: team. [ISC-Bugs #21676] {Debian Bug#563613}
! 298:
! 299: - More documentation changes - primarily to put the options in the dhclient
! 300: and dhcpd man pages into the standard form. Thanks in part to a patch
! 301: from David Cantrell at Red Hat.
! 302: [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
! 303:
! 304: - Minor compilation errors - type mismatches, extra semi-colons after macros
! 305: [ISC-Bugs #20884] [ISC-Bugs #20953] [ISC-Bugs #20955]
! 306:
! 307: - Add code to clear the pointer to an object in an OMAPI handle when the
! 308: object is freed due to a dereference. [ISC-Bugs #21306]
! 309:
! 310: - Fixed a bug that leaks host record references onto lease structures,
! 311: causing the server to apply configuration intended for one host to any
! 312: other innocent clients that come along later. [ISC-Bugs #22018]
! 313:
! 314: - Minor code fixes
! 315: [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
! 316: the name to be at the apex of the zone.
! 317: [ISC-Bugs #19617] Restrict length of interface name read from command line
! 318: in dhcpd - based on a patch from David Cantrell at Red Hat.
! 319: [ISC-Bugs #20039] Correct some error messages in dhcpd.c
! 320: [ISC-Bugs #20070] Better range check on values when creating a DHCID.
! 321: [ISC-Bugs #20198] Avoid writing past the end of the field when adding
! 322: overly long file or server names to a packet and add a log message
! 323: if the configuration supplied overly long names for these fields.
! 324: Thanks to Martin Pala.
! 325: [ISC-Bugs #21497] Add a little more randomness to rng seed in client
! 326: thanks to a patch from Jeremiah Jinno.
! 327:
! 328: - Correct error handling in DLPI [ISC-Bugs #20378]
! 329:
! 330: - Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
! 331: checked in configure. [ISC-Bugs #20443]
! 332:
! 333: - Modify how the cmsg header is allocated the v6 send and received routines
! 334: to compile on more compilers. [ISC-Bugs #20524]
! 335:
! 336: - When parsing a domain name free the memory for the name after we are
! 337: done with it. [ISC-Bugs #20824]
! 338:
! 339: - Add an elapsed time option to the release message and refactor the
! 340: code to move most of the common code to a single routine.
! 341: [ISC-Bugs #21171].
! 342:
! 343: - Parse date strings more properly - the code now handles semi-colons in
! 344: date strings correctly. Thanks to a patch from Jiri Popelka at Red Hat.
! 345: [ISC-Bugs #21501, #20598]
! 346:
! 347: - Fixes to lease input and output.
! 348: [ISC-Bugs #20418] - Some systems don't support the "%s" argument to
! 349: strftime, paste together the same string using mktime instead.
! 350: [ISC-Bugs #19596] - When parsing iaid values accept printable
! 351: characters.
! 352: [ISC-Bugs #21585] - Always print time values in omshell as hex
! 353: instead of ascii if the values happen to be printable characters.
! 354:
! 355: - Minor changes for scripts, configure.ac and Makefiles
! 356: [ISC-Bugs #19147] Use domain-search instead of domain-name in manual and
! 357: example conf file. Thanks to a patch from David Cantrell
! 358: at Red Hat.
! 359: [ISC-Bugs #19761] Restore address when doing a rebind in DHCPv6
! 360: [ISC-Bugs #19945] Properly close the quote on some arguments.
! 361: [ISC-Bugs #20952] Add 64 bit types to configure.ac
! 362: [ISC-Bugs #21308] Add "PATH=" to CLIENT_PATH envrionment variable
! 363:
! 364: ! Handle pipe failures more gracefully. Some OSes pass a SIGPIPE
! 365: signal to a process and will kill the process if the signal isn't
! 366: caught. This patch adds code to turn off the SIGPIPE signal via
! 367: a setsockopt() call and to ignore the SIGPIPE signal in case the
! 368: OS doesn't support the necessary setsockopt() option. This problem
! 369: was found during internal testing when the two servers in a failover
! 370: pair were repeatedly unable to communicate for longer than the
! 371: max-response-delay value. Eventually one of the pair attempted a
! 372: write() call at just the same time as the other server killed the
! 373: connection and caused an uncaught SIGPIPE signal which caused the
! 374: OS to kill the server.
! 375: This is a minor security issue. It is a security issue as it can
! 376: cause a server to stop. It is minor as the attacker would need to
! 377: be able to interrupt traffic between the partners in a failover
! 378: pair for max-response-delay seconds at will - in which case the
! 379: defender has bigger problems than the DHCP server being killed.
! 380: Using the NIST CVSS security vulnerability rating system this
! 381: issue scored 1.2, meaning it is not a major risk for users.
! 382: [ISC-Bugs #22269]
! 383:
! 384: Changes since 4.1.1rc1
! 385:
! 386: - When using 'ignore client-updates;', the FQDN returned to the client
! 387: is no longer truncated to one octet.
! 388:
! 389: Changes since 4.1.1b3
! 390:
! 391: - None.
! 392:
! 393: Changes since 4.1.1b2
! 394:
! 395: - Fix test in dhcp_interface_signal_handler to check that the inner handler
! 396: has a signal_handler before calling it.
! 397:
! 398: - Both host and subnet6 configuration groups are now included whether a
! 399: fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
! 400: precedence. This fixes two bugs, one where host scoped configuration
! 401: would not be included from a non-fixed-address6 host record, and the equal
! 402: and opposite bug where subnet6 scoped configuration would not be used when
! 403: over-riding values were not present in a matching fixed-address6 host
! 404: configuration.
! 405:
! 406: - ./configure now checks to ensure the intX_t and u_intX_t types are defined,
! 407: correcting a compilation failure when using Sun's compiler.
! 408:
! 409: - Modified the handling of a connection to avoid releasing the omapi io
! 410: object for the connection while it is still in use. One symptom from
! 411: this error was a segfault when a failover secondary attempted to connect
! 412: to the failover primary if their clocks were not synchronized.
! 413:
! 414: Changes since 4.1.1b1
! 415:
! 416: - Remove infinite loop in token_print_indent_concat().
! 417:
! 418: - Memory leak in the load_balance_mine() function is fixed. This would
! 419: leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
! 420: and in normal state.
! 421:
! 422: - Various compilation fixes have been included for the memory related
! 423: DEBUG #defines in includes/site.h.
! 424:
! 425: - Fixed Linux client script 'unary operator expected' errors with DHCPv6.
! 426:
! 427: - Fixed setting hostname in Linux hosts that require hostname argument
! 428: to be double-quoted. Also allow server-provided hostname to
! 429: override hostnames 'localhost' and '(none)'.
! 430:
! 431: - Added client support for setting interface MTU and metric, thanks to
! 432: Roy "UberLord" Marples <roy@marples.name>.
! 433:
! 434: - Fixed failover reconnection retry code to continue to retry to reconnect
! 435: rather than restarting the listener.
! 436:
! 437: - Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
! 438: been repaired. Other USE_ overrides should work better.
! 439:
! 440: - A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
! 441: that probably still resulted in the correct behaviour (but wouldn't use
! 442: a larger defined value provided by the host OS).
! 443:
! 444: - Fixed a bug where an OMAPI socket disconnection message would not result
! 445: in scheduling a failover reconnection, if the link had not negotiated a
! 446: failover connect yet (e.g.: connection refused, asynch socket connect()
! 447: timeouts).
! 448:
! 449: - A bug was fixed that caused the 'conflict-done' state to fail to be parsed
! 450: in failover state records.
! 451:
! 452: ! A stack overflow vulnerability was fixed in dhclient that could allow
! 453: remote attackers to execute arbitrary commands as root on the system,
! 454: or simply terminate the client, by providing an over-long subnet-mask
! 455: option. CERT VU#410676 - CVE-2009-0692
! 456:
! 457: - Versions 3.0.x syntax with multiple name->code option definitions is now
! 458: supported. Note that, similarly to 3.0.x, for by-code lookups only the
! 459: last option definition is used.
! 460:
! 461: - Fixed a bug where a time difference of greater than 60 seconds between a
! 462: failover pair could cause the primary to crash on contact with the
! 463: secondary. Thanks to a patch from Steinar Haug.
! 464:
! 465: - Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
! 466: Thanks to patches from Matthew Newton and David Cantrell.
! 467:
! 468: - Secondary servers in a failover pair will now perform ddns removals if
! 469: they had performed ddns updates on a lease that is expiring, or was
! 470: released through the primary. As part of the same fix, stale binding scopes
! 471: will now be removed if a change in identity of a lease's active client is
! 472: detected, rather than simply if a lease is noticed to have expired (which it
! 473: may have expired without a failover server noticing in some situations).
! 474:
! 475: - A patch supplied by David Cantrell at RedHat was applied that detects
! 476: invalid calling parameters given to the ns_name_ntop() function.
! 477: Specifically, it detects if the caller passed a pointer and size pair
! 478: that causes the pointer to integer-wrap past zero.
! 479:
! 480: ! Fixed a fenceposting bug when a client had two host records configured,
! 481: one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
! 482:
! 483: Changes since 4.1.0
! 484:
! 485: - Validate the argument to the -p option.
! 486:
! 487: - The notorious 'option <unknown> ... larger than buffer' log line,
! 488: which is seen in some malformed DHCP client packets, was modified.
! 489: It now logs the universe name, and does not log the length values
! 490: (which are bogus corruption read from the packet anyway). It also
! 491: carries a hopefully more useful explanation.
! 492:
! 493: - A bug was fixed that caused the server not to answer some valid Solicit
! 494: and Request packets, if the dynamic range covering any requested addresses
! 495: had been deleted from configuration.
! 496:
! 497: - Suppress spurious warnings from configure about --datarootdir
! 498:
! 499: - Update the code to deal with GCC 4.3. This included two sets of changes.
! 500: The first is to the configuration files to include the use of
! 501: AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
! 502: were being ignored.
! 503:
! 504: - The db-time-format option was documented in manpages.
! 505:
! 506: - Using reserved leases no longer results in 'lease with binding state
! 507: free not on its queue' error messages, thanks to a patch from Frode
! 508: Nordahl.
! 509:
! 510: - DDNS removal routines were updated so that the DHCID is not removed until
! 511: the client has been deprived of all A and AAAA records (not only the last
! 512: one of either of those). This resolves a bug where dual stack clients
! 513: would not be able to regain their names after either expiration event.
! 514:
! 515: - Fix a build error in dhcrelay, using older versions of gcc with
! 516: dhcpv6 disabled.
! 517:
! 518: - Two uninitialized stack structures are now memset to zero, thanks to
! 519: patch from David Cantrell at Red Hat.
! 520:
! 521: - Fixed a cosmetic bug where pretty-printing valid domain-search options would
! 522: result in an erroneous error log message ('garbage in format string').
! 523:
! 524: - A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
! 525: to stop receiving packets is fixed. The same fix also means that the MAC
! 526: address will no longer appear 'bogus' on DLPI-based systems.
! 527:
! 528: - A bug in select handling was discovered where the results of one select()
! 529: call were discarded, causing the server to process the next select() call
! 530: and use more system calls than required. This has been repaired - the
! 531: sockets will be handled after the first return from select(), resulting in
! 532: fewer system calls.
! 533:
! 534: - The update-conflict-detection feature would leave an FQDN updated without
! 535: a DHCID (still currently implemented as a TXT RR). This would cause later
! 536: expiration or release events to fail to remove the domain name. The feature
! 537: now also inserts the client's up to date DHCID record, so records may safely
! 538: be removed at expiration or release time. Thanks to a patch submitted by
! 539: Christof Chen.
! 540:
! 541: Changes since 4.1.0b1
! 542:
! 543: - A missing "else" in dhcrelay.c could have caused an interface not to
! 544: be recognized.
! 545:
! 546: Changes since 4.1.0a2
! 547:
! 548: - A cosmetic bug in DHCPDECLINE processing was fixed which caused all
! 549: successful DHCPDECLINEs to be logged as "not found" rather than
! 550: "abandoned".
! 551:
! 552: - Added configuration file examples for DHCPv6.
! 553:
! 554: - Some failover debugging #defines have been better defined and some
! 555: high frequency messages moved to a deeper debugging symbol.
! 556:
! 557: - The CLTT parameter in failover is now only updated by client activity,
! 558: and not by failover binding updates (taking on the peer's CLTT).
! 559:
! 560: - Failover BNDUPD messages are now discarded if they conflict with an
! 561: update that has been transmitted, but not acknowledged.
! 562:
! 563: - A bug cleaning up unknown-xxx temporary option definitions was fixed.
! 564:
! 565: - Delayed-ack is now a compile-time option, compiled out by default.
! 566: This feature is simply too experimental for right now, and causes
! 567: some problems to some failover installations. We will revisit this
! 568: in future releases.
! 569:
! 570: - The !inet_pton() call in res_mkupdrec was adjusted to '<= 0' as
! 571: inet_pton returns either 1, 0, or -1.
! 572:
! 573: - A dhclient-script for MacOS X has been included, which enables
! 574: 'dhclient -6' support.
! 575:
! 576: Changes since 4.1.0a1
! 577:
! 578: - Corrected list of failover state values in dhcpd man page.
! 579:
! 580: - Fixed a bug that caused some request types to be logged incorrectly.
! 581:
! 582: - Clients that sent a parameter request list containing the
! 583: routers option before the subnet mask option were receiving
! 584: only the latter. Fixed.
! 585:
! 586: - The server wasn't always sending the FQDN option when it should.
! 587:
! 588: - A partner-down failover server no longer emits 'peer holds all free leases'
! 589: if it is able to newly-allocate one of the peer's leases.
! 590:
! 591: - Fixed a coredump when adding a class via OMAPI.
! 592:
! 593: - Check whether files are zero length before trying to parse them.
! 594:
! 595: - Ari Edelkind's PARANOIA patch has been included and may be compiled in
! 596: via two ./configure parameters, --enable-paranoia and
! 597: --enable-early-chroot.
! 598:
! 599: - ./configure was extended to cover many optional build features, such
! 600: as failover, server tracing, debugging, and the execute() command.
! 601:
! 602: - There is now a default 1/4 of a second scheduled delay between delayed
! 603: fsync()'s, it can be configured by the max-ack-delay configuration
! 604: parameter.
! 605:
! 606: - A bug was fixed where the length of a hostname was miscalculated, so that
! 607: hosts were given odd-looking domain names ("foo.bar.ba.example.com").
! 608:
! 609: - Shared network selection should be done from the innermost relay
! 610: valid link-address field, rather than the outermost.
! 611:
! 612: - Prefix pools are attached to shared network scopes.
! 613:
! 614: - Merged IA_XX related structures.
! 615:
! 616: - Add DHCPv6 files in configure.
! 617:
! 618: - A memory leak when using omapi has been fixed.
! 619:
! 620: - DHCPv6 vendor-class options (VSIO) are now only sent when they appear
! 621: on the DHCPv6 ORO. This resolves a bug where VSIO options were placed
! 622: in IA_NA encapsulated options fields.
! 623:
! 624: - Integrated client with stateless, temporary address and prefix delegation
! 625: support.
! 626:
! 627: - A double-dereference in dhclient transmission of DHCPDECLINEs was
! 628: repaired.
! 629:
! 630: - Fix handling of format code 'Z'.
! 631:
! 632: - Support "-1" argument in DHCPv6.
! 633:
! 634: - Merge DHCPv6-only "dhcrelay6" into general-purpose "dhcrelay" (use
! 635: "-6" option to select DHCPv6 mode).
! 636:
! 637: - Fix handling of -A and -a flags in dhcrelay; it was failing to expand
! 638: packet size as needed to add relay agent options.
! 639:
! 640: - A bug in subnet6 parsing where options contained in subnet6 clauses would
! 641: not be applied to clients addressed within that network was repaired.
! 642:
! 643: - When configuring a "subnet {}" or "subnet6 {}" without an explicit
! 644: shared-network enclosing it, the DHCP software would synthesize a
! 645: shared-network to contain the subnet. However, all configuration
! 646: parameters within the subnet more intuitively belong "to any client
! 647: on that interface", or rather the synthesized shared-network. So,
! 648: when a shared-network is synthesized, it is used to contain the
! 649: configuration present inside the subnet {} clause. This means that
! 650: the configuration will be valid for all clients on that network, not
! 651: just those addressed out of the stated subnet. If you intended the
! 652: opposite, the workaround is to explicitly configure an empty
! 653: shared-network.
! 654:
! 655: - A bug was fixed where Information-Request processing was not sourcing
! 656: configured option values.
! 657:
! 658: - A warning was added since the DHCPv6 processing software does not yet
! 659: support class statements.
! 660:
! 661: - Compliation warnings on GCC 4.3 relating to bootp source address
! 662: selection were repaired.
! 663:
! 664: - The v6 BSD socket method was updated to use a single UDP BSD socket
! 665: no matter how many interfaces are involved, differentiating the
! 666: interfaces the packets were received on by the interface index supplied
! 667: by the OS.
! 668:
! 669: - The relay agent no longer listens to the All DHCP Servers Multicast
! 670: address.
! 671:
! 672: - A bug was fixed in data_string_sprintfa() where va_start was only called
! 673: once for two invocations of vsprintf() variants.
! 674:
! 675: - ERO (RFC 4994) server support.
! 676:
! 677: - Basic and partial DHCPv6 leasequery support.
! 678:
! 679: - Reliable DHCPv6 release (previous behavior, send release and exit, is
! 680: still available with dhclient -6 -1 -r).
! 681:
! 682: Changes since 4.0.0 (new features)
! 683:
! 684: - Added DHCPv6 rapid commit support.
! 685:
! 686: - Added explicit parser support for zero-length DHCP options, such as
! 687: rapid-commit, via format code 'Z'.
! 688:
! 689: - It's now possible to update the "ends" field of a lease with OMAPI.
! 690: This is useful if you want not only to release a lease, but also make
! 691: it available for reuse right away. Hat tip to Christof Chen.
! 692:
! 693: - Fixed definition of the iaaddr hash functions to use the correct
! 694: functions when referencing and dereferencing memory.
! 695:
! 696: - Some definitions not in phase with the IANA registry were updated.
! 697:
! 698: - Allocated interface IDs are better controlled ('u' bit set to zero,
! 699: reserved IDs avoided).
! 700:
! 701: - Unicast options are taken into account only for RENEWs.
! 702:
! 703: - NoAddrsAvail answers to SOLICITs are always ADVERTISEs even when a SOLICIT
! 704: carries a rapid-commit option.
! 705:
! 706: - Return in place of raise an impossible condition when one tries to release
! 707: an empty active lease.
! 708:
! 709: - Timer granularity is now 1/100s in the DHCPv6 client.
! 710:
! 711: - The dhclient-script was updated to create a host route for the default
! 712: gateway if the supplied subnet mask for an IPv4 address was a /32. This
! 713: allows the client to work in 'captive' network environments, where the
! 714: operator does not want clients to crosstalk directly.
! 715:
! 716: - MINUS tokens should be parseable again.
! 717:
! 718: - Multiple (up to "delayed-ack x;" maximum) DHCPv4 packets are now queued and
! 719: released in bursts after single fsync() events when the upper limit is
! 720: reached or if the receiving sockets go dry. The practical upshot is
! 721: that fsync-coupled server performance is now multiplicitively increased.
! 722: The default delayed ack limit is 28. Thanks entirely to a patch from
! 723: Christof Chen.
! 724:
! 725: Changes since 4.0.0 (bug fixes)
! 726:
! 727: - DHCP now builds on AIX.
! 728:
! 729: - Exit with warning when DHCPv6-specific statements are used in the
! 730: config file but -6 is not specified.
! 731:
! 732: - Fixed "--version" flag in dhcrelay
! 733:
! 734: - The 'min-secs' configuration parameter's log message has been updated to
! 735: be more helpful.
! 736:
! 737: - The warning logged when an address range doesn't fit in the subnets
! 738: they were declared has been updated to be more helpful and identify the
! 739: typo in configuration that created the spanning addresses.
! 740:
! 741: - A bug in failover pool rebalancing that caused POOLREQ message ping-pongs
! 742: was repaired.
! 743:
! 744: - A flaw in failover pool rebalancing that could cause POOLREQ messages to
! 745: be sent outside of the min-balance/max-balance scheduled intervals has
! 746: been repaired.
! 747:
! 748: - A cosmetic bug during potential-conflict recovery that caused the peer's
! 749: 'conflict-done' state message to be logged as 'unknown-state' has been
! 750: repaired. It is now logged correctly.
! 751:
! 752: - A bug was fixed where the 'giaddr' may be used to find the client's subnet
! 753: rather than its own 'ciaddr'.
! 754:
! 755: - A log message was introduced to clarify the situation where a failover
! 756: 'address' parameter (the server's local address) did not resolve to an
! 757: IPv4 address.
! 758:
! 759: - The minimum site code value was set to 224 in 3.1.0 to track RFC3942. This
! 760: broke a lot of legacy site local configurations. The new code in place will
! 761: track site local space minimum option codes and logs a warning to encourage
! 762: updates and exploration of site local code migration problems. Option
! 763: codes less than 128 in site local spaces remain inaccessible.
! 764:
! 765: - A possible relay agent option bug was repaired where random server
! 766: initialization state may have been used to signal the relay agent
! 767: information options sub-option code for the 'END' of the option space.
! 768:
! 769: - Fixes to allow code to compile and run on Solaris 9.
! 770:
! 771: - Fixes to allow code to compile on Mac OS X Leopard (10.5).
! 772:
! 773: - When server is configured with options that it overrides, a warning is
! 774: issued when the configuration file is read, rather than at the time the
! 775: option is overridden. This was important, because the warning was given
! 776: every time the option was overridden, which could create a lot of
! 777: unnecessary logging.
! 778:
! 779: - Fixed a compilation problems on platforms that define a value for FDDI,
! 780: which conflicts with a dhcp configuration syntax token by the same name.
! 781:
! 782: - When a failover server suspects it has encountered a peer running a
! 783: version 3.0.x failover server, a warning that the failover wire protocol
! 784: is incompatible is printed.
! 785:
! 786: - The failover server no longer issues a floating point error if it encounters
! 787: a previously undefined option code.
! 788:
! 789: - Fix startup error messages to report a missing "subnet6 declaration", rather
! 790: than a missing "subnet declaration", when running as a DHCPv6 server.
! 791:
! 792: - DHCPv6 client timestamp in DUID was based on the year 1970 rather
! 793: than the year 2000.
! 794:
! 795: - Warn when attempting to use a hardware parameter in DHCPv6.
! 796:
! 797: - DHCPv6 released resources are now marked as released by the client.
! 798:
! 799: - 'Soft' bindings have no more side-effects.
! 800:
! 801: Changes since 4.0.0b3
! 802:
! 803: - The reverse dns name for PTR updates on IPv6 addresses has been fixed to
! 804: use ip6.arpa. rather than default to in-addr.arpa and require user
! 805: configuration.
! 806:
! 807: - dhc6_lease_destroy() and dhc6_ia_destroy() now set lease and IA pointers
! 808: to NULL after freeing, to prevent subsequent accesses to freed memory.
! 809:
! 810: - The DHCPv6 server would not send the preference option unless the
! 811: client requested it, via the ORO. This has been fixed, so the DHCPv6
! 812: server will always send the preference value if it is configured.
! 813:
! 814: - When addresses were passed as hints to the server in an IA, they were
! 815: incorrectly handled, sometimes being treated as an error. Now the
! 816: server will treat these as hints and ignore them if it cannot supply
! 817: a requested address.
! 818:
! 819: - If the client had multiple addresses, and one expired (was not renewed
! 820: by the server), the client would continue to attempt to renew the same
! 821: old address over and over. Now, the client will omit any expired
! 822: addresses from future Confirm, Renew, or Rebind messages.
! 823:
! 824: - dhclient -6 will now select renew/rebind timers based upon the longest
! 825: address expiration time rather than the shortest expiration time, in
! 826: order to avoid cascading renewals in the event a server elects not to
! 827: extend one of multiple IAADDR leases.
! 828:
! 829: - The server now limits clients that request multiple addresses to one
! 830: address per IA by default, which can be adjusted through the
! 831: "limit-addrs-per-ia" configuration option.
! 832:
! 833: - The DHCPv6 client now issues fresh transaction IDs on Renew and Rebind
! 834: message exchanges, rather than using the most recent ID.
! 835:
! 836: - The DHCPv6 server now replies to Information-Request messages.
! 837:
! 838: - A bug was fixed in the dhclient-script for BSDs to correctly carry error
! 839: codes through some conditions.
! 840:
! 841: - The parsing of some options in the dhclient lease file, in particular
! 842: the success DHCPv6 status-code, was fixed.
! 843:
! 844: - A bug was fixed that caused the DHCPv6 ORO option to be corrupted with
! 845: seemingly random values.
! 846:
! 847: - A reference overleak in DHCPv6 shared network processing was repaired.
! 848:
! 849: - ./configure now autodetects local database locations rather than trying
! 850: to put dhcpd.leases and dhclient.leases in /usr/local/var/db, which no
! 851: one ever has.
! 852:
! 853: - Regression fix for bug where server advertised a IPv6 address in
! 854: response to a SOLICIT but would not return the address in response
! 855: to a REQUEST.
! 856:
! 857: - A bug was fixed where the DHCPv6 server puts the NoAddrsAvail status
! 858: code in the IA_NA was fixed. The status code now appears in the root
! 859: level.
! 860:
! 861: Changes since 4.0.0b2
! 862:
! 863: - Clarified error message when lease limit exceeded
! 864:
! 865: - Relative time may now be used as a qualifier for 'allow' and 'deny' access
! 866: control lists. These directives may be used to assist in re-addressing
! 867: address pools without having to constantly reconfigure the server. Please
! 868: see 'man dhcpd.conf' for more information on allow/deny 'after time' syntax.
! 869: Thanks to a patch from Christof Chen.
! 870:
! 871: - The server will now include multiple IA_NA's and multiple IAADDRs within
! 872: them, if advertised by the client. It still only seeks to allocate one
! 873: new address.
! 874:
! 875: Changes since 4.0.0b1
! 876:
! 877: - Use different paths for PID and lease files when running in DHCPv4
! 878: or DHCPv6 mode, so that servers for both protcols can be run
! 879: simultaneously on a single interface.
! 880:
! 881: - Fixed a buffer overflow error which could have allowed a denial
! 882: of service under unusual server configurations
! 883:
! 884: - Eliminated a spurious error message from the client
! 885:
! 886: - A number of bugs with the internal handling of lease state on the
! 887: server have been fixed. Some of these could cause server crashes.
! 888:
! 889: - The peer_wants_leases() changes pulled up from 3.1.0 were corrected,
! 890: 'never used' leases will no longer consistently shift between servers
! 891: on every pool rebalance run.
! 892:
! 893: - sendmsg()/recvmsg() control buffers are now declared in such a way to
! 894: ensure they are correctly aligned on all (esp. 64-bit) architectures.
! 895:
! 896: - The client leasing subsystem was streamlined and corrected to account
! 897: more closely for changes in client link attachment selection.
! 898:
! 899: Changes since 4.0.0a3
! 900:
! 901: - The DHCP server no longer requires a "ddns-update-style" statement,
! 902: and now defaults to "none", which means DNS updates are disabled.
! 903:
! 904: - Log messages when failover peer names mismatch have been improved to
! 905: point out the problem.
! 906:
! 907: - Bug where server advertised a IPv6 address in response to a SOLICIT
! 908: but would not return the address in response to a REQUEST. Thanks to
! 909: Dennis Kou for finding the bug.
! 910:
! 911: - Fixed an error causing the server to lock up on lease expiration,
! 912: reported independently by Jothilingam Vasu and Dennis Kou.
! 913:
! 914: - Fixed a ./configure bug where compile tests were failing due to
! 915: "-Werror" (unused variable) rather than the actual test failure. Lead
! 916: to inconsistent and unworkable auto-configurations.
! 917:
! 918: - Compilation with DLPI and -Werror has been repaired.
! 919:
! 920: - Error in decoding IA_NA option if multiple interfaces are present
! 921: fixed by Marcus Goller.
! 922:
! 923: - DHCPv6 server Confirm message processing has been enhanced - it no
! 924: longer replies only to clients with host {} records, it now replies
! 925: as directed in RFC3315 section 18.2.2 - that is, to all clients
! 926: regardless of the existence of bindings.
! 927:
! 928: - A core dump during expired lease cleanup has been repaired.
! 929:
! 930: - DDNS updates state information are now stored in 'binding scopes' that
! 931: follow the leases through their lifecycles. This enables DDNS teardowns
! 932: on leases that are assigned and expired inbetween a server restart (the
! 933: state is recovered from dhcpd.leases). Arbitrary user-specified binding
! 934: scopes ('set var = "value";') are not yet supported.
! 935:
! 936: - Additional compilation problems on HP/UX have been repaired.
! 937:
! 938: Changes since 4.0.0a2
! 939:
! 940: - Fix for startup where there are no IPv4 addresses on an interface.
! 941: Thanks to Marcus Goller for reporting the bug.
! 942:
! 943: - Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
! 944:
! 945: - Bug in server configuration parser caused server to get stuck on
! 946: startup for certain bad pool declarations. Thanks to Guillaume
! 947: Knispel for the bug report and fix.
! 948:
! 949: - Code cleaned to remove warnings reported by "gcc -Wall".
! 950:
! 951: - DHCPv6 is now the default. You can disable DHCPv6 support using the
! 952: "--disable-dhcpv6" flag when you run the configure script.
! 953:
! 954: - An internal database inconsistency bug was repaired where the server
! 955: would segfault if a client attempted to renew a lease that had been
! 956: loaded from persistent storage.
! 957:
! 958: - 'request' and 'also request' syntaxes have been added to accommodate
! 959: the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
! 960: necessary.
! 961:
! 962: - Bug fixed where configuration file parsing did not work with
! 963: zero-length options; this made it impossible to set the
! 964: rapid-commit option.
! 965:
! 966: - Bogus messages about host records with IPv4 fixed-addresses being of
! 967: non-128-bits in length were removed.
! 968:
! 969: Changes since 4.0.0a1
! 970:
! 971: - Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
! 972: and fix.
! 973:
! 974: - Autoconf now supplies proper flags for Solaris DHCPv6 builds.
! 975:
! 976: - Fix for parsing error on some IPv6 addresses.
! 977:
! 978: - Invalid CIDR representation for IPv6 subnets or ranges now checked
! 979: for when loading configuration.
! 980:
! 981: - Compilation on HP/UX has been repaired. The changes should generally
! 982: apply to any architecture that supplies SIOCGLIFCONF but does not
! 983: use 'struct lifconf' structures to pass values.
! 984:
! 985: - Two new operators, ~= and ~~, have been integrated to implement
! 986: boolean matches by regular expression (such as may be used in
! 987: class matching statements). Thanks to a patch by Alexandr S.
! 988: Agranovsky, which underwent slight modification.
! 989:
! 990: - Fix for icmp packets on 64-bit systems (bug introduced in 4.0).
! 991:
! 992: - A bug was fixed in interface discovery wherein an error identifying
! 993: a server-configured interface with no IPv4 addresses would SEGV.
! 994:
! 995: - Fixed a bug in which write_lease() might report a failure incorrectly
! 996:
! 997: - Added support for DHCPv6 Release messages
! 998:
! 999: - Added -x option to dhclient, which triggers dhclient processes
! 1000: to exit gracefully without releasing leases first
! 1001:
! 1002: - All binaries (client, server, relay) now change directories
! 1003: to / before going into daemon mode, so as not to hold $CWD open
! 1004:
! 1005: - Fixed a bug parsing DHCPv6 client-id's in host-identifier statements
! 1006:
! 1007: - Fixed a bug with the 'ddns-updates' boolean server configuration
! 1008: parameter, which caused the server to fail.
! 1009:
! 1010: Changes since 4.0.0-20070413
! 1011:
! 1012: - Old (expired) leases are now cleaned.
! 1013:
! 1014: - IPv6 subnets now have support for arbitrary allocation ranges via
! 1015: a new 'range6' configuration directive.
! 1016:
! 1017: - An obviated option code hash lookup to find D6O_CLIENTID was removed.
! 1018:
! 1019: - Corrected some situations where variables might be used without being
! 1020: initialized.
! 1021:
! 1022: - Silenced several other compiler warnings.
! 1023:
! 1024: - Include the more standard sys/uio.h rather than rely upon other
! 1025: header files to include it (fixes a BSD 4.2 compile failure).
! 1026:
! 1027: - Duplicate dhclient-script updates for DHCPv6 to all provided scripts.
! 1028:
! 1029: - DHCPv4 I/O methods that failed to sense hardware address were corrected.
! 1030:
! 1031: - DHCPv4 is now the default (as documented) rather than DHCPv6. The default
! 1032: was set to DHCPv6 to facilitate ease early development, and forgotten.
! 1033:
! 1034: - Corrected a segmentation violation in DHCPv4 socket processing.
! 1035:
! 1036: - dhclient will now fork() into the background once it binds to an
! 1037: IPv6 address, or immediately if the -n flag is supplied.
! 1038:
! 1039: - -q is now the default behaviour on dhclient, with -d or -v enabling
! 1040: non-quiet (stderr logging) mode.
! 1041:
! 1042: - Fix documentation of the domain-search atom (quoted, with commas).
! 1043:
! 1044: - Document DHCPv6 options presently in the default table.
! 1045:
! 1046: - Replaced ./configure shellscripting with GNU Autoconf.
! 1047:
! 1048: Changes since 3.1.0 (NEW FEATURES)
! 1049:
! 1050: - DHCPv6 Client and Server protocol support. Use '-6' to run the daemons
! 1051: as v6-only. Use '-4' to run the daemons as v4-only (default. There is
! 1052: no support currently for both.
! 1053:
! 1054: - Server support for multiple IA_NA options, containing at most one
! 1055: IAADDR option.
! 1056:
! 1057: - Client support for one IA_NA option, containing any number of IAADDR
! 1058: options.
! 1059:
! 1060: - Server support for the DHCPv6 Information-request message.
! 1061:
! 1062: - Inappropriate unicast DHCPv6 messages sent to the server are now
! 1063: discarded, and this has rearchitected the IO system slightly.
! 1064:
! 1065: - The DHCPv6 server DUID defaults to type 1, is persistently stored in
! 1066: the leases database, and can be over-ridden (either completely, or by
! 1067: specifying type 1 or type 2).
! 1068:
! 1069: - The server only uses Rapid-Commit if it has been configured with the
! 1070: Rapid-Commit option and the client requests it.
! 1071:
! 1072: - DDNS support. We now update AAAA records in the same place we would
! 1073: update A records, if we have an IPv6 address. We also generate IP6.ARPA
! 1074: style names for PTR records if we're dealing with an IPv6 address. Both
! 1075: A and AAAA updates are done using the same 'fqdn.' virtual option space
! 1076: (although the DHCPv4 FQDN and DHCPv6 FQDN options are formatted
! 1077: differently, they both use the same code here).
! 1078:
! 1079: - The Linux dhclient-script attempts to set and remove assigned addresses,
! 1080: and to configure /etc/resolv.conf from nameserver and domain name
! 1081: configurations. It can be extended to configure other parameters.
! 1082:
! 1083: - Initial DHCPv6 lease support.
! 1084:
! 1085: - The IO system now tracks all local IP addresses, so that the DHCP
! 1086: applications (particularly the dhcrelay) can discern between what frames
! 1087: were transmitted to it, and what frames are being carried through it which
! 1088: it should not intercept.
! 1089:
! 1090: Changes since 3.1.0 (Maintenance)
! 1091:
! 1092: - A bug was repaired where MAC Address Affinity for virgin leases always
! 1093: mapped to the primary. Virgin leases now have an interleaved preference
! 1094: between primary and secondary.
! 1095:
! 1096: - A bug was repaired where MAC Address Affinity for clients with no client
! 1097: identifier was sometimes mishashed to the peer. Load balancing during
! 1098: runtime and pool rebalancing were opposing.
! 1099:
! 1100: - An assertion in lease counting relating to reserved leases was repaired.
! 1101:
! 1102: - The subnet-mask option inclusion now conforms with RFC2132 section 3.3;
! 1103: it will only appear prior to the routers option if it is present on the
! 1104: Parameter-Request-List. The subnet-mask option will also only be
! 1105: included by default (if it is not on the PRL) in response to DISCOVER
! 1106: or REQUEST messages.
! 1107:
! 1108: - The FQDN option is only supplied if the client supplied an FQDN option or
! 1109: if the FQDN option was explicitly requested on the PRL.
! 1110:
! 1111: - Dynamic BOOTP leases are now load balanced in failover.
! 1112:
! 1113: Changes since 3.1.0rc1
! 1114:
! 1115: - The parse warning that 'deny dyanmic bootp;' must be configured for
! 1116: failover protected subnets was removed.
! 1117:
! 1118: Changes since 3.1.0b2
! 1119:
! 1120: - Failover rebalance events no longer play ping pong with round errors
! 1121: (moving leases between free and back to backup where there are an
! 1122: odd number of leases).
! 1123:
! 1124: - The 'pool' log line has been split into two messages, one before the
! 1125: rebalance run, and one after.
! 1126:
! 1127: - Any queued BNDACKs are transmitted before transmitting new BNDUPDs.
! 1128: This enforces the correct sequence of events for the remote server
! 1129: processing these messages.
! 1130:
! 1131: Changes since 3.1.0b1
! 1132:
! 1133: - Fixed a bug that caused OMAPI clients to freeze when opening lease
! 1134: objects.
! 1135:
! 1136: - A new server config option "fqdn-reply" specifies whether the server
! 1137: should send out option 81 (FQDN). Defaults to "on". If set to "off",
! 1138: the FQDN option is not sent, even if the client requested it. This is
! 1139: needed because some clients misbehave otherwise. Thanks to Christof Chen
! 1140: at Allianz.
! 1141:
! 1142: - Allow trace output files (-tf option) to be overwritten, rather than
! 1143: crashing dhcpd if the file already exists
! 1144:
! 1145: - A bug was fixed that caused dhcpd to segfault if a pool was declared
! 1146: outside the scope of a subnet in dhcpd.conf.
! 1147:
! 1148: - Some uninitialized values were repaired in dhcpleasequery.c that
! 1149: caused the server to abort.
! 1150:
! 1151: - A new server config option, 'do-reverse-updates', has been added
! 1152: which causes the server to abstain from performing updates on PTR
! 1153: records. Thanks to a patch from Christof Chen at Allianz.
! 1154:
! 1155: - A bug was repaired in subencapsulation support, where spaces separated
! 1156: by empty spaces would not get included.
! 1157:
! 1158: - A bug in dhclient was repaired which caused it to send parameter request
! 1159: lists of 55 bytes in length no matter how long the declared PRL was.
! 1160:
! 1161: - 'dhcp.c(3953): non-null pointer' has been repaired. This fixes a flaw
! 1162: wherein the DHCPv4 server may ignore a configured server-identifier.
! 1163:
! 1164: - A flaw in failover startup sequences was repaired that sometimes left
! 1165: the primary DHCP server's pool rebalance schedules unscheduled.
! 1166:
! 1167: - Corrected a flaw that broke encapsulated spaces included due to presence
! 1168: on the parameter request list.
! 1169:
! 1170: Changes since 3.1.0a3
! 1171:
! 1172: - Some spelling fixes.
! 1173:
! 1174: Changes since 3.1.0a2
! 1175:
! 1176: - A bug was fixed where attempting to permit leasequeries results in a
! 1177: fatal internal error, "Unable to find server option 49".
! 1178:
! 1179: - A bug was fixed in dhclient rendering the textual output form of the
! 1180: domain-search option syntax.
! 1181:
! 1182: Changes since 3.1.0a1
! 1183:
! 1184: - A bug in the FQDN universe that added FQDN codes to the NWIP universe's
! 1185: hash table was repaired.
! 1186:
! 1187: - The servers now try harder to transmit pending binding updates when
! 1188: entering normal state.
! 1189:
! 1190: - UPDREQ/UPDREQALL handling was optimized - it no longer dequeues and
! 1191: requeues all pending updates. This should reduce the number of spurious
! 1192: 'xid mismatch' log messages.
! 1193:
! 1194: - An option definition referencing leak was fixed, which resulted in early
! 1195: termination of dhclient upon the renewal event.
! 1196:
! 1197: - Some default hash table sizes were tweaked, some upwards, some downwards.
! 1198: 3.1.0a1's tables resulted in a reduction in default server memory use.
! 1199: The new selected values provide more of a zero sum (increasing the size
! 1200: of tables likely to be populated, decreasing the size of tables unlikely).
! 1201:
! 1202: - Lease structures appear in three separate hashes: by IP address, by UID,
! 1203: and by hardware address. One type of table was used for all three, and
! 1204: improvements to IP address hashing were applied to all three (so UID and
! 1205: hardware addresses were treated like 4-byte integers). There are now two
! 1206: types of tables, and the uid/hw hashes use functions more appropriate
! 1207: to their needs.
! 1208:
! 1209: - The max-lease-misbalance percentage no longer causes scheduled rebalance
! 1210: runs to be skipped: it still governs the schedule, but every scheduled
! 1211: run will attempt balance.
! 1212:
! 1213: - A segfault bug in recursive encapsulation support has been corrected.
! 1214:
! 1215: Changes since 3.0 (New Features)
! 1216:
! 1217: - A workaround for certain STSN servers that send a mangled domain-name
! 1218: option was introduced for dhclient. The client will now accept corrupted
! 1219: server responses, if they contain a valid DHCP_MESSAGE_TYPE (OFFER, ACK,
! 1220: or NAK). The server will continue to not accept corrupt client packets.
! 1221:
! 1222: - Support for 'reserved' (pseudo-static) and BOOTP leases via failover
! 1223: was introduced.
! 1224:
! 1225: - Support for adding, removing, and managing class and subclass statements
! 1226: via OMAPI.
! 1227:
! 1228: - The failover implementation was updated to comply with revision 12 of
! 1229: the protocol draft.
! 1230:
! 1231: - 'make install' now creates the initial zero-length dhcpd.leases file if
! 1232: one does not already exist on the system.
! 1233:
! 1234: - RFC3942 compliance, site-local option spaces start at 224 now, not 128.
! 1235:
! 1236: - The Load Balance Algorithm was misimplemented. The current implementation
! 1237: matches RFC 3074.
! 1238:
! 1239: - lcase() and ucase() configuration expressions have been added which adjust
! 1240: their arguments from upper to lower and lower to upper cases respectively.
! 1241: Thanks to a patch from Albert Herranz.
! 1242:
! 1243: - The dhclient 'reject ...;' statement, which rejects leases given by named
! 1244: server-identifiers, now permits address ranges to be specified in CIDR
! 1245: notation. Thanks to a patch from David Boyce.
! 1246:
! 1247: - The subnet-mask option is now supplied by default, but at lowest
! 1248: priority. This helps a small minority of clients that provide parameter
! 1249: request lists, but do not list the subnet-mask option because they were
! 1250: designed to interoperate with a server that behaves in this manner.
! 1251:
! 1252: - The FQDN option is similarly supplied even if it does not appear on the
! 1253: parameter request list, but not to the exclusion of options that do
! 1254: appear at the parameter request list. Up until now it had ultimate
! 1255: priority over the client's parameter request list.
! 1256:
! 1257: - Varying option space code and length bit widths (8/16/32) are now
! 1258: supported. This is a milestone in achieving RFC 3925 "VIVSO" and
! 1259: DHCPv6 support.
! 1260:
! 1261: - A new common (server or client) option, 'db-time-format local;', has
! 1262: been added which prints the local time in /var/db/dhcpd.leases rather
! 1263: than UTC. Thanks to a patch from Ken Lalonde.
! 1264:
! 1265: - Some patches to improve DHCP Server startup speed from Andrew Matheson
! 1266: have been incorporated.
! 1267:
! 1268: - Failover pairs now implement 'MAC Affinity' on leases moving from the
! 1269: active to free states. Leases that belonged to the failover secondary
! 1270: are moved to BACKUP state rather than FREE upon exiting EXPIRED state.
! 1271: If lease rebalancing must move leases, it tries first to move leases
! 1272: that belong to the peer in need.
! 1273:
! 1274: - The server no longer sends POOLREQ messages unless the pool is severely
! 1275: misbalanced in the peer's favor (see 'man dhcpd.conf' for more details).
! 1276:
! 1277: - Pool rebalance events no longer happen upon successfully allocating a
! 1278: lease. Instead, they happen on a schedule. See 'man dhcpd.conf' for the
! 1279: min-balance and max-balance statements for more information.
! 1280:
! 1281: - The DHCP Relay Agent Information Option / Link Selection Sub-Option
! 1282: is now supported. (See RFC3527 for details).
! 1283:
! 1284: - A new DDNS related server option, update-conflict-detection, has been
! 1285: added. If this option is enabled, dhcpd will perform normal DHCID
! 1286: conflict resolution (the default). If this option is disabled, it will
! 1287: instead trust the assigned name implicitly (removing any other bindings
! 1288: on that name). This option has not been made available in dhclient.
! 1289:
! 1290: - In those cases where the DHCP software manufactures an IP header (to
! 1291: transmit via bpf, lpf, etc), the IP TTL the software selects has been
! 1292: increased from 16 to 128. This is intended to match Microsoft Windows
! 1293: DHCP Client behaviour, to increase compatibility.
! 1294:
! 1295: - 'ignore client-updates;' now has behaviour that is different from
! 1296: 'deny client-updates;'. The client's request is not truly ignored,
! 1297: rather it is encouraged. Should this value be configured, the server
! 1298: updates DNS as though client-updates were set to 'deny'. That is, it
! 1299: enters into DNS whatever it is configured to do already, provided it is
! 1300: configured to. Then it sends a response to the client that lets the
! 1301: client believe it is performing client updates (which it will), probably
! 1302: for a different name. In essence, this lets the client do as it will,
! 1303: ignoring this aspect of their request.
! 1304:
! 1305: - Support for compressed 'domain name list' style DHCP option contents, and
! 1306: in particular the domain search option (#119) was added.
! 1307:
! 1308: - The DHCP LEASEQUERY protocol as defined in RFC4388 is now implemented.
! 1309: LEASEQUERY lets you query the DHCP server for information about a lease,
! 1310: using either an IP address, MAC address, or client identifier. Thanks
! 1311: to a patch from Justin Haddad.
! 1312:
! 1313: - DHCPD is now RFC2131 section 4.1 compliant (broadcast to all-ones ip and
! 1314: ethernet mac address) on the SCO platform specifically without any strange
! 1315: ifconfig hacks. Many thanks go to the Kroger Co. for donating the
! 1316: hardware and funding the development.
! 1317:
! 1318: - A new common configuration executable statement, execute(), has been
! 1319: added. This permits dhcpd or dhclient to execute a named external
! 1320: program with command line arguments specified from other configuration
! 1321: language. Thanks to a patch written by Mattias Ronnblom, gotten to us
! 1322: via Robin Breathe.
! 1323:
! 1324: - A new dhcp server option 'adaptive-lease-time-threshold' has been added
! 1325: which causes the server to substantially reduce lease-times if there are
! 1326: few (configured percentage) remaining leases. Thanks to a patch submitted
! 1327: from Christof Chen.
! 1328:
! 1329: - Encapsulated option spaces within encapsulated option spaces is now
! 1330: formally supported.
! 1331:
! 1332: Changes since 3.0.6rc1
! 1333:
! 1334: - supersede_lease() now requeues leases in their respective hardware
! 1335: address hash bucket. This mirrors client identifier behaviour.
! 1336:
! 1337: Changes since 3.0.5
! 1338:
! 1339: - Assorted fixes for broken network devices: Packet length is now
! 1340: determined from the IP header length field to finally calculate the
! 1341: UDP payload length, because some NIC drivers return more data than
! 1342: they actually received.
! 1343:
! 1344: - UDP packets are now stored in aligned data structures.
! 1345:
! 1346: - A logic error in omapi interface code was repaired that might result in
! 1347: incorrectly indicating 'up' state when any flags were set, rather than
! 1348: specifically the INTERFACE_REQUESTED flag. Thanks to a patch from
! 1349: Jochen Voss which got to us via Andrew Pollock at Debian.
! 1350:
! 1351: - A reference leak on binding scopes set by ddns updates was repaired.
! 1352:
! 1353: - A memory leak in the minires_nsendsigned() function call was repaired.
! 1354: Effectively, this leaked ~176 bytes per DDNS update.
! 1355:
! 1356: - In the case where an "L2" DHCP Relay Agent (one that does not set giaddr)
! 1357: was directly attached to the same broadcast domain as the DHCP server,
! 1358: the RFC3046 relay agent information option was not being returned to the
! 1359: relay in the server's replies. This was fixed; the dhcp server no longer
! 1360: requires the giaddr to reply with relay agent information. Note that
! 1361: this also improves compatibility with L2 devices that "intercept" DHCP
! 1362: packets and expect relay agent information even in unicast (renewal)
! 1363: replies. Thanks to a patch from Pekka Silvonen.
! 1364:
! 1365: - A bug was fixed where the BOOTP header 'sname' field had a value, the
! 1366: copy written to persistent storage was actually the contents of the
! 1367: 'file' field.
! 1368:
! 1369: - A bug was fixed where the nwip virtual option space was referencing
! 1370: the fqdn option's virtual option space's option cache.
! 1371:
! 1372: - Timestamp parsing errors that indicated missing "minutes" fields rather
! 1373: than the actually missing "seconds" fields have been repaired thanks to
! 1374: a patch from Kevin Steves.
! 1375:
! 1376: - A grammar error in the dhclient.8 manpage was repaired thanks to a patch
! 1377: from Chris Wagner.
! 1378:
! 1379: - Several spelling typos were repaired, and some cross-references to other
! 1380: relevant documents were included in the manpages, thanks to a patch
! 1381: by Andrew Pollock which got to us via Tomas Pospisek.
! 1382:
! 1383: - Some bugs were fixed in the 'emergency relay agent options hologram'
! 1384: which is used to retain relay agent option contents from when the
! 1385: client was in INIT or REBIND states. This should solve problems where
! 1386: relay agent options were not echoed from the server, even when giaddr
! 1387: was set.
! 1388:
! 1389: - dhclient now closes its descriptor to dhclient.leases prior to executing
! 1390: dhclient-script. Thanks to a patch from Tomas Pospisek.
! 1391:
! 1392: - The server's "by client-id" and "by hardware address" hash table lists
! 1393: are now sorted according to the preference to re-allocate that lease to
! 1394: returning clients. This should eliminate pool starvation problems
! 1395: arising when "INIT" clients were given new leases rather than presently
! 1396: active ones.
! 1397:
! 1398: Changes since 3.0.5rc1
! 1399:
! 1400: - A bug was repaired in fixes to the dhclient, which sought to run the
! 1401: dhclient-script with the 'EXPIRE' state should it receive a NAK in
! 1402: response to a REQUEST. The client now iterates the PREINIT state
! 1403: after the EXPIRE state, so that interfaces that might be configured
! 1404: 'down' can be brought back 'up' and initialized.
! 1405:
! 1406: - DHCPINFORM handling for clients that properly set ciaddr and come to the
! 1407: server via a relay aget has been repaired.
! 1408:
! 1409: Changes since 3.0.4
! 1410:
! 1411: - A warning that host statements declared within subnet or shared-network
! 1412: scopes are actually global has been added.
! 1413:
! 1414: - The default minimum lease time (if min-lease-time was not specified)
! 1415: was raised from 0 to 300. 0 is not thought to be sensible, and is
! 1416: known to be damaging.
! 1417:
! 1418: - Added additional fatal error sanity checks surrounding lease binding
! 1419: state count calculations (free/active counts used for failover pool
! 1420: balancing).
! 1421:
! 1422: - Some time value size fixes in 3.0.4 brought on from FreeBSD /usr/ports were
! 1423: misapplied to server values rather than client values. The server no longer
! 1424: advertises 8-byte lease-time options when on 64-bit platforms.
! 1425:
! 1426: - A bug where leases not in ACTIVE state would get billed to billed classes
! 1427: (classes with lease limitations) was fixed. Non-active leases OFFERed
! 1428: to clients are no longer billed (but billing is checked before offering).
! 1429:
! 1430: - The dhcpd.conf.5 manpage was updated in regard to the ddns-domainname
! 1431: configuration option - the default configuration and results should be
! 1432: more clear now.
! 1433:
! 1434: - If the dhclient were to receive a DHCPNAK while it was in the RENEW
! 1435: state (and consequently, had an active, 'bound' address and related
! 1436: configuration options), it would fail to 'tear down' this information
! 1437: before proceeding into INIT state. dhclient now iterates the dhclient-
! 1438: script with the 'EXPIRE' action to cause these teardowns prior to entering
! 1439: INIT state. Thanks to a patch from Chris Zimmerman.
! 1440:
! 1441: - The omapi.1 manpage had some formatting errors repaired thanks to a patch
! 1442: from Yoshihiko Sarumaru.
! 1443:
! 1444: - A few lines of code that were failover-specific were moved within
! 1445: #if defined() clauses so that compilation without failover could be
! 1446: made possible.
! 1447:
! 1448: - The log message emitted when the 'leased-address' value was not available
! 1449: in dhcpd.conf "executable statements" has been updated to be more helpful.
! 1450: Manpage information for this value has also been updated.
! 1451:
! 1452: - Abandoned or dissociated (err condition) leases now remove any related
! 1453: dynamic dns bindings. Thanks to a patch from Patrick Schoo.
! 1454:
! 1455: - Attempting to write a new lease file to replace a corrupt (due to
! 1456: encountering non-retryable errors during writing) lease file should
! 1457: no longer result in an infinite recursion.
! 1458:
! 1459: - Host declaration hardware addresses and client identifiers may only be
! 1460: configured once. dhcpd will now fail to load config files that specify
! 1461: multiple identifiers (previous versions would silently over-ride the
! 1462: value with the later configured value).
! 1463:
! 1464: - Several option codes that have been allocated since our last release
! 1465: have been named and documented.
! 1466:
! 1467: - Option names of the form "unknown-123" have been removed from the in-
! 1468: memory hash tables. In order to support options of these names that
! 1469: may appear in dhclient.leases or similar in previous versions, the
! 1470: parser will now find the new option code definition, or mock up a
! 1471: generic option code definition. This should result in a smooth
! 1472: transition from one name to the other, as the new name is used to
! 1473: write new output.
! 1474:
! 1475: Changes since 3.0.4rc1
! 1476:
! 1477: - The dhcp-options.5 manpage was updated to correct indentation errors
! 1478: thanks to a patch from Jean Delvare.
! 1479:
! 1480: Changes since 3.0.4b3
! 1481:
! 1482: - Some manual pages were clarified pursuant to discussion on the dhcp-server
! 1483: mailing list.
! 1484:
! 1485: Changes since 3.0.4b2
! 1486:
! 1487: - Null-termination sensing for certain clients that unfortunately require
! 1488: it in DHCPINFORM processing was repaired.
! 1489:
! 1490: - The host-name option and a few others were moved from "X" format to "t"
! 1491: format to be compatible with new NULL handling functions.
! 1492:
! 1493: - DHCPINFORM processing is a little more careful about return addressing
! 1494: its responses, or if responding via a relay. The INFORM related
! 1495: messages also log the 'effective client ip address' rather than the
! 1496: client's supplied ciaddr (since some clients produce null ciaddrs).
! 1497:
! 1498: - The server was inappropriately sending leases to the RESET state in the
! 1499: event that multiple active leases were found to match a singly-identified
! 1500: client. This was changed to RELEASED (by accepting a different, ACTIVE
! 1501: binding, the client is implicitly releasing its lease). This repairs a
! 1502: bug wherein secondary servers in failover pairs detecting this condition
! 1503: move leases to RESET, and primaries refuse to accept that state
! 1504: transition (properly).
! 1505:
! 1506: - The memset-after-dmalloc() changes made in 3.0.4b1 have been backed out.
! 1507:
! 1508: Changes since 3.0.4b1
! 1509:
! 1510: - Command line parsing in omshell was repaired - it no longer closes
! 1511: STDIN after reading one line.
! 1512:
! 1513: - The resolver library no longer closes the /etc/resolv.conf file
! 1514: descriptor it opened twice.
! 1515:
! 1516: - Changes to trailing NULL removal in 't' option-atoms has been rethought,
! 1517: it now includes 'd' (domain name) types, and tries hard not to rewind an
! 1518: option beyond the start of the text field it is un-terminating.
! 1519:
! 1520: Changes since 3.0.3
! 1521:
! 1522: - A DDNS update handling function was misusing the DNS error codes, rather
! 1523: than the internal generic result enumeration. The result is a confusing
! 1524: syslog line, logging the wrong condition.
! 1525:
! 1526: - The DHCP Server was not checking pool balance in the case where it brought
! 1527: a non-ACTIVE lease out of storage for a client that was returning to use
! 1528: a lease it once had long ago, and had since expired.
! 1529:
! 1530: - Failover peers no longer bother to look for free leases to allocate when
! 1531: they already found the client's ACTIVE lease. DISCOVERs are load balanced
! 1532: whether freely-allocated or not, unless the server doubts the peer has
! 1533: leases to allocate.
! 1534:
! 1535: - Fixed a bug in dhcrelay agent addition code that suppressed trailing
! 1536: PAD options - it was suppressing only one trailing PAD option, rather
! 1537: than the entire block of them.
! 1538:
! 1539: ! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
! 1540: option addition and stripping code. Added a few sanity checks. Although
! 1541: highly improbable, due to requiring the reception of a DHCP datagram well
! 1542: in excess of all known to be used physical MTU limitations, it is possible
! 1543: this may have been used in a stack overflow security vulnerability. Thanks
! 1544: to a patch from infamous42md.
! 1545:
! 1546: ! Added some sanity checks to OMAPI connection/authentication code.
! 1547: Although highly improbable, due to having to deliver in excess of 2^32
! 1548: bytes of data via the OMAPI channel, not to mention requiring dhcpd to
! 1549: be able to malloc() a memory region 2^32 bytes in size, it was possible
! 1550: this might have resulted in a heap overflow security vulnerability.
! 1551: Thanks to a patch from infamous42md.
! 1552:
! 1553: - dmalloc() memset()'s the non-debug (data) portion of the allocated
! 1554: memory to zero. Code that memset()'s the result returned by dmalloc() to
! 1555: zero is redundant. These redundancies were removed.
! 1556:
! 1557: - Some type declaration corrections to u_int16_t were made in common/tr.c
! 1558: (Token Ring support) thanks to a patch from Jason Vas Dias at Red Hat.
! 1559:
! 1560: - A failover bug that was allowing leases that EXPIRED or were RELEASED
! 1561: where tsfp and tstp are identical timestamps to languish in these
! 1562: transitional states has been repaired. As a side effect, lease
! 1563: databases should be kept more consistent overall, not just for these
! 1564: transitional states.
! 1565:
! 1566: - If the lease db is deleted out from under the daemon, and it moves to rewrite
! 1567: the db, it will go ahead with the operation and move the new db into place
! 1568: once it detects the old db does not exist.
! 1569:
! 1570: - dhclient now ignores IRDA, SIT, and IEEE1394 network interfaces, as it
! 1571: is either nonsensical or (in the case of IEEE1394) is not known to support
! 1572: these interfaces. Thanks to Marius Gedminas and Andrew Pollock of Debian.
! 1573:
! 1574: - Some previously undocumented reasons for dhclient-script invoking has
! 1575: been documented in the dhclient-script.8 manpage.
! 1576:
! 1577: - Failover potential expiry calculations (TSTP) have been corrected. Results
! 1578: should be substantially more consistent, and proper given the constraints.
! 1579:
! 1580: - Adjusted lease state validation checks in potential-conflict, to
! 1581: account for possible clock skew similarly to normal state, and several
! 1582: previously illegal transitions were made legal (ex: active->released).
! 1583:
! 1584: - An impossible sanity check was removed from omapi/buffer.c, thanks to a
! 1585: patch from 'infamous42md'.
! 1586:
! 1587: - An OMAPI host/network byte order problem in lease time values has been
! 1588: repaired.
! 1589:
! 1590: - Several minor bugs, largely relating to treating 8-byte time values as
! 1591: 4-byte entities, have been repaired after careful review of the FreeBSD
! 1592: ports collection's patch set. Thanks to the nameless entities who have
! 1593: contributed to the FreeBSD ports.
! 1594:
! 1595: - When writing a trace file, the file is now created with permissions 0600,
! 1596: to help administrators avoid accidentally publicising sensitive config
! 1597: data.
! 1598:
! 1599: - The calculation of the maximum size of DHCP packets no longer includes
! 1600: Ethernet framing overhead. The result is that the 'Maximum Message
! 1601: Size' option advertised by clients, or the default value 576, is no
! 1602: longer reduced by 14 bytes, and instead directly reflects the IP level
! 1603: MTU (and the default, minimum allowed IP MTU of 576).
! 1604:
! 1605: - The special status of RELEASED/EXPIRED/RESET leases when a server
! 1606: is operating in partner-down was fixed. It no longer requires a
! 1607: lease be twice the MCLT beyond STOS to 'reallocate', and the expiry
! 1608: event to turn these into FREE leases without peer acknowledgement
! 1609: (after STOS+MCLT) has been repaired.
! 1610:
! 1611: - Compilation on older Solaris systems (lacking /usr/include/sys/int_types.h)
! 1612: has been repaired.
! 1613:
! 1614: - "append"ing a string onto the end of a "t" type option (such as the
! 1615: domain-name field) that had been improperly NULL-terminated by the
! 1616: DHCP server will no longer result in a truncated string containing
! 1617: only the option from the server, and not the expected appended value.
! 1618: Thanks to a patch from Jason Vas Dias at Red Hat.
! 1619:
! 1620: - File handlers on configuration state (config files and lease dbs) should
! 1621: be treated consistently, regardless of whether TRACING is defined or not.
! 1622:
! 1623: - The Linux build environment has had some minor improvements - better
! 1624: sensing of 64-bit pointer sizes (only used for establishing an icmp_id),
! 1625: and corrections to #if operators regarding LINUX_MAJOR should it ever
! 1626: move to 3.[01].x.
! 1627:
! 1628: - The server now tries harder to survive the condition where it is unable
! 1629: to open a new lease file to rewrite the lease state database.
! 1630:
! 1631: Changes since 3.0.3b3
! 1632:
! 1633: - dhclient.conf documentation for interface {} was updated to reflect recent
! 1634: discussion on the dhcp-hackers mailing list.
! 1635:
! 1636: - In response to reports that the software does not compile on GCC 4.0.0,
! 1637: -Werror was removed from Makefile.conf for all platforms that used it.
! 1638: We will address the true problem in a future release; this is a temporary
! 1639: workaround.
! 1640:
! 1641: Changes since 3.0.3b2
! 1642:
! 1643: - An error in code changes introduced in 3.0.3b2 was corrected, which caused
! 1644: static BOOTP clients to receive random addresses.
! 1645:
! 1646: Changes since 3.0.3b1
! 1647:
! 1648: - A bug was fixed in BOOTPREQUEST handling code wherein stale references to
! 1649: host records would be left behind on leases that were not allocated to the
! 1650: client currently booting (eg in the case where the host was denied booting).
! 1651:
! 1652: - The dhcpd.conf.5 manpage was updated to be more clear in regards to
! 1653: multiple host declarations (thanks to Vincent McIntyre). 'Interim' style
! 1654: dynamic updates were also retouched.
! 1655:
! 1656: Changes since 3.0.2
! 1657:
! 1658: - A bug was fixed where a server might load balance a DHCP REQUEST to its
! 1659: peer after already choosing not to load balance the preceding DISCOVER.
! 1660: The peer cannot allocate the originating server's lease.
! 1661:
! 1662: - In the case where a secondary server lost its stable storage while the
! 1663: primary was still in communications-interrupted, and came back online,
! 1664: the lease databases would not be fully transferred to the secondary.
! 1665: This was due to the secondary errantly sending an extra UPDREQ message
! 1666: when the primary made its state transition to PARTNER-DOWN known.
! 1667:
! 1668: - The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
! 1669: lease structures will be 9 bytes smaller on all platforms. Thanks to
! 1670: Jason Vas Dias at Red Hat.
! 1671:
! 1672: - Interface discovery code in DISCOVER_UNCONFIGURED mode is now
! 1673: properly restricted to only detecting broadcast interfaces. Thanks
! 1674: to a patch from Jason Vas Dias at Red Hat.
! 1675:
! 1676: - decode_udp_ip_header was changed so that the IP address was copied out
! 1677: to a variable, rather than referenced by a pointer. This enforces 4-byte
! 1678: alignment of the 32-bit IP address value. Thanks to a patch from Dr.
! 1679: Peter Poeml.
! 1680:
! 1681: - An incorrect log message was corrected thanks to a patch from
! 1682: Dr. Peter Poeml.
! 1683:
! 1684: - A bug in DDNS was repaired, where if the server's first DDNS action was
! 1685: a DDNS removal rather than a DDNS update, the resolver library's
! 1686: retransmit timer and retry timer was set to the default, implying a
! 1687: 15 second timeout interval. Which is a little excessive in a synchronous,
! 1688: single-threaded system. In all cases, ISC DHCP should now hold fast to
! 1689: a 1-second timeout, trying only once.
! 1690:
! 1691: - The siaddr field was being improperly set to the server-identifier when
! 1692: responding to DHCP messages. RFC2131 clarified the siaddr field as
! 1693: meaning the 'next server in the bootstrap process', eg a tftp server.
! 1694: The siaddr field is now left zeroed unless next-server is configured.
! 1695:
! 1696: - mockup_lease() could have returned in an error condition (or in the
! 1697: condition where no fixed-address was found matching the shared
! 1698: network) with stale references to a host record. This is probably not
! 1699: a memory leak since host records generally never die anyway.
! 1700:
! 1701: - A bug was repaired where failover servers would let stale client identifiers
! 1702: persist on leases that were reallocated to new clients not sending an id.
! 1703:
! 1704: - Binding scopes ("set var = value;") are now removed from leases allocated
! 1705: by failover peers if the lease had expired. This should help reduce the
! 1706: number of stale binding scopes on leases.
! 1707:
! 1708: - A small memory leak was closed involving client identifiers larger than
! 1709: 7 bytes, and failover.
! 1710:
! 1711: - Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
! 1712: cause an internal function to overflow heap. Thanks to Jason Vas Dias
! 1713: at Red Hat.
! 1714:
! 1715: - Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
! 1716: or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
! 1717: should work better.
! 1718:
! 1719: - In several cases, parse warnings were being issued before the lexical
! 1720: token had been advanced to the token whose value was causing an error...
! 1721: causing parse warnings to claim the problem is on the wrong token.
! 1722:
! 1723: - Host declarations matching on client identifier for dynamic leases will
! 1724: no longer match fixed-address host declarations (this is now identical
! 1725: to behaviour for host records matching on hardware address).
! 1726:
! 1727: Changes since 3.0.2rc3
! 1728:
! 1729: - A previously undocumented configuration directive, 'local-address',
! 1730: was documented in the dhcpd.conf manpage.
! 1731:
! 1732: Changes since 3.0.2rc2
! 1733:
! 1734: - Two variables introduced in 3.0.2b1 were used without being initialized
! 1735: in the case where neither the FILE nor SNAME fields were available for
! 1736: overloading. This was repaired.
! 1737:
! 1738: - A heretofore believed to be impossible corner case of the option
! 1739: overloading implementation turned out to be possible ("Unable to sort
! 1740: overloaded options after 10 tries."). The implementation was reworked
! 1741: to consider the case of an option so large it would require more than
! 1742: three chunks to fit.
! 1743:
! 1744: - Many other instances of variables being used without being initialized
! 1745: were repaired.
! 1746:
! 1747: - An uninitialized variable in omapi_io_destroy() led to the discovery
! 1748: that this function may result in orphaned pointers (and hence, a memory
! 1749: leak).
! 1750:
! 1751: Changes since 3.0.2rc1
! 1752:
! 1753: - allocate_lease() was rewritten to repair a bug in which the server would
! 1754: try to allocate an ABANDONED lease when FREE leases were available.
! 1755:
! 1756: Changes since 3.0.2b1
! 1757:
! 1758: - Some dhcp-eval.5 manpage formatting was repaired.
! 1759:
! 1760: Changes since 3.0.1
! 1761:
! 1762: - A bug was fixed in the server's 'option overloading' implementation,
! 1763: where options loaded into the 'file' and 'sname' packet fields were
! 1764: not aligned precisely as rfc2131 dictates.
! 1765:
! 1766: - The FreeBSD client script was changed to support the case where a domain
! 1767: name was not provided by the server.
! 1768:
! 1769: - A memory leak in 'omshell' per each command line parsed was
! 1770: repaired, thanks to a patch from Jarkko Torppa.
! 1771:
! 1772: - Log functions writing to stderr were adjusted to use the STDERR_FILENO
! 1773: system definition rather than '2'. This is a no-op for 90% of platforms.
! 1774:
! 1775: - One call to trace_write_packet_iov() counted the number of io vectors
! 1776: incorrectly, causing inconsistent tracefiles. This was fixed.
! 1777:
! 1778: - Some expression parse failure memory leaks were closed.
! 1779:
! 1780: - A host byte order problem in tracefiles was repaired.
! 1781:
! 1782: - Pools configured in DHCPD for failover possessing permission lists that
! 1783: previously were assumed to not include dyanmic bootp clients are now
! 1784: a little more pessimistic. The result is, dhcpd will nag you about just
! 1785: about most pools that possess a 'allow' statement with no 'deny' that
! 1786: would definitely match a dynamic bootp client.
! 1787:
! 1788: - The 'ddns-update-style' configuration warning bit now insists that
! 1789: the configuration be globally scoped.
! 1790:
! 1791: - Two memory leaks in dhclient were closed thanks to a patch from Felix
! 1792: Farkas.
! 1793:
! 1794: - Some minor but excellently pedantic documentation errors were fixed
! 1795: thanks to a patch from Thomas Klausner.
! 1796:
! 1797: - Bugs in operator precedence in executable statements have been repaired
! 1798: once again. More legal syntaxes should be parsed legally.
! 1799:
! 1800: - Failing to initialize a tracefile for any reason if a tracefile was
! 1801: specified is now a fatal error. Thanks to a patch from Albert Herranz.
! 1802:
! 1803: - Corrected a bug in which the number of leases transferred as calculated
! 1804: by the failover primary and sent to peers in POOLRESP responses may be
! 1805: incorrect. This value is not believed to be used by other failover
! 1806: implementations, excepting perhaps as logged information.
! 1807:
! 1808: - Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
! 1809: sending POOLREQ messages instead of POOLRESP mesasges. This message
! 1810: was essentially ignored since failover secondaries effectively do not
! 1811: respond to POOLREQ messages.
! 1812:
! 1813: - Type definitions for various bitwidths of integers in the sunos5-5
! 1814: build of ISC DHCP have been fixed. It should compile and run more
! 1815: easily when built in 64-bit for this platform.
! 1816:
! 1817: - "allow known-clients;" is now a legal syntax, to avoid confusion.
! 1818:
! 1819: - If one dhcp server chooses to 'load balance' a request to its failover
! 1820: peer, it first checks to see if it believes said peer has a free
! 1821: lease to allocate before ignoring the DISCOVER.
! 1822:
! 1823: - log() was logging a work buffer, rather than the value returned by
! 1824: executing the statements configured by the user. In some cases,
! 1825: the work buffer and the intended results were the same. In some other
! 1826: cases, they were not. This was fixed thanks to a patch from Gunnar
! 1827: Fjone and directconnect.no.
! 1828:
! 1829: - Compiler warnings for some string type conversions was fixed, thanks
! 1830: to Andreas Gustafsson.
! 1831:
! 1832: - The netbsd build environments were simplified to one, in which
! 1833: -Wconversion is not used, thanks to Andreas Gustafsson.
! 1834:
! 1835: - How randomness in the backoff-cutoff dhclient configuration variable
! 1836: is implemented was better documented in the manpage, and the behaviour
! 1837: of dhclient in REQUEST timeout handling was changed to match that of
! 1838: DISCOVER timeout handling.
! 1839:
! 1840: - Omapi was hardened against clients that pass in null values, thanks
! 1841: to a patch from Mark Jason Dominus.
! 1842:
! 1843: - A bug was fixed in dhclient that kept it from doing client-side
! 1844: ddns updates. Thanks to a patch from Andreas Gustafsson, which
! 1845: underwent some modification after review by Jason Vas Dias.
! 1846:
! 1847: - Failover implementations disconnected due to the network between
! 1848: them (rather than one of the two shutting down) will now try to
! 1849: re-establish the failover connection every 5 seconds, rather than
! 1850: to simply try once and give up until one of them is restarted.
! 1851: Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
! 1852: by Greger V. Teigre which led to an enhancement to it.
! 1853:
! 1854: - A problem that kept DHCP Failover secondaries from tearing down
! 1855: ddns records was repaired. Thanks to a patch from Ulf Ekberg from
! 1856: Infoblox.
! 1857:
! 1858: - 64bit pointer sizes are detected properly on FreeBSD now.
! 1859:
! 1860: - A bug was repaired where the DHCP server would leave stale references
! 1861: to host records on leases it once thought about offering to certain
! 1862: clients. The result would be to apply host and 'known' scopes to the
! 1863: wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
! 1864: that was being circulated as a workaround is not the way this bug was
! 1865: fixed. If you were a victim of this bug in 3.0.1, you are cautioned
! 1866: to proceed carefully and see if it fixes your problem.
! 1867:
! 1868: - A bug was repaired in the server's DHCPINFORM handling, where it
! 1869: tried to divine the client's address from the source packet and
! 1870: would get it wrong. Thanks to Anshuman Singh Rawat.
! 1871:
! 1872: - A log message was introduced to help illuminate the case where the
! 1873: server was unable to find a lease to assign to any BOOTP client.
! 1874: Thanks to Daniel Baker.
! 1875:
! 1876: - A minor dhcpd.conf.5 manpage error was fixed.
! 1877:
! 1878: Changes since 3.0.1rc14
! 1879:
! 1880: - The global variable 'cur_time' was centralized and is now uniformly of a
! 1881: type #defined in system-dependent headers. It had previously been defined
! 1882: in one of many places as a 32-bit value, and this causes mayhem on 64-bit
! 1883: big endian systems. It probably wasn't too healthy on little endian
! 1884: systems either.
! 1885:
! 1886: - A printf format string error introduced in rc14 was repaired.
! 1887:
! 1888: - AIX system-dependent header file was altered to only define NO_SNPRINTF
! 1889: if the condition used to #ifdef in vsnprintf in AIX' header files
! 1890: is false.
! 1891:
! 1892: - The Alpha/OSF system-dependent header file was altered to define
! 1893: NO_SNPRINTF on OS revisions older than 4.0G.
! 1894:
! 1895: - omapip/test.c had string.h added to its includes.
! 1896:
! 1897: Changes since 3.0.1rc13
! 1898:
! 1899: ! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
! 1900: in logging messages with excessively long hostnames provided by the
! 1901: clients. It is highly probable that these could have been used by
! 1902: attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
! 1903: release candidates 12 or 13. Special thanks to Gregory Duchemin for
! 1904: both finding and solving the problem.
! 1905:
! 1906: ! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
! 1907: in log_*() functions was evidenced, on some specific platforms where
! 1908: vsnprintf() was not believed to be available and calls were wrapped to
! 1909: sprintf() instead. Again, credit goes to Gregory Duchemin for finding
! 1910: the problem. Calls to snprintf() are now linked to a distribution-local
! 1911: snprintf implementation, only in those cases where the architecture is
! 1912: not known to provide one (see includes/cf/[arch].h). If you experience
! 1913: linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
! 1914: is where to look. This vulnerability did not exist in any previously
! 1915: published version of ISC DHCP.
! 1916:
! 1917: - Compilation on hpux 11.11 was repaired.
! 1918:
! 1919: - 'The cross-compile bug fix' was backed out.
! 1920:
! 1921: Changes since 3.0.1rc12
! 1922:
! 1923: - Fixed a bug in omapi lease lookup function, to form the hardware
! 1924: address for the hash lookup correctly, thanks to a patch from
! 1925: Richard Hirst.
! 1926:
! 1927: - Fixed a bug where dhcrelay was sending relayed responses back to the
! 1928: broadcast address, but with the source's unicast mac address. Should
! 1929: now conform to rfc2131 section 4.1.
! 1930:
! 1931: - Cross-compile bug fix; use $(AR) instead of ar. Thanks to Morten Brorup.
! 1932:
! 1933: - Fixed a crash bug in dhclient where dhcpd servers that do not provide
! 1934: renewal times results in an FPE. As a side effect, dhclient can now
! 1935: properly handle 0xFFFFFFFF (-1) expiry times supplied by servers. Thanks
! 1936: to a patch from Burt Silverman.
! 1937:
! 1938: - The 'ping timeout' debugs from rc12 were removed to -DDEBUG only,
! 1939: and reformatted to correct a compilation error on Solaris platforms.
! 1940:
! 1941: - A patch was applied which fixes a case where leases read from the
! 1942: leases database do not properly over-ride previously read leases.
! 1943:
! 1944: - dhcpctl.3 manpage was tweaked.
! 1945:
! 1946: Changes since 3.0.1rc11
! 1947:
! 1948: - A patch from Steve Campbell was applied with minor modifications to
! 1949: permit reverse dns PTR record updates with values containing spaces.
! 1950:
! 1951: - A patch from Florian Lohoff was applied with some modifications to
! 1952: dhcrelay. It now discards packets whose hop count exceeds 10 by default,
! 1953: and a command-line option (-c) can be used to set this threshold.
! 1954:
! 1955: - A failover bug relating to identifying peers by name length instead of
! 1956: by name was fixed.
! 1957:
! 1958: - Declaring failover configs within shared-network statements should no
! 1959: longer result in error.
! 1960:
! 1961: - The -nw command line option to dhclient now works.
! 1962:
! 1963: - Thanks to a patch from Michael Richardson:
! 1964: - Some problems with long option processing have been fixed.
! 1965: - Some fixes to minires so that updates of KEY records will work.
! 1966:
! 1967: - contrib/ms2isc was updated by Shu-Min Chang of the Intel Corporation.
! 1968: see contrib/ms2isc/readme.txt for revision notes.
! 1969:
! 1970: - Dhclient no longer uses shell commands to kill another instance of
! 1971: itself, it sends the signal directly. Thanks to a patch from Martin
! 1972: Blapp.
! 1973:
! 1974: - The FreeBSD dhclient-script was changed so that a failure to write to
! 1975: /etc/resolv.conf does not prematurely end the script. This keeps dhclient
! 1976: from looping infinitely when this is the case. Thanks to a patch from
! 1977: Martin Blapp.
! 1978:
! 1979: - A patch from Bill Stephens was applied which resolves a problem with lease
! 1980: expiry times in failover configurations.
! 1981:
! 1982: - A memory leak in configuration parsing was closed thanks to a patch from
! 1983: Steve G.
! 1984:
! 1985: - The function which discovers interfaces will now skip non-broadcast or
! 1986: point-to-point interfaces, thanks to a patch from David Brownlee.
! 1987:
! 1988: - Options not yet known by the dhcpd or dhclient have had their names
! 1989: changed such that they do not contain # symbols, in case they should ever
! 1990: appear in a lease file. An option that might have been named "#144" is
! 1991: now "unknown-144".
! 1992:
! 1993: - Another patch from Bill Stephens which allows the ping-check timeout to
! 1994: be configured as 'ping-timeout'. Defaults to 1.
! 1995:
! 1996: Changes since 3.0.1rc10
! 1997:
! 1998: - Potential buffer overflows in minires repaired.
! 1999:
! 2000: - A change to the linux client script to use /bin/bash, since /bin/sh may
! 2001: not be bash.
! 2002:
! 2003: - Some missing va_end cleanups thanks to a patch from Thomas Klausner.
! 2004:
! 2005: - A correction of boolean parsing syntax validation - some illegal syntaxes
! 2006: that worked before are now detected and produce errs, some legal syntaxes
! 2007: that errored before will now work properly.
! 2008:
! 2009: - Some search-and-replace errors that caused some options to change their
! 2010: names was repaired.
! 2011:
! 2012: - Shu-min Chang of the Intel corporation has contributed a perl script and
! 2013: module that converts the MS NT4 DHCP configuration to a ISC DHCP3
! 2014: configuration file.
! 2015:
! 2016: - Applied the remainder of the dhcpctl memory leak patch provided by Bill
! 2017: Squier at ReefEdge, Inc. (groo@reefedge.com).
! 2018:
! 2019: - Missing non-optional failover peer configurations will now result in a soft
! 2020: error rather than a null dereference.
! 2021:
! 2022: Changes since 3.0.1rc9
! 2023:
! 2024: - A format string was corrected to fix compiler warnings.
! 2025:
! 2026: - A number of spelling corrections were made in the man pages.
! 2027:
! 2028: - The dhclient.conf.5 man page was changed to refer to do-forward-updates
! 2029: rather than a configuration option that doesn't exist.
! 2030:
! 2031: - A FreeBSD-specific bug in the interface removal handling was fixed.
! 2032:
! 2033: - A Linux-specific Token Ring detection problem was fixed.
! 2034:
! 2035: - Hashes removed from as-yet-unknown agent options, having those options
! 2036: appear in reality before we know about them will no longer produce
! 2037: self-corrupting lease databases.
! 2038:
! 2039: - dhclient will use the proper port numbers now when using the -g option.
! 2040:
! 2041: - A order-of-operations bug with 2 match clauses in 1 class statement is
! 2042: fixed thanks to a patch from Andrew Matheson.
! 2043:
! 2044: - Compilation problems on Solaris were fixed.
! 2045:
! 2046: - Compilation problems when built with DEBUG or DEBUG_PACKET were repaired.
! 2047:
! 2048: - A fix to the dhcp ack process which makes certain group options will be
! 2049: included in the first DHCPOFFER message was made thanks to a patch from
! 2050: Ling Gou.
! 2051:
! 2052: - A few memory leaks were repaired thanks to patches from Bill Squier at
! 2053: ReefEdge, Inc. (groo@reefedge.com).
! 2054:
! 2055: - A fix for shared-networks that sometimes give clients options for the
! 2056: wrong subnets (in particular, 'option routers') was applied, thanks to
! 2057: Ted Lemon for the patch.
! 2058:
! 2059: - Omshell's handling of dotted octets as values was changed such that dots
! 2060: one after the other produce zero values in the integer string.
! 2061:
! 2062: Changes since 3.0.1rc8
! 2063:
! 2064: - Fix a format string vulnerability in the server that could lead to a
! 2065: remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).
! 2066:
! 2067: - Add additional support for NetBSD/sparc64.
! 2068:
! 2069: - Fix a bug in the command-line parsing of the client. Also, resolve
! 2070: a memory leak.
! 2071:
! 2072: - Add better support for shells other than bash in the Linux client
! 2073: script.
! 2074:
! 2075: - Various build fixes for modern versions of FreeBSD and Linux.
! 2076:
! 2077: - Fix a bad bounds check when printing binding state names.
! 2078:
! 2079: - Clarify documentation about fixed-address and multiple addresses.
! 2080:
! 2081: - Fix a typo in the authoritative error message.
! 2082:
! 2083: - Make a log entry when we can't write a billing class.
! 2084:
! 2085: - Use conversion targets that are the right size on all architectures.
! 2086:
! 2087: - Increment the hop count when relaying.
! 2088:
! 2089: - Log a message when lease state is changed through OMAPI.
! 2090:
! 2091: - Don't rerun the shared_network when evaluating the pool.
! 2092:
! 2093: - Fix a reversed test in the parser.
! 2094:
! 2095: - Change the type of rbuf_max.
! 2096:
! 2097: - Make FTS_LAST a manifest constant to quiet warnings.
! 2098:
! 2099: Changes since 3.0.1rc7
! 2100:
! 2101: - Fix two compiler warnings that are generated when compiling on Solaris
! 2102: with gcc. These stop the build, even though they weren't actually
! 2103: errors, because we prefer that our builds generate no warnings.
! 2104:
! 2105: Changes since 3.0.1rc6
! 2106:
! 2107: - Don't allow a lease that's in the EXPIRED, RELEASED or RESET state
! 2108: to be renewed.
! 2109:
! 2110: - Implement lease stealing for cases where the primary has fewer leases
! 2111: than the secondary, as called for by the standard.
! 2112:
! 2113: - Add a fudge factor to the lease expiry acceptance code, (suggested
! 2114: by Kevin Miller of CMU).
! 2115:
! 2116: - Fix a bug in permit_list_match that made it much too willing to say
! 2117: that two permit lists matched.
! 2118:
! 2119: - Unless DEBUG_DNS_UPDATES is defined, print more user-friendly (and
! 2120: also more compact) messages about DNS updates.
! 2121:
! 2122: - Fix a bug in generating wire-format domain names for the FQDN option.
! 2123:
! 2124: - Fix a bug where the FQDN option would not be returned if the client
! 2125: requested it, contrary to the standard.
! 2126:
! 2127: - On Darwin, use the FreeBSD DHCP client script.
! 2128:
! 2129: - On NetBSD/sparc, don't check for casting warnings.
! 2130:
! 2131: - Add a flag in the DHCP client to disable updating the client's A
! 2132: record when sending an FQDN option indicating that the client is
! 2133: going to update its A record.
! 2134:
! 2135: - In the client, don't attempt a DNS update until one second after
! 2136: configuring the new IP address, and if the update times out, keep
! 2137: trying until a response, positive or negative, is received from the
! 2138: DNS server.
! 2139:
! 2140: - Fix an uninitialized memory bug in the DHCP client.
! 2141:
! 2142: - Apply some FreeBSD-specific bug fixes suggested by Murray Stokely.
! 2143:
! 2144: - Fix a bug in ns_parserr(), where it was returning the wrong sort
! 2145: of result code in some cases (suggested by Ben Harris of the
! 2146: NetBSD project).
! 2147:
! 2148: - Fix a bug in is_identifier(), where it was checking against EOF
! 2149: instead of the END_OF_FILE token (also suggested by Ben Harris).
! 2150:
! 2151: - Fix a bug where if an option universe contained no options, the
! 2152: DHCP server could dump core (Walter Steiner).
! 2153:
! 2154: - Fix a bug in the handling of encapsulated options.
! 2155:
! 2156: - Fix a bug that prevented NWIP suboptions from being processed.
! 2157:
! 2158: - Delete the FTS_BOOTP and FTS_RESERVED states and implement them
! 2159: as modifier flags to the FTS_ACTIVE state, as called for in the
! 2160: failover protocol standard.
! 2161:
! 2162: - Fix bugs in the pool merging code that resulted in references and
! 2163: dereferences of null pointers. This bug had no impact unless the
! 2164: POINTER_DEBUG flag was defined.
! 2165:
! 2166: - In the server, added a do-forward-updates flag that can be used to
! 2167: disable forward updates in all cases, so that sites that want the
! 2168: clients to take sole responsibility for updating their A record can
! 2169: do so.
! 2170:
! 2171: - Make it possible to disable optimization of PTR record updates.
! 2172:
! 2173: Changes since 3.0.1rc5
! 2174:
! 2175: - Include some new documentation and changes provided by Karl Auer.
! 2176:
! 2177: - Add a workaround for some Lexmark printers that send a double-NUL-
! 2178: terminated host-name option, which would break DNS updates.
! 2179:
! 2180: - Fix an off-by-one error in the MAC-address checking code for
! 2181: DHCPRELEASE that was added in 3.0.1rc5.
! 2182:
! 2183: - Fix a bug where client-specific information was not being discarded
! 2184: from the lease when it expired or was released, resulting in
! 2185: problems if the lease was reallocated to a different client.
! 2186:
! 2187: - If more than one allocation pool is specified that has the same set
! 2188: of constraints as another allocation pool on the same shared
! 2189: network, merge the two pools.
! 2190:
! 2191: - Don't print an error in fallback_discard, since this just causes
! 2192: confusion and does not appear to be helping to encourage anyone to
! 2193: fix this bug.
! 2194:
! 2195: Changes since 3.0.1rc4
! 2196:
! 2197: - Fix a bug that would cause the DHCP server to spin if asked to parse
! 2198: a certain kind of incorrect statement.
! 2199:
! 2200: - Fix a related bug that would prevent an error from being reported in
! 2201: the same case.
! 2202:
! 2203: - Additional documentation.
! 2204:
! 2205: - Make sure that the hardware address matches the lease when
! 2206: processing a DHCPRELEASE message.
! 2207:
! 2208: Changes since 3.0.1rc3
! 2209:
! 2210: - A minor bug fix in the arguments to a logging function call.
! 2211: - Documentation update for dhcpd.conf.
! 2212:
! 2213: Changes since 3.0.1rc2
! 2214:
! 2215: - Allow the primary to send a POOLREQ message. This isn't what the current
! 2216: failover draft says to do, so we may have to back it out if I can't get the
! 2217: authors to relent, but the scheme for balancing that's specified in the
! 2218: current draft seems needlessly hairy, so I'm floating a trial balloon.
! 2219: The rc1 code did not implement the method described in the draft either.
! 2220:
! 2221: Changes since 3.0.1rc1
! 2222:
! 2223: - Treat NXDOMAIN and NXRRSET as success when we are trying to delete a
! 2224: domain or RRSET. This allows the DHCP server to forget about a name
! 2225: it added to the DNS once it's been removed, even if the DHCP server
! 2226: wasn't the one that removed it.
! 2227:
! 2228: - Install defaults for failover maximum outstanding updates and maximum
! 2229: silent time. This prevents problems that might occur if these values
! 2230: were not configured.
! 2231:
! 2232: - Don't do DDNS deletes if ddns-update-style is none.
! 2233:
! 2234: - Return relay agent information options in DHCPNAK. This prevents DHCPNAK
! 2235: messages from being dropped when the relay agent information option contains
! 2236: routing information.
! 2237:
! 2238: - Fix a problem where coming up in recover wouldn't result in an update
! 2239: request being sent.
! 2240:
! 2241: - Add some more chatty messages when we start a recovery update and when it's
! 2242: done.
! 2243:
! 2244: - Fix a possible problem where some state might have been left around
! 2245: after the peer lost contact and regained contact about how many updates
! 2246: were pending.
! 2247:
! 2248: - Don't nix a lease update because of a lease conflict. This test has
! 2249: never (as far as I know) prevented a mistake, and it appears to cause
! 2250: problems with failover.
! 2251:
! 2252: - Add support in rc history code for keeping a selective history, rather
! 2253: than a history of all references and dereferences. This code is only used
! 2254: when extensive additional debugging is enabled.
! 2255:
! 2256: Changes since 3.0
! 2257:
! 2258: - Make allocators for hash tables. As a side effect, this fixes a memory
! 2259: smash in the subclass allocation code.
! 2260:
! 2261: - Fix a small bug in omshell where if you try to close an object when
! 2262: no object is open, it dumps core.
! 2263:
! 2264: - Fix an obscure coredump that could occur on shutdown.
! 2265:
! 2266: - Fix a bug in the recording of host declaration rubouts in the lease file.
! 2267:
! 2268: - Fix two potential spins in the host deletion code.
! 2269:
! 2270: - Fix a core dump that would happen if an application tried to update
! 2271: a host object attribute with a null value.
! 2272:
! 2273: Changes since 3.0 Release Candidate 12
! 2274:
! 2275: - Fix a memory leak in the evaluation code.
! 2276:
! 2277: - Fix an obscure core dump.
! 2278:
! 2279: - Print a couple of new warnings when parsing the configuration file
! 2280: when crucial information is left out.
! 2281:
! 2282: - Log "no free leases" as an error.
! 2283:
! 2284: - Documentation updates.
! 2285:
! 2286: Changes since 3.0 Release Candidate 11
! 2287:
! 2288: - Always return a subnet selection option if one is sent.
! 2289:
! 2290: - Fix a warning that was being printed because an automatic data
! 2291: structure wasn't zeroed.
! 2292:
! 2293: - Fix some failover state transitions that were being handled
! 2294: incorrectly.
! 2295:
! 2296: - When supersede_lease is called on a lease whose end time has already
! 2297: expired, but for which a state transition has not yet been done, do
! 2298: a state transition. This fixes the case where if the secondary
! 2299: allocated a lease to a client and the lease "expired" while the
! 2300: secondary was in partner-down, no expiry event would actually
! 2301: happen, so the lease would remain active until the primary was
! 2302: restarted.
! 2303:
! 2304: Changes since 3.0 Release Candidate 10
! 2305:
! 2306: - Fix a bug that was preventing released leases from changing state
! 2307: in failover-enabled pools.
! 2308:
! 2309: - Fix a core dump in the client identifier finder code (for host
! 2310: declarations).
! 2311:
! 2312: - Finish fixing a bug where bogus data would sometimes get logged to
! 2313: the dhclient.leases file because it was opened as descriptor 2.
! 2314:
! 2315: - Fix the Linux dhclient-script according to suggestions made by
! 2316: several people on the dhcp-client mailing list.
! 2317:
! 2318: - Log successful DNS updates at LOG_INFO, not LOG_ERROR.
! 2319:
! 2320: - Print an error message and refuse to run if a failover peer is
! 2321: defined but not referenced by any pools.
! 2322:
! 2323: - Correct a confusing error message in failover.
! 2324:
! 2325: Changes since 3.0 Release Candidate 9
! 2326:
! 2327: - Fix a bug in lease allocation for Dynamic BOOTP clients.
! 2328:
! 2329: Changes since 3.0 Release Candidate 8 Patchlevel 2
! 2330:
! 2331: - Fix a bug that prevented update-static-leases from working.
! 2332:
! 2333: - Document failover-state OMAPI object.
! 2334:
! 2335: - Fix a compilation error on SunOS 4.
! 2336:
! 2337: Changes since 3.0 Release Candidate 8 Patchlevel 1
! 2338:
! 2339: - Fix a parsing bug that broke dns updates (both interim and ad-hoc).
! 2340: This was introduced in rc8pl1 as an unintended result of the memory
! 2341: leakage fixes that were in pl1.
! 2342:
! 2343: - Fix a long-standing bug where the server would record that an update
! 2344: had been done for a client with no name, even though no update had
! 2345: been done, and then when the client's lease expired the deletion of
! 2346: that nonexistant record would time out because the name was the null
! 2347: string.
! 2348:
! 2349: - Clean up the omshell, dhcpctl and omapi man pages a bit.
! 2350:
! 2351: Changes since 3.0 Release Candidate 8
! 2352:
! 2353: - Fix a bug that could cause the DHCP server to spin if
! 2354: one-lease-per-client was enabled.
! 2355:
! 2356: - Fix a bug that was causing core dumps on BSD/os in the presence of
! 2357: malformed packets.
! 2358:
! 2359: - In partner-down state, don't restrict lease lengths to MCLT.
! 2360:
! 2361: - On the failover secondary, record the MCLT received from the primary
! 2362: so that if we come up without a connection to the primary we don't
! 2363: wind up giving out zero-length leases.
! 2364:
! 2365: - Fix some compilation problems on BSD/os.
! 2366:
! 2367: - Fix a bunch of memory leaks.
! 2368:
! 2369: - Fix a couple of bugs in the option printer.
! 2370:
! 2371: - Fix an obscure error reporting bug in the dns update code, and also
! 2372: make the message clearer when a key algorithm isn't supported.
! 2373:
! 2374: - Fix a bug in the tracing code that prevented trace runs that used
! 2375: tcp connections from being played back.
! 2376:
! 2377: - Add some additional debugging capability for catching memory leaks
! 2378: on exit.
! 2379:
! 2380: - Make the client release the lease correctly on shutdown.
! 2381:
! 2382: - Add some configurability to the build system.
! 2383:
! 2384: - Install omshell manual page in man1, not man8.
! 2385:
! 2386: - Craig Gwydir sent in a patch that fixes a long-standing bug in the
! 2387: DHCP client that could cause core dumps, but that for some reason
! 2388: hadn't been noticed until now.
! 2389:
! 2390: Changes since 3.0 Release Candidate 7
! 2391:
! 2392: - Fix a bug in failover where we weren't sending updates after a
! 2393: transition from communications-interrupted to normal.
! 2394:
! 2395: - Handle expired/released/reset -> free transition according to the
! 2396: protocol specification (this works - the other way not only wasn't
! 2397: conformant, but also didn't work).
! 2398:
! 2399: - Add a control object in both client and server that allows either
! 2400: daemon to be shut down cleanly.
! 2401:
! 2402: - When writing a lease, if we run out of disk space, shut down the
! 2403: output file and insist on writing a new one before proceeding.
! 2404:
! 2405: - In the server, if the OMAPI listener port is occupied, keep trying
! 2406: to get it, rather than simply giving up and exiting.
! 2407:
! 2408: - Support fetching variables from leases and also updating and adding
! 2409: variables to leases via OMAPI.
! 2410:
! 2411: - If two failover peers have wildly different clocks, refuse to start
! 2412: doing failover.
! 2413:
! 2414: - Fix a bug in the DNS update code that could cause core dumps when
! 2415: running on alpha processors.
! 2416:
! 2417: - Fixed a bug in ddns updates for static lease entries, thanks to a
! 2418: patch from Andrey M Linkevitch.
! 2419:
! 2420: - Add support for Darwin/MacOS X
! 2421:
! 2422: - Install omshell (including new documentation).
! 2423:
! 2424: - Support DNS updates in the client (this is a very obscure feature
! 2425: that most DHCP client users probably will not be able to use).
! 2426:
! 2427: - Somewhat cleaner status logging in the client.
! 2428:
! 2429: - Make OMAPI key naming syntax compatible with the way keys are
! 2430: actually named (key names are domain names).
! 2431:
! 2432: - Fix a bug in the lease file writer.
! 2433:
! 2434: - Install DHCP ISC headers in a different place than BIND 9 ISC
! 2435: headers, to avoid causing trouble in BIND 9 builds.
! 2436:
! 2437: - Don't send updates for attributes on an object when the attributes
! 2438: haven't changed. Support deleting attributes on remote objects.
! 2439:
! 2440: - Fix a number of bugs in omshell, and add the unset and refresh
! 2441: statements.
! 2442:
! 2443: - Handle disconnects in OMAPI a little bit more intelligently (so that
! 2444: the caller gets ECONNRESET instead of EINVAL).
! 2445:
! 2446: - Fix a bunch of bugs in the handling of clients that have existing
! 2447: leases when the try to renew their leases while failover is
! 2448: operating.
! 2449:
! 2450: Changes since 3.0 Release Candidate 6
! 2451:
! 2452: - Fix a core dump that could happen when processing a DHCPREQUEST from
! 2453: a client that had a host declaration that contained both a
! 2454: fixed-address declaration and a dhcp-client-identifier option
! 2455: declaration, if the client identifier was longer than nine bytes.
! 2456:
! 2457: - Fix a memory leak that could happen in certain obscure cases when
! 2458: using omapi to manipulate leases.
! 2459:
! 2460: - Fix some bugs and omissions in omshell.
! 2461:
! 2462: Changes since 3.0 Release Candidate 5
! 2463:
! 2464: - Fix a bug in omapi_object_dereference that prevented objects in
! 2465: chains from having their reference counts decreased on dereference.
! 2466:
! 2467: - Fix a bug in omapi_object_dereference that would prevent object
! 2468: chains from being freed upon removal of the last reference external
! 2469: to the chain.
! 2470:
! 2471: - Fix a number of other memory leaks in the OMAPI protocol subsystem.
! 2472:
! 2473: - Add code in the OMAPI protocol handler to trace memory leakage.
! 2474:
! 2475: - Clean up the memory allocation/reference history printer.
! 2476:
! 2477: - Support input of dotted quads and colon-separated hex lists as
! 2478: attribute values in omshell.
! 2479:
! 2480: - Fix a typo in the Linux interface discovery code.
! 2481:
! 2482: - Conditionalize a piece of trace code that wasn't conditional.
! 2483:
! 2484: Changes since 3.0 Release Candidate 4
! 2485:
! 2486: - Fix a bug that would prevent leases from being abandoned properly on
! 2487: DHCPDECLINE.
! 2488:
! 2489: - Fix failover peer OMAPI support.
! 2490:
! 2491: - In failover, correctly handle expiration of leases. Previously,
! 2492: leases would never be reclaimed because they couldn't make the
! 2493: transition from EXPIRED to FREE.
! 2494:
! 2495: - Fix some broken failover state transitions.
! 2496:
! 2497: - Documentation fixes.
! 2498:
! 2499: - Take out an unnecessary check in DHCP relay agent information option
! 2500: stashing code that was preventing REBINDING clients from rebinding.
! 2501:
! 2502: - Prevent failover peers from allocating leases in DHCPREQUEST
! 2503: processing if the lease belongs to the other server.
! 2504:
! 2505: - Record server version in lease file introductory comment.
! 2506:
! 2507: - Correctly report connection errors in OMAPI and failover.
! 2508:
! 2509: - Make authentication signature algorithm name comparisons in OMAPI
! 2510: case-insensitive.
! 2511:
! 2512: - Fix compile problem on SunOS 4.x
! 2513:
! 2514: - If a signature algorithm is not terminated with '.', terminate it so
! 2515: that comparisons between fully-qualified names will work
! 2516: consistently.
! 2517:
! 2518: - Different SIOCGIFCONF probe code, may "fix" problem on some Linux
! 2519: systems with the probe not working correctly.
! 2520:
! 2521: - Don't allow user to type omapi key on command line of omshell.
! 2522:
! 2523: Changes since 3.0 Release Candidate 3
! 2524:
! 2525: - Do lease billing on startup in a way that I *think* will finally do
! 2526: the billing correctly - the previous method could overbill as a
! 2527: result of duplicate leases.
! 2528:
! 2529: - Document OMAPI server objects.
! 2530:
! 2531: Changes since 3.0 Release Candidate 2 Patchlevel 1
! 2532:
! 2533: - Fix some problems in the DDNS update code. Thanks to Albert
! 2534: Herranz for figuring out the main problem.
! 2535:
! 2536: - Fix some reference counting errors on host entries that were causing
! 2537: core dumps.
! 2538:
! 2539: - Fix a byte-swap bug in the token ring code, thanks to Jochen
! 2540: Friedrich.
! 2541:
! 2542: - Fix a bug in lease billing, thanks to Jonas Bulow.
! 2543:
! 2544: Changes since 3.0 Release Candidate 2
! 2545:
! 2546: - Change the conditions under which a DHCPRELEASE is actually
! 2547: committed to be consistent with lease binding states rather than
! 2548: using the lease end time. This may fix some problems with the
! 2549: billing class code.
! 2550:
! 2551: - Fix a bug where lease updates would fail on Digital Unix (and maybe
! 2552: others) because malloc was called with a size of zero.
! 2553:
! 2554: - Fix a core dump that happens when the DHCP server can't create its
! 2555: trace file.
! 2556:
! 2557: Changes since 3.0 Release Candidate 1 Patchlevel 1
! 2558:
! 2559: - Fix the dhcp_failover_put_message to not attempt to allocate a
! 2560: zero-length buffer. Some versions of malloc() fail if you try to
! 2561: allocate a zero-length buffer, and this was causing problems on,
! 2562: e.g., Digital Unix.
! 2563:
! 2564: - Fix a case where the failover code was printing an error message
! 2565: when no error had occurred.
! 2566:
! 2567: - Fix a problem where when a server went down and back up again, the
! 2568: peer would not see a state transition and so would stay in the
! 2569: non-communicating state.
! 2570:
! 2571: - Be smart about going into recover_wait.
! 2572:
! 2573: - Fix a problem in the failover implementation where peers would fail
! 2574: to come into sync if interrupted in the RECOVER state. This could
! 2575: have been the cause of some problems people have reported recently.
! 2576:
! 2577: - Fix a problem with billing classes where they would not be unbilled
! 2578: when the client lease expired.
! 2579:
! 2580: - If select fails, figure out which descriptor is bad, and cut it out
! 2581: of the I/O loop. This prevents a potentially nasty spin. I
! 2582: haven't heard any report it in a while, but it came up consistently
! 2583: in testing.
! 2584:
! 2585: - Fix a bug in the relay agent where if you specified interfaces on
! 2586: the command line, it would fail.
! 2587:
! 2588: - Fix a couple of small bugs in the omapi connection object (no known
! 2589: user impact).
! 2590:
! 2591: - Add the missing 3.0 Beta 1 lease conversion script.
! 2592:
! 2593: - Read dhcp client script hooks if they exist, rather than only if
! 2594: they're executable.
! 2595:
! 2596: Changes since 3.0 Release Candidate 1
! 2597:
! 2598: - Fix a memory smash that happens when fixed-address leases are used.
! 2599: ANY SITE AT WHICH FIXED-ADDRESS STATEMENTS ARE BEING USED SHOULD
! 2600: UPGRADE IMMEDIATELY. This has been a long-standing bug - thanks to
! 2601: Alvise Nobile for discovering it and helping me to find it!
! 2602:
! 2603: - Fix a small bug in binary-to-ascii, thanks to H. Peter Anvin of
! 2604: Transmeta.
! 2605:
! 2606: - There is a known problem with the DHCP server doing failover on
! 2607: Compaq Alpha systems. This patchlevel is not a release candidate
! 2608: because of this bug. The bug should be straightforward to fix, so
! 2609: a new release candidate is expected shortly.
! 2610:
! 2611: - There is a known problem in the DDNS update code that is probably a
! 2612: bug, and is not, as far as we know, fixed in this patchlevel.
! 2613:
! 2614: Changes since 3.0 Beta 2 Patchlevel 24
! 2615:
! 2616: - Went over problematic failover state transitions and made them all
! 2617: work, so that failover should now much less fragile.
! 2618:
! 2619: - Add some dhcpctl and omapi documentation
! 2620:
! 2621: - Fix compile errors when compiling with unusual predefines.
! 2622:
! 2623: - Make Token Ring work on Linux 2.4
! 2624:
! 2625: - Fix the Digital Unix BPF_WORDALIGN bug.
! 2626:
! 2627: - Fix some dhcp client documentation errors.
! 2628:
! 2629: - Update some parts of the README file.
! 2630:
! 2631: - Support GCC on SCO.
! 2632:
! 2633: Changes since 3.0 Beta 2 Patchlevel 23
! 2634:
! 2635: - Fix a bug in the DNS update code where a status code was not being
! 2636: checked. This may have been causing core dumps.
! 2637:
! 2638: - When parsing the lease file, if a lease declaration includes a
! 2639: billing class statement, and the lease already has a billing class,
! 2640: unbill the old class.
! 2641:
! 2642: - When processing failover transactions, where acks will be deferred,
! 2643: process the state transition immediately.
! 2644:
! 2645: - Don't try to use the new SIOCGIFCONF buffer size detection code on
! 2646: Linux 2.0, which doesn't provide this functionality.
! 2647:
! 2648: - Apply a patch suggested by Tuan Uong for a problem in dlpi.c.
! 2649:
! 2650: - Fix a problem in using the which command in the configure script.
! 2651:
! 2652: - Fix a parse error in the client when setting up an omapi listener.
! 2653:
! 2654: - Document the -n and -g flags to the client.
! 2655:
! 2656: - Make sure there is always a stdin and stdout on startup. This
! 2657: prevents shell scripts from accidentally writing error messages into
! 2658: configuration files that happen to be opened as stderr.
! 2659:
! 2660: - If an interface is removed, the client will now notice that it is
! 2661: gone rather than spinning. This has only been tested on NetBSD.
! 2662:
! 2663: - The client will attempt to get an address even if it can't create a
! 2664: lease file.
! 2665:
! 2666: - Don't overwrite tracefiles.
! 2667:
! 2668: - Fix some memory allocation bugs in failover.
! 2669:
! 2670: Changes since 3.0 Beta 2 Patchlevel 22
! 2671:
! 2672: - Apply some patches suggested by Cyrille Lefevre, who is maintaining
! 2673: the FreeBSD ISC DHCP Distribution port.
! 2674:
! 2675: - Fix a core dump in DHCPRELEASE.
! 2676:
! 2677: Changes since 3.0 Beta 2 Patchlevel 21
! 2678:
! 2679: - This time for sure: fix the spin described in the changes for pl20.
! 2680:
! 2681: Changes since 3.0 Beta 2 Patchlevel 20
! 2682:
! 2683: - Fix a problem with Linux detecting large numbers of interfaces (Ben)
! 2684:
! 2685: - Fix a memory smash in the quotify code, which was introduced in
! 2686: pl19.
! 2687:
! 2688: - Actually fix the spin described in the changes for pl20. The
! 2689: previous fix only partially fixed the problem - enough to get it
! 2690: past the regression test.
! 2691:
! 2692: Changes since 3.0 Beta 2 Patchlevel 19
! 2693:
! 2694: - Fix a bug that could cause the server to abort if compiled with
! 2695: POINTER_DEBUG enabled.
! 2696:
! 2697: - Fix a bug that could cause the server to spin when responding to a
! 2698: DHCPREQUEST.
! 2699:
! 2700: - Apply Joost Mulders' suggested patches for DLPI on x86.
! 2701:
! 2702: - Support NUL characters in quoted strings.
! 2703:
! 2704: - Install unformatted man pages on SunOS.
! 2705:
! 2706: Changes since 3.0 Beta 2 Patchlevel 18
! 2707:
! 2708: - Allow the server to be placed in partner-down state using OMAPI.
! 2709: (Damien Neil)
! 2710:
! 2711: - Implement omshell, which can be used to do arbitrary things to the
! 2712: server (in theory). (Damien Neil)
! 2713:
! 2714: - Fix a case where if a client had two different leases the server could
! 2715: actually dereference the second one when it hadn't been referenced,
! 2716: leading to memory corruption and a core dump. (James Brister)
! 2717:
! 2718: - Fix a case where a client could request the address of another client's
! 2719: lease, but find_lease wouldn't detect that the other client had it, and
! 2720: would attempt to allocate it to the client, resulting in a lease conflict
! 2721: message.
! 2722:
! 2723: - Fix a case where a client with more than one client identifier could be
! 2724: given a lease where the hardware address was correct but the client
! 2725: identifier was not, resulting in a lease conflict message.
! 2726:
! 2727: - Fix a problem where the server could write out a colon-separated
! 2728: hex list as a value for a variable, which would then not parse.
! 2729: The fix is to always write strings as quoted strings, with any
! 2730: non-printable characters quoted as octal escape sequences. So
! 2731: a file written the old way still won't work, but new files written
! 2732: this way will work.
! 2733:
! 2734: - Fix documentation for sending non-standard options.
! 2735:
! 2736: - Use unparsable names for unknown options. WARNING: this will
! 2737: break any configuration files that use the option-nnn convention.
! 2738: If you want to continue to use this convention for some options,
! 2739: please be sure to write a definition, like this:
! 2740:
! 2741: option option-nnn code nnn = string;
! 2742:
! 2743: You can use a descriptive name instead of option-nnn if you like.
! 2744:
! 2745: - Fix a problem where we would see a DHCPDISCOVER/DHCPOFFER/
! 2746: DHCPREQUEST/DHCPACK/DHCPREQUEST/DHCPNAK sequence. This was the
! 2747: result of a deceptively silly bug in supersede_lease.
! 2748:
! 2749: - Fix client script exit status check, according to a fix supplied by
! 2750: Hermann Lauer.
! 2751:
! 2752: - Fix an endianness bug in the tracefile support, regarding ICMP
! 2753: messages.
! 2754:
! 2755: - Fix a bug in the client where the medium would not work correctly if
! 2756: it contained quoted strings.
! 2757:
! 2758: ** there was no pl17 **
! 2759:
! 2760: Changes since 3.0 Beta 2 Patchlevel 16
! 2761:
! 2762: - Add support for transaction tracing. This allows the state of the
! 2763: DHCP server on startup, and all the subsequent transactions, to be
! 2764: recorded in a file which can then be played back to reproduce the
! 2765: behaviour of the DHCP server. This can be used to quickly
! 2766: reproduce bugs that cause core dumps or corruption, and also for
! 2767: tracking down memory leaks.
! 2768:
! 2769: - Incorporate some bug fixes provided by Joost Mulders for the DLPI
! 2770: package which should clear up problems people have been seeing on
! 2771: Solaris.
! 2772:
! 2773: - Fix bugs in the handling of options stored as linked lists (agent
! 2774: options, fqdn options and nwip options) that could cause memory
! 2775: corruption and core dumps.
! 2776:
! 2777: - Fix a bug in DHCPREQUEST handling that resulted in DHCPNAK messages
! 2778: not being send in some cases when they were needed.
! 2779:
! 2780: - Make the lease structure somewhat more compact.
! 2781:
! 2782: - Make initial failover startup *much* faster. This was researched
! 2783: and implemented by Damien Neil.
! 2784:
! 2785: - Add a --version flag to all executables, which prints the program
! 2786: name and version to standard output.
! 2787:
! 2788: - Don't rewrite the lease file every thousand leases.
! 2789:
! 2790: - A bug in nit.c for older SunOS machines was fixed by a patch sent in
! 2791: by Takeshi Hagiwara.
! 2792:
! 2793: - Fix a memory corruption bug in the DHCP client.
! 2794:
! 2795: - Lots of documentation updates.
! 2796:
! 2797: - Add a feature allowing environment variables to be passed to the
! 2798: DHCP client script on the DHCP client command line.
! 2799:
! 2800: - Fix client medium support, which had been broken for some time.
! 2801:
! 2802: - Fix a bug in the DHCP client initial startup backoff interval, which
! 2803: would cause two DHCPDISCOVERS to be sent back-to-back on startup.
! 2804:
! 2805: Changes since 3.0 Beta 2 Patchlevel 15
! 2806:
! 2807: - Some documentation tweaks.
! 2808:
! 2809: - Maybe fix a problem in the DLPI code.
! 2810:
! 2811: - Fix some error code space inconsistencies in ddns update code.
! 2812:
! 2813: - Support relay agents that intercept unicast DHCP messages to stuff
! 2814: agent options into them.
! 2815:
! 2816: - Fix a small memory leak in the relay agent option support code.
! 2817:
! 2818: - Fix a core dump that would occur if a packet was sent with no
! 2819: options.
! 2820:
! 2821: Changes since 3.0 Beta 2 Patchlevel 14
! 2822:
! 2823: - Finish fixing a long-standing bug in the agent options code. This
! 2824: was causing core dumps and failing to operate correctly - in
! 2825: particular, agent option stashing wasn't working. Agent option
! 2826: stashing should now be working, meaning that agent options can be
! 2827: used in class statements to control address allocation.
! 2828:
! 2829: - Fix up documentation.
! 2830:
! 2831: - Fix a couple of small memory leaks that would have added up
! 2832: significantly in a high-demand situation.
! 2833:
! 2834: - Add a log-facility configuration parameter.
! 2835:
! 2836: - Fix a compile error on some older operating systems.
! 2837:
! 2838: - Add the ability in the client to execute certain statements before
! 2839: transmitting packets to the server. Handy for debugging; not much
! 2840: practical use otherwise.
! 2841:
! 2842: - Don't send faked-out giaddr when renewing or bound - again, useful
! 2843: for debugging.
! 2844:
! 2845: Changes since 3.0 Beta 2 Patchlevel 13
! 2846:
! 2847: - Fixed a problem where the fqdn decoder would sometimes try to store
! 2848: an option with an (unsigned) negative length, resulting in a core
! 2849: dump on some systems.
! 2850:
! 2851: - Work around the Win98 DHCP client, which NUL-terminates the FQDN
! 2852: option.
! 2853:
! 2854: - Work around Win98 and Win2k clients that will claim they want to do
! 2855: the update even when they don't have any way to do it.
! 2856:
! 2857: - Fix some log messages that can be printed when failover is operating
! 2858: that were not printing enough information.
! 2859:
! 2860: - It was possible for a DHCPDISCOVER to get an allocation even when
! 2861: the state machine said the server shouldn't be responding.
! 2862:
! 2863: - Don't load balance DHCPREQUESTs from clients in RENEWING and
! 2864: REBINDING, since in RENEWING, if we heard it, it's for us, and in
! 2865: REBINDING, the client wouldn't have got to REBINDING if its primary
! 2866: were answering.
! 2867:
! 2868: - When we get a bogus state lease binding state transition, don't do
! 2869: the transition.
! 2870:
! 2871:
! 2872: Changes since 3.0 Beta 2 Patchlevel 12
! 2873:
! 2874: - Fixed a couple of silly compile errors.
! 2875:
! 2876: Changes since 3.0 Beta 2 Patchlevel 11
! 2877:
! 2878: - Albert Herranz tracked down and fixed a subtle bug in the base64
! 2879: decoder that would prevent any key with an 'x' in its base64
! 2880: representation from working correctly.
! 2881:
! 2882: - Thanks to Chris Cheney and Michael Sanders, we have a fix for the
! 2883: hang that they both spotted in the DHCP server - when
! 2884: one-lease-per-client was set, the code to release the "other" lease
! 2885: could spin.
! 2886:
! 2887: - Fix a problem with alignment of the input buffer in bpf in cases
! 2888: where two packets arrive in the same bpf read.
! 2889:
! 2890: - Fix a problem where the relay agent would crash if you specified an
! 2891: interface name on the command line.
! 2892:
! 2893: - Add the ability to conditionalize client behaviour based on the
! 2894: client state.
! 2895:
! 2896: - Add support for the FQDN option, and added support for a new way of
! 2897: doing ddns updates (ddns update style interim) that allows more than
! 2898: one DHCP server to update the DNS for the same network(s). This
! 2899: was implemented by Damien Neil with some additional functionality
! 2900: added by Ted Lemon.
! 2901:
! 2902: - Damien added a "log" statement, so that the configuration file can
! 2903: be made to log debugging information and other information.
! 2904:
! 2905: - Fixed a bug that caused option buffers not to be terminated with an
! 2906: end option.
! 2907:
! 2908: - Fixed a long-standing bug in the support for option spaces where the
! 2909: options are stored as an ordered list rather than in a hash table,
! 2910: which could theoretically result in memory pool corruption.
! 2911:
! 2912: - Prevent hardware declarations with no actual hardware address from
! 2913: being written as something unparsable, and behave correctly in the
! 2914: face of a null hardware address on input.
! 2915:
! 2916: - Allow key names to be FQDNs, and qualify the algorithm name if it is
! 2917: specified unqualified.
! 2918:
! 2919: - Modify the DDNS update code so that it never prints the "resolver
! 2920: failed" message, but instead says *why* the resolver failed.
! 2921:
! 2922: - Officially support the subnet selection option, which now has an
! 2923: RFC.
! 2924:
! 2925: - Fix a build bug on MacOS X.
! 2926:
! 2927: - Allow administrator to disable ping checking.
! 2928:
! 2929: - Clean up dhcpd.conf documentation and add more information about how
! 2930: it works.
! 2931:
! 2932: Changes since 3.0 Beta 2 Patchlevel 10
! 2933:
! 2934: - Fix a bug introduced during debugging (!) and accidentally committed
! 2935: to CVS.
! 2936:
! 2937: Changes since 3.0 Beta 2 Patchlevel 9
! 2938:
! 2939: - Fix DHCP client handling of vendor encapsulated options.
! 2940:
! 2941: - Fix a bug in the handling of relay agent information options introduced
! 2942: in patchlevel 9.
! 2943:
! 2944: - Stash agent options on client leases by default, and use the stashed
! 2945: options at renewal time.
! 2946:
! 2947: - Add the ability to test the client's binding state in the client
! 2948: configuration language.
! 2949:
! 2950: - Fix a core dump in the DNS update code.
! 2951:
! 2952: - Fix some expression evaluation bugs that were causing updates to be
! 2953: done when no client hostname was received.
! 2954:
! 2955: - Fix expression evaluation debugging printfs.
! 2956:
! 2957: - Teach pretty_print_option to print options in option spaces other than
! 2958: the DHCP option space.
! 2959:
! 2960: - Add a warning message if the RHS of a not is not boolean.
! 2961:
! 2962: - Never select for more than a day, because some implementations of
! 2963: select will just fail if the timeout is too long (!).
! 2964:
! 2965: - Fix a case where a DHCPDISCOVER from an unknown network would be
! 2966: silently dropped.
! 2967:
! 2968: - Fix a bug where if a client requested an IP address for which a different
! 2969: client had the lease, the DHCP server would reallocate it anyway.
! 2970:
! 2971: - Fix the DNS update code so that if the client changes its name, the DNS
! 2972: will be correctly updated.
! 2973:
! 2974: Changes since 3.0 Beta 2 Patchlevel 8
! 2975:
! 2976: - Oops, there was another subtle math error in the header-length
! 2977: bounds-checking.
! 2978:
! 2979: Changes since 3.0 Beta 2 Patchlevel 7
! 2980:
! 2981: - Oops, forgot to byte-swap udp header length before bounds-checking it.
! 2982:
! 2983: Changes since 3.0 Beta 2 Patchlevel 6
! 2984:
! 2985: - Fix a possible DoS attack where a client could cause the checksummer
! 2986: to dump core. This was a read, not a write, so it shouldn't be
! 2987: possible to exploit it any further than that.
! 2988:
! 2989: - Implement client- and server-side support for using the Client FQDN
! 2990: option.
! 2991:
! 2992: - Support for other option spaces in the client has been added. This
! 2993: means that it is now possible to define a vendor option space on the
! 2994: client, request options in that space from the server (which must
! 2995: define the same option space), and then use those options in the
! 2996: client. This also allows NWIP and Client FQDN options to be used
! 2997: meaningfully.
! 2998:
! 2999: - Add object initializer support. This means that objects can now be
! 3000: initialized to something other than all-zeros when allocated, which
! 3001: makes, e.g., the interface object support code a little more robust.
! 3002:
! 3003: - Fix an off-by-one bug in the host stuffer. This was causing host
! 3004: deletes not the work, and may also have been causing OMAPI
! 3005: connections to get dropped. Thanks to James Brister for tracking
! 3006: this one down!
! 3007:
! 3008: - Fixed a core dump in the interface discovery code that is triggered
! 3009: when there is no subnet declaration for an interface, but the server
! 3010: decides to continue running. Thanks to Shane Kerr for tracking
! 3011: down and fixing this problem.
! 3012:
! 3013: Changes since 3.0 Beta 2 Patchlevel 5
! 3014:
! 3015: - Fix a bug in the recent enhancement to the interface discovery code
! 3016: to support arbitrary-length interface lists.
! 3017:
! 3018: - Support NUL-terminated DHCP options when initializing client-script
! 3019: environment.
! 3020:
! 3021: - Fix suffix operator.
! 3022:
! 3023: - Fix NetWare/IP option parsing.
! 3024:
! 3025: - Better error/status checking in dhcpctl initialization and omapi
! 3026: connection code.
! 3027:
! 3028: - Fix a potential memory smash in dhcpctl code.
! 3029:
! 3030: - Fix SunOS4 and (maybe) Ultrix builds.
! 3031:
! 3032: - Fix a bug where a certain sort of incoming packet could cause a core
! 3033: dump on Solaris (and probably elsewhere).
! 3034:
! 3035: - Add some more safety checks in error logging code.
! 3036:
! 3037: - Add support for ISC_R_INCOMPLETE in OMAPI protocol connection code.
! 3038:
! 3039: - Fix relay agent so that if an interface is specified on the command
! 3040: line, the relay agent does not dump core.
! 3041:
! 3042: - Fix class matching so that match if can be combined with match or
! 3043: spawn with.
! 3044:
! 3045: - Do not allow spurious leases in the lease database to introduce
! 3046: potentially bogus leases into the in-memory database.
! 3047:
! 3048: - Fix a byte-order problem in the client hardware address type code
! 3049: for OMAPI.
! 3050:
! 3051: - Be slightly less picky about what sort of hardware addresses OMAPI
! 3052: can install in host declarations.
! 3053:
! 3054: Changes since 3.0 Beta 2 Patchlevel 4
! 3055:
! 3056: - Incorporated Peter Marschall's proposed change to array/record
! 3057: parsing, which allows things like the slp-agent option to be encoded
! 3058: correctly. Thanks very much to Peter for taking the initiative to
! 3059: do this, and for doing such a careful job of it (e.g., updating the
! 3060: comments)!
! 3061:
! 3062: - Added an encoding for the slp-agent option. :')
! 3063:
! 3064: - Fixed SunOS 4 build. Thanks to Robert Elz for responding to my
! 3065: request for help on this with patches!
! 3066:
! 3067: - Incorporated a change that should fix a problem reported by Philippe
! 3068: Jumelle where when the network connection between two servers is
! 3069: lost, they never reconnect.
! 3070:
! 3071: - Fix client script files other than that for NetBSD to actually use
! 3072: make_resolv_conf as documented in the manual page.
! 3073:
! 3074: - Fix a bug in the packet handling code that could result in a core
! 3075: dump.
! 3076:
! 3077: - Fix a bug in the bootp code where responses on the local net would
! 3078: be sent to the wrong MAC address. Thanks to Jerry Schave for
! 3079: catching this one.
! 3080:
! 3081: Changes since 3.0 Beta 2 Patchlevel 3
! 3082:
! 3083: - In the DHCP client, execute client statements prior to using the values
! 3084: of options, so that the client configuration can overridden, e.g., the
! 3085: lease renewal time.
! 3086:
! 3087: - Fix a reference counting error that would result in very reproducible
! 3088: failures in updates, as well as occasional core dumps, if a zone was
! 3089: declared without a key.
! 3090:
! 3091: - Fix some Linux 2.0 compilation problems.
! 3092:
! 3093: - Fix a bug in scope evaluation during execution of "on" statements that
! 3094: caused values not to be recorded on leases.
! 3095:
! 3096: - If the dhcp-max-message-size option is specified in scope, and the
! 3097: client didn't send this option, use the one specified in scope to
! 3098: determine the maximum size of the response.
! 3099:
! 3100: Changes since 3.0 Beta 2 Patchlevel 2
! 3101:
! 3102: - Fix a case where spawning subclasses were being allocated
! 3103: incorrectly, resulting in a core dump.
! 3104:
! 3105: - Fix a case where the DHCP server might inappropriately NAK a
! 3106: RENEWING client.
! 3107:
! 3108: - Fix a place dhcprequest() where static leases could leak.
! 3109:
! 3110: - Include memory.h in omapip_p.h so that we don't get warnings about
! 3111: using memcmp().
! 3112:
! 3113: Changes since 3.0 Beta 2 Patchlevel 1
! 3114:
! 3115: - Notice when SIOCFIGCONF returns more data than fit in the buffer -
! 3116: allocate a larger buffer, and retry. Thanks to Greg Fausak for
! 3117: pointing this out.
! 3118:
! 3119: - In the server, if no interfaces were configured, report an error and
! 3120: exit.
! 3121:
! 3122: - Don't ever record a state of 'startup'.
! 3123:
! 3124: - Don't try to evaluate the local failover binding address if none was
! 3125: specified. Thanks to Joseph Breu for finding this.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to RELNOTES CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dhcp