Changelog:
NEW FEATURES
ISC DHCP 4.1.x includes several new DHCPv6 features that were not included
in DHCP 4.0.x. These include:
- Support for the rapid-commit option on the client side
- Prefix Delegation support
- IA_TA address support
- A basic DHCPv6 relay agent
- Basic and partial DHCPv6 leasequery support
There are a number of DHCPv6 limitations and features missing in this
release, which will be addressed in the future:
- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
- Only a single address is supported per IA.
- DHCPv6 includes human-readable text in status code messages. These
should be configurable, and probably localized via gettext() or the
like.
- The "host-identifier" option is limited to a simple token.
- The client and server can only operate DHCPv4 or DHCPv6 at a time,
not both. To use both protocols simultaneously, two instances of the
relevant daemon are required, one with the '-6' command line option.
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
Changes since 4.1.1
- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
previously allocated (active) lease to a client that has changed subnets,
despite being on different shared networks. Dynamic prefixes specifically
allocated in shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
! Accept a client id of length 0 while hashing. Previously the server would
exit if it attempted to hash a zero length client id, providing attackers
with a simple denial of service attack. [ISC-Bugs #21253]
Changes since 4.1.1rc1
- When using 'ignore client-updates;', the FQDN returned to the client
is no longer truncated to one octet.
Changes since 4.1.1b3
- None.
Changes since 4.1.1b2
- Fix test in dhcp_interface_signal_handler to check that the inner handler
has a signal_handler before calling it.
- Both host and subnet6 configuration groups are now included whether a
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding values were not present in a matching fixed-address6 host
configuration.
- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
correcting a compilation failure when using Sun's compiler.
- Modified the handling of a connection to avoid releasing the omapi io
object for the connection while it is still in use. One symptom from
this error was a segfault when a failover secondary attempted to connect
to the failover primary if their clocks were not synchronized.
Changes since 4.1.1b1
- Remove infinite loop in token_print_indent_concat().
- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.
- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.
- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy@marples.name>.
- Fixed failover reconnection retry code to continue to retry to reconnect
rather than restarting the listener.
- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.
- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
that probably still resulted in the correct behaviour (but wouldn't use
a larger defined value provided by the host OS).
- Fixed a bug where an OMAPI socket disconnection message would not result
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
timeouts).
- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Versions 3.0.x syntax with multiple name->code option definitions is now
supported. Note that, similarly to 3.0.x, for by-code lookups only the
last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between a
failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
! Fixed a fenceposting bug when a client had two host records configured,
one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
Changes since 4.1.0
- Validate the argument to the -p option.
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation.
- A bug was fixed that caused the server not to answer some valid Solicit
and Request packets, if the dynamic range covering any requested addresses
had been deleted from configuration.
- Suppress spurious warnings from configure about --datarootdir
- Update the code to deal with GCC 4.3. This included two sets of changes.
The first is to the configuration files to include the use of
AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
were being ignored.
- The db-time-format option was documented in manpages.
- Using reserved leases no longer results in 'lease with binding state
free not on its queue' error messages, thanks to a patch from Frode
Nordahl.
- DDNS removal routines were updated so that the DHCID is not removed until
the client has been deprived of all A and AAAA records (not only the last
one of either of those). This resolves a bug where dual stack clients
would not be able to regain their names after either expiration event.
- Fix a build error in dhcrelay, using older versions of gcc with
dhcpv6 disabled.
- Two uninitialized stack structures are now memset to zero, thanks to
patch from David Cantrell at Red Hat.
- Fixed a cosmetic bug where pretty-printing valid domain-search options would
result in an erroneous error log message ('garbage in format string').
- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
to stop receiving packets is fixed. The same fix also means that the MAC
address will no longer appear 'bogus' on DLPI-based systems.
- A bug in select handling was discovered where the results of one select()
call were discarded, causing the server to process the next select() call
and use more system calls than required. This has been repaired - the
sockets will be handled after the first return from select(), resulting in
fewer system calls.
- The update-conflict-detection feature would leave an FQDN updated without
a DHCID (still currently implemented as a TXT RR). This would cause later
expiration or release events to fail to remove the domain name. The feature
now also inserts the client's up to date DHCID record, so records may safely
be removed at expiration or release time. Thanks to a patch submitted by
Christof Chen.
* Release 1.8.0 (2010-09-23)
** New Features
- A completely new downloader which improves performance and
robustness of immutable-file downloads. It uses the fastest K
servers to download the data in K-way parallel. It automatically
fails over to alternate servers if servers fail in mid-download. It
allows seeking to arbitrary locations in the file (the previous
downloader which would only read the entire file sequentially from
beginning to end). It minimizes unnecessary round trips and
unnecessary bytes transferred to improve performance. It sends
requests to fewer servers to reduce the load on servers (the
previous one would send a small request to every server for every
download) (#287, #288, #448, #798, #800, #990, #1170, #1191)
- Non-ASCII command-line arguments and non-ASCII outputs now work on
Windows. In addition, the command-line tool now works on 64-bit
Windows. (#1074)
** Bugfixes and Improvements
- Document and clean up the command-line options for specifying the
node's base directory. (#188, #706, #715, #772, #1108)
- The default node directory for Windows is ".tahoe" in the user's
home directory, the same as on other platforms. (#890)
- Fix a case in which full cap URIs could be logged. (#685, #1155)
- Fix bug in WUI in Python 2.5 when the system clock is set back to
1969. Now you can use Tahoe-LAFS with Python 2.5 and set your
system clock to 1969 and still use the WUI. (#1055)
- Many improvements in code organization, tests, logging,
documentation, and packaging. (#983, #1074, #1108, #1127, #1129,
#1131, #1166, #1175)
2010-09-20 -- pycryptopp v0.5.25
* make setup backwards-compatible to Python 2.4
* fix incompatibilities between setup script and older versions of darcsver
* don't attempt to compile Mac OS X extended attribute files (this fixes the build breaking)
* include a version number of the specific version of Crypto++ in extraversion.h
* small changes to docs
2010-09-18 -- pycryptopp v0.5.20
* fix bugs in assembly implementation of SHA-256 from Crypto++
* fix it to compile on *BSD (#39)
* improve doc strings
* add a quick start-up-self-test of SHA256 (#43)
* execute the quick start-up-self-tests of AES and SHA256 on module import
With the package, \_ in text mode (i.e., \textunderscore) prints an
underscore so that hyphenation of words either side of it is not
affected; a package option controls whether an actual hyphenation point
appears after the underscore, or merely a break point. The package also
arranges that, while in text, '_' itself behaves as \textunderscore (the
behaviour of _ in maths mode is not affected.
Defines a command \titleref that allows you to cross-reference section
(and chapter, etc) titles and captions just like \ref and \pageref. The
package does not interwork with hyperref; if you need hypertext
capabilities, use nameref instead.
Defines a macro \path|...|, similar to the LaTeX \verb|...|, that sets
the text in typewriter font and allows hyphen-less breaks at punctuation
characters. The set of characters to be regarded as punctuation may be
changed from the package's default.
Unfortunately, with recent gcc, the x86 version of mpn fails to build on
Solaris. Add it to Darwin on the list of platforms for which we build a
generic mpn instead.
+ virtual mailboxes: Added support for IDLE notifications.
- master: Don't crash on config reload when using dict processes.
- IMAP: QRESYNC parameters for SELECT weren't handled correctly.
