has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
processing if the configuration included overlapping pools or
multiple fixed-address entries for a single address. This issue
affected both IPv4 and IPv6. The fix allows a server to detect such
conditions, provides the user with extra information and recommended
steps to fix the problem. If the user enables the appropriate option
in site.h then server will be terminated
buffer space for bootp and use a better constant - DHCP packet
size instead of DHCP packet size + udp and iP headers.
Check that we have a packet->options structure before using it.
Only process packets that are longer than a bootp fixed packet
including server and file names. Previously we allowed for
shorter packets but that wasn't working and nobody noticed.
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
[ISC-Bugs #23470] - Modify when an ignore return macro is defined to
handle unsed error return warnings for more versions of gcc.
[ISC-Bugs #23196] - Modify the reply handling in the server code to
send to a specified port rather than to the source port for the incoming
message. Sending to the source port was test code that should have
been removed. The previous functionality may be restored by defining
REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
enable this except for testing purposes.
[ISC-Bugs #22695] - Close a file descriptor in an error path.
[ISC-Bugs #19368] - Tidy up variable types in validate_port.
now be correctly written to dhcpd.leases
- If a 'next-server' parameter is configured in a dynamic host record via
OMAPI as a domain name, the syntax written to disk is now correctly parsed
upon restart. [ISC-Bugs #22266]
- set initial delay to 0 to speed up client start
- added 'initial-delay' parameter to possibly revert to old behavior
- better handling of very short (1 or 2s) leases
- client lease records are recorded at most once every 15 seconds
- ICMP ping-check is now timed more precisely
- Servers that don't offer lease-time are now black-listed
[ISC-Bugs #19660]
IPv4 options which contain IPv6 address to be specified. For example
the 6rd option can be specified and use like this:
option 6rd code 212 = { integer 8, integer 8,
ip6-address, array of ip-address };
option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
flag indicating an optional value correctly. A symptom of this
bug was an infinite loop when trying to parse the slp-service-scope
option. Thanks to a patch from Marius Tomaschewski.
[ISC-Bugs #22055]
Passing it through to the handlers caused the omshell program to fail
to connect to the server. [ISC-Bugs #21839]
Fix the paranthesis in the code to process configuration statements
beginning with "auth". The previous arrangement caused
"auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
[ISC-Bugs #20418] - Some systems don't support the "%s" argument to
strftime, paste together the same string using mktime instead.
[ISC-Bugs #19596] - When parsing iaid values accept printable
characters.
[ISC-Bugs #21585] - Always print time values in omshell as hex
instead of ascii if the values happen to be printable characters.
Correct error handling in DLPI [ISC-Bugs #20378]
Remove __sun__ and __hpux__ typedefs in osdep.h as they are now being
checked in configure. [ISC-Bugs #20443]
Modify how the cmsg header is allocated the v6 send and received routines
to compile on more compilers. [ISC-Bugs #20524]
When parsing a domain name free the memory for the name after we are
done with it. [ISC-Bugs #20824]
[ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
the name to be at the apex of the zone.
[ISC-Bugs #19617] Restrict length of interface name read from command line
in dhcpd - based on a patch from David Cantrell at Red Hat.
[ISC-Bugs #20039] Correct some error messages in dhcpd.c
[ISC-Bugs #20070] Better range check on values when creating a DHCID.
[ISC-Bugs #20198] Avoid writing past the end of the field when adding
overly long file or server names to a packet and add a log message
if the configuration supplied overly long names for these fields.
[ISC-Bugs #21497] Add a little more randomness to rng seed in client
[ISC-Bugs #20265] [ISC-Bugs #20259] minor cleanup
[ISC-Bugs #20263] add text describing some default values
[ISC-Bugs #20193] single quotes at the start of a line indicate a control
line to nroff, escape them if we actually want a quote.
[ISC-Bugs #18916] sync the pointer to web pages amongst the different docs
Brian Masney and S.Kalyanasundraram and maintained for application to
the DHCP-4 sources by David Cantrell has been included. Please be
advised that these sources were contributed, and do not yet meet the
high standards we place on production sources we include by default.
As a result, the LDAP features are only included by using a compile-time
option which defaults off, and if you enable it you do so under your
own recognizance. We will be improving this software over time.
[ISC-Bugs #17741]
DDNS code to use the bind libraries. This patch fixes that breakage and
includes support for the new DDNS code. This patch also deletes some dead
code and neatens up some log messages.
which permits a DHCP server operating in communications-interrupted state
to 'rewind' a lease to the state most recently transmitted to its peer,
greatly increasing a server's endurance in communications-interrupted.
This is supported using a new 'rewind state' record on the dhcpd.leases
entry for each lease. [ISC-Bugs #19601]
