length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
that use-sockets feature was not tested on those systems. Client and
server code no longer use MAX_PATH constant that is not defined on
GNU/Hurd systems. [ISC-Bugs 25979]
[ISC-Bugs #22625] - properly print options that have several fields
followed by an array of something for example "fIa"
[ISC-Bugs #27289] - properly parse options in declarations that have
several fields followed by an array of something for example "fIa"
[ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file. Thanks to Marius Tomaschewski from SUSE for the report
and prototype patch for this ticket as well as ticket 27289.
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
processing if the configuration included overlapping pools or
multiple fixed-address entries for a single address. This issue
affected both IPv4 and IPv6. The fix allows a server to detect such
conditions, provides the user with extra information and recommended
steps to fix the problem. If the user enables the appropriate option
in site.h then server will be terminated
buffer space for bootp and use a better constant - DHCP packet
size instead of DHCP packet size + udp and iP headers.
Check that we have a packet->options structure before using it.
Only process packets that are longer than a bootp fixed packet
including server and file names. Previously we allowed for
shorter packets but that wasn't working and nobody noticed.
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
[ISC-Bugs #23470] - Modify when an ignore return macro is defined to
handle unsed error return warnings for more versions of gcc.
[ISC-Bugs #23196] - Modify the reply handling in the server code to
send to a specified port rather than to the source port for the incoming
message. Sending to the source port was test code that should have
been removed. The previous functionality may be restored by defining
REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
enable this except for testing purposes.
[ISC-Bugs #22695] - Close a file descriptor in an error path.
[ISC-Bugs #19368] - Tidy up variable types in validate_port.
now be correctly written to dhcpd.leases
- If a 'next-server' parameter is configured in a dynamic host record via
OMAPI as a domain name, the syntax written to disk is now correctly parsed
upon restart. [ISC-Bugs #22266]
- set initial delay to 0 to speed up client start
- added 'initial-delay' parameter to possibly revert to old behavior
- better handling of very short (1 or 2s) leases
- client lease records are recorded at most once every 15 seconds
- ICMP ping-check is now timed more precisely
- Servers that don't offer lease-time are now black-listed
[ISC-Bugs #19660]
IPv4 options which contain IPv6 address to be specified. For example
the 6rd option can be specified and use like this:
option 6rd code 212 = { integer 8, integer 8,
ip6-address, array of ip-address };
option 6rd 16 10 2001:: 1.2.3.4, 5.6.7.8;
flag indicating an optional value correctly. A symptom of this
bug was an infinite loop when trying to parse the slp-service-scope
option. Thanks to a patch from Marius Tomaschewski.
[ISC-Bugs #22055]
Passing it through to the handlers caused the omshell program to fail
to connect to the server. [ISC-Bugs #21839]
Fix the paranthesis in the code to process configuration statements
beginning with "auth". The previous arrangement caused
"auto-partner-down" to be processed incorrectly. [ISC-Bugs #21854]
