into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
that use-sockets feature was not tested on those systems. Client and
server code no longer use MAX_PATH constant that is not defined on
GNU/Hurd systems. [ISC-Bugs 25979]
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvai respone.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2, to enable the previous style see the
seciton on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the txt and ptr records
weren't removed from the DNS.
[ISC-BUGS #27858]
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
[ISC-Bugs #27078]
CVE: CVE-2011-4868
when removing DDNS information, so that we will continue with the
processing if we have a lease even if it doesn't have an outstanding
transaction. [ISC-Bugs #24682]
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
processing if the configuration included overlapping pools or
multiple fixed-address entries for a single address. This issue
affected both IPv4 and IPv6. The fix allows a server to detect such
conditions, provides the user with extra information and recommended
steps to fix the problem. If the user enables the appropriate option
in site.h then server will be terminated
buffer space for bootp and use a better constant - DHCP packet
size instead of DHCP packet size + udp and iP headers.
Check that we have a packet->options structure before using it.
Only process packets that are longer than a bootp fixed packet
including server and file names. Previously we allowed for
shorter packets but that wasn't working and nobody noticed.
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
has elapsed (default 25%), the server will reuse the allocated lease
(provide a lease within the currently allocated lease-time) rather
than extend or renew the lease. This absolves the server of needing
to perform an fsync() operation on the lease database before reply,
which improves performance. [ISC-Bugs #22228]
[ISC-Bugs #23470] - Modify when an ignore return macro is defined to
handle unsed error return warnings for more versions of gcc.
[ISC-Bugs #23196] - Modify the reply handling in the server code to
send to a specified port rather than to the source port for the incoming
message. Sending to the source port was test code that should have
been removed. The previous functionality may be restored by defining
REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
enable this except for testing purposes.
[ISC-Bugs #22695] - Close a file descriptor in an error path.
[ISC-Bugs #19368] - Tidy up variable types in validate_port.
[ISC-Bugs #17959] add text to AIX section describing how to have it send
responses to the all-ones address.
[ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct
[ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS
- set initial delay to 0 to speed up client start
- added 'initial-delay' parameter to possibly revert to old behavior
- better handling of very short (1 or 2s) leases
- client lease records are recorded at most once every 15 seconds
- ICMP ping-check is now timed more precisely
- Servers that don't offer lease-time are now black-listed
[ISC-Bugs #19660]
to disable writing a pid file. Add the option "-pf pidfile"
to the relay to allow the user to supply the pidfile name at
runtime. Add the "with-relay6-pid-file" option to configure
to allow the user to supply the pidfile name for the relay
in v6 mode at configure time.
[ISC-Bugs #23351] [ISC-Bugs #17541]
an address that is tagged as abondened (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crshing on an assert failure. Also retag the lease as active
and reset it's timeout value.
[ISC-Bugs #21921]
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. [ISC-Bugs #22679]
CERT: VU#159528 CVE: CVE-2010-3616
the end of the max-life and preferred-life clauses. In order to be
backwards compatible with older lease files not finding a semi-colon
is also accepted. [ISC-Bugs #22303].
