ISC_DHCP 4.3.6 is now available for download.
tmark at isc.org
Mon Jul 31 19:01:09 UTC 2017
ISC DHCP 4.3.6 is now available for download.
This is the release of ISC DHCP 4.3.6, a maintenance
release which contains a number of bug fixes.
Field testing is an important part of our quality process.
Please report bugs to dhcp-bugs at isc.org.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source distribution.
They can also be found at:
Knowledge base articles about various features can be found starting from:
Webinars can be found here:
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Our next major version of ISC DHCP, version 4.4.0, will be re-licensed under
the Mozilla Public License, MPL 2.0. To read the MPL 2.0 license terms,
refer to: https://www.mozilla.org/en-US/MPL/2.0/.
This change will apply to ISC DHCP version 4.4.0 and any 4.4.x
versions already published under the ISC license will remain under the ISC
license. Those unsure whether or not the license change affects their
ISC DHCP, or who wish to discuss how to comply with the license may contact
ISC at info at isc.org or use https://www.isc.org/mission/contact/.
We welcome comments from DHCP users, about this or anything else we do.
Email Vicky Risk, Product Manager at vicky at isc.org or discuss on
dhcp-users at lists.isc.org.
The following is the list of all changes for this release.
Changes since 4.3.6b1
Changes since 4.3.5
- The server now allows the client identifier (option 61) to own leases
in more than one subnet concurrently. Prior to this the server would
incorrectly release an existing lease in one subnet prior to assigning
a lease in another subnet. Note that the prior behavior can be still
be achieved by enabling one-lease-per-client. Thanks to both David Zych at
the University of Illinois and Norm Proffitt of Infoblox for reporting
the issue; and Norm for suggesting a solution.
- When replying to a DHCPINFORM, the server will now include options
at the pool scope, provided the ciaddr field of the DHCPINFORM is
Prior to this the server only evaluated options down to the subnet scope.
Thanks to Fernando Soto at BlueCat Networks for reporting the issue.
- When memory allocation fails in a repeated way the process writes
"Run out of memory." on the standard error and exists with status 1.
- The new lmdb (Lightning Memory DataBase) bind9 configure option is
now disabled by default to avoid the presence of this library to be
detected which can lead to a link failure.
- The linux interface discovery code has been modified to use getifaddrs()
as is done for BSD and OS-X. Prior to this the code would only recognize
the first address on an interface and thereby omit vlans.
Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei
Kong at Novell, who all submitted patches.
- Fixed a bug in OMAPI that causes omshell to crash when a name-value
pair with a zero length value is shipped in an object. Thanks to
Fernando Soto at BlueCat Networks for reporting the issue and
supplying the patch.
- On 64-bit platforms, dhclient now generates the correct value for the
script environment variable, "expiry", the lease expiry value exceeds
0x7FFFFFFF. Prior to this such values would produce negative values
for expiry in the script environment.
- Common timer logic was modified to cap the maximum timeout values at
0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of
range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for
reporting the issue.
- DHCP6 FQDN option unpacking code now correctly handles values that contain
spaces, special, or non-printable characters. Prior to this the buffer
size needed was under estimate causing a conversion error message to
be logged and DNS updates to be skipped. Thanks to Fernando Soto at
BlueCat Networks for bringing the matter to our attention.
- When running in -6 mode, dhclient can enforce the require option statement
and will discard offered leases that do not contain all the required
options specified in the client configuration. If not enabled the client
will still consider such leases. This must be enabled at compile time
(see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to
Mritunjaykumar Dubey at Nokia for reporting the issue.
- Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit
OS systems when using -1 or large values for default-lease-time. Rollover
values will be replaced with 0x7FFFFFFF - 1. This alleviates
short expiration times being handed out when infinite lease times (-1) in
conjunction with failover. Our thanks to Alessandro Gherardi for bringing
the issue to our attention.
- Added new compile time option --with-srv-conf-file which specifies a
default location of the server configuration file.
- Added --dad-wait-time parameter to dhclient. It specifies the maximum
in seconds, that the client process should wait for the duplicate address
detection to complete before initiating DHCP requests. This value is
propagated to the dhclient script and the script is responsible for
the specified amount of time or until DAD has completed. If the script
not support it, specifying this parameter has no effect. The default value
is 0 which specifies that the script should not wait for DAD. With this
change the following scripts have been modified to support the new
freebsd, linux, macos, netbsd, openbsd.
- The server nows checks both the address and length of a prefix delegation
when attempting to match it to a prefix pool. This ensures the server
responds properly when pool configurations change such that once valid,
"in-pool" delegations are now treated as being invalid. During lease
file loading at startup, the server will discard any PD leases that
are deemed "out-of-pool" either by address or mis-matched prefix length.
Clients seeking to renew or rebind such leases will get a response of
No Binding in the case of the former, and the prefix delegation with
lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo
at TDS Telecom for reporting this issue.
- Modified DDNS support initialization such that DNS related ports will
opened by the server (dhcpd) at startup if ddns-update-style is not
by dhclient only if and when the it first attempts an update; and never by
dhcrelay. Prior to this all three always did the initialization at
which causes them to always open on and listen for traffic on two random
ports. Thanks to Rodney Beede for reporting this issue.
- Added error logging to two memory allocation failure checks. Thanks to
Parker (wp02855 at gmail dot com) for reporting the issue.
- Corrected a dhclient -6 issue that caused the client to crash with an
"Impossible condition" error after de-preferencing its only IA binding.
The crash occurred when server configuration changes rendered the existing
binding out-of-range and no other leases were available to offer. Thanks
to Pierre Clerissi for bringing this issue to our attention.
- By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will
now call the script with reason set to FAIL when run with -1 (one try) and
there are no server responses. This applies to IPv4 mode only. Thanks
patch by Martin Pitt which got to us via Andrew Pollock.
- The server now detects failover peers that are not referenced in at least
one pool when run with the command line option for test mode, -T.
this the check was performed too far down stream to be detected in
- Linux script updated. The script is now based on Debian version. It uses
ip tool from iproute2 package and ifconfig is no longer used. This also
addresses an issue of calling arping with inappropriate parameter.
- Changed severity of the log message indicating UDP checksum errors in
the received packets from 'info' to 'debug' to avoid logging excessive
number of false positives when UDP checksum offloading is enabled.
- The directory minires has been removed from the source tree. It has
long been obsolete for branches other than v4_1_esv. Additionally,
includes/minires.h was renamed includes/ns_name.h.
- Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias"
for IPv6 mode in the client scripts, netbsd and openbsd. This was
preventing IPv6 addresses from being added or removed from interfaces.
Thanks to Tim Dean for reporting the issue.
More information about the dhcp-announce