ISC_DHCP 4.3.3b1 is now available for download

Thomas Markwalder tmark at isc.org
Tue Aug 4 14:55:16 UTC 2015


ISC DHCP 4.3.3b1 is now available for download.

This is the beta release of ISC DHCP 4.3.3, a maintenance
release which contains a number of bug fixes.

Field testing is an important part of our quality process.  We welcome,
and need our user base to beta test our upcoming releases. Please report
bugs to dhcp-bugs at isc.org, and report that you have tried the release,
and any general observations, to dhcp-users at lists.isc.org.

Note Well: In the past our process was to release the beta, then
a week later to release a release candidate and then a week after
that to release the final version.  We concluded that this did
not provide users a large enough window to get the beta, test it
and report any bugs back to us.  In addition the release candidate
didn't serve much purpose.  For this release we are changing our
process.  We shall release the beta and then roughly one month
later (currently scheduled for September 1st) release the final
version.  This schedule may be altered depending on what, if any,
bugs are reported during the beta window.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source distribution.
They can also be found at:

    https://kb.isc.org/article/AA-01285/82/DHCP-4.3.3b1-Release-Notes.html

Knowledge base articles about various features can be found starting from:

    https://kb.isc.org/category/201/0/10/Software-Products/DHCP/Features/

Webinars can be found here:

    http://www.youtube.com/user/ISCdotorg

This release, and its OpenPGP-signatures are available now from:

    https://www.isc.org/downloads/DHCP/

    ftp://ftp.isc.org/isc/dhcp/4.3.3b1/dhcp-4.3.3b1.tar.gz
    ftp://ftp.isc.org/isc/dhcp/4.3.3b1/dhcp-4.3.3b1.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/4.3.3b1/dhcp-4.3.3b1.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/4.3.3b1/dhcp-4.3.3b1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

    http://www.isc.org/about/openpgp/

If you attempt to build DHCP with clang you may get the following
warning while building the included BIND libraries:
clang: warning: optimization flag '-fno-delete-null-pointer-checks' is
not supported
We have addressed this in BIND but the version with the patch was not
yet released when we released DHCP.  This is only a warning and should
not affect the running code.

The following are changes that may be more interesting and require
a bit more explanation.

We have removed the dst directory from the 4.3.x distribution.
This library provided some crypto type functions such as hashing
and signing of packets.  As of 4.2.0 we include a BIND tarball
and use the dst library from there within the DHCP code.  We
continued to ship the previous dst library for those users that
might have included it in their own code, for example in an
OMSHELL like program.  As it has been several years since DHCP
used it we have decided to remove this library from the distribution.
If you do have a program that makes use of the library you should
make a copy from either a previous version of DHCP or from a
current copy of the 4.1-ESV release and include that in your
source control.

In 4.3.2 we added a restriction that a prefix pool must be within
the defining subnet.  Also when we added the class matching code
we assumed a static prefix in a host declaration would be within
a subnet.  After both external and internal discussion we concluded
that these restrictions were inappropriate and we have relaxed them.

In this release we have added a feature that can improve performance
of the DHCPv4 server in some cases.  In general there are two areas
that limit performance 1) writing to disk and 2) searching and updating
the lists that track v4 leases.  The first item can be somewhat addressed
by features such as delayed-ack or by moving your lease file to
a non-volatile ram disk thus avoiding some of the delay in writing
an entry to the lease file.  The second one is addressed by this
new compile time feature "--enable-binary-leases".  This switches
the code to do binary instead of linear searches on the lists storing
the leases and for large lease pools it seems to work well.  We
have chosen to make this a compile time option and default it to
the old style to avoid disruption due to code changes or bugs.
More information can be found at our knowledge base
https://kb.isc.org/article/AA-01283/31/DHCPv4-Server-Performance.html

For several years we have included LDAP code within the distribution.
While this is included in the main source code due to it being
somewhat scattered within the code it is still considered "contrib"
code.  This means that we do not test or verify it and provide minimal
maintenance for it.  We do however have several contributors that use
it and have been maintaining it and they have sent us bug fixes and
enhancements.  We have collected these and done an update of the LDAP
code, though the code will continue to be considered "contrib" and
users use it at their own risk.  We would like to thank the contributors
for their efforts.  For more information see the release note below
or visit the knowledge base article at:
https://kb.isc.org/article/AA-01284/201/LDAP-.html

We have modified the PARANOIA patch to adjust the file permissions
(owner and group) used for the lease file.  In our testing this had
no negative effects.  However, given the range of OSes and security
features, we are not able to test all possible combinations.

The following is the list of all changes for this release.

            Changes since 4.3.2

- The server now does a better check to see if it can allocate the memory
  for large blocks of v4 leases and should provide a slightly better error
  message.  Note well: the server pre-allocates v4 addresses, if you use
  a large range, such as a /8, the server will attempt to use a large
  amount of memory and may not start if there either isn't enough memory
  or the size exceeds what the code supports.
  [ISC-Bugs #38637]

- The server will now reject unicast Request, Renew, Decline, and Release
  messages from a client unless the server would have sent that client the
  dhcp6.unicast option.  This behavior is in compliance with paragraph 1 in
  each of the sections 18.2,1, 18.2.3, 18.2.6, and 18.2.7 of RFC 3315. Prior
  to this, the server would simply accept the messages.  Now, in order for
  the server to accept such a message, the server configuration must include
  the dhcp6.unicast option either globally or within the shared network to
  which the requested lease belongs. In other words, the server will map
  the first IA_XX address found within the client message to a
shared-network
  and look for the presence of the unicast option there and then globally.
  Thanks to Jiri Popelka at Red Hat for this issue and his patch which
  inspired the fix.
  [ISC-Bugs #21235]

- The ATF (Automated Testing Framework) tools used for optional unit tests
  can now be built from its embedded sources in bind, solving the
  atf-run / atf-report issue with recent (>= 0.20) versions of ATF.
  The new configuration option is "./configure --with-atf=bind".
  [ISC-Bugs #38754, #39300]

- Corrected a compilation error introduced by the fix for ISC-Bugs #22806.
  On older linuxes that do not include the tpacket_auxdata structure don't
  bother allocating the cmsgbuf as it isn't necessary and we don't have
  a proper length for it.
  [ISC-Bugs #39209]

- Remove the dst directory.  This was replaced in 4.2.0 with the dst
  code from the Bind libraries but we continued to include it for
  backwards compatibility.  As we have now released 4.3.x it seems
  reasonable to remove it.
  [ISC-Buts #39019]

- Write out the DUID server id on startup in all cases, previously if it
  was read in from server-duid option in the config or lease files for
  DHCPv4 it would not be written to the new lease file.
  [ISC-Bugs #37791]

- When parsing dates for leases convert dates past 2038 to "never".
  This avoids problems with integer overflows in the date and time
  handling code for people that decide to use very large lease times
  or add a lease entry with a date far in the future.
  [ISC-Bugs #33056]

- Leave the siaddr field clear when sending a NACK as per RFC 2131
  table 3.
  [ISC-Bugs #38769]

- In the client don't send expired addresses to the script as part of
  the binding process.  Thanks to Sven Trenkel at Google for reporting
  the issue and suggesting the patch.
  [ISC-Bugs #38631]

- While parsing IPv6 addresses treat "add" as part of the address instead
  of as a token.
  [ISC-Bugs #39529]

- Add support for accessing the v4 lease queues (active, free etc) in a
  binary fashion instead of needing to walk through a linear list to
  insert, find or remove an entry from the queues.  In addition add a
  compile time option "--enable-binary-leases" to enable the new code
  or to continue using the old code.  The old code is the default.
  Thanks to Fernando Soto from BlueCat Networks for the patch.
  [ISC-Bugs #39078]

- Delayed-ack now works properly with Failover. Prior to this, bind updates
  post startup were being queued but never delivered. Among other
things, this
  was causing leases to not transition from expired or released to free.
  [ISC-Bugs #31474]

- Clean up parsing of v6 lease files a bit to avoid infinite loops if the
  lease file is corrupt in certain ways.
  [ISC-Bugs #39760]

- Corrected a crash in dhclient that occurs during lease renewal if the
  client is performing its own DNS updates.  Thanks to Jiri Popelka at
Red Hat
  for the bug report.
  [ISC-Bugs #38639]

- Corrected an issue in v6 lease file parsing. Prior to this, when
encountering
  a lease with an address for which no configured pool exists, the
server was
  declaring the lease file corrupt and incorrectly skipping over the
subsequent
  entry in the file.  The server will now emit a log message indicating that
  no pool was found for the address (or prefix) and correctly resume parsing
  with the next entry in the lease file.  Our thanks to Michal Žejdl for
  reporting the issue.
  [ISC-Bugs #39314]

- Be more liberal in finding a subnet group associated with a static
  prefix.  When we added the class matching code for v6 we also added
  a requirement that the static prefix must be within a subnet the
  client was in, in order to find the proper statements.  We now
  look for a subnet based on the prefix, failing that on the static
  address for the client and failing that on the shared network
  itself.
  [ISC-Bugs #38329]

- Add a new action expression "parse_vendor_options", which can be used
  to parse a vendor-encapsualted-option received by the server based on
  the encoding specified by the vendor-option-space statement.
  [ISC-Bugs #36449]

- Enhance the PARANOIA patch to include fchown() the lease file to
  allow it to be manipulated after the server does a chown().
  Thanks to Jiri Popelka at Red Hat for the patch.
  [ISC-Bugs #36978]

- Relax the requirement that prefix pools must be within the subnet.
  This was added in as part of #32453 in order to avoid configuration
  mistakes but is being removed as prefixes aren't required to be
  within the same subnet and many people configure them in that fashion.
  [ISC-Bugs #40077]

- Fixed a server crash that could occur when the server attempts to remove
  the billing class from the last lease billed to a dynamic class after said
  class has been deleted.
  [ISC-Bugs #39978]

- LDAP Patches - Numerous small patches submitted by contributors have
  been applied to the contributed code which supplies LDAP support.
  In addition, two larger submissions have also been included.  The
  first adds support for IPv6 configuration and the second provides
  GSSAPI authentication. We would like to thank the following for their
  contributions (alphabetically):
    Alex Novak at SUSE
    Bill Parker (wp02855 at gmail dot com)
    Jiri Popelka at Red Hat
    Marius Tomaschewski at SUSE
    (william at adelaide.edu.au), The University of Adelaide
  [ISC-Bugs #39056]
  [ISC-Bugs #22742]
  [ISC-Bugs #24449]
  [ISC-Bugs #28545]
  [ISC-Bugs #29873]
  [ISC-Bugs #30183]
  [ISC-Bugs #30402]
  [ISC-Bugs #32217]
  [ISC-Bugs #32240]
  [ISC-Bugs #33176]
  [ISC-Bugs #33178]
  [ISC-Bugs #36409]
  [ISC-Bugs #36774]
  [ISC-Bugs #37876]

- Handle an out of memory condition in the client a bit better.
  Thanks to Frédéric Perrin from Brocade for finding the issue
  and suggesting a patch.
  [ISC-Bugs #39279]



More information about the dhcp-users mailing list