From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] dhcp: Update to 4.4.2
Date: Tue, 20 Apr 2021 15:17:45 +0100
Message-ID: <57813C47-FBB9-4C7A-A17D-623A30813735@ipfire.org>
In-Reply-To: <2c815b04-9ca0-91cc-13ae-89506aef7faf@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6876153802229757033=="
List-Id: <development.lists.ipfire.org>

--===============6876153802229757033==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

No problem.

And you are right. Weirdly dhcpcd has issues too and we cannot upgrade it now.

-Michael

> On 20 Apr 2021, at 13:26, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>=20
> =EF=BB=BFHi Michael,
>=20
>> On 20/04/2021 11:12, Michael Tremer wrote:
>> Hello,
>> This update has been submitted a couple of times and it breaks the build o=
n ARM.
>> The problem is the bundled version of bind and we probably should wait for=
 the next release which comes with an updated version of bind.
> Sorry, my error. I thought it was dhcpcd that had the problem.
>=20
> Regards,
> Adolf.
>> -Michael
>>>> On 19 Apr 2021, at 21:57, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>=20
>>> - Update from 4.4.1 to 4.4.2
>>> - Changelog
>>> While release 4.4.2 is primarily a maintenance release that addresses a n=
umber
>>> of defects, it does introduce a few new features:
>>> - Keama - Keama is a migration utility that assists in converting ISC DHCP
>>>  server configuration files to Kea configuration files.  It is found in t=
he
>>>  keama subdirectory and includes a README.md file with instructions on how
>>>  to build it as well as a manpage on its usage.
>>> - Two new server parameters related to ping checking were added:
>>> 1. ping-cltt-secs which allows the user to specify the number of seconds
>>>   that must elapse since CLTT before a ping check is conducted.
>>> 2. ping-timeout-ms which allows the user to specify the amount of time the
>>>   server waits for a ping-check response in milliseconds rather than in
>>>   seconds.
>>> Dynamic DNS Improvements:
>>> - We added three new server configuration parameters which influence DDNS
>>>  conflict resolution:
>>>    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
>>>    to mitigate issues with non-compliant clients in dual stack environmen=
ts.
>>>    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
>>>    requirement of DNS conflict resolution.
>>>    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior=
 to
>>>    allow unguarded DNS entries to be overwritten in certain cases
>>> - The server now honors update-static-leases parameter for static DHCPv6
>>>  hosts.
>>> dhclient Improvements:
>>>  - We've added three command line parameters to dhclient:
>>>    1. --prefix-len-hint - directs dhclient to use the given length as
>>>    the prefix length hint when requesting prefixes
>>>    2. --decline-wait-time - instructs the client to wait the given number
>>>    of seconds after declining an IPv4 address before issuing a discover
>>>    3. --address-prefix-len - specifies the prefix length passed by dhclie=
nt
>>>    into the client script (via the environment variable ip6_prefixlen) wi=
th
>>>    each IPv6 address.  We added this parameter because we have changed the
>>>    default value from 64 to 128 in order to be compliant with RFC3315bis
>>>    draft (-09, page 64) and RFC5942, Section 4, point 1.
>>>    **WARNING**: The new default value of 128 may not be backwardly compat=
ible
>>>    with your environment. If you are operating without a router, such as
>>>    between VMs on a host, you may find they cannot see each other with pr=
efix
>>>    length of 128. In such cases, you'll need to either provide routing or=
 use
>>>    the command line parameter to set the value to 64. Alternatively you m=
ay
>>>    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_=
LEN
>>>    in includes/site.h.
>>>  - dhclient will now generate a DHCPv6 DECLINE message when the client sc=
ript
>>>    indicates a DAD failure
>>> Dynamic shared library support:
>>>  Configure script, configure.ac+lt, which supports libtool is now provided
>>>  with the source tar ball.  This script can be used to configure ISC DHCP
>>>  to build with libtool and thus use dynamic shared libraries.
>>> Other Highlights:
>>> - The server now supports dhcp-cache-threshold for DHCPv6 operations
>>> - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
>>> - Experimental support for alternate relay port in the both the server
>>>   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
>>> Changes since 4.4.2b1 (Bug Fixes)
>>> - Added a clarification on DHCPINFORMs and server authority to
>>>  dhcpd.conf.5
>>>  [Gitlab #37]
>>> - Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
>>>  is defined.
>>>  [Gitlab #72]
>>> - Added the interface name to socket initialization failure log messages.
>>>  Prior to this the log messages stated only the error reason without
>>>  stating the target interface.
>>>  [Gitlab #75]
>>> - Corrected buffer pointer logic in dhcrelay functions that manipulate
>>>  agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
>>>  & Mitigations for reporting the issue.
>>>  [#71]
>>> - Corrected unresolved symbol errors building relay_unittests when
>>>  configured to build using libtool.
>>>  [#80]
>>> Changes since 4.4.1 (New Features)
>>> - A new configuration parameter, ping-cltt-secs (v4 operation only), has
>>>  been added to allow the user to specify the number of seconds that must
>>>  elapse since CLTT before a ping check is conducted.  Prior to this, the
>>>  value was hard coded at 60 seconds.  Please see the server man pages for
>>>  a more detailed discussion.
>>>  [ISC-Bugs #36283]
>>> - A new configuration parameter, ping-timeout-ms (v4 operation only),
>>>  has been added that allows the user to specify the amount of time
>>>  the server waits for a ping-check response in milliseconds rather
>>>  than in seconds (via ping-timeout). When greater than zero, the value
>>>  of ping-timeout-ms will override the value of ping-timeout.  Thanks
>>>  to Jay Doran from Bluecat Networks for suggesting this feature.
>>>  [Gitlab #10]
>>> - An experimental tool called, Keama (KEA Migration Assistant), which hel=
ps
>>>  translate ISC DHCP configurations to Kea configurations, is now included
>>>  in the distribution.
>>>  [Gitlab #34]
>>> Changes since 4.4.1 (Bug Fixes)
>>> - Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
>>>  carried out over TCP rather than UDP. The coding error was exposed by
>>>  migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
>>>  reporting the issue.
>>>  [ISC-Bugs #47757]
>>> - Bind9 now defaults to requiring python to build. The Makefile for
>>>  building Bind9 when bundled with ISC DHCP was modified to turn off
>>>  this dependency.
>>>  [Gitlab #3]
>>> - Corrected a dual-stack mixed-mode issue that occurs when both
>>>  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
>>>  are enabled and that caused the server to incorrectly interpret
>>>  the presence of a guard record belonging to another client as
>>>  a case of no guard record at all.  Thanks to Fernando Soto
>>>  from BlueCat Networks for reporting this issue.
>>>  [Gitlab #1]
>>> - Corrected a compilation issue that occurred when building without DNS
>>>  update ability (e.g. by undefining NSUPDATE).
>>>  [Gitlab #16]
>>> - Corrected an issue that was causing the server, when running in
>>>  DHPCv4 mode, to segfault when class lease limits are reached.
>>>  Thanks to Peter Nagy at Porion-Digital for reporting the matter
>>>  and submitting a patch.
>>>  [Gitlab #13]
>>> - Made minor changes to eliminate warnings when compiled with GCC 9.
>>>  Thanks to Brett Neumeier for bringing the matter to our attention.
>>>  [Gitlab #15]
>>> - Fixed potential memory leaks in parser error message generation
>>>  spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
>>>  [Gitlab #30]
>>> - Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
>>>  to Tommy Smith for contributing the patch.
>>>  [Gitlab #26]
>>> - Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
>>>  reporting the issue.
>>>  [GitLab #19]
>>> - Applied a patch from OpenBSD to always set the scope id of outbound
>>>  DHPCv6 packets.  Note this change only applies when compiling under
>>>  OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
>>>  attention.
>>>  [Gitlab #33]
>>> - Modified dhclient to not discard config file leases that are
>>>  duplicates of server-provided leases and to retain such leases
>>>  after they have been used as the fallback active lease and
>>>  DHCP service has been restored.  This allows them to be used
>>>  more than once during the lifetime of a dhclient instance.
>>>  This applies to DHCPv4 operation only.
>>>  [Gitlab #9]
>>> - Corrected a number of reference counter and zero-length buffer leaks.
>>>  Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
>>>  pointing them out.
>>>  [Gitlab #57]
>>> - Closed a small window of time between the installation of graceful
>>>  shutdown signal handlers and application context startup, during which
>>>  the receipt of shutdown signal would cause a REQUIRE() assertion to
>>>  occur.  Note this issue is only visible when compiling with
>>>  ENABLE_GENTLE_SHUTDOWN defined.
>>>  [Gitlab #53]
>>> - Corrected a buffer overflow that can occur when retrieving zone
>>>  names that are more than 255 characters in length.
>>>  [Gitlab #20]
>>> - The "d" domain name option format was incorrectly handled as text
>>>  instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
>>>  for reporting this issue.
>>>  [Gitlab #2]
>>> - Improved the error message issued when a host declaration has both
>>>  a uid and a dhcp-client-identifier. Server configuration parsing will
>>>  now fail if a host declaration specifies more than one uid.
>>>  [Gitlab #7]
>>> - Updated developer's documentation on building and running unit tests.
>>>  Removed support for --with-atf=3Dbind as BIND9 no longer bundles in ATF
>>>  source.
>>>  [Gitlab #35]
>>> - Fixed a syntax error in ldap.c which cropped up under Ubuntu
>>>  18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
>>>  [Gitlab #51]
>>> - Added clarification to dhcp-options.5 section on ip-address values
>>>  describing the first-use DNS resolution of options with hostnames as
>>>  values (e.g. next-server).
>>>  [Gitlab #28]
>>> - The option format for the server option omapi-key was changed to a
>>>  format type 'k' (key name); while server options ldap-port and
>>>  ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
>>>  three options were inadvertantly broken when the 'd' format content
>>>  was changed to comply with RFC 1035 wire format (see Gitlab #2).
>>>  [Gitlab #68]
>>>=20
>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>> ---
>>> lfs/dhcp | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>=20
>>> diff --git a/lfs/dhcp b/lfs/dhcp
>>> index 5cf7e3545..d60e04727 100644
>>> --- a/lfs/dhcp
>>> +++ b/lfs/dhcp
>>> @@ -24,7 +24,7 @@
>>>=20
>>> include Config
>>>=20
>>> -VER        =3D 4.4.1
>>> +VER        =3D 4.4.2
>>>=20
>>> THISAPP    =3D dhcp-$(VER)
>>> DL_FILE    =3D $(THISAPP).tar.gz
>>> @@ -42,7 +42,7 @@ objects =3D $(DL_FILE)
>>>=20
>>> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>>>=20
>>> -$(DL_FILE)_MD5 =3D 18c7f4dcbb0a63df25098216d47b1ede
>>> +$(DL_FILE)_MD5 =3D 2afdaf8498dc1edaf3012efdd589b3e1
>>>=20
>>> install : $(TARGET)
>>>=20
>>> --=20
>>> 2.31.1
>>>=20
>=20
> --=20
> Sent from my laptop

--===============6876153802229757033==--