Documentation, copyright, and version updates for 3.0.4 final.

- 'atsfp' now the first thing people see in the RELNOTES.
- 'infamous42md's security patches now identified as such.
- remote-port dhcpd.conf directive now documented.
- the printf()'d copyrights are now 2004-2006.

7 files changed, 82 insertions, 19 deletions

diff --git a/README b/README
index 0bdfa1a0..0e26692a 100644
--- a/README
+++ b/README
@@ -1,6 +1,6 @@
 	       Internet Systems Consortium DHCP Distribution
-			    Version 3.0.4rc1
-			     March 9, 2006
+			      Version 3.0.4
+			      April 27, 2006
 
 			      README FILE
 
diff --git a/RELNOTES b/RELNOTES
index 921c4dd9..2dd19570 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,11 +1,48 @@
 	      Internet Systems Consortium DHCP Distribution
-			    Version 3.0.4rc1
-			     March 9, 2006
+			     Version 3.0.4
+			     April 27, 2006
 
 			     Release Notes
 
 			     NEW FEATURES
 
+FAILOVER:  As of version 3.0.4, ISC has included a fix for an insidious
+bug in the failover implementation which, if left unchecked, could result
+in tying up all leases in transitional states (such as released, reset, or
+expired).  The crux of the problem is the lack of retransmission of leases
+that rest in these states.  The only way to solve this problem is to carry
+additional state on the lease data structures to indicate acknowledgement
+state.
+
+To these ends, 'ATSFP', or Actual Time Sent From Peer, is now included
+on lease state structures found in your dhcpd.leases file.  This value
+is identical to TSFP - the exception is that it is zeroed upon every
+change to a lease that would necessitate a binding update, and it is
+what is used to govern retransmission.
+
+The presence of this new value on lease state structures presents an
+operational dilemma.  Since a zero value is normal, and there is no way
+to version the dhcpd.leases file, if you simply start dhcpd 3.0.4 using
+a dhcpd.leases file written by a pre-3.0.4 daemon, it will cause the
+daemon to retransmit -all- leases upon connecting the failover channel
+(the zero value is sensed to cause a retransmission).
+
+This is harmless, or even beneficial if your lease databases are slightly
+out of sync, but undesirable if you have a very large number of
+failover-controlled leases.  
+
+As a workaround, simply synthesize an 'atsfp' dhcpd.leases entry for each
+lease from the most recent 'tsfp' value.  For example (all on one line):
+
+	awk '/^  tsfp / { printf("%s\n  atsfp %s %s %s\n", $0, $2, $3, $4);
+			next; } // { print $0; }' /var/db/dhcpd.leases
+
+Similarly, in the event it is necessary to downgrade from 3.0.4 to any
+previous version, the atsfp values will need to be removed in order to
+successfully start:
+
+	grep -v '^  atsfp ' /var/db/dhcpd.leases
+
 Version 3 of the ISC DHCP Distribution includes the following features
 that are new since version 2.0:
 
@@ -108,10 +145,19 @@ and for prodding me into improving it.
   PAD options - it was suppressing only one trailng PAD option, rather
   than the entire block of them.
 
-- Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
-  option addition and stripping code.  Added a few sanity checks.
-
-- Added some sanity checks to OMAPI connection/authentication code.
+! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
+  option addition and stripping code.  Added a few sanity checks.  Although
+  highly improbable, due to requiring the reception of a DHCP datagram well
+  in excess of all known to be used physical MTU limitations, it is possible
+  this may have been used in a stack overflow security vulnerability.  Thanks
+  to a patch from infamous42md.
+
+! Added some sanity checks to OMAPI connection/authentication code.
+  Although highly improbable, due to having to deliver in excess of 2^32
+  bytes of data via the OMAPI channel, not to mention requiring dhcpd to
+  be able to malloc() a memory region 2^32 bytes in size, it was possible
+  this might have resulted in a heap overflow security vulnerability.
+  Thanks to a patch from infamous42md.
 
 - dmalloc() memset()'s the non-debug (data) portion of the allocated
   memory to zero.  Code that memset()'s the result returned by dmalloc() to
diff --git a/client/dhclient.c b/client/dhclient.c
index 7df71df2..db4afab4 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -32,7 +32,7 @@
 
 #ifndef lint
 static char ocopyright[] =
-"$Id: dhclient.c,v 1.129.2.31 2006/02/22 22:43:27 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium.  All rights reserved.\n";
+"$Id: dhclient.c,v 1.129.2.32 2006/04/27 21:38:29 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium.  All rights reserved.\n";
 #endif /* not lint */
 
 #include "dhcpd.h"
@@ -61,10 +61,10 @@ struct in_addr giaddr;
    assert (state_is == state_shouldbe). */
 #define ASSERT_STATE(state_is, state_shouldbe) {}
 
-static char copyright[] = "Copyright 2004-2005 Internet Systems Consortium.";
+static char copyright[] = "Copyright 2004-2006 Internet Systems Consortium.";
 static char arr [] = "All rights reserved.";
 static char message [] = "Internet Systems Consortium DHCP Client";
-static char url [] = "For info, please visit http://www.isc.org/products/DHCP";
+static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
 
 u_int16_t local_port=0;
 u_int16_t remote_port=0;
diff --git a/includes/version.h b/includes/version.h
index db6f1a83..e313595c 100644
--- a/includes/version.h
+++ b/includes/version.h
@@ -1,3 +1,3 @@
 /* Current version of ISC DHCP Distribution. */
 
-#define DHCP_VERSION	"V3.0.4rc1"
+#define DHCP_VERSION	"V3.0.4"
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 2500ebaf..0552409f 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -3,7 +3,7 @@
    DHCP/BOOTP Relay Agent. */
 
 /*
- * Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1997-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -34,7 +34,7 @@
 
 #ifndef lint
 static char ocopyright[] =
-"$Id: dhcrelay.c,v 1.52.2.11 2005/08/11 23:12:41 dhankins Exp $ Copyright (c) 2004-2005 Internet Systems Consortium.  All rights reserved.\n";
+"$Id: dhcrelay.c,v 1.52.2.12 2006/04/27 21:38:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium.  All rights reserved.\n";
 #endif /* not lint */
 
 #include "dhcpd.h"
@@ -97,7 +97,7 @@ struct server_list {
 	struct sockaddr_in to;
 } *servers;
 
-static char copyright [] = "Copyright 2004-2005 Internet Systems Consortium.";
+static char copyright [] = "Copyright 2004-2006 Internet Systems Consortium.";
 static char arr [] = "All rights reserved.";
 static char message [] = "Internet Systems Consortium DHCP Relay Agent";
 static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
diff --git a/server/dhcpd.c b/server/dhcpd.c
index abb4656b..f286786f 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -3,7 +3,7 @@
    DHCP Server Daemon. */
 
 /*
- * Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -34,11 +34,11 @@
 
 #ifndef lint
 static char ocopyright[] =
-"$Id: dhcpd.c,v 1.115.2.16 2005/03/03 16:55:24 dhankins Exp $ Copyright 2004-2005 Internet Systems Consortium.";
+"$Id: dhcpd.c,v 1.115.2.17 2006/04/27 21:38:30 dhankins Exp $ Copyright 2004-2006 Internet Systems Consortium.";
 #endif
 
   static char copyright[] =
-"Copyright 2004-2005 Internet Systems Consortium.";
+"Copyright 2004-2006 Internet Systems Consortium.";
 static char arr [] = "All rights reserved.";
 static char message [] = "Internet Systems Consortium DHCP Server";
 static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5
index 802386d3..2de98f64 100644
--- a/server/dhcpd.conf.5
+++ b/server/dhcpd.conf.5
@@ -28,7 +28,7 @@
 .\" see ``http://www.vix.com''.   To learn more about Nominum, Inc., see
 .\" ``http://www.nominum.com''.
 .\"
-.\" $Id: dhcpd.conf.5,v 1.63.2.28 2005/09/12 15:01:47 dhankins Exp $
+.\" $Id: dhcpd.conf.5,v 1.63.2.29 2006/04/27 21:38:30 dhankins Exp $
 .\"
 .TH dhcpd.conf 5
 .SH NAME
@@ -2198,6 +2198,23 @@ If no value is set, ping-timeout defaults to 1 second.
 .RE
 .PP
 The
+.I remote-port
+statement
+.RS 0.25i
+.PP
+.B remote-port \fIport\fB;\fR
+.PP
+This statement causes the DHCP server to transmit DHCP responses to DHCP
+clients upon the UDP port specified in \fIport\fR, rather than on port 68.
+In the event that the UDP response is transmitted to a DHCP Relay, the
+server generally uses the \fBlocal-port\fR configuration value.  Should the
+DHCP Relay happen to be addressed as 127.0.0.1, however, the DHCP Server
+transmits its response to the \fBremote-port\fR configuration value.  This
+is generally only useful for testing purposes, and this configuratoin value
+should generally not be used.
+.RE
+.PP
+The
 .I server-identifier
 statement
 .RS 0.25i