Internet Systems Consortium DHCP Distribution
- Version 4.4.3
- 26 January 2022
- Release Notes
+ Version 4.4.3-P1
+ ? ????? 2022
+ Release Notes
- NEW FEATURES
+ NEW FEATURES
-Please note that that ISC DHCP is now licensed under the Mozilla Public License,
-MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
-license terms.
+Please note that that ISC DHCP is licensed under the Mozilla Public
+License, MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read
+the MPL 2.0 license terms.
-NOTE: The client and relay components are reaching their End-Of-Life cycle.
-4.4.3 is the final release that features them.
+NOTE: The client and relay components are now End-Of-Life.
+4.4.3 is the final release for those components.
-While release 4.4.3 is primarily a maintenance release that addresses a number
-of issues, it does introduce a few of small new features:
-
-1. BIND libraries updated to the latest 9.11.36. This fixes a number of compilation
- issues on various systems, including OpenWRT.
- [gitlab #218, #171, #180, #192]
-
-2. Improve PRNG initialization. There is now a new configure flag --with-randomdev=PATH
- that specifies the device to read the initial seed from. That is typically
- /dev/random (the default value) or /dev/urandom, but may be other as preferred on
- your system. If this option is enabled, dhclient will use the file as a seed. If
- not, the earlier algorithm (get last 4 bytes of hardware addresses from all network
- interfaces that have them, use current time and process ID).
-
-3. The IPv6-only preferred option, defined in RFC8925, is now supported.
- [gitlab #132]
-
-4. Compilation fixed for gcc-10.
- [gitlab #117]
-
-5. Client fix: wrong argument to memcpy()
- [gitlab #190]
-
-6. The server's limit on the size of lease file that can be loaded at start up
- is now only enforced on 32-bit systems.
- [gitlab #64]
-
-For information on how to install, configure and run this software, as
+For information on how to install, configure, and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
-ISC DHCP uses standard GNU configure for installation. Please review the
-output of "./configure --help" to see what options are available.
+ISC DHCP uses the standard GNU configure command for installation. Please review the
+output of `./configure --help` to see what options are available.
-The system has only been tested on Linux, FreeBSD, and Solaris, and may not
-work on other platforms. Please report any problems and suggested fixes to
-<dhcp-users@isc.org>.
+The system has only been tested on Linux and FreeBSD, and may not work on
+other platforms. Please subscribe to the dhcp-users mailing list at
+https://lists.isc.org/mailman/listinfo/dhcp-users and report any problems
+and/or suggested fixes to dhcp-users@lists.isc.org.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
- Changes since 4.4.2 (New Features)
+ Changes since 4.4.3 (Bug Fixes)
-- BIND9 version updated to latest 9.11.36. Thanks to Philip Prindeville
- for testing on OpenWRT.
- [Gitlab #218]
+! Corrected a reference count leak that occurs when the server builds
+ responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
+ Lab for reporting the issue.
+ [Gitblab #253]
+ CVE: CVS-2022-2928
-- Added support of the new DHCPv4 option v6-only-preferred specified
-in RFC 8925. A new reason code, V6ONLY, was added to the client script
-and the client Linux script sample was updated.
- [Gitlab #132]
+ Changes since 4.4.2-P1 (New Features)
- Changes since 4.4.2 (Bug Fixes)
+- Two new OMAPI function calls were added, `dhcpctl_timed_connect()`
+ and `dhcpctl_timed_wait_for_completion()`. These provide timed
+ versions of creating a connection and waiting for an operation
+ to complete.
+ [GitLab #76]
-- Minor corrections to allow compilation under gcc 10.
- [Gitlab #117]
+- The BIND libraries have been updated to the latest version, 9.11.36. This fixes a number
+ of compilation issues on various systems, including OpenWRT. Thanks to
+ Philip Prindeville for testing on OpenWRT.
+ [GitLab #218, #171, #180, #192]
-- Corrected logic in dhclient that causes it to decline DHCPv4 leases if the
- client script exits abnormally (i.e. crashes).
- [Gitlab #123]
+- Support was added for the new DHCPv4 option v6-only-preferred, specified
+ in RFC 8925. A new reason code, V6ONLY, was added to the client script
+ and the client Linux script sample was updated.
+ [GitLab #132]
-- The limit on the size of lease file that can be loaded at start up
- is now only enforced on 32-bit systems.
- [Gitlab #92]
+ Changes since 4.4.2-P1 (Bug Fixes)
+
+- Minor corrections were made to allow compilation under gcc 10.
+ [GitLab #117]
-- After a report about predictable seeding of transaction identifier
- pseudo-random generation on systems where process identifiers are not
- random the already existing --with-randomdev configure argument was
- extended. Please remember its default is "/dev/random" which is not
- convenient on all systems.
- [Gitlab #197]
+- The logic in dhclient that causes it to decline DHCPv4 leases if the
+ client script exits abnormally (i.e. crashes) has been corrected.
+ [GitLab #123]
-- Minor dhclient code fix to remove compilation warnings.
- [Gitlab #190]
+- The limit on the size of a lease file that can be loaded at startup
+ is now only enforced on 32-bit systems.
+ [GitLab #92]
+
+- The PRNG initialization has been improved. It now uses the configure flag
+ `--with-randomdev=PATH`, which specifies the device from which to read the
+ initial seed. That is typically `/dev/random` (the default value) or
+ `/dev/urandom`, but may be specified otherwise on the local system. The old
+ behavior can be forced by disabling this feature (`--with-randomdev=no`).
+ If the initialization is disabled or reading from the random device fails,
+ the previous algorithm (retrieve the last four bytes of hardware addresses
+ from all network interfaces that have them, and use the current time and
+ process ID) is used.
+ [GitLab #197]
+
+- A minor dhclient code fix was made to remove compilation warnings.
+ [GitLab #190]
+
+- The hard-coded MD5 algorithm name was removed in OMAPI connection logic.
+ Previously, using any other algorithm via a key-algorithm statement would
+ allow OMAPI connections to be made, but subsequent actions such as updating
+ an object would fail.
+ [GitLab #148]
+
+- The parallel build has been improved. Thanks to Sergei Trofimovich for
+ the patch. The parallel build is still experimental, as officially the
+ BIND 9 code does not support the parallel build for libraries.
+ [GitLab #91]
+
+- Handling of LDAP options (`ldap-gssapi-principal` and `ldap-gssapi-keytab`)
+ has been improved. This is contributed code that has not been tested by ISC. Thank
+ you to Petr Mensik and Pavel Zhukov for the patches!
+ [GitLab !56,!75]
+
+- It is now possible to use `option -g ipaddr` in the dhcrelay to replace the giaddr sent to
+ clients with the given ipaddr, to work around bogus clients like Solaris 11
+ grub which use giaddr instead of the announced router (3) to set up their
+ default route. Thanks to Jens Elkner for the patch!
+ [GitLab #223, !86, !92]
+
+ Changes since 4.4.2 (Bug Fixes)
-- Removed hard-coded MD5 algorithm name in OMAPI connection logic. Prior
- to this using any other algorithm via key-algorithm statement would
- allow OMAPI connections to made but subsequent actions such as updating
- an object to fail.
- [Gitlab #148]
+- Corrected a buffer overwrite possible when parsing hexadecimal
+ literals with more than 1024 octets.
+ [Gitlab #182]
+ CVE: CVE-2021-25217
Changes since 4.4.2b1 (Bug Fixes)
- Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
- [#71]
+ [Gitlab #71]
- Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
- [#80]
+ [Gitlab #80]
Changes since 4.4.1 (New Features)