Version 4.4.2
                            22 January 2020
                             Release Notes

                              NEW FEATURES

Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.

While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:

- Keama - Keama is a migration utility that assists in converting ISC DHCP
  server configuration files to Kea configuration files.  It is found in the
  keama subdirectory and includes a README.md file with instructions on how
  to build it as well as a manpage on its usage.

- Two new server parameters related to ping checking were added:

1. ping-cltt-secs which allows the user to specify the number of seconds
   that must elapse since CLTT before a ping check is conducted.

2. ping-timeout-ms which allows the user to specify the amount of time the
   server waits for a ping-check response in milliseconds rather than in
   seconds.

In general, the areas of focus for ISC DHCP 4.4 were:

1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries

Dynamic DNS Improvements:

- We added three new server configuration parameters which influence DDNS
  conflict resolution:

    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
    to mitigate issues with non-compliant clients in dual stack environments.

    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
    requirement of DNS conflict resolution.

    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
    allow unguarded DNS entries to be overwritten in certain cases

- The server now honors update-static-leases parameter for static DHCPv6
  hosts.

dhclient Improvements:

  - We've added three command line parameters to dhclient:

    1. --prefix-len-hint - directs dhclient to use the given length as
    the prefix length hint when requesting prefixes

    2. --decline-wait-time - instructs the client to wait the given number
    of seconds after declining an IPv4 address before issuing a discover

    3. --address-prefix-len - specifies the prefix length passed by dhclient
    into the client script (via the environment variable ip6_prefixlen) with
    each IPv6 address.  We added this parameter because we have changed the
    default value from 64 to 128 in order to be compliant with RFC3315bis
    draft (-09, page 64) and RFC5942, Section 4, point 1.
    **WARNING**: The new default value of 128 may not be backwardly compatible
    with your environment. If you are operating without a router, such as
    between VMs on a host, you may find they cannot see each other with prefix
    length of 128. In such cases, you'll need to either provide routing or use
    the command line parameter to set the value to 64. Alternatively you may
    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
    in includes/site.h.

  - dhclient will now generate a DHCPv6 DECLINE message when the client script
    indicates a DAD failure

Dynamic shared library support:

  Configure script, configure.ac+lt, which supports libtool is now provided
  with the source tar ball.  This script can be used to configure ISC DHCP
  to build with libtool and thus use dynamic shared libraries.

Other Highlights:

 - The server now supports dhcp-cache-threshold for DHCPv6 operations
 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
 - Experimental support for alternate relay port in the both the server
   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)

For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.

ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.

The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.

ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).

		Changes since 4.4.2b1 (Bug Fixes)

- Added a clarification on DHCPINFORMs and server authority to
  dhcpd.conf.5
  [Gitlab #37]

- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
  is defined.
  [Gitlab #72]

- Added the interface name to socket initialization failure log messages.
  Prior to this the log messages stated only the error reason without
  stating the target interface.
  [Gitlab #75]

- Corrected buffer pointer logic in dhcrelay functions that manipulate
  agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
  & Mitigations for reporting the issue.
  [#71]

- Corrected unresolved symbol errors building relay_unittests when
  configured to build using libtool.
  [#80]

		Changes since 4.4.1 (New Features)

- A new configuration parameter, ping-cltt-secs (v4 operation only), has
  been added to allow the user to specify the number of seconds that must
  elapse since CLTT before a ping check is conducted.  Prior to this, the
  value was hard coded at 60 seconds.  Please see the server man pages for
  a more detailed discussion.
  [ISC-Bugs #36283]

- A new configuration parameter, ping-timeout-ms (v4 operation only),
  has been added that allows the user to specify the amount of time
  the server waits for a ping-check response in milliseconds rather
  than in seconds (via ping-timeout). When greater than zero, the value
  of ping-timeout-ms will override the value of ping-timeout.  Thanks
  to Jay Doran from Bluecat Networks for suggesting this feature.
  [Gitlab #10]

- An experimental tool called, Keama (KEA Migration Assistant), which helps
  translate ISC DHCP configurations to Kea configurations, is now included
  in the distribution.
  [Gitlab #34]

		Changes since 4.4.1 (Bug Fixes)

- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
  carried out over TCP rather than UDP. The coding error was exposed by
  migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
  reporting the issue.
  [ISC-Bugs #47757]

- Bind9 now defaults to requiring python to build. The Makefile for
  building Bind9 when bundled with ISC DHCP was modified to turn off
  this dependency.
  [Gitlab #3]

- Corrected a dual-stack mixed-mode issue that occurs when both
  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
  are enabled and that caused the server to incorrectly interpret
  the presence of a guard record belonging to another client as
  a case of no guard record at all.  Thanks to Fernando Soto
  from BlueCat Networks for reporting this issue.
  [Gitlab #1]

- Corrected a compilation issue that occurred when building without DNS
  update ability (e.g. by undefining NSUPDATE).
  [Gitlab #16]

- Corrected an issue that was causing the server, when running in
  DHPCv4 mode, to segfault when class lease limits are reached.
  Thanks to Peter Nagy at Porion-Digital for reporting the matter
  and submitting a patch.
  [Gitlab #13]

- Made minor changes to eliminate warnings when compiled with GCC 9.
  Thanks to Brett Neumeier for bringing the matter to our attention.
  [Gitlab #15]

- Fixed potential memory leaks in parser error message generation
  spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
  [Gitlab #30]

- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
  to Tommy Smith for contributing the patch.
  [Gitlab #26]

- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
  reporting the issue.
  [GitLab #19]

- Applied a patch from OpenBSD to always set the scope id of outbound
  DHPCv6 packets.  Note this change only applies when compiling under
  OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
  attention.
  [Gitlab #33]

- Modified dhclient to not discard config file leases that are
  duplicates of server-provided leases and to retain such leases
  after they have been used as the fallback active lease and
  DHCP service has been restored.  This allows them to be used
  more than once during the lifetime of a dhclient instance.
  This applies to DHCPv4 operation only.
  [Gitlab #9]

- Corrected a number of reference counter and zero-length buffer leaks.
  Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
  pointing them out.
  [Gitlab #57]

- Closed a small window of time between the installation of graceful
  shutdown signal handlers and application context startup, during which
  the receipt of shutdown signal would cause a REQUIRE() assertion to
  occur.  Note this issue is only visible when compiling with
  ENABLE_GENTLE_SHUTDOWN defined.
  [Gitlab #53]

- Corrected a buffer overflow that can occur when retrieving zone
  names that are more than 255 characters in length.
  [Gitlab #20]

- The "d" domain name option format was incorrectly handled as text
  instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
  for reporting this issue.
  [Gitlab #2]

- Improved the error message issued when a host declaration has both
  a uid and a dhcp-client-identifier. Server configuration parsing will
  now fail if a host declaration specifies more than one uid.
  [Gitlab #7]

- Updated developer's documentation on building and running unit tests.
  Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
  source.
  [Gitlab #35]

- Fixed a syntax error in ldap.c which cropped up under Ubuntu
  18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
  [Gitlab #51]

- Added clarification to dhcp-options.5 section on ip-address values
  describing the first-use DNS resolution of options with hostnames as
  values (e.g. next-server).
  [Gitlab #28]

- The option format for the server option omapi-key was changed to a
  format type 'k' (key name); while server options ldap-port and
  ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
  three options were inadvertantly broken when the 'd' format content
  was changed to comply with RFC 1035 wire format (see Gitlab #2).
  [Gitlab #68]

                            Version 4.4.2
                            22 January 2020
                             Release Notes

                              NEW FEATURES

Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.

While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:

- Keama - Keama is a migration utility that assists in converting ISC DHCP
  server configuration files to Kea configuration files.  It is found in the
  keama subdirectory and includes a README.md file with instructions on how
  to build it as well as a manpage on its usage.

- Two new server parameters related to ping checking were added:

1. ping-cltt-secs which allows the user to specify the number of seconds
   that must elapse since CLTT before a ping check is conducted.

2. ping-timeout-ms which allows the user to specify the amount of time the
   server waits for a ping-check response in milliseconds rather than in
   seconds.

In general, the areas of focus for ISC DHCP 4.4 were:

1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries

Dynamic DNS Improvements:

- We added three new server configuration parameters which influence DDNS
  conflict resolution:

    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
    to mitigate issues with non-compliant clients in dual stack environments.

    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
    requirement of DNS conflict resolution.

    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
    allow unguarded DNS entries to be overwritten in certain cases

- The server now honors update-static-leases parameter for static DHCPv6
  hosts.

dhclient Improvements:

  - We've added three command line parameters to dhclient:

    1. --prefix-len-hint - directs dhclient to use the given length as
    the prefix length hint when requesting prefixes

    2. --decline-wait-time - instructs the client to wait the given number
    of seconds after declining an IPv4 address before issuing a discover

    3. --address-prefix-len - specifies the prefix length passed by dhclient
    into the client script (via the environment variable ip6_prefixlen) with
    each IPv6 address.  We added this parameter because we have changed the
    default value from 64 to 128 in order to be compliant with RFC3315bis
    draft (-09, page 64) and RFC5942, Section 4, point 1.
    **WARNING**: The new default value of 128 may not be backwardly compatible
    with your environment. If you are operating without a router, such as
    between VMs on a host, you may find they cannot see each other with prefix
    length of 128. In such cases, you'll need to either provide routing or use
    the command line parameter to set the value to 64. Alternatively you may
    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
    in includes/site.h.

  - dhclient will now generate a DHCPv6 DECLINE message when the client script
    indicates a DAD failure

Dynamic shared library support:

  Configure script, configure.ac+lt, which supports libtool is now provided
  with the source tar ball.  This script can be used to configure ISC DHCP
  to build with libtool and thus use dynamic shared libraries.

Other Highlights:

 - The server now supports dhcp-cache-threshold for DHCPv6 operations
 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
 - Experimental support for alternate relay port in the both the server
   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)

For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.

ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.

The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.

ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).

		Changes since 4.4.2b1 (Bug Fixes)

- Added a clarification on DHCPINFORMs and server authority to
  dhcpd.conf.5
  [Gitlab #37]

- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
  is defined.
  [Gitlab #72]

- Added the interface name to socket initialization failure log messages.
  Prior to this the log messages stated only the error reason without
  stating the target interface.
  [Gitlab #75]

- Corrected buffer pointer logic in dhcrelay functions that manipulate
  agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
  & Mitigations for reporting the issue.
  [#71]

- Corrected unresolved symbol errors building relay_unittests when
  configured to build using libtool.
  [#80]

		Changes since 4.4.1 (New Features)

- A new configuration parameter, ping-cltt-secs (v4 operation only), has
  been added to allow the user to specify the number of seconds that must
  elapse since CLTT before a ping check is conducted.  Prior to this, the
  value was hard coded at 60 seconds.  Please see the server man pages for
  a more detailed discussion.
  [ISC-Bugs #36283]

- A new configuration parameter, ping-timeout-ms (v4 operation only),
  has been added that allows the user to specify the amount of time
  the server waits for a ping-check response in milliseconds rather
  than in seconds (via ping-timeout). When greater than zero, the value
  of ping-timeout-ms will override the value of ping-timeout.  Thanks
  to Jay Doran from Bluecat Networks for suggesting this feature.
  [Gitlab #10]

- An experimental tool called, Keama (KEA Migration Assistant), which helps
  translate ISC DHCP configurations to Kea configurations, is now included
  in the distribution.
  [Gitlab #34]

		Changes since 4.4.1 (Bug Fixes)

- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
  carried out over TCP rather than UDP. The coding error was exposed by
  migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
  reporting the issue.
  [ISC-Bugs #47757]

- Bind9 now defaults to requiring python to build. The Makefile for
  building Bind9 when bundled with ISC DHCP was modified to turn off
  this dependency.
  [Gitlab #3]

- Corrected a dual-stack mixed-mode issue that occurs when both
  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
  are enabled and that caused the server to incorrectly interpret
  the presence of a guard record belonging to another client as
  a case of no guard record at all.  Thanks to Fernando Soto
  from BlueCat Networks for reporting this issue.
  [Gitlab #1]

- Corrected a compilation issue that occurred when building without DNS
  update ability (e.g. by undefining NSUPDATE).
  [Gitlab #16]

- Corrected an issue that was causing the server, when running in
  DHPCv4 mode, to segfault when class lease limits are reached.
  Thanks to Peter Nagy at Porion-Digital for reporting the matter
  and submitting a patch.
  [Gitlab #13]

- Made minor changes to eliminate warnings when compiled with GCC 9.
  Thanks to Brett Neumeier for bringing the matter to our attention.
  [Gitlab #15]

- Fixed potential memory leaks in parser error message generation
  spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
  [Gitlab #30]

- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
  to Tommy Smith for contributing the patch.
  [Gitlab #26]

- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
  reporting the issue.
  [GitLab #19]

- Applied a patch from OpenBSD to always set the scope id of outbound
  DHPCv6 packets.  Note this change only applies when compiling under
  OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
  attention.
  [Gitlab #33]

- Modified dhclient to not discard config file leases that are
  duplicates of server-provided leases and to retain such leases
  after they have been used as the fallback active lease and
  DHCP service has been restored.  This allows them to be used
  more than once during the lifetime of a dhclient instance.
  This applies to DHCPv4 operation only.
  [Gitlab #9]

- Corrected a number of reference counter and zero-length buffer leaks.
  Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
  pointing them out.
  [Gitlab #57]

- Closed a small window of time between the installation of graceful
  shutdown signal handlers and application context startup, during which
  the receipt of shutdown signal would cause a REQUIRE() assertion to
  occur.  Note this issue is only visible when compiling with
  ENABLE_GENTLE_SHUTDOWN defined.
  [Gitlab #53]

- Corrected a buffer overflow that can occur when retrieving zone
  names that are more than 255 characters in length.
  [Gitlab #20]

- The "d" domain name option format was incorrectly handled as text
  instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
  for reporting this issue.
  [Gitlab #2]

- Improved the error message issued when a host declaration has both
  a uid and a dhcp-client-identifier. Server configuration parsing will
  now fail if a host declaration specifies more than one uid.
  [Gitlab #7]

- Updated developer's documentation on building and running unit tests.
  Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
  source.
  [Gitlab #35]

- Fixed a syntax error in ldap.c which cropped up under Ubuntu
  18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
  [Gitlab #51]

- Added clarification to dhcp-options.5 section on ip-address values
  describing the first-use DNS resolution of options with hostnames as
  values (e.g. next-server).
  [Gitlab #28]

- The option format for the server option omapi-key was changed to a
  format type 'k' (key name); while server options ldap-port and
  ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
  three options were inadvertantly broken when the 'd' format content
  was changed to comply with RFC 1035 wire format (see Gitlab #2).
  [Gitlab #68]

                            Version 4.4.2
                            22 January 2020
                             Release Notes

                              NEW FEATURES

Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.

While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:

- Keama - Keama is a migration utility that assists in converting ISC DHCP
  server configuration files to Kea configuration files.  It is found in the
  keama subdirectory and includes a README.md file with instructions on how
  to build it as well as a manpage on its usage.

- Two new server parameters related to ping checking were added:

1. ping-cltt-secs which allows the user to specify the number of seconds
   that must elapse since CLTT before a ping check is conducted.

2. ping-timeout-ms which allows the user to specify the amount of time the
   server waits for a ping-check response in milliseconds rather than in
   seconds.

In general, the areas of focus for ISC DHCP 4.4 were:

1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries

Dynamic DNS Improvements:

- We added three new server configuration parameters which influence DDNS
  conflict resolution:

    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
    to mitigate issues with non-compliant clients in dual stack environments.

    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
    requirement of DNS conflict resolution.

    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
    allow unguarded DNS entries to be overwritten in certain cases

- The server now honors update-static-leases parameter for static DHCPv6
  hosts.

dhclient Improvements:

  - We've added three command line parameters to dhclient:

    1. --prefix-len-hint - directs dhclient to use the given length as
    the prefix length hint when requesting prefixes

    2. --decline-wait-time - instructs the client to wait the given number
    of seconds after declining an IPv4 address before issuing a discover

    3. --address-prefix-len - specifies the prefix length passed by dhclient
    into the client script (via the environment variable ip6_prefixlen) with
    each IPv6 address.  We added this parameter because we have changed the
    default value from 64 to 128 in order to be compliant with RFC3315bis
    draft (-09, page 64) and RFC5942, Section 4, point 1.
    **WARNING**: The new default value of 128 may not be backwardly compatible
    with your environment. If you are operating without a router, such as
    between VMs on a host, you may find they cannot see each other with prefix
    length of 128. In such cases, you'll need to either provide routing or use
    the command line parameter to set the value to 64. Alternatively you may
    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
    in includes/site.h.

  - dhclient will now generate a DHCPv6 DECLINE message when the client script
    indicates a DAD failure

Dynamic shared library support:

  Configure script, configure.ac+lt, which supports libtool is now provided
  with the source tar ball.  This script can be used to configure ISC DHCP
  to build with libtool and thus use dynamic shared libraries.

Other Highlights:

 - The server now supports dhcp-cache-threshold for DHCPv6 operations
 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
 - Experimental support for alternate relay port in the both the server
   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)

For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.

ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.

The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.

ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).

		Changes since 4.4.2b1 (Bug Fixes)

- Added a clarification on DHCPINFORMs and server authority to
  dhcpd.conf.5
  [Gitlab #37]

- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
  is defined.
  [Gitlab #72]

- Added the interface name to socket initialization failure log messages.
  Prior to this the log messages stated only the error reason without
  stating the target interface.
  [Gitlab #75]

- Corrected buffer pointer logic in dhcrelay functions that manipulate
  agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
  & Mitigations for reporting the issue.
  [#71]

- Corrected unresolved symbol errors building relay_unittests when
  configured to build using libtool.
  [#80]

		Changes since 4.4.1 (New Features)

- A new configuration parameter, ping-cltt-secs (v4 operation only), has
  been added to allow the user to specify the number of seconds that must
  elapse since CLTT before a ping check is conducted.  Prior to this, the
  value was hard coded at 60 seconds.  Please see the server man pages for
  a more detailed discussion.
  [ISC-Bugs #36283]

- A new configuration parameter, ping-timeout-ms (v4 operation only),
  has been added that allows the user to specify the amount of time
  the server waits for a ping-check response in milliseconds rather
  than in seconds (via ping-timeout). When greater than zero, the value
  of ping-timeout-ms will override the value of ping-timeout.  Thanks
  to Jay Doran from Bluecat Networks for suggesting this feature.
  [Gitlab #10]

- An experimental tool called, Keama (KEA Migration Assistant), which helps
  translate ISC DHCP configurations to Kea configurations, is now included
  in the distribution.
  [Gitlab #34]

		Changes since 4.4.1 (Bug Fixes)

- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
  carried out over TCP rather than UDP. The coding error was exposed by
  migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
  reporting the issue.
  [ISC-Bugs #47757]

- Bind9 now defaults to requiring python to build. The Makefile for
  building Bind9 when bundled with ISC DHCP was modified to turn off
  this dependency.
  [Gitlab #3]

- Corrected a dual-stack mixed-mode issue that occurs when both
  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
  are enabled and that caused the server to incorrectly interpret
  the presence of a guard record belonging to another client as
  a case of no guard record at all.  Thanks to Fernando Soto
  from BlueCat Networks for reporting this issue.
  [Gitlab #1]

- Corrected a compilation issue that occurred when building without DNS
  update ability (e.g. by undefining NSUPDATE).
  [Gitlab #16]

- Corrected an issue that was causing the server, when running in
  DHPCv4 mode, to segfault when class lease limits are reached.
  Thanks to Peter Nagy at Porion-Digital for reporting the matter
  and submitting a patch.
  [Gitlab #13]

- Made minor changes to eliminate warnings when compiled with GCC 9.
  Thanks to Brett Neumeier for bringing the matter to our attention.
  [Gitlab #15]

- Fixed potential memory leaks in parser error message generation
  spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
  [Gitlab #30]

- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
  to Tommy Smith for contributing the patch.
  [Gitlab #26]

- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
  reporting the issue.
  [GitLab #19]

- Applied a patch from OpenBSD to always set the scope id of outbound
  DHPCv6 packets.  Note this change only applies when compiling under
  OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
  attention.
  [Gitlab #33]

- Modified dhclient to not discard config file leases that are
  duplicates of server-provided leases and to retain such leases
  after they have been used as the fallback active lease and
  DHCP service has been restored.  This allows them to be used
  more than once during the lifetime of a dhclient instance.
  This applies to DHCPv4 operation only.
  [Gitlab #9]

- Corrected a number of reference counter and zero-length buffer leaks.
  Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
  pointing them out.
  [Gitlab #57]

- Closed a small window of time between the installation of graceful
  shutdown signal handlers and application context startup, during which
  the receipt of shutdown signal would cause a REQUIRE() assertion to
  occur.  Note this issue is only visible when compiling with
  ENABLE_GENTLE_SHUTDOWN defined.
  [Gitlab #53]

- Corrected a buffer overflow that can occur when retrieving zone
  names that are more than 255 characters in length.
  [Gitlab #20]

- The "d" domain name option format was incorrectly handled as text
  instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
  for reporting this issue.
  [Gitlab #2]

- Improved the error message issued when a host declaration has both
  a uid and a dhcp-client-identifier. Server configuration parsing will
  now fail if a host declaration specifies more than one uid.
  [Gitlab #7]

- Updated developer's documentation on building and running unit tests.
  Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
  source.
  [Gitlab #35]

- Fixed a syntax error in ldap.c which cropped up under Ubuntu
  18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
  [Gitlab #51]

- Added clarification to dhcp-options.5 section on ip-address values
  describing the first-use DNS resolution of options with hostnames as
  values (e.g. next-server).
  [Gitlab #28]

- The option format for the server option omapi-key was changed to a
  format type 'k' (key name); while server options ldap-port and
  ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
  three options were inadvertantly broken when the 'd' format content
  was changed to comply with RFC 1035 wire format (see Gitlab #2).
  [Gitlab #68]

	external/bsd/cron/dist/do_command.c: revision 1.14

PR/54433: Hisashi Todd Fujinaka: Empty $MAILTO causes cron to crash

	external/bsd/cron/dist/do_command.c: revision 1.14

PR/54433: Hisashi Todd Fujinaka: Empty $MAILTO causes cron to crash

Here is mininum reproduction operation.
====================
# ifconfig ixg0 172.16.0.1/29
# route monitor &
# ifconfig pppoe0 172.16.0.1/32 0.0.0.1
====================

The broken RTM_DELADDR is the following.
====================
got message of size 72 on Thu Nov 17 12:50:42 2022
#13: len 72, got message of size 80 on Thu Nov 17 12:50:42 2022
RTM_DELADDR: address being removed from iface: len 80, pid 3552, metric 0, addrflags: 0
sockaddrs: 0xb4<NETMASK,IFP,IFA,BRD>
 Q00.00.ff.ff.ff.ff.00.00.00.00.00.00.00.00 pppoe0 default default
====================

This problem is related to the following two commit.

(1) b021021
    that is, sys/netinet/in.c:r1.183

(2) 61bad33
    that is, sys/netinet/in.c:r1.185

(1) adds in_scrubaddr() for old addresses to in_ifinit() without checking
IFA_ROUTE.
And then, (2) removes in_ifscrub() for POINTTOPOINT interface in in_control0.
The removed in_ifscrub() is called with checking IFA_ROUTE.
It seems these modifications about checking IFA_ROUTE logic causes this
problem, however the real reason is calling in_ifscrub() for the interface
which does not have IPv4 address.  So, scrubbing old address processing
should be done only if the interface already has IPv4 address.

	sys/uvm/uvm_swap.c: revision 1.207

swap: disallow user opens of swap block device

the swap/drum block device was never intended to allow user opens,
but when the internal VOP_OPEN() in uvm_swap_init() was added
back in rev 1.135, the d_open method was changed from always-fail
to always-succeed in order to allow the new initial internal open.
this had the side effect of incorrectly allowing user opens too.
fix this by replacing the swap_bdevsw d_open with one that succeeds
for the first call but fails for all subsequent calls.

	sys/uvm/uvm_swap.c: revision 1.207

swap: disallow user opens of swap block device

the swap/drum block device was never intended to allow user opens,
but when the internal VOP_OPEN() in uvm_swap_init() was added
back in rev 1.135, the d_open method was changed from always-fail
to always-succeed in order to allow the new initial internal open.
this had the side effect of incorrectly allowing user opens too.
fix this by replacing the swap_bdevsw d_open with one that succeeds
for the first call but fails for all subsequent calls.

	sys/uvm/uvm_swap.c: revision 1.207

swap: disallow user opens of swap block device

the swap/drum block device was never intended to allow user opens,
but when the internal VOP_OPEN() in uvm_swap_init() was added
back in rev 1.135, the d_open method was changed from always-fail
to always-succeed in order to allow the new initial internal open.
this had the side effect of incorrectly allowing user opens too.
fix this by replacing the swap_bdevsw d_open with one that succeeds
for the first call but fails for all subsequent calls.

	sys/arch/x86/conf/MICROVM.common: revision 1.4

PR 59568: Disable viogpu in MICROVM kernel configuration as it is not
supported for now.