On Tue, Feb 22, 2022 at 10:58 AM Santiago R.R. <santiag...@riseup.net> wrote: > > El 22/02/22 a las 10:09, Martin-Éric Racine escribió: > > On Tue, Feb 22, 2022 at 5:31 AM Martin-Éric Racine > > <martin-eric.rac...@iki.fi> wrote: > ... > > > > > > Please note that there are now 2 upstream repos, if you wanna cherry > > > pick CVE fixes: > > > > > > https://github.com/isc-projects/dhcp > > > https://gitlab.isc.org/isc-projects/dhcp > > > > > > GitHub seems to be abandoned, while GitLab regularly sees commits and > > > is where I found the 4.4.3 beta. > > > > > > Tarballs are still here: > > > > > > https://downloads.isc.org/isc/dhcp/ > > > > To top it all, upstream has decided to retire this codebase by the end > > of this year: > > > > https://www.isc.org/blogs/dhcp-client-relay-eom/ > > > > This will have 2 impacts for Debian: > > > > 1) Whatever outstanding bugs Debian has will have to be solved and > > applicable patches pushed upstream ASAP or closed as won't fix. > > > > 2) Debian will have to either agree with other distros on a common > > fork to maintain or find a new DHCP client to replace the ISC client. > > > > Indeed. And a minor degree, the DHCP relay. > > Thanks for pointing this out! This impact especially concerns ifupdown, > for which an alternative Recommended dhcp client has to be found.
See also: Bug#1006263: ifupdown: outdated DHCP client support Bug#1006264:RFH: dhcpcd5 -- DHCPv4, IPv6RA and DHCPv6 client with IPv4LL support Martin-Éric