diff options
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 873 |
1 files changed, 873 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..fb15e3d --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,873 @@ +version 2.57 + Add patches to allow build under Android. + + Provide our own header for the DNS protocol, rather than + relying on arpa/nameser.h. This has proved more or less + defective over the years and the final straw is that it's + effectively empty on Android. + + Fix regression in 2.56 which caused hex constants in + configuration to be rejected if they contain the '*' + wildcard. + + Correct wrong casts of arguments to ctype.h functions, + isdigit(), isxdigit() etc. Thanks to Matthias Andree for + spotting this. + + Allow build with IDN support independently from i18n. + IDN support continues to be included automatically + when i18n is included. + 'make COPTS=-DHAVE_IDN' is the magic incantation. + + Modify check on extraneous command line junk (added in + 2.56) so that it doesn't complain about extra _empty_ + arguments. Otherwise this breaks libvirt. + + +version 2.56 + Add a patch to allow dnsmasq to get interface names right in a + Solaris zone. Thanks to Dj Padzensky for this. + + Improve data-type parsing heuristics so that + --dhcp-option=option:domain-search,. + treats the value as a string and not an IP address. + Thanks to Clemens Fischer for spotting that. + + Add IPv6 support to the TFTP server. Many thanks to Jan + 'RedBully' Seiffert for the patches. + + Log DNS queries at level LOG_INFO, rather then + LOG_DEBUG. This makes things consistent with DHCP + logging. Thanks to Adam Pribyl for spotting the problem. + + Ensure that dnsmasq terminates cleanly when using + --syslog-async even if it cannot make a connection to the + syslogd. + + Add --add-mac option. This is to support currently + experimental DNS filtering facilities. Thanks to Benjamin + Petrin for the orignal patch. + + Fix bug which meant that tags were ignored in dhcp-range + configuration specifying PXE-proxy service. Thanks to + Cristiano Cumer for spotting this. + + Raise an error if there is extra junk, not part of an + option, on the command line. + + Flag a couple of log messages in cache.c as coming from + the DHCP subsystem. Thanks to Olaf Westrik for the patch. + + Omit timestamps from logs when a) logging to stderr and + b) --keep-in-forground is set. The logging facility on the + other end of stderr can be assumned to supply them. Thanks + to John Hallam for the patch. + + Don't complain about strings longer than 255 characters in + --txt-record, just split the long strings into 255 + character chunks instead. + + Fix crash on double-free. This bug can only happen when + dhcp-script is in use and then only in rare circumstances + triggered by high DHCP transaction rate and a slow + script. Thanks to Ferenc Wagner for finding the problem. + + Only log that a file has been sent by TFTP after the + transfer has completed succesfully. + + A good suggestion from Ferenc Wagner: extend + the --domain option to allow this sort of thing: + --domain=thekelleys.org.uk,192.168.0.0/24,local + which automatically creates + --local=/thekelleys.org.uk/ + --local=/0.168.192.in-addr.arpa/ + + Tighten up syntax checking of hex contants in the config + file. Thanks to Fred Damen for spotting this. + + Add dnsmasq logo/icon, contributed by Justin Swift. Many + thanks for that. + + Never cache DNS replies which have the 'cd' bit set, or + which result from queries forwarded with the 'cd' bit + set. The 'cd' bit instructs a DNSSEC validating server + upstream to ignore signature failures and return replies + anyway. Without this change it's possible to pollute the + dnsmasq cache with bad data by making a query with the + 'cd' bit set and subsequent queries would return this data + without its being marked as suspect. Thanks to Anders + Kaseorg for pointing out this problem. + + Add --proxy-dnssec flag, for compliance with RFC + 4035. Dnsmasq will now clear the 'ad' bit in answers returned + from upstream validating nameservers unless this option is + set. + + Allow a filename of "-" for --conf-file to read + stdin. Suggestion from Timothy Redaelli. + + Rotate the order of SRV records in replies, to provide + round-robin load balancing when all the priorities are + equal. Thanks to Peter McKinney for the suggestion. + + Edit + contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist + so that it doesn't log all queries to a file by + default. Thanks again to Peter McKinney. + + By default, setting an IPv4 address for a domain but not + an IPv6 address causes dnsmasq to return + an NODATA reply for IPv6 (or vice-versa). So + --address=/google.com/1.2.3.4 stops IPv6 queries for + *google.com from being forwarded. Make it possible to + override this behaviour by defining the sematics if the + same domain appears in both --server and --address. + In that case, the --address has priority for the address + family in which is appears, but the --server has priority + of the address family which doesn't appear in --adddress + So: + --address=/google.com/1.2.3.4 + --server=/google.com/# + will return 1.2.3.4 for IPv4 queries for *.google.com but + forward IPv6 queries to the normal upstream nameserver. + Similarly when setting an IPv6 address + only this will allow forwarding of IPv4 queries. Thanks to + William for pointing out the need for this. + + Allow more than one --dhcp-optsfile and --dhcp-hostsfile + and make them understand directories as arguments in the + same way as --addn-hosts. Suggestion from John Hanks. + + Ignore rebinding requests for leases we don't know + about. Rebind is broadcast, so we might get to overhear a + request meant for another DHCP server. NAKing this is + wrong. Thanks to Brad D'Hondt for assistance with this. + + Fix cosmetic bug which produced strange output when + dumping cache statistics with some configurations. Thanks + to Fedor Kozhevnikov for spotting this. + + +version 2.55 + Fix crash when /etc/ethers is in use. Thanks to + Gianluigi Tiesi for finding this. + + Fix crash in netlink_multicast(). Thanks to Arno Wald for + finding this one. + + Allow the empty domain "." in dhcp domain-search (119) + options. + + +version 2.54 + There is no version 2.54 to avoid confusion with 2.53, + which incorrectly identifies itself as 2.54. + + +version 2.53 + Fix failure to compile on Debian/kFreeBSD. Thanks to + Axel Beckert and Petr Salinger. + + Fix code to avoid scary strict-aliasing warnings + generated by gcc 4.4. + + Added FAQ entry warning about DHCP failures with Vista + when firewalls block 255.255.255.255. + + Fixed bug which caused bad things to happen if a + resolv.conf file which exists is subsequently removed. + Thanks to Nikolai Saoukh for the patch. + + Rationalised the DHCP tag system. Every configuration item + which can set a tag does so by adding "set:<tag>" and + every configuration item which is conditional on a tag is + made so by "tag:<tag>". The NOT operator changes to '!', + which is a bit more intuitive too. Dhcp-host directives + can set more than one tag now. The old '#' NOT, + "net:" prefix and no-prefixes are still honoured, so + no existing config file needs to be changed, but + the documentation and new-style config files should be + much less confusing. + + Added --tag-if to allow boolean operations on tags. + This allows complicated logic to be clearer and more + general. A great suggestion from Richard Voigt. + + Add broadcast/unicast information to DHCP logging. + + Allow --dhcp-broadcast to be unconditional. + + Fixed incorrect behaviour with NOT <tag> conditionals in + dhcp-options. Thanks to Max Turkewitz for assistance + finding this. + + If we send vendor-class encapsulated options based on the + vendor-class supplied by the client, and no explicit + vendor-class option is given, echo back the vendor-class + from the client. + + Fix bug which stopped dnsmasq from matching both a + circuitid and a remoteid. Thanks to Ignacio Bravo for + finding this. + + Add --dhcp-proxy, which makes it possible to configure + dnsmasq to use a DHCP relay agent as a full proxy, with + all DHCP messages passing through the proxy. This is + useful if the relay adds extra information to the packets + it forwards, but cannot be configured with the RFC 5107 + server-override option. + + Added interface:<iface name> part to dhcp-range. The + semantics of this are very odd at first sight, but it + allows a single line of the form + dhcp-range=interface:virt0,192.168.0.4,192.168.0.200 + to be added to dnsmasq configuration which then supplies + DHCP and DNS services to that interface, without affecting + what services are supplied to other interfaces and + irrespective of the existance or lack of + interface=<interface> + lines elsewhere in the dnsmasq configuration. The idea is + that such a line can be added automatically by libvirt + or equivalent systems, without disturbing any manual + configuration. + + Similarly to the above, allow --enable-tftp=<interface> + + Allow a TFTP root to be set separately for requests via + different interfaces, --tftp-root=<path>,<interface> + + Correctly handle and log clashes between CNAMES and + DNS names being given to DHCP leases. This fixes a bug + which caused nonsense IP addresses to be logged. Thanks to + Sergei Zhirikov for finding and analysing the problem. + + Tweak flush_log so as to avoid leaving the log + file in non-blocking mode. O_NONBLOCK is a property of the + file, not the process/descriptor. + + Fix contrib/Solaris10/create_package + (/usr/man -> /usr/share/man) Thanks to Vita Batrla. + + Fix a problem where, if a client got a lease, then went + to another subnet and got another lease, then moved back, + it couldn't resume the old lease, but would instead get + a new address. Thanks to Leonardo Rodrigues for spotting + this and testing the fix. + + Fix weird bug which sometimes omitted certain characters + from the start of quoted strings in dhcp-options. Thanks + to Dayton Turner for spotting the problem. + + Add facility to redirect some domains to the standard + upstream servers: this allows something like + --server=/google.com/1.2.3.4 --server=/www.google.com/# + which will send queries for *.google.com to 1.2.3.4, + except *www.google.com which will be forwarded as usual. + Thanks to AJ Weber for prompting this addition. + + Improve the hash-algorithm used to generate IP addresses + from MAC addresses during initial DHCP address + allocation. This improves performance when large numbers + of hosts with similar MAC addresses all try and get an IP + address at the same time. Thanks to Paul Smith for his + work on this. + + Tweak DHCP code so that --bridge-interface can be used to + select which IP alias of an interface should be used for + DHCP purposes on Linux. If eth0 has an alias eth0:dhcp + then adding --bridge-interface=eth0:dhcp,eth0 will use + the address of eth0:dhcp to determine the correct subnet + for DHCP address allocation. Thanks to Pawel Golaszewski + for prompting this and Eric Cooper for further testing. + + Add --dhcp-generate-names. Suggestion by Ferenc Wagner. + + Tweak DNS server selection algorithm when there is more + than one server available for a domain, eg. + --server=/mydomain/1.1.1.1 + --server=/mydomain/2.2.2.2 + Thanks to Alberto Cuesta-Canada for spotting a weakness + here. + + Add --max-ttl. Thanks to Fredrik Ringertz for the patch. + + Allow --log-facility=- to force all logging to + stderr. Suggestion from Clemens Fischer. + + Fix regression which caused configuration like + --address=/.domain.com/1.2.3.4 to be rejected. The dot to the + left of the domain has been implied and not required for a + long time, but it should be accepted for backward + compatibility. Thanks to Andrew Burcin for spotting this. + + Add --rebind-domain-ok and --rebind-localhost-ok. + Suggestion from Clemens Fischer. + + Log replies to queries of type TXT, when --log-queries + is set. + + Fix compiler warnings when compiled with -DNO_DHCP. Thanks + to Shantanu Gadgil for the patch. + + Updated French translation. Thanks to Gildas Le Nadan. + + Updated Polish translation. Thanks to Jan Psota. + + Updated German translation. Thanks to Matthias Andree. + + Added contrib/static-arp, thanks to Darren Hoo. + + Fix corruption of the domain when a name from /etc/hosts + overrides one supplied by a DHCP client. Thanks to Fedor + Kozhevnikov for spotting the problem. + + Updated Spanish translation. Thanks to Chris Chatham. + + +version 2.52 + Work around a Linux kernel bug which insists that the + length of the option passed to setsockopt must be at least + sizeof(int) bytes, even if we're calling SO_BINDTODEVICE + and the device name is "lo". Note that this is fixed + in kernel 2.6.31, but the workaround is harmless and + allows earlier kernels to be used. Also fix dnsmasq + bug which reported the wrong address when this failed. + Thanks to Fedor for finding this. + + The API for IPv6 PKTINFO changed around Linux kernel + 2.6.14. Workaround the case where dnsmasq is compiled + against newer headers, but then run on an old kernel: + necessary for some *WRT distros. + + Re-read the set of network interfaces when re-loading + /etc/resolv.conf if --bind-interfaces is not set. This + handles the case that loopback interfaces do not exist + when dnsmasq is first started. + + Tweak the PXE code to support port 4011. This should + reduce broadcasts and make things more reliable when other + servers are around. It also improves inter-operability + with certain clients. + + Make a pxe-service configuration with no filename or boot + service type legal: this does a local boot. eg. + pxe-service=x86PC, "Local boot" + + Be more conservative in detecting "A for A" + queries. Dnsmasq checks if the name in a type=A query looks + like a dotted-quad IP address and answers the query itself + if so, rather than forwarding it. Previously dnsmasq + relied in the library function inet_addr() to convert + addresses, and that will accept some things which are + confusing in this context, like 1.2.3 or even just + 1234. Now we only do A for A processing for four decimal + numbers delimited by dots. + + A couple of tweaks to fix compilation on Solaris. Thanks + to Joel Macklow for help with this. + + Another Solaris compilation tweak, needed for Solaris + 2009.06. Thanks to Lee Essen for that. + + Added extract packaging stuff from Lee Essen to + contrib/Solaris10. + + Increased the default limit on number of leases to 1000 + (from 150). This is mainly a defence against DoS attacks, + and for the average "one for two class C networks" + installation, IP address exhaustion does that just as + well. Making the limit greater than the number of IP + addresses available in such an installation removes a + surprise which otherwise can catch people out. + + Removed extraneous trailing space in the value of the + DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and + DNSMASQ_LEASE_EXPIRES environment variables. Thanks to + Gildas Le Nadan for spotting this. + + Provide the network-id tags for a DHCP transaction to + the lease-change script in the environment variable + DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan. + + Add support for RFC3925 "Vendor-Identifying Vendor + Options". The syntax looks like this: + --dhcp-option=vi-encap:<enterprise number>, ......... + + Add support to --dhcp-match to allow matching against + RFC3925 "Vendor-Identifying Vendor Classes". The syntax + looks like this: + --dhcp-match=tag,vi-encap<enterprise number>, <value> + + Add some application specific code to assist in + implementing the Broadband forum TR069 CPE-WAN + specification. The details are in contrib/CPE-WAN/README + + Increase the default DNS packet size limit to 4096, as + recommended by RFC5625 section 4.4.3. This can be + reconfigured using --edns-packet-max if needed. Thanks to + Francis Dupont for pointing this out. + + Rewrite query-ids even for TSIG signed packets, since + this is allowed by RFC5625 section 4.5. + + Use getopt_long by default on OS X. It has been supported + since version 10.3.0. Thanks to Arek Dreyer for spotting + this. + + Added up-to-date startup configuration for MacOSX/launchd + in contrib/MacOSX-launchd. Thanks to Arek Dreyer for + providing this. + + Fix link error when including Dbus but excluding DHCP. + Thanks to Oschtan for the bug report. + + Updated French translation. Thanks to Gildas Le Nadan. + + Updated Polish translation. Thanks to Jan Psota. + + Updated Spanish translation. Thanks to Chris Chatham. + + Fixed confusion about domains, when looking up DHCP hosts + in /etc/hosts. This could cause spurious "Ignoring + domain..." messages. Thanks to Fedor Kozhevnikov for + finding and analysing the problem. + + +version 2.51 + Add support for internationalised DNS. Non-ASCII characters + in domain names found in /etc/hosts, /etc/ethers and + /etc/dnsmasq.conf will be correctly handled by translation to + punycode, as specified in RFC3490. This function is only + available if dnsmasq is compiled with internationalisation + support, and adds a dependency on GNU libidn. Without i18n + support, dnsmasq continues to be compilable with just + standard tools. Thanks to Yves Dorfsman for the + suggestion. + + Add two more environment variables for lease-change scripts: + First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname + supplied by a client, even if the actual hostname used is + over-ridden by dhcp-host or dhcp-ignore-names directives. + Also DNSMASQ_RELAY_ADDRESS which gives the address of + a DHCP relay, if used. + Suggestions from Michael Rack. + + Fix regression which broke echo of relay-agent + options. Thanks to Michael Rack for spotting this. + + Don't treat option 67 as being interchangeable with + dhcp-boot parameters if it's specified as + dhcp-option-force. + + Make the code to call scripts on lease-change compile-time + optional. It can be switched off by editing src/config.h + or building with "make COPTS=-DNO_SCRIPT". + + Make the TFTP server cope with filenames from Windows/DOS + which use '\' as pathname separator. Thanks to Ralf for + the patch. + + Updated Polish translation. Thanks to Jan Psota. + + Warn if an IP address is duplicated in /etc/ethers. Thanks + to Felix Schwarz for pointing this out. + + Teach --conf-dir to take an option list of file suffices + which will be ignored when scanning the directory. Useful + for backup files etc. Thanks to Helmut Hullen for the + suggestion. + + Add new DHCP option named tftpserver-address, which + corresponds to the third argument of dhcp-boot. This + allows the complete functionality of dhcp-boot to be + replicated with dhcp-option. Useful when using + dhcp-optsfile. + + Test which upstream nameserver to use every 10 seconds + or 50 queries and not just when a query times out and + is retried. This should improve performance when there + is a slow nameserver in the list. Thanks to Joe for the + suggestion. + + Don't do any PXE processing, even for clients with the + correct vendorclass, unless at least one pxe-prompt or + pxe-service option is given. This stops dnsmasq + interfering with proxy PXE subsystems when it is just + the DHCP server. Thanks to Spencer Clark for spotting this. + + Limit the blocksize used for TFTP transfers to a value + which avoids packet fragmentation, based on the MTU of the + local interface. Many netboot ROMs can't cope with + fragmented packets. + + Honour dhcp-ignore configuration for PXE and proxy-PXE + requests. Thanks to Niels Basjes for the bug report. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.50 + Fix security problem which allowed any host permitted to + do TFTP to possibly compromise dnsmasq by remote buffer + overflow when TFTP enabled. Thanks to Core Security + Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro + Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and + Pablo Annetta. This problem has Bugtraq id: 36121 + and CVE: 2009-2957 + + Fix a problem which allowed a malicious TFTP client to + crash dnsmasq. Thanks to Steve Grubb at Red Hat for + spotting this. This problem has Bugtraq id: 36120 and + CVE: 2009-2958 + + +version 2.49 + Fix regression in 2.48 which disables the lease-change + script. Thanks to Jose Luis Duran for spotting this. + + Log TFTP "file not found" errors. These were not logged, + since a normal PXELinux boot generates many of them, but + the lack of the messages seems to be more confusing than + routinely seeing them when there is no real error. + + Update Spanish translation. Thanks to Chris Chatham. + + +version 2.48 + Archived the extensive, backwards, changelog to + CHANGELOG.archive. The current changelog now runs from + version 2.43 and runs conventionally. + + Fixed bug which broke binding of servers to physical + interfaces when interface names were longer than four + characters. Thanks to MURASE Katsunori for the patch. + + Fixed netlink code to check that messages come from the + correct source, and not another userspace process. Thanks + to Steve Grubb for the patch. + + Maintainability drive: removed bug and missing feature + workarounds for some old platforms. Solaris 9, OpenBSD + older than 4.1, Glibc older than 2.2, Linux 2.2.x and + DBus older than 1.1.x are no longer supported. + + Don't read included configuration files more than once: + allows complex configuration structures without problems. + + Mark log messages from the various subsystems in dnsmasq: + messages from the DHCP subsystem now have the ident string + "dnsmasq-dhcp" and messages from TFTP have ident + "dnsmasq-tftp". Thanks to Olaf Westrik for the patch. + + Fix possible infinite DHCP protocol loop when an IP + address nailed to a hostname (not a MAC address) and a + host sometimes provides the name, sometimes not. + + Allow --addn-hosts to take a directory: all the files + in the directory are read. Thanks to Phil Cornelius for + the suggestion. + + Support --bridge-interface on all platforms, not just BSD. + + Added support for advanced PXE functions. It's now + possible to define a prompt and menu options which will + be displayed when a client PXE boots. It's also possible to + hand-off booting to other boot servers. Proxy-DHCP, where + dnsmasq just supplies the PXE information and another DHCP + server does address allocation, is also allowed. See the + --pxe-prompt and --pxe-service keywords. Thanks to + Alkis Georgopoulos for the suggestion and Guilherme Moro + and Michael Brown for assistance. + + Improvements to DHCP logging. Thanks to Tom Metro for + useful suggestions. + + Add ability to build dnsmasq without DHCP support. To do + this, edit src/config.h or build with + "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. + + Added --test command-line switch - syntax check + configuration files only. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.47 + Updated French translation. Thanks to Gildas Le Nadan. + + Fixed interface enumeration code to work on NetBSD + 5.0. Thanks to Roy Marples for the patch. + + Updated config.h to use the same location for the lease + file on NetBSD as the other *BSD variants. Also allow + LEASEFILE and CONFFILE symbols to be overriden in CFLAGS. + + Handle duplicate address detection on IPv6 more + intelligently. In IPv6, an interface can have an address + which is not usable, because it is still undergoing DAD + (such addresses are marked "tentative"). Attempting to + bind to an address in this state returns an error, + EADDRNOTAVAIL. Previously, on getting such an error, + dnsmasq would silently abandon the address, and never + listen on it. Now, it retries once per second for 20 + seconds before generating a fatal error. 20 seconds should + be long enough for any DAD process to complete, but can be + adjusted in src/config.h if necessary. Thanks to Martin + Krafft for the bug report. + + Add DBus introspection. Patch from Jeremy Laine. + + Update Dbus configuration file. Patch from Colin Walters. + Fix for this bug: + http://bugs.freedesktop.org/show_bug.cgi?id=18961 + + Support arbitrarily encapsulated DHCP options, suggestion + and initial patch from Samium Gromoff. This is useful for + (eg) gPXE, which expect all its private options to be + encapsulated inside a single option 175. So, eg, + + dhcp-option = encap:175, 190, "iscsi-client0" + dhcp-option = encap:175, 191, "iscsi-client0-secret" + + will provide iSCSI parameters to gPXE. + + Enhance --dhcp-match to allow testing of the contents of a + client-sent option, as well as its presence. This + application in mind for this is RFC 4578 + client-architecture specifiers, but it's generally useful. + Joey Korkames suggested the enhancement. + + Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on + OpenSolaris. Thanks to Bastian Machek for the heads-up. + + No longer complain about blank lines in + /etc/ethers. Thanks to Jon Nelson for the patch. + + Fix binding of servers to physical devices, eg + --server=/domain/1.2.3.4@eth0 which was broken from 2.43 + onwards unless --query-port=0 set. Thanks to Peter Naulls + for the bug report. + + Reply to DHCPINFORM requests even when the supplied ciaddr + doesn't fall in any dhcp-range. In this case it's not + possible to supply a complete configuration, but + individually-configured options (eg PAC) may be useful. + + Allow the source address of an alias to be a range: + --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole + subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255, + as before. + --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 + maps only the 192.168.0.10->192.168.0.40 region. Thanks to + Ib Uhrskov for the suggestion. + + Don't dynamically allocate DHCP addresses which may break + Windows. Addresses which end in .255 or .0 are broken in + Windows even when using supernetting. + --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means + 192.168.0.255 is a valid IP address, but not for Windows. + See Microsoft KB281579. We therefore no longer allocate + these addresses to avoid hard-to-diagnose problems. + + Update Polish translation. Thanks to Jan Psota. + + Delete the PID-file when dnsmasq shuts down. Note that by + this time, dnsmasq is normally not running as root, so + this will fail if the PID-file is stored in a root-owned + directory; such failure is silently ignored. To take + advantage of this feature, the PID-file must be stored in a + directory owned and write-able by the user running + dnsmasq. + + +version 2.46 + Allow --bootp-dynamic to take a netid tag, so that it may + be selectively enabled. Thanks to Olaf Westrik for the + suggestion. + + Remove ISC-leasefile reading code. This has been + deprecated for a long time, and last time I removed it, it + ended up going back by request of one user. This time, + it's gone for good; otherwise it would need to be + re-worked to support multiple domains (see below). + + Support DHCP clients in multiple DNS domains. This is a + long-standing request. Clients are assigned to a domain + based in their IP address. + + Add --dhcp-fqdn flag, which changes behaviour if DNS names + assigned to DHCP clients. When this is set, there must be + a domain associated with each client, and only + fully-qualified domain names are added to the DNS. The + advantage is that the only the FQDN needs to be unique, + so that two or more DHCP clients can share a hostname, as + long as they are in different domains. + + Set environment variable DNSMASQ_DOMAIN when invoking + lease-change script. This may be useful information to + have now that it's variable. + + Tighten up data-checking code for DNS packet + handling. Thanks to Steve Dodd who found certain illegal + packets which could crash dnsmasq. No memory overwrite was + possible, so this is not a security issue beyond the DoS + potential. + + Update example config dhcp option 47, the previous + suggestion generated an illegal, zero-length, + option. Thanks to Matthias Andree for finding this. + + Rewrite hosts-file reading code to remove the limit of + 1024 characters per line. John C Meuser found this. + + Create a net-id tag with the name of the interface on + which the DHCP request was received. + + Fixed minor memory leak in DBus code, thanks to Jeremy + Laine for the patch. + + Emit DBus signals as the DHCP lease database + changes. Thanks to Jeremy Laine for the patch. + + Allow for more that one MAC address in a dhcp-host + line. This configuration tells dnsmasq that it's OK to + abandon a DHCP lease of the fixed address to one MAC + address, if another MAC address in the dhcp-host statement + asks for an address. This is useful to give a fixed + address to a host which has two network interfaces + (say, a laptop with wired and wireless interfaces.) + It's very important to ensure that only one interface + at a time is up, since dnsmasq abandons the first lease + and re-uses the address before the leased time has + elapsed. John Gray suggested this. + + Tweak the response to a DHCP request packet with a wrong + server-id when --dhcp-authoritative is set; dnsmasq now + returns a DHCPNAK, rather than silently ignoring the + packet. Thanks to Chris Marget for spotting this + improvement. + + Add --cname option. This provides a limited alias + function, usable for DHCP names. Thanks to AJ Weber for + suggestions on this. + + Updated contrib/webmin with latest version from Neil + Fisher. + + Updated Polish translation. Thanks to Jan Psota. + + Correct the text names for DHCP options 64 and 65 to be + "nis+-domain" and "nis+-servers". + + Updated Spanish translation. Thanks to Chris Chatham. + + Force re-reading of /etc/resolv.conf when an "interface + up" event occurs. + + +version 2.45 + Fix total DNS failure in release 2.44 unless --min-port + specified. Thanks to Steven Barth and Grant Coady for + bugreport. Also reject out-of-range port spec, which could + break things too: suggestion from Gilles Espinasse. + + +version 2.44 + Fix crash when unknown client attempts to renew a DHCP + lease, problem introduced in version 2.43. Thanks to + Carlos Carvalho for help chasing this down. + + Fix potential crash when a host which doesn't have a lease + does DHCPINFORM. Again introduced in 2.43. This bug has + never been reported in the wild. + + Fix crash in netlink code introduced in 2.43. Thanks to + Jean Wolter for finding this. + + Change implementation of min_port to work even if min-port + is large. + + Patch to enable compilation of latest Mac OS X. Thanks to + David Gilman. + + Update Spanish translation. Thanks to Christopher Chatham. + + +version 2.43 + Updated Polish translation. Thanks to Jan Psota. + + Flag errors when configuration options are repeated + illegally. + + Further tweaks for GNU/kFreeBSD + + Add --no-wrap to msgmerge call - provides nicer .po file + format. + + Honour lease-time spec in dhcp-host lines even for + BOOTP. The user is assumed to known what they are doing in + this case. (Hosts without the time spec still get infinite + leases for BOOTP, over-riding the default in the + dhcp-range.) Thanks to Peter Katzmann for uncovering this. + + Fix problem matching relay-agent ids. Thanks to Michael + Rack for the bug report. + + Add --naptr-record option. Suggestion from Johan + Bergquist. + + Implement RFC 5107 server-id-override DHCP relay agent + option. + + Apply patches from Stefan Kruger for compilation on + Solaris 10 under Sun studio. + + Yet more tweaking of Linux capability code, to suppress + pointless wingeing from kernel 2.6.25 and above. + + Improve error checking during startup. Previously, some + errors which occurred during startup would be worked + around, with dnsmasq still starting up. Some were logged, + some silent. Now, they all cause a fatal error and dnsmasq + terminates with a non-zero exit code. The errors are those + associated with changing uid and gid, setting process + capabilities and writing the pidfile. Thanks to Uwe + Gansert and the Suse security team for pointing out + this improvement, and Bill Reimers for good implementation + suggestions. + + Provide NO_LARGEFILE compile option to switch off largefile + support when compiling against versions of uclibc which + don't support it. Thanks to Stephane Billiart for the patch. + + Implement random source ports for interactions with + upstream nameservers. New spoofing attacks have been found + against nameservers which do not do this, though it is not + clear if dnsmasq is vulnerable, since to doesn't implement + recursion. By default dnsmasq will now use a different + source port (and socket) for each query it sends + upstream. This behaviour can suppressed using the + --query-port option, and the old default behaviour + restored using --query-port=0. Explicit source-port + specifications in --server configs are still honoured. + + Replace the random number generator, for better + security. On most BSD systems, dnsmasq uses the + arc4random() RNG, which is secure, but on other platforms, + it relied on the C-library RNG, which may be + guessable and therefore allow spoofing. This release + replaces the libc RNG with the SURF RNG, from Daniel + J. Berstein's DJBDNS package. + + Don't attempt to change user or group or set capabilities + if dnsmasq is run as a non-root user. Without this, the + change from soft to hard errors when these fail causes + problems for non-root daemons listening on high + ports. Thanks to Patrick McLean for spotting this. + + Updated French translation. Thanks to Gildas Le Nadan. + + +version 2.42 + The changelog for version 2.42 and earlier is + available in CHANGELOG.archive. |