]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - CHANGELOG
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import of dnsmasq-2.52.tar.gz
[people/ms/dnsmasq.git] / CHANGELOG
1 version 2.52
2 Work around a Linux kernel bug which insists that the
3 length of the option passed to setsockopt must be at least
4 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
5 and the device name is "lo". Note that this is fixed
6 in kernel 2.6.31, but the workaround is harmless and
7 allows earlier kernels to be used. Also fix dnsmasq
8 bug which reported the wrong address when this failed.
9 Thanks to Fedor for finding this.
10
11 The API for IPv6 PKTINFO changed around Linux kernel
12 2.6.14. Workaround the case where dnsmasq is compiled
13 against newer headers, but then run on an old kernel:
14 necessary for some *WRT distros.
15
16 Re-read the set of network interfaces when re-loading
17 /etc/resolv.conf if --bind-interfaces is not set. This
18 handles the case that loopback interfaces do not exist
19 when dnsmasq is first started.
20
21 Tweak the PXE code to support port 4011. This should
22 reduce broadcasts and make things more reliable when other
23 servers are around. It also improves inter-operability
24 with certain clients.
25
26 Make a pxe-service configuration with no filename or boot
27 service type legal: this does a local boot. eg.
28 pxe-service=x86PC, "Local boot"
29
30 Be more conservative in detecting "A for A"
31 queries. Dnsmasq checks if the name in a type=A query looks
32 like a dotted-quad IP address and answers the query itself
33 if so, rather than forwarding it. Previously dnsmasq
34 relied in the library function inet_addr() to convert
35 addresses, and that will accept some things which are
36 confusing in this context, like 1.2.3 or even just
37 1234. Now we only do A for A processing for four decimal
38 numbers delimited by dots.
39
40 A couple of tweaks to fix compilation on Solaris. Thanks
41 to Joel Macklow for help with this.
42
43 Another Solaris compilation tweak, needed for Solaris
44 2009.06. Thanks to Lee Essen for that.
45
46 Added extract packaging stuff from Lee Essen to
47 contrib/Solaris10.
48
49 Increased the default limit on number of leases to 1000
50 (from 150). This is mainly a defence against DoS attacks,
51 and for the average "one for two class C networks"
52 installation, IP address exhaustion does that just as
53 well. Making the limit greater than the number of IP
54 addresses available in such an installation removes a
55 surprise which otherwise can catch people out.
56
57 Removed extraneous trailing space in the value of the
58 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
59 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
60 Gildas Le Nadan for spotting this.
61
62 Provide the network-id tags for a DHCP transaction to
63 the lease-change script in the environment variable
64 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
65
66 Add support for RFC3925 "Vendor-Identifying Vendor
67 Options". The syntax looks like this:
68 --dhcp-option=vi-encap:<enterprise number>, .........
69
70 Add support to --dhcp-match to allow matching against
71 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
72 looks like this:
73 --dhcp-match=tag,vi-encap<enterprise number>, <value>
74
75 Add some application specific code to assist in
76 implementing the Broadband forum TR069 CPE-WAN
77 specification. The details are in contrib/CPE-WAN/README
78
79 Increase the default DNS packet size limit to 4096, as
80 recommended by RFC5625 section 4.4.3. This can be
81 reconfigured using --edns-packet-max if needed. Thanks to
82 Francis Dupont for pointing this out.
83
84 Rewrite query-ids even for DNSSEC signed packets, since
85 this is allowed by RFC5625 section 4.5.
86
87 Use getopt_long by default on OS X. It has been supported
88 since version 10.3.0. Thanks to Arek Dreyer for spotting
89 this.
90
91 Added up-to-date startup configuration for MacOSX/launchd
92 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
93 providing this.
94
95 Fix link error when including Dbus but excluding DHCP.
96 Thanks to Oschtan for the bug report.
97
98 Updated French translation. Thanks to Gildas Le Nadan.
99
100 Updated Polish translation. Thanks to Jan Psota.
101
102 Updated Spanish translation. Thanks to Chris Chatham.
103
104
105 version 2.51
106 Add support for internationalised DNS. Non-ASCII characters
107 in domain names found in /etc/hosts, /etc/ethers and
108 /etc/dnsmasq.conf will be correctly handled by translation to
109 punycode, as specified in RFC3490. This function is only
110 available if dnsmasq is compiled with internationalisation
111 support, and adds a dependency on GNU libidn. Without i18n
112 support, dnsmasq continues to be compilable with just
113 standard tools. Thanks to Yves Dorfsman for the
114 suggestion.
115
116 Add two more environment variables for lease-change scripts:
117 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
118 supplied by a client, even if the actual hostname used is
119 over-ridden by dhcp-host or dhcp-ignore-names directives.
120 Also DNSMASQ_RELAY_ADDRESS which gives the address of
121 a DHCP relay, if used.
122 Suggestions from Michael Rack.
123
124 Fix regression which broke echo of relay-agent
125 options. Thanks to Michael Rack for spotting this.
126
127 Don't treat option 67 as being interchangeable with
128 dhcp-boot parameters if it's specified as
129 dhcp-option-force.
130
131 Make the code to call scripts on lease-change compile-time
132 optional. It can be switched off by editing src/config.h
133 or building with "make COPTS=-DNO_SCRIPT".
134
135 Make the TFTP server cope with filenames from Windows/DOS
136 which use '\' as pathname separator. Thanks to Ralf for
137 the patch.
138
139 Updated Polish translation. Thanks to Jan Psota.
140
141 Warn if an IP address is duplicated in /etc/ethers. Thanks
142 to Felix Schwarz for pointing this out.
143
144 Teach --conf-dir to take an option list of file suffices
145 which will be ignored when scanning the directory. Useful
146 for backup files etc. Thanks to Helmut Hullen for the
147 suggestion.
148
149 Add new DHCP option named tftpserver-address, which
150 corresponds to the third argument of dhcp-boot. This
151 allows the complete functionality of dhcp-boot to be
152 replicated with dhcp-option. Useful when using
153 dhcp-optsfile.
154
155 Test which upstream nameserver to use every 10 seconds
156 or 50 queries and not just when a query times out and
157 is retried. This should improve performance when there
158 is a slow nameserver in the list. Thanks to Joe for the
159 suggestion.
160
161 Don't do any PXE processing, even for clients with the
162 correct vendorclass, unless at least one pxe-prompt or
163 pxe-service option is given. This stops dnsmasq
164 interfering with proxy PXE subsystems when it is just
165 the DHCP server. Thanks to Spencer Clark for spotting this.
166
167 Limit the blocksize used for TFTP transfers to a value
168 which avoids packet fragmentation, based on the MTU of the
169 local interface. Many netboot ROMs can't cope with
170 fragmented packets.
171
172 Honour dhcp-ignore configuration for PXE and proxy-PXE
173 requests. Thanks to Niels Basjes for the bug report.
174
175 Updated French translation. Thanks to Gildas Le Nadan.
176
177
178 version 2.50
179 Fix security problem which allowed any host permitted to
180 do TFTP to possibly compromise dnsmasq by remote buffer
181 overflow when TFTP enabled. Thanks to Core Security
182 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
183 Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
184 Pablo Annetta. This problem has Bugtraq id: 36121
185 and CVE: 2009-2957
186
187 Fix a problem which allowed a malicious TFTP client to
188 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
189 spotting this. This problem has Bugtraq id: 36120 and
190 CVE: 2009-2958
191
192
193 version 2.49
194 Fix regression in 2.48 which disables the lease-change
195 script. Thanks to Jose Luis Duran for spotting this.
196
197 Log TFTP "file not found" errors. These were not logged,
198 since a normal PXELinux boot generates many of them, but
199 the lack of the messages seems to be more confusing than
200 routinely seeing them when there is no real error.
201
202 Update Spanish translation. Thanks to Chris Chatham.
203
204
205 version 2.48
206 Archived the extensive, backwards, changelog to
207 CHANGELOG.archive. The current changelog now runs from
208 version 2.43 and runs conventionally.
209
210 Fixed bug which broke binding of servers to physical
211 interfaces when interface names were longer than four
212 characters. Thanks to MURASE Katsunori for the patch.
213
214 Fixed netlink code to check that messages come from the
215 correct source, and not another userspace process. Thanks
216 to Steve Grubb for the patch.
217
218 Maintainability drive: removed bug and missing feature
219 workarounds for some old platforms. Solaris 9, OpenBSD
220 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
221 DBus older than 1.1.x are no longer supported.
222
223 Don't read included configuration files more than once:
224 allows complex configuration structures without problems.
225
226 Mark log messages from the various subsystems in dnsmasq:
227 messages from the DHCP subsystem now have the ident string
228 "dnsmasq-dhcp" and messages from TFTP have ident
229 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
230
231 Fix possible infinite DHCP protocol loop when an IP
232 address nailed to a hostname (not a MAC address) and a
233 host sometimes provides the name, sometimes not.
234
235 Allow --addn-hosts to take a directory: all the files
236 in the directory are read. Thanks to Phil Cornelius for
237 the suggestion.
238
239 Support --bridge-interface on all platforms, not just BSD.
240
241 Added support for advanced PXE functions. It's now
242 possible to define a prompt and menu options which will
243 be displayed when a client PXE boots. It's also possible to
244 hand-off booting to other boot servers. Proxy-DHCP, where
245 dnsmasq just supplies the PXE information and another DHCP
246 server does address allocation, is also allowed. See the
247 --pxe-prompt and --pxe-service keywords. Thanks to
248 Alkis Georgopoulos for the suggestion and Guilherme Moro
249 and Michael Brown for assistance.
250
251 Improvements to DHCP logging. Thanks to Tom Metro for
252 useful suggestions.
253
254 Add ability to build dnsmasq without DHCP support. To do
255 this, edit src/config.h or build with
256 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
257
258 Added --test command-line switch - syntax check
259 configuration files only.
260
261 Updated French translation. Thanks to Gildas Le Nadan.
262
263
264 version 2.47
265 Updated French translation. Thanks to Gildas Le Nadan.
266
267 Fixed interface enumeration code to work on NetBSD
268 5.0. Thanks to Roy Marples for the patch.
269
270 Updated config.h to use the same location for the lease
271 file on NetBSD as the other *BSD variants. Also allow
272 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
273
274 Handle duplicate address detection on IPv6 more
275 intelligently. In IPv6, an interface can have an address
276 which is not usable, because it is still undergoing DAD
277 (such addresses are marked "tentative"). Attempting to
278 bind to an address in this state returns an error,
279 EADDRNOTAVAIL. Previously, on getting such an error,
280 dnsmasq would silently abandon the address, and never
281 listen on it. Now, it retries once per second for 20
282 seconds before generating a fatal error. 20 seconds should
283 be long enough for any DAD process to complete, but can be
284 adjusted in src/config.h if necessary. Thanks to Martin
285 Krafft for the bug report.
286
287 Add DBus introspection. Patch from Jeremy Laine.
288
289 Update Dbus configuration file. Patch from Colin Walters.
290 Fix for this bug:
291 http://bugs.freedesktop.org/show_bug.cgi?id=18961
292
293 Support arbitrarily encapsulated DHCP options, suggestion
294 and initial patch from Samium Gromoff. This is useful for
295 (eg) gPXE, which expect all its private options to be
296 encapsulated inside a single option 175. So, eg,
297
298 dhcp-option = encap:175, 190, "iscsi-client0"
299 dhcp-option = encap:175, 191, "iscsi-client0-secret"
300
301 will provide iSCSI parameters to gPXE.
302
303 Enhance --dhcp-match to allow testing of the contents of a
304 client-sent option, as well as its presence. This
305 application in mind for this is RFC 4578
306 client-architecture specifiers, but it's generally useful.
307 Joey Korkames suggested the enhancement.
308
309 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
310 OpenSolaris. Thanks to Bastian Machek for the heads-up.
311
312 No longer complain about blank lines in
313 /etc/ethers. Thanks to Jon Nelson for the patch.
314
315 Fix binding of servers to physical devices, eg
316 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
317 onwards unless --query-port=0 set. Thanks to Peter Naulls
318 for the bug report.
319
320 Reply to DHCPINFORM requests even when the supplied ciaddr
321 doesn't fall in any dhcp-range. In this case it's not
322 possible to supply a complete configuration, but
323 individually-configured options (eg PAC) may be useful.
324
325 Allow the source address of an alias to be a range:
326 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
327 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
328 as before.
329 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
330 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
331 Ib Uhrskov for the suggestion.
332
333 Don't dynamically allocate DHCP addresses which may break
334 Windows. Addresses which end in .255 or .0 are broken in
335 Windows even when using supernetting.
336 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
337 192.168.0.255 is a valid IP address, but not for Windows.
338 See Microsoft KB281579. We therefore no longer allocate
339 these addresses to avoid hard-to-diagnose problems.
340
341 Update Polish translation. Thanks to Jan Psota.
342
343 Delete the PID-file when dnsmasq shuts down. Note that by
344 this time, dnsmasq is normally not running as root, so
345 this will fail if the PID-file is stored in a root-owned
346 directory; such failure is silently ignored. To take
347 advantage of this feature, the PID-file must be stored in a
348 directory owned and write-able by the user running
349 dnsmasq.
350
351
352 version 2.46
353 Allow --bootp-dynamic to take a netid tag, so that it may
354 be selectively enabled. Thanks to Olaf Westrik for the
355 suggestion.
356
357 Remove ISC-leasefile reading code. This has been
358 deprecated for a long time, and last time I removed it, it
359 ended up going back by request of one user. This time,
360 it's gone for good; otherwise it would need to be
361 re-worked to support multiple domains (see below).
362
363 Support DHCP clients in multiple DNS domains. This is a
364 long-standing request. Clients are assigned to a domain
365 based in their IP address.
366
367 Add --dhcp-fqdn flag, which changes behaviour if DNS names
368 assigned to DHCP clients. When this is set, there must be
369 a domain associated with each client, and only
370 fully-qualified domain names are added to the DNS. The
371 advantage is that the only the FQDN needs to be unique,
372 so that two or more DHCP clients can share a hostname, as
373 long as they are in different domains.
374
375 Set environment variable DNSMASQ_DOMAIN when invoking
376 lease-change script. This may be useful information to
377 have now that it's variable.
378
379 Tighten up data-checking code for DNS packet
380 handling. Thanks to Steve Dodd who found certain illegal
381 packets which could crash dnsmasq. No memory overwrite was
382 possible, so this is not a security issue beyond the DoS
383 potential.
384
385 Update example config dhcp option 47, the previous
386 suggestion generated an illegal, zero-length,
387 option. Thanks to Matthias Andree for finding this.
388
389 Rewrite hosts-file reading code to remove the limit of
390 1024 characters per line. John C Meuser found this.
391
392 Create a net-id tag with the name of the interface on
393 which the DHCP request was received.
394
395 Fixed minor memory leak in DBus code, thanks to Jeremy
396 Laine for the patch.
397
398 Emit DBus signals as the DHCP lease database
399 changes. Thanks to Jeremy Laine for the patch.
400
401 Allow for more that one MAC address in a dhcp-host
402 line. This configuration tells dnsmasq that it's OK to
403 abandon a DHCP lease of the fixed address to one MAC
404 address, if another MAC address in the dhcp-host statement
405 asks for an address. This is useful to give a fixed
406 address to a host which has two network interfaces
407 (say, a laptop with wired and wireless interfaces.)
408 It's very important to ensure that only one interface
409 at a time is up, since dnsmasq abandons the first lease
410 and re-uses the address before the leased time has
411 elapsed. John Gray suggested this.
412
413 Tweak the response to a DHCP request packet with a wrong
414 server-id when --dhcp-authoritative is set; dnsmasq now
415 returns a DHCPNAK, rather than silently ignoring the
416 packet. Thanks to Chris Marget for spotting this
417 improvement.
418
419 Add --cname option. This provides a limited alias
420 function, usable for DHCP names. Thanks to AJ Weber for
421 suggestions on this.
422
423 Updated contrib/webmin with latest version from Neil
424 Fisher.
425
426 Updated Polish translation. Thanks to Jan Psota.
427
428 Correct the text names for DHCP options 64 and 65 to be
429 "nis+-domain" and "nis+-servers".
430
431 Updated Spanish translation. Thanks to Chris Chatham.
432
433 Force re-reading of /etc/resolv.conf when an "interface
434 up" event occurs.
435
436
437 version 2.45
438 Fix total DNS failure in release 2.44 unless --min-port
439 specified. Thanks to Steven Barth and Grant Coady for
440 bugreport. Also reject out-of-range port spec, which could
441 break things too: suggestion from Gilles Espinasse.
442
443
444 version 2.44
445 Fix crash when unknown client attempts to renew a DHCP
446 lease, problem introduced in version 2.43. Thanks to
447 Carlos Carvalho for help chasing this down.
448
449 Fix potential crash when a host which doesn't have a lease
450 does DHCPINFORM. Again introduced in 2.43. This bug has
451 never been reported in the wild.
452
453 Fix crash in netlink code introduced in 2.43. Thanks to
454 Jean Wolter for finding this.
455
456 Change implementation of min_port to work even if min-port
457 is large.
458
459 Patch to enable compilation of latest Mac OS X. Thanks to
460 David Gilman.
461
462 Update Spanish translation. Thanks to Christopher Chatham.
463
464
465 version 2.43
466 Updated Polish translation. Thanks to Jan Psota.
467
468 Flag errors when configuration options are repeated
469 illegally.
470
471 Further tweaks for GNU/kFreeBSD
472
473 Add --no-wrap to msgmerge call - provides nicer .po file
474 format.
475
476 Honour lease-time spec in dhcp-host lines even for
477 BOOTP. The user is assumed to known what they are doing in
478 this case. (Hosts without the time spec still get infinite
479 leases for BOOTP, over-riding the default in the
480 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
481
482 Fix problem matching relay-agent ids. Thanks to Michael
483 Rack for the bug report.
484
485 Add --naptr-record option. Suggestion from Johan
486 Bergquist.
487
488 Implement RFC 5107 server-id-override DHCP relay agent
489 option.
490
491 Apply patches from Stefan Kruger for compilation on
492 Solaris 10 under Sun studio.
493
494 Yet more tweaking of Linux capability code, to suppress
495 pointless wingeing from kernel 2.6.25 and above.
496
497 Improve error checking during startup. Previously, some
498 errors which occurred during startup would be worked
499 around, with dnsmasq still starting up. Some were logged,
500 some silent. Now, they all cause a fatal error and dnsmasq
501 terminates with a non-zero exit code. The errors are those
502 associated with changing uid and gid, setting process
503 capabilities and writing the pidfile. Thanks to Uwe
504 Gansert and the Suse security team for pointing out
505 this improvement, and Bill Reimers for good implementation
506 suggestions.
507
508 Provide NO_LARGEFILE compile option to switch off largefile
509 support when compiling against versions of uclibc which
510 don't support it. Thanks to Stephane Billiart for the patch.
511
512 Implement random source ports for interactions with
513 upstream nameservers. New spoofing attacks have been found
514 against nameservers which do not do this, though it is not
515 clear if dnsmasq is vulnerable, since to doesn't implement
516 recursion. By default dnsmasq will now use a different
517 source port (and socket) for each query it sends
518 upstream. This behaviour can suppressed using the
519 --query-port option, and the old default behaviour
520 restored using --query-port=0. Explicit source-port
521 specifications in --server configs are still honoured.
522
523 Replace the random number generator, for better
524 security. On most BSD systems, dnsmasq uses the
525 arc4random() RNG, which is secure, but on other platforms,
526 it relied on the C-library RNG, which may be
527 guessable and therefore allow spoofing. This release
528 replaces the libc RNG with the SURF RNG, from Daniel
529 J. Berstein's DJBDNS package.
530
531 Don't attempt to change user or group or set capabilities
532 if dnsmasq is run as a non-root user. Without this, the
533 change from soft to hard errors when these fail causes
534 problems for non-root daemons listening on high
535 ports. Thanks to Patrick McLean for spotting this.
536
537 Updated French translation. Thanks to Gildas Le Nadan.
538
539
540 version 2.42
541 The changelog for version 2.42 and earlier is
542 available in CHANGELOG.archive.
Michael's tree of dnsmasq.