]>
git.ipfire.org Git - people/ms/dnsmasq.git/log
Simon Kelley [Tue, 9 Jun 2015 19:45:07 +0000 (20:45 +0100)]
Add a couple of missed logging strings to the catalogue.
Nicolas Cavallari [Tue, 9 Jun 2015 19:42:20 +0000 (20:42 +0100)]
Add Dbus methods to create and delete DHCP leases.
Simon Kelley [Sat, 6 Jun 2015 22:13:57 +0000 (23:13 +0100)]
Handle corner cases in NSEC coverage checks.
Simon Kelley [Thu, 4 Jun 2015 21:32:43 +0000 (22:32 +0100)]
More reproducibility fixes for Debian package.
Simon Kelley [Wed, 3 Jun 2015 21:30:59 +0000 (22:30 +0100)]
DHCPv6: DHCPCONFIRM should be OK for any address on link, not just dynamic addresses.
Simon Kelley [Mon, 1 Jun 2015 20:00:16 +0000 (21:00 +0100)]
Close Debian bug for bug fixed upstream.
swigger [Mon, 1 Jun 2015 19:54:59 +0000 (20:54 +0100)]
Correctly sanitise DNS header bits in answer when recreating query for retry.
Simon Kelley [Tue, 26 May 2015 21:12:01 +0000 (22:12 +0100)]
Merge branch 'master' of ssh://thekelleys.org.uk/var/cache/git/dnsmasq
John Hanks [Tue, 26 May 2015 21:07:57 +0000 (22:07 +0100)]
Add infiniband to example config file.
Christian Demsar [Wed, 20 May 2015 19:26:23 +0000 (20:26 +0100)]
Man page typo.
Simon Kelley [Wed, 20 May 2015 19:20:24 +0000 (20:20 +0100)]
Tweak immediately previous patch.
Simon Kelley [Tue, 19 May 2015 22:01:27 +0000 (23:01 +0100)]
Select correct DHCP context when in PXE bootserver mode.
Simon Kelley [Fri, 15 May 2015 19:43:48 +0000 (20:43 +0100)]
Remove support for DNS Extended Label Types.
The support was only partial, and the whole concept is
now deprecated in the standards.
Simon Kelley [Fri, 15 May 2015 17:13:06 +0000 (18:13 +0100)]
Fix buffer overflow introduced in 2.73rc6.
Fix off-by-one in code which checks for over-long domain names
in received DNS packets. This enables buffer overflow attacks
which can certainly crash dnsmasq and may allow for arbitrary
code execution. The problem was introduced in commit
b8f16556d ,
release 2.73rc6, so has not escaped into any stable release.
Note that the off-by-one was in the label length determination,
so the buffer can be overflowed by as many bytes as there are
labels in the name - ie, many.
Thanks to Ron Bowes, who used lcmatuf's afl-fuzz tool to find
the problem.
Simon Kelley [Thu, 14 May 2015 20:30:00 +0000 (21:30 +0100)]
Use correct DHCP context for PXE-proxy server-id.
Simon Kelley [Thu, 14 May 2015 20:16:18 +0000 (21:16 +0100)]
Tweak last commit.
Simon Kelley [Wed, 13 May 2015 21:33:04 +0000 (22:33 +0100)]
Allow T1 and T2 DHCPv4 options to be set.
Simon Kelley [Wed, 13 May 2015 11:35:57 +0000 (12:35 +0100)]
Pointer to mail-archive mailing list mirror in doc.html.
Simon Kelley [Wed, 13 May 2015 11:16:13 +0000 (12:16 +0100)]
Tweak Debian systemd unit file.
Simon Kelley [Sun, 10 May 2015 12:50:59 +0000 (13:50 +0100)]
Tweak EDNS timeout code.
Simon Kelley [Fri, 8 May 2015 19:25:51 +0000 (20:25 +0100)]
Check IPv4-mapped IPv6 addresses with --stop-rebind.
Simon Kelley [Fri, 8 May 2015 15:25:38 +0000 (16:25 +0100)]
Handle UDP packet loss when fragmentation of large packets is broken.
Nicolas Cavallari [Tue, 28 Apr 2015 20:55:18 +0000 (21:55 +0100)]
Constify some DHCP lease management functions.
Simon Kelley [Tue, 28 Apr 2015 20:26:35 +0000 (21:26 +0100)]
Don't remove RRSIG RR from answers to ANY queries when the do bit is not set.
Simon Kelley [Tue, 28 Apr 2015 19:45:57 +0000 (20:45 +0100)]
Fix argument-order botch which broke DNSSEC for TCP queries.
Johnny S. Lee [Sun, 26 Apr 2015 21:23:57 +0000 (22:23 +0100)]
Make get-version work when repo is a git submodule.
Simon Kelley [Sat, 25 Apr 2015 20:46:10 +0000 (21:46 +0100)]
Logs in DHCPv6 not suppressed by dhcp6-quiet.
Simon Kelley [Wed, 22 Apr 2015 20:14:31 +0000 (21:14 +0100)]
Tweaks to previous, DNS label charset commit.
Simon Kelley [Tue, 21 Apr 2015 21:57:06 +0000 (22:57 +0100)]
Handle domain names with '.' or /000 within labels.
Only in DNSSEC mode, where we might need to validate or store
such names. In none-DNSSEC mode, simply don't cache these, as before.
Simon Kelley [Mon, 20 Apr 2015 20:34:05 +0000 (21:34 +0100)]
Moshe Levi [Sun, 19 Apr 2015 21:10:40 +0000 (22:10 +0100)]
Check IP address command line arg in dhcp_release.c
Simon Kelley [Fri, 17 Apr 2015 21:50:20 +0000 (22:50 +0100)]
Log domain when reporting DNSSEC validation failure.
Simon Kelley [Thu, 16 Apr 2015 14:24:52 +0000 (15:24 +0100)]
Note CVE-2015-3294
Stefan Tomanek [Thu, 16 Apr 2015 14:20:59 +0000 (15:20 +0100)]
Fix (srk induced) crash in new tftp_no_fail code.
Simon Kelley [Thu, 16 Apr 2015 14:05:30 +0000 (15:05 +0100)]
Auth: correct replies to NS and SOA in .arpa zones.
Simon Kelley [Sun, 12 Apr 2015 20:52:47 +0000 (21:52 +0100)]
Fix crash in auth code with odd configuration.
Simon Kelley [Thu, 9 Apr 2015 20:48:00 +0000 (21:48 +0100)]
Fix crash on receipt of certain malformed DNS requests.
Simon Kelley [Mon, 6 Apr 2015 16:19:13 +0000 (17:19 +0100)]
Fix crash caused by looking up servers.bind when many servers defined.
Simon Kelley [Fri, 3 Apr 2015 20:42:30 +0000 (21:42 +0100)]
Fix compiler warning when not including DNSSEC.
Simon Kelley [Fri, 3 Apr 2015 20:25:05 +0000 (21:25 +0100)]
Return INSECURE, rather than BOGUS when DS proved not to exist.
Return INSECURE when validating DNS replies which have RRSIGs, but
when a needed DS record in the trust chain is proved not to exist.
It's allowed for a zone to set up DNSKEY and RRSIG records first, then
add a DS later, completing the chain of trust.
Also, since we don't have the infrastructure to track that these
non-validated replies have RRSIGS, don't cache them, so we don't
provide answers with missing RRSIGS from the cache.
Stefan Tomanek [Wed, 1 Apr 2015 16:55:07 +0000 (17:55 +0100)]
Whitespace fixes.
Stefan Tomanek [Tue, 31 Mar 2015 21:32:11 +0000 (22:32 +0100)]
add --tftp-no-fail to ignore missing tftp root
Simon Kelley [Mon, 30 Mar 2015 06:52:21 +0000 (07:52 +0100)]
Merge message translations.
Simon Kelley [Sun, 29 Mar 2015 21:35:44 +0000 (22:35 +0100)]
Fix crash in last commit.
Simon Kelley [Sun, 29 Mar 2015 21:17:14 +0000 (22:17 +0100)]
Allow control characters in names in the cache, handle when logging.
Simon Kelley [Sat, 28 Mar 2015 21:34:07 +0000 (21:34 +0000)]
DNSSEC fix for non-ascii characters in labels.
Simon Kelley [Fri, 27 Mar 2015 11:44:55 +0000 (11:44 +0000)]
Protect against broken DNSSEC upstreams.
Simon Kelley [Fri, 27 Mar 2015 09:58:26 +0000 (09:58 +0000)]
Return SERVFAIL when validation abandoned.
Simon Kelley [Thu, 26 Mar 2015 21:15:43 +0000 (21:15 +0000)]
Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
Lung-Pin Chang [Thu, 19 Mar 2015 23:22:21 +0000 (23:22 +0000)]
dhcp: set outbound interface via cmsg in unicast reply
If multiple routes to the same network exist, Linux blindly picks
the first interface (route) based on destination address, which might not be
the one we're actually offering leases. Rather than relying on this,
always set the interface for outgoing unicast DHCP packets.
Simon Kelley [Thu, 19 Mar 2015 22:50:22 +0000 (22:50 +0000)]
Make --address=/example.com/ equivalent to --server=/example.com/
Simon Kelley [Wed, 11 Mar 2015 21:36:30 +0000 (21:36 +0000)]
Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
The nasty code with static variable in retry_send() which
avoids looping forever needs to be called on success of the syscall,
to reset the static variable.
Simon Kelley [Sat, 7 Mar 2015 18:28:06 +0000 (18:28 +0000)]
Tweak DNSSEC timestamp code to create file later, removing need to chown it.
Simon Kelley [Wed, 4 Mar 2015 20:32:26 +0000 (20:32 +0000)]
New version of contrib/reverse-dns
Simon Kelley [Mon, 2 Mar 2015 22:47:23 +0000 (22:47 +0000)]
Fix last commit to not crash if uid changing not configured.
Simon Kelley [Sun, 1 Mar 2015 18:17:54 +0000 (18:17 +0000)]
Add --dnssec-timestamp option and facility.
Joachim Zobel [Mon, 23 Feb 2015 21:38:11 +0000 (21:38 +0000)]
Log parsing utils in contrib/reverse-dns
Tomas Hozza [Mon, 23 Feb 2015 21:26:26 +0000 (21:26 +0000)]
Fix uninitialized value used in get_client_mac()
Chen Wei [Tue, 17 Feb 2015 22:07:35 +0000 (22:07 +0000)]
Fix trivial memory leaks to quieten valgrind.
Simon Kelley [Sat, 14 Feb 2015 20:08:56 +0000 (20:08 +0000)]
Make dynamic hosts files work when --no-hosts set.
Simon Kelley [Sat, 14 Feb 2015 20:02:37 +0000 (20:02 +0000)]
Typos.
Simon Kelley [Thu, 12 Feb 2015 18:30:32 +0000 (18:30 +0000)]
Debian systemd fixes.
Shantanu Gadgil [Wed, 11 Feb 2015 20:16:59 +0000 (20:16 +0000)]
Fix get-version script which returned wrong tag in some situations.
Chris Lamb [Mon, 9 Feb 2015 11:52:30 +0000 (11:52 +0000)]
Make Debian build reproducible.
Simon Kelley [Sat, 7 Feb 2015 22:36:34 +0000 (22:36 +0000)]
man page typo.
Simon Kelley [Tue, 3 Feb 2015 21:52:48 +0000 (21:52 +0000)]
Extra logging for inotify code.
Simon Kelley [Mon, 2 Feb 2015 22:36:42 +0000 (22:36 +0000)]
Fixup dhcp-configs after reading extra hostfiles with inotify.
ThiƩbaud Weksteen [Mon, 2 Feb 2015 21:37:27 +0000 (21:37 +0000)]
Manpage typo fix.
Simon Kelley [Mon, 2 Feb 2015 21:27:39 +0000 (21:27 +0000)]
Debian changelog bugfix.
Simon Kelley [Sun, 1 Feb 2015 21:48:46 +0000 (21:48 +0000)]
Fix build failure on openBSD.
Simon Kelley [Sun, 1 Feb 2015 00:15:16 +0000 (00:15 +0000)]
BSD make support
Simon Kelley [Sat, 31 Jan 2015 22:44:26 +0000 (22:44 +0000)]
Fix broken ECDSA DNSSEC signatures.
Simon Kelley [Sat, 31 Jan 2015 21:59:13 +0000 (21:59 +0000)]
inotify documentation updates.
Simon Kelley [Sat, 31 Jan 2015 20:13:40 +0000 (20:13 +0000)]
Update copyrights for dawn of 2015.
Simon Kelley [Sat, 31 Jan 2015 19:59:29 +0000 (19:59 +0000)]
Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir.
Simon Kelley [Mon, 26 Jan 2015 11:23:43 +0000 (11:23 +0000)]
Allow inotify to be disabled at compile time on Linux.
Win King Wan [Wed, 21 Jan 2015 20:41:48 +0000 (20:41 +0000)]
Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6.
Conrad Kostecki [Tue, 20 Jan 2015 21:07:56 +0000 (21:07 +0000)]
Update German translation.
Simon Kelley [Tue, 20 Jan 2015 20:51:02 +0000 (20:51 +0000)]
Add --dhcp-hostsdir config option.
Simon Kelley [Sun, 18 Jan 2015 22:20:48 +0000 (22:20 +0000)]
Don't treat SERVFAIL as a recoverable error.....
Simon Kelley [Sun, 18 Jan 2015 22:11:10 +0000 (22:11 +0000)]
Cope with multiple interfaces with the same LL address.
Simon Kelley [Mon, 12 Jan 2015 23:22:08 +0000 (23:22 +0000)]
Logs for DS records consistent.
Simon Kelley [Mon, 12 Jan 2015 23:16:56 +0000 (23:16 +0000)]
Don't answer from cache RRsets from wildcards, as we don't have NSECs.
Simon Kelley [Mon, 12 Jan 2015 20:18:18 +0000 (20:18 +0000)]
Log port of requestor when doing extra logging.
RinSatsuki [Sat, 10 Jan 2015 15:22:21 +0000 (15:22 +0000)]
Add --min-cache-ttl option.
Simon Kelley [Fri, 9 Jan 2015 15:53:03 +0000 (15:53 +0000)]
Add --log-queries=extra option for more complete logging.
Simon Kelley [Wed, 7 Jan 2015 21:58:05 +0000 (21:58 +0000)]
Merge branch 'unsigned'
Simon Kelley [Wed, 7 Jan 2015 21:55:43 +0000 (21:55 +0000)]
DNSSEC: do top-down search for limit of secure delegation.
Yousong Zhou [Mon, 5 Jan 2015 17:03:35 +0000 (17:03 +0000)]
Fix race condition issue in makefile.
Yousong Zhou [Sat, 3 Jan 2015 16:36:14 +0000 (16:36 +0000)]
Implement makefile dependencies on COPTS variable.
Matthias Andree [Sat, 27 Dec 2014 15:36:38 +0000 (15:36 +0000)]
Fix build failure in new inotify code on BSD.
Simon Kelley [Sat, 27 Dec 2014 15:33:32 +0000 (15:33 +0000)]
Bad packet protection.
Glen Huang [Sat, 27 Dec 2014 15:28:12 +0000 (15:28 +0000)]
Add --ignore-address option.
Simon Kelley [Tue, 23 Dec 2014 18:42:38 +0000 (18:42 +0000)]
Initialise return value.
Simon Kelley [Tue, 23 Dec 2014 15:46:08 +0000 (15:46 +0000)]
Fix problems validating NSEC3 and wildcards.
Simon Kelley [Sun, 21 Dec 2014 21:21:53 +0000 (21:21 +0000)]
Make caching work for CNAMEs pointing to A/AAAA records shadowed in /etc/hosts
If the answer to an upstream query is a CNAME which points to an
A/AAAA record which also exists in /etc/hosts and friends, then
caching is suppressed, to avoid inconsistent answers. This is
now modified to allow caching when the upstream and local A/AAAA
records have the same value.
Simon Kelley [Sun, 21 Dec 2014 16:11:52 +0000 (16:11 +0000)]
Fix crash in DNSSEC code when attempting to verify large RRs.
Simon Kelley [Wed, 17 Dec 2014 20:38:20 +0000 (20:38 +0000)]
Tweak field width in cache dump to avoid truncating IPv6 addresses.
Simon Kelley [Wed, 17 Dec 2014 12:41:56 +0000 (12:41 +0000)]
Eliminate IPv6 privacy addresses from --interface-name answers.
Simon Kelley [Tue, 16 Dec 2014 20:41:29 +0000 (20:41 +0000)]
Remove redundant IN6_IS_ADDR_ULA(a) macro defn.