Simon Kelley
2017-06-01 15:38:41 UTC
A little over a year since the last release, I'm happy to announce that
we now have a final release of dnsmasq-2.77.
The tarball is available here:
http://thekelleys.org.uk/dnsmasq/dnsmasq-2.77.tar.gz
and the release-notes are appended below.
Enjoy!
Cheers,
Simon.
version 2.77
Generate an error when configured with a CNAME loop,
rather than a crash. Thanks to George Metz for
spotting this problem.
Calculate the length of TFTP error reply packet
correctly. This fixes a problem when the error
message in a TFTP packet exceeds the arbitrary
limit of 500 characters. The message was correctly
truncated, but not the packet length, so
extra data was appended. This is a possible
security risk, since the extra data comes from
a buffer which is also used for DNS, so that
previous DNS queries or replies may be leaked.
Thanks to Mozilla for funding the security audit
which spotted this bug.
Fix logic error in Linux netlink code. This could
cause dnsmasq to enter a tight loop on systems
with a very large number of network interfaces.
Thanks to Ivan Kokshaysky for the diagnosis and
patch.
Fix problem with --dnssec-timestamp whereby receipt
of SIGHUP would erroneously engage timestamp checking.
Thanks to Kevin Darbyshire-Bryant for this work.
Bump zone serial on reloading /etc/hosts and friends
when providing authoritative DNS. Thanks to Harrald
Dunkel for spotting this.
Handle v4-mapped IPv6 addresses sanely in --synth-domain.
These have standard representation like ::ffff:1.2.3.4
and are now converted to names like
<prefix>--ffff-1-2-3-4.<domain>
Handle binding upstream servers to an interface
(--server=***@eth0) when the named interface
is destroyed and recreated in the kernel. Thanks to
Beniamino Galvani for the patch.
Allow wildcard CNAME records in authoritative zones.
For example --cname=*.example.com,default.example.com
Thanks to Pro Backup for sponsoring this development.
Bump the allowed backlog of TCP connections from 5 to 32,
and make this a compile-time configurable option. Thanks
to Donatas Abraitis for diagnosing this as a potential
problem.
Add DNSMASQ_REQUESTED_OPTIONS environment variable to the
lease-change script. Thanks to ZHAO Yu for the patch.
Fix foobar in rrfilter code, that could cause malformed
replies, especially when DNSSEC validation on, and
the upstream server returns answer with the RRs in a
particular order. The only DNS server known to tickle
this is Nominum's. Thanks to Dave TÀht for spotting the
bug and assisting in the fix.
Fix the manpage which lied that only the primary address
of an interface is used by --interface-name.
Make --localise-queries apply to names from
--interface-name.
Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen
for pushing this.
Improve connection handling when talking to TCP upstream
servers. Specifically, be prepared to open a new TCP
connection when we want to make multiple queries
but the upstream server accepts fewer queries per
connection.
Improve logging of upstream servers when there are a lot
of "local addresses only" entries. Thanks to Hannu Nyman for
the patch.
Make --bogus-priv apply to IPv6, for the prefixes specified
in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on
this.
Allow use of MAC addresses with --tftp-unique-root. Thanks
to Floris Bos for the patch.
Add --dhcp-reply-delay option. Thanks to Floris Bos
for the patch.
Add mtu setting facility to --ra-param. Thanks to David
Flamand for the patch.
Capture STDOUT and STDERR output from dhcp-script and log
it as part of the dnsmasq log stream. Makes life easier
for diagnosing unexpected problems in scripts.
Thanks to Petr Mensik for the patch.
Generate fatal errors when failing to parse the output
of the dhcp-script in "init" mode. Avoids strange errors
when the script accidentally emits error messages.
Thanks to Petr Mensik for the patch.
Make --rev-server for an RFC1918 subnet work even in the
presence of the --bogus-priv flag. Thanks to
Vladislav Grishenko for the patch.
Extend --ra-param mtu: field to allow an interface name.
This allows the MTU of a WAN interface to be advertised on
the internal interfaces of a router. Thanks to
Vladislav Grishenko for the patch.
Do ICMP-ping check for address-in-use for DHCPv4 when
the client specifies an address in DHCPDISCOVER, and when
an address in configured locally. Thanks to Alin NÄstac
for spotting the problem.
Add new DHCP tag "known-othernet" which is set when only a
dhcp-host exists for another subnet. Can be used to ensure
that privileged hosts are not given "guest" addresses by
accident. Thanks to Todd Sanket for the suggestion.
Remove historic automatic inclusion of IDN support when
building internationalisation support. This doesn't
fit now there is a choice of IDN libraries. Be sure
to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for
IDN support.
we now have a final release of dnsmasq-2.77.
The tarball is available here:
http://thekelleys.org.uk/dnsmasq/dnsmasq-2.77.tar.gz
and the release-notes are appended below.
Enjoy!
Cheers,
Simon.
version 2.77
Generate an error when configured with a CNAME loop,
rather than a crash. Thanks to George Metz for
spotting this problem.
Calculate the length of TFTP error reply packet
correctly. This fixes a problem when the error
message in a TFTP packet exceeds the arbitrary
limit of 500 characters. The message was correctly
truncated, but not the packet length, so
extra data was appended. This is a possible
security risk, since the extra data comes from
a buffer which is also used for DNS, so that
previous DNS queries or replies may be leaked.
Thanks to Mozilla for funding the security audit
which spotted this bug.
Fix logic error in Linux netlink code. This could
cause dnsmasq to enter a tight loop on systems
with a very large number of network interfaces.
Thanks to Ivan Kokshaysky for the diagnosis and
patch.
Fix problem with --dnssec-timestamp whereby receipt
of SIGHUP would erroneously engage timestamp checking.
Thanks to Kevin Darbyshire-Bryant for this work.
Bump zone serial on reloading /etc/hosts and friends
when providing authoritative DNS. Thanks to Harrald
Dunkel for spotting this.
Handle v4-mapped IPv6 addresses sanely in --synth-domain.
These have standard representation like ::ffff:1.2.3.4
and are now converted to names like
<prefix>--ffff-1-2-3-4.<domain>
Handle binding upstream servers to an interface
(--server=***@eth0) when the named interface
is destroyed and recreated in the kernel. Thanks to
Beniamino Galvani for the patch.
Allow wildcard CNAME records in authoritative zones.
For example --cname=*.example.com,default.example.com
Thanks to Pro Backup for sponsoring this development.
Bump the allowed backlog of TCP connections from 5 to 32,
and make this a compile-time configurable option. Thanks
to Donatas Abraitis for diagnosing this as a potential
problem.
Add DNSMASQ_REQUESTED_OPTIONS environment variable to the
lease-change script. Thanks to ZHAO Yu for the patch.
Fix foobar in rrfilter code, that could cause malformed
replies, especially when DNSSEC validation on, and
the upstream server returns answer with the RRs in a
particular order. The only DNS server known to tickle
this is Nominum's. Thanks to Dave TÀht for spotting the
bug and assisting in the fix.
Fix the manpage which lied that only the primary address
of an interface is used by --interface-name.
Make --localise-queries apply to names from
--interface-name.
Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen
for pushing this.
Improve connection handling when talking to TCP upstream
servers. Specifically, be prepared to open a new TCP
connection when we want to make multiple queries
but the upstream server accepts fewer queries per
connection.
Improve logging of upstream servers when there are a lot
of "local addresses only" entries. Thanks to Hannu Nyman for
the patch.
Make --bogus-priv apply to IPv6, for the prefixes specified
in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on
this.
Allow use of MAC addresses with --tftp-unique-root. Thanks
to Floris Bos for the patch.
Add --dhcp-reply-delay option. Thanks to Floris Bos
for the patch.
Add mtu setting facility to --ra-param. Thanks to David
Flamand for the patch.
Capture STDOUT and STDERR output from dhcp-script and log
it as part of the dnsmasq log stream. Makes life easier
for diagnosing unexpected problems in scripts.
Thanks to Petr Mensik for the patch.
Generate fatal errors when failing to parse the output
of the dhcp-script in "init" mode. Avoids strange errors
when the script accidentally emits error messages.
Thanks to Petr Mensik for the patch.
Make --rev-server for an RFC1918 subnet work even in the
presence of the --bogus-priv flag. Thanks to
Vladislav Grishenko for the patch.
Extend --ra-param mtu: field to allow an interface name.
This allows the MTU of a WAN interface to be advertised on
the internal interfaces of a router. Thanks to
Vladislav Grishenko for the patch.
Do ICMP-ping check for address-in-use for DHCPv4 when
the client specifies an address in DHCPDISCOVER, and when
an address in configured locally. Thanks to Alin NÄstac
for spotting the problem.
Add new DHCP tag "known-othernet" which is set when only a
dhcp-host exists for another subnet. Can be used to ensure
that privileged hosts are not given "guest" addresses by
accident. Thanks to Todd Sanket for the suggestion.
Remove historic automatic inclusion of IDN support when
building internationalisation support. This doesn't
fit now there is a choice of IDN libraries. Be sure
to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for
IDN support.