Home | History | Annotate | Download | only in dnsmasq
      1 version 2.51
      2             Add support for internationalised DNS. Non-ASCII characters
      3             in domain names found in /etc/hosts, /etc/ethers and 
      4 	    /etc/dnsmasq.conf will be correctly handled by translation to
      5             punycode, as specified in RFC3490. This function is only
      6             available if dnsmasq is compiled with internationalisation
      7             support, and adds a dependency on GNU libidn. Without i18n
      8             support, dnsmasq continues to be compilable with just
      9             standard tools. Thanks to Yves Dorfsman for the
     10             suggestion. 
     11 
     12             Add two more environment variables for lease-change scripts:
     13 	    First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
     14 	    supplied by a client, even if the actual hostname used is
     15 	    over-ridden by dhcp-host or dhcp-ignore-names directives.
     16 	    Also DNSMASQ_RELAY_ADDRESS which gives the address of 
     17             a DHCP relay, if used.
     18 	    Suggestions from Michael Rack.
     19 
     20 	    Fix regression which broke echo of relay-agent
     21 	    options. Thanks to Michael Rack for spotting this.
     22           
     23             Don't treat option 67 as being interchangeable with
     24             dhcp-boot parameters if it's specified as
     25             dhcp-option-force.
     26 
     27 	    Make the code to call scripts on lease-change compile-time
     28 	    optional. It can be switched off by editing src/config.h
     29 	    or building with "make COPTS=-DNO_SCRIPT".
     30  
     31 	    Make the TFTP server cope with filenames from Windows/DOS
     32 	    which use '\' as pathname separator. Thanks to Ralf for
     33 	    the patch.
     34 
     35 	    Updated Polish translation. Thanks to Jan Psota.
     36  
     37 	    Warn if an IP address is duplicated in /etc/ethers. Thanks
     38 	    to Felix Schwarz for pointing this out.
     39 
     40 	    Teach --conf-dir to take an option list of file suffices
     41 	    which will be ignored when scanning the directory. Useful
     42 	    for backup files etc. Thanks to Helmut Hullen for the
     43 	    suggestion. 
     44 
     45 	    Add new DHCP option named tftpserver-address, which
     46 	    corresponds to the third argument of dhcp-boot. This
     47 	    allows the complete functionality of dhcp-boot to be
     48 	    replicated with dhcp-option. Useful when using 
     49 	    dhcp-optsfile.
     50 
     51 	    Test which upstream nameserver to use every 10 seconds
     52             or 50 queries and not just when a query times out and 
     53             is retried. This should improve performance when there
     54             is a slow nameserver in the list. Thanks to Joe for the
     55             suggestion. 
     56 
     57 	    Don't do any PXE processing, even for clients with the 
     58 	    correct vendorclass, unless at least one pxe-prompt or 
     59             pxe-service option is given. This stops dnsmasq 
     60             interfering with proxy PXE subsystems when it is just 
     61             the DHCP server. Thanks to Spencer Clark for spotting this.
     62 
     63 	    Limit the blocksize used for TFTP transfers to a value
     64 	    which avoids packet fragmentation, based on the MTU of the
     65 	    local interface. Many netboot ROMs can't cope with
     66 	    fragmented packets.
     67 
     68 	    Honour dhcp-ignore configuration for PXE and proxy-PXE 
     69 	    requests. Thanks to Niels Basjes for the bug report.
     70 
     71             Updated French translation. Thanks to Gildas Le Nadan.
     72 
     73 
     74 version 2.50
     75 	    Fix security problem which allowed any host permitted to 
     76             do TFTP to possibly compromise dnsmasq by remote buffer 
     77             overflow when TFTP enabled. Thanks to Core Security 
     78 	    Technologies and Ivn Arce, Pablo Hernn Jorge, Alejandro 
     79 	    Pablo Rodriguez, Martn Coco, Alberto Solio Testa and
     80 	    Pablo Annetta. This problem has Bugtraq id: 36121 
     81             and CVE: 2009-2957
     82 
     83             Fix a problem which allowed a malicious TFTP client to 
     84             crash dnsmasq. Thanks to Steve Grubb at Red Hat for 
     85             spotting this. This problem has Bugtraq id: 36120 and 
     86             CVE: 2009-2958
     87 
     88 
     89 version 2.49
     90             Fix regression in 2.48 which disables the lease-change
     91             script. Thanks to Jose Luis Duran for spotting this.
     92 
     93 	    Log TFTP "file not found" errors. These were not logged,
     94 	    since a normal PXELinux boot generates many of them, but
     95 	    the lack of the messages seems to be more confusing than
     96 	    routinely seeing them when there is no real error.
     97 
     98 	    Update Spanish translation. Thanks to Chris Chatham.
     99  
    100 
    101 version 2.48
    102             Archived the extensive, backwards, changelog to
    103             CHANGELOG.archive. The current changelog now runs from
    104             version 2.43 and runs conventionally.
    105 
    106 	    Fixed bug which broke binding of servers to physical
    107 	    interfaces when interface names were longer than four
    108 	    characters. Thanks to MURASE Katsunori for the patch.
    109 
    110 	    Fixed netlink code to check that messages come from the
    111 	    correct source, and not another userspace process. Thanks
    112 	    to Steve Grubb for the patch.
    113 
    114 	    Maintainability drive: removed bug and missing feature
    115 	    workarounds for some old platforms. Solaris 9, OpenBSD
    116 	    older than 4.1, Glibc older than 2.2, Linux 2.2.x and 
    117             DBus older than 1.1.x are no longer supported. 
    118 
    119 	    Don't read included configuration files more than once:
    120 	    allows complex configuration structures without problems.
    121 
    122 	    Mark log messages from the various subsystems in dnsmasq:
    123 	    messages from the DHCP subsystem now have the ident string
    124 	    "dnsmasq-dhcp" and messages from TFTP have ident
    125 	    "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
    126 
    127 	    Fix possible infinite DHCP protocol loop when an IP
    128 	    address nailed to a hostname (not a MAC address)  and a 
    129 	    host sometimes provides the name, sometimes not.
    130 
    131 	    Allow --addn-hosts to take a directory: all the files 
    132 	    in the directory are read. Thanks to Phil Cornelius for 
    133 	    the suggestion. 
    134 
    135 	    Support --bridge-interface on all platforms, not just BSD.
    136  
    137             Added support for advanced PXE functions. It's now
    138             possible to define a prompt and menu options which will
    139             be displayed when a client PXE boots. It's also possible to
    140             hand-off booting to other boot servers. Proxy-DHCP, where
    141             dnsmasq just supplies the PXE information and another DHCP
    142             server does address allocation, is also allowed. See the
    143             --pxe-prompt and --pxe-service keywords. Thanks to 
    144 	    Alkis Georgopoulos for the suggestion and Guilherme Moro
    145             and Michael Brown for assistance.
    146 
    147 	    Improvements to DHCP logging. Thanks to Tom Metro for
    148 	    useful suggestions.
    149 	    
    150 	    Add ability to build dnsmasq without DHCP support. To do
    151 	    this, edit src/config.h or build with
    152 	    "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. 
    153 	    
    154 	    Added --test command-line switch - syntax check
    155 	    configuration files only.
    156  
    157             Updated French translation. Thanks to Gildas Le Nadan.
    158 
    159 
    160 version 2.47
    161 	    Updated French translation. Thanks to Gildas Le Nadan.
    162 
    163 	    Fixed interface enumeration code to work on NetBSD
    164 	    5.0. Thanks to Roy Marples for the patch. 
    165 
    166 	    Updated config.h to use the same location for the lease
    167 	    file on NetBSD as the other *BSD variants. Also allow
    168 	    LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.  
    169 
    170             Handle duplicate address detection on IPv6 more
    171             intelligently. In IPv6, an interface can have an address
    172             which is not usable, because it is still undergoing DAD
    173             (such addresses are marked "tentative"). Attempting to
    174             bind to an address in this state returns an error,
    175             EADDRNOTAVAIL. Previously, on getting such an error,
    176             dnsmasq would silently abandon the address, and never
    177             listen on it. Now, it retries once per second for 20
    178             seconds before generating a fatal error. 20 seconds should
    179             be long enough for any DAD process to complete, but can be
    180             adjusted in src/config.h if necessary. Thanks to Martin
    181             Krafft for the bug report.
    182 
    183 	    Add DBus introspection. Patch from Jeremy Laine.
    184 
    185 	    Update Dbus configuration file. Patch from Colin Walters.
    186 	    Fix for this bug:
    187             http://bugs.freedesktop.org/show_bug.cgi?id=18961
    188 
    189 	    Support arbitrarily encapsulated DHCP options, suggestion
    190 	    and initial patch from Samium Gromoff. This is useful for
    191 	    (eg) gPXE, which expect all its private options to be
    192 	    encapsulated inside a single option 175. So, eg, 
    193 
    194             dhcp-option = encap:175, 190, "iscsi-client0"
    195             dhcp-option = encap:175, 191, "iscsi-client0-secret"
    196 	    
    197 	    will provide iSCSI parameters to gPXE.
    198 
    199 	    Enhance --dhcp-match to allow testing of the contents of a
    200 	    client-sent option, as well as its presence. This
    201 	    application in mind for this is RFC 4578
    202 	    client-architecture specifiers, but it's generally useful.
    203 	    Joey Korkames suggested the enhancement. 
    204 
    205 	    Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
    206 	    OpenSolaris. Thanks to Bastian Machek for the heads-up.
    207 
    208 	    No longer complain about blank lines in
    209 	    /etc/ethers. Thanks to Jon Nelson for the patch.
    210 
    211 	    Fix binding of servers to physical devices, eg
    212 	    --server=/domain/1.2.3.4@eth0 which was broken from 2.43
    213 	    onwards unless --query-port=0 set. Thanks to Peter Naulls
    214 	    for the bug report.
    215 
    216 	    Reply to DHCPINFORM requests even when the supplied ciaddr
    217 	    doesn't fall in any dhcp-range. In this case it's not
    218 	    possible to supply a complete configuration, but
    219 	    individually-configured options (eg PAC) may be useful.
    220 
    221 	    Allow the source address of an alias to be a range:
    222 	    --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
    223 	    subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
    224 	    as before.
    225 	    --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
    226 	    maps only the 192.168.0.10->192.168.0.40 region. Thanks to
    227 	    Ib Uhrskov for the suggestion.
    228 
    229 	    Don't dynamically allocate DHCP addresses which may break
    230 	    Windows.  Addresses which end in .255 or .0 are broken in
    231 	    Windows even when using supernetting.
    232 	    --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means 
    233 	    192.168.0.255 is a valid IP address, but not for Windows. 
    234 	    See Microsoft KB281579. We therefore no longer allocate 
    235 	    these addresses to avoid hard-to-diagnose problems. 
    236 
    237 	    Update Polish translation. Thanks to Jan Psota.
    238 
    239 	    Delete the PID-file when dnsmasq shuts down. Note that by
    240 	    this time, dnsmasq is normally not running as root, so
    241 	    this will fail if the PID-file is stored in a root-owned
    242 	    directory; such failure is silently ignored. To take
    243 	    advantage of this feature, the PID-file must be stored in a
    244 	    directory owned and write-able by the user running
    245 	    dnsmasq.
    246 
    247 
    248 version 2.46
    249 	    Allow --bootp-dynamic to take a netid tag, so that it may
    250 	    be selectively enabled. Thanks to Olaf Westrik for the
    251 	    suggestion. 
    252 
    253 	    Remove ISC-leasefile reading code. This has been
    254 	    deprecated for a long time, and last time I removed it, it
    255 	    ended up going back by request of one user. This time,
    256 	    it's gone for good; otherwise it would need to be
    257 	    re-worked to support multiple domains (see below).
    258 
    259 	    Support DHCP clients in multiple DNS domains. This is a
    260 	    long-standing request. Clients are assigned to a domain
    261 	    based in their IP address.  
    262 
    263             Add --dhcp-fqdn flag, which changes behaviour if DNS names
    264             assigned to DHCP clients. When this is set, there must be
    265             a domain associated with each client, and only
    266             fully-qualified domain names are added to the DNS. The
    267             advantage is that the only the FQDN needs to be unique,
    268             so that two or more DHCP clients can share a hostname, as
    269             long as they are in different domains.
    270 
    271 	    Set environment variable DNSMASQ_DOMAIN when invoking
    272 	    lease-change script. This may be useful information to
    273 	    have now that it's variable.
    274 
    275 	    Tighten up data-checking code for DNS packet
    276 	    handling. Thanks to Steve Dodd who found certain illegal
    277 	    packets which could crash dnsmasq. No memory overwrite was
    278 	    possible, so this is not a security issue beyond the DoS
    279 	    potential.  
    280 
    281 	    Update example config dhcp option 47, the previous
    282 	    suggestion generated an illegal, zero-length,
    283 	    option. Thanks to Matthias Andree for finding this.
    284 
    285 	    Rewrite hosts-file reading code to remove the limit of
    286 	    1024 characters per line. John C Meuser found this.
    287 
    288 	    Create a net-id tag with the name of the interface on
    289 	    which the DHCP request was received.
    290 
    291 	    Fixed minor memory leak in DBus code, thanks to Jeremy
    292 	    Laine for the patch.
    293 
    294 	    Emit DBus signals as the DHCP lease database
    295 	    changes. Thanks to Jeremy Laine for the patch.
    296 
    297 	    Allow for more that one MAC address in a dhcp-host
    298 	    line. This configuration tells dnsmasq that it's OK to
    299 	    abandon a DHCP lease of the fixed address to one MAC
    300 	    address, if another MAC address in the dhcp-host statement 
    301 	    asks for an address. This is useful to give a fixed
    302 	    address to a host which has two network interfaces
    303 	    (say, a laptop with wired and wireless interfaces.) 
    304             It's very important to ensure that only one interface 
    305 	    at a time is up, since dnsmasq abandons the first lease 
    306 	    and re-uses the address before the leased time has
    307 	    elapsed. John Gray suggested this.
    308 
    309 	    Tweak the response to a DHCP request packet with a wrong
    310 	    server-id when --dhcp-authoritative is set; dnsmasq now
    311 	    returns a DHCPNAK, rather than silently ignoring the
    312 	    packet. Thanks to Chris Marget for spotting this
    313 	    improvement.
    314 
    315 	    Add --cname option. This provides a limited alias
    316 	    function, usable for DHCP names. Thanks to AJ Weber for
    317 	    suggestions on this.
    318 
    319 	    Updated contrib/webmin with latest version from Neil
    320 	    Fisher.
    321 
    322 	    Updated Polish translation. Thanks to Jan Psota.
    323 	    
    324 	    Correct the text names for DHCP options 64 and 65 to be
    325 	    "nis+-domain" and "nis+-servers".
    326 
    327 	    Updated Spanish translation. Thanks to Chris Chatham.
    328 
    329 	    Force re-reading of /etc/resolv.conf when an "interface
    330 	    up" event occurs.
    331 
    332 
    333 version 2.45
    334             Fix total DNS failure in release 2.44 unless --min-port 
    335             specified. Thanks to Steven Barth and Grant Coady for
    336             bugreport. Also reject out-of-range port spec, which could
    337             break things too: suggestion from Gilles Espinasse.
    338 	    
    339 
    340 version 2.44
    341             Fix  crash when unknown client attempts to renew a DHCP
    342             lease, problem introduced in version 2.43. Thanks to
    343             Carlos Carvalho for help chasing this down.
    344 
    345 	    Fix potential crash when a host which doesn't have a lease
    346 	    does DHCPINFORM. Again introduced in 2.43. This bug has
    347 	    never been reported in the wild.
    348 
    349             Fix crash in netlink code introduced in 2.43. Thanks to
    350             Jean Wolter for finding this.
    351 
    352 	    Change implementation of min_port to work even if min-port
    353 	    is large.
    354 
    355 	    Patch to enable compilation of latest Mac OS X. Thanks to
    356 	    David Gilman.
    357 
    358 	    Update Spanish translation. Thanks to Christopher Chatham.
    359 
    360 
    361 version 2.43
    362 	    Updated Polish translation. Thanks to Jan Psota.
    363 
    364 	    Flag errors when configuration options are repeated
    365 	    illegally.
    366 
    367 	    Further tweaks for GNU/kFreeBSD
    368 
    369 	    Add --no-wrap to msgmerge call - provides nicer .po file
    370 	    format.
    371 
    372 	    Honour lease-time spec in dhcp-host lines even for
    373 	    BOOTP. The user is assumed to known what they are doing in
    374 	    this case. (Hosts without the time spec still get infinite
    375 	    leases for BOOTP, over-riding the default in the
    376 	    dhcp-range.) Thanks to Peter Katzmann for uncovering this.
    377 
    378 	    Fix problem matching relay-agent ids. Thanks to Michael
    379 	    Rack for the bug report.
    380 
    381 	    Add --naptr-record option. Suggestion from Johan
    382 	    Bergquist.
    383 
    384 	    Implement RFC 5107 server-id-override DHCP relay agent
    385 	    option.
    386 
    387 	    Apply patches from Stefan Kruger for compilation on
    388 	    Solaris 10 under Sun studio.
    389 
    390 	    Yet more tweaking of Linux capability code, to suppress
    391 	    pointless wingeing from kernel 2.6.25 and above.
    392 
    393 	    Improve error checking during startup. Previously, some
    394 	    errors which occurred during startup would be worked
    395 	    around, with dnsmasq still starting up. Some were logged,
    396             some silent. Now, they all cause a fatal error and dnsmasq 
    397             terminates with a non-zero exit code. The errors are those
    398             associated with changing uid and gid, setting process 
    399             capabilities and writing the pidfile. Thanks to Uwe
    400 	    Gansert and the Suse security team for pointing out 
    401 	    this improvement, and Bill Reimers for good implementation
    402 	    suggestions.
    403 
    404 	    Provide NO_LARGEFILE compile option to switch off largefile
    405 	    support when compiling against versions of uclibc which
    406 	    don't support it. Thanks to Stephane Billiart for the patch.
    407   
    408             Implement random source ports for interactions with
    409             upstream nameservers. New spoofing attacks have been found
    410             against nameservers which do not do this, though it is not
    411             clear if dnsmasq is vulnerable, since to doesn't implement
    412             recursion. By default dnsmasq will now use a different
    413             source port (and socket) for each query it sends
    414             upstream. This behaviour can suppressed using the
    415             --query-port option, and the old default behaviour
    416             restored using --query-port=0. Explicit source-port
    417             specifications in --server configs are still honoured.
    418 
    419 	    Replace the random number generator, for better
    420 	    security. On most BSD systems, dnsmasq uses the
    421 	    arc4random() RNG, which is secure, but on other platforms,
    422 	    it relied on the C-library RNG, which may be
    423 	    guessable and therefore allow spoofing. This release
    424 	    replaces the libc RNG with the SURF RNG, from Daniel
    425 	    J. Berstein's DJBDNS package.  
    426 
    427 	    Don't attempt to change user or group or set capabilities
    428 	    if dnsmasq is run as a non-root user. Without this, the
    429 	    change from soft to hard errors when these fail causes
    430 	    problems for non-root daemons listening on high
    431 	    ports. Thanks to Patrick McLean for spotting this.
    432 
    433 	    Updated French translation. Thanks to Gildas Le Nadan.
    434 
    435 
    436 version 2.42
    437             The changelog for version 2.42 and earlier is 
    438             available in CHANGELOG.archive.
    439