A little over a year since the last release, I'm happy to announce that we now have a final release of dnsmasq-2.77.
The tarball is available here: http://thekelleys.org.uk/dnsmasq/dnsmasq-2.77.tar.gz and the release-notes are appended below. Enjoy! Cheers, Simon. version 2.77 Generate an error when configured with a CNAME loop, rather than a crash. Thanks to George Metz for spotting this problem. Calculate the length of TFTP error reply packet correctly. This fixes a problem when the error message in a TFTP packet exceeds the arbitrary limit of 500 characters. The message was correctly truncated, but not the packet length, so extra data was appended. This is a possible security risk, since the extra data comes from a buffer which is also used for DNS, so that previous DNS queries or replies may be leaked. Thanks to Mozilla for funding the security audit which spotted this bug. Fix logic error in Linux netlink code. This could cause dnsmasq to enter a tight loop on systems with a very large number of network interfaces. Thanks to Ivan Kokshaysky for the diagnosis and patch. Fix problem with --dnssec-timestamp whereby receipt of SIGHUP would erroneously engage timestamp checking. Thanks to Kevin Darbyshire-Bryant for this work. Bump zone serial on reloading /etc/hosts and friends when providing authoritative DNS. Thanks to Harrald Dunkel for spotting this. Handle v4-mapped IPv6 addresses sanely in --synth-domain. These have standard representation like ::ffff:184.108.40.206 and are now converted to names like <prefix>--ffff-1-2-3-4.<domain> Handle binding upstream servers to an interface (--server=220.127.116.11@eth0) when the named interface is destroyed and recreated in the kernel. Thanks to Beniamino Galvani for the patch. Allow wildcard CNAME records in authoritative zones. For example --cname=*.example.com,default.example.com Thanks to Pro Backup for sponsoring this development. Bump the allowed backlog of TCP connections from 5 to 32, and make this a compile-time configurable option. Thanks to Donatas Abraitis for diagnosing this as a potential problem. Add DNSMASQ_REQUESTED_OPTIONS environment variable to the lease-change script. Thanks to ZHAO Yu for the patch. Fix foobar in rrfilter code, that could cause malformed replies, especially when DNSSEC validation on, and the upstream server returns answer with the RRs in a particular order. The only DNS server known to tickle this is Nominum's. Thanks to Dave Täht for spotting the bug and assisting in the fix. Fix the manpage which lied that only the primary address of an interface is used by --interface-name. Make --localise-queries apply to names from --interface-name. Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen for pushing this. Improve connection handling when talking to TCP upstream servers. Specifically, be prepared to open a new TCP connection when we want to make multiple queries but the upstream server accepts fewer queries per connection. Improve logging of upstream servers when there are a lot of "local addresses only" entries. Thanks to Hannu Nyman for the patch. Make --bogus-priv apply to IPv6, for the prefixes specified in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on this. Allow use of MAC addresses with --tftp-unique-root. Thanks to Floris Bos for the patch. Add --dhcp-reply-delay option. Thanks to Floris Bos for the patch. Add mtu setting facility to --ra-param. Thanks to David Flamand for the patch. Capture STDOUT and STDERR output from dhcp-script and log it as part of the dnsmasq log stream. Makes life easier for diagnosing unexpected problems in scripts. Thanks to Petr Mensik for the patch. Generate fatal errors when failing to parse the output of the dhcp-script in "init" mode. Avoids strange errors when the script accidentally emits error messages. Thanks to Petr Mensik for the patch. Make --rev-server for an RFC1918 subnet work even in the presence of the --bogus-priv flag. Thanks to Vladislav Grishenko for the patch. Extend --ra-param mtu: field to allow an interface name. This allows the MTU of a WAN interface to be advertised on the internal interfaces of a router. Thanks to Vladislav Grishenko for the patch. Do ICMP-ping check for address-in-use for DHCPv4 when the client specifies an address in DHCPDISCOVER, and when an address in configured locally. Thanks to Alin Năstac for spotting the problem. Add new DHCP tag "known-othernet" which is set when only a dhcp-host exists for another subnet. Can be used to ensure that privileged hosts are not given "guest" addresses by accident. Thanks to Todd Sanket for the suggestion. Remove historic automatic inclusion of IDN support when building internationalisation support. This doesn't fit now there is a choice of IDN libraries. Be sure to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for IDN support.
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss