a69cbca384
version 2.79 Fix parsing of CNAME arguments, which are confused by extra spaces. Thanks to Diego Aguirre for spotting the bug. Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind upstream servers to an interface, rather than SO_BINDTODEVICE. Thanks to Beniamino Galvani for the patch. Always return a SERVFAIL answer to DNS queries without the recursion desired bit set, UNLESS acting as an authoritative DNS server. This avoids a potential route to cache snooping. Add support for Ed25519 signatures in DNSSEC validation. No longer support RSA/MD5 signatures in DNSSEC validation, since these are not secure. This behaviour is mandated in RFC-6944. Fix incorrect error exit code from dhcp_release6 utility. Thanks Gaudenz Steinlin for the bug report. Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation when --dnssec-no-timecheck is in use. Note that this is an incompatible change from earlier releases. Allow more than one --bridge-interface option to refer to an interface, so that we can use --bridge-interface=int1,alias1 --bridge-interface=int1,alias2 as an alternative to --bridge-interface=int1,alias1,alias2 Thanks to Neil Jerram for work on this. Fix for DNSSEC with wildcard-derived NSEC records. It's OK for NSEC records to be expanded from wildcards, but in that case, the proof of non-existence is only valid starting at the wildcard name, *.<domain> NOT the name expanded from the wildcard. Without this check it's possible for an attacker to craft an NSEC which wrongly proves non-existence. Thanks to Ralph Dolmans for finding this, and co-ordinating the vulnerability tracking and fix release. CVE-2017-15107 applies. Remove special handling of A-for-A DNS queries. These are no longer a significant problem in the global DNS. http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf Thanks to Mattias Hellström for the initial patch. Fix failure to delete dynamically created dhcp options from files in -dhcp-optsdir directories. Thanks to Lindgren Fredrik for the bug report. Add to --synth-domain the ability to create names using sequential numbers, as well as encodings of IP addresses. For instance, --synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-* creates 21 domain names of the form internal-4.thekelleys.org.uk over the address range given, with internal-0.thekelleys.org.uk being 192.168.0.50 and internal-20.thekelleys.org.uk being 192.168.0.70 Thanks to Andy Hawkins for the suggestion. Tidy up Crypto code, removing workarounds for ancient versions of libnettle. We now require libnettle 3.
7 lines
467 B
Text
7 lines
467 B
Text
$NetBSD: distinfo,v 1.35 2018/03/23 12:58:43 adam Exp $
|
|
|
|
SHA1 (dnsmasq-2.79.tar.xz) = d4a1af08b02b27736954ce8b2db2da7799d75812
|
|
RMD160 (dnsmasq-2.79.tar.xz) = e4cb81b4a08b32c5253520ee146d5f40cd3ff7b3
|
|
SHA512 (dnsmasq-2.79.tar.xz) = 2c06212696ab55e1584f6133872f5b196013509e4b1822d0457787b456e14341afdde887749e370a2e512124cb4138f012f4601b08690707be4acc7cf2f2876f
|
|
Size (dnsmasq-2.79.tar.xz) = 493036 bytes
|
|
SHA1 (patch-src_bpf.c) = 05dc64c016c608e6b963ce9ee80c28e872a88f9e
|