** no user visible changes in this release
* version 2.5.38 released 2014-02-14
** internationalization
*** add sr translation from the translation project
*** update da, es, ko, nl, pt_BR, ro, ru, sv, tr, vi, zh_CN translations from th
e translation project
*** rename zh_tw to its proper zh_TW name
* Don't update when nothing has been deleted
* Backup resolv.conf to resolv.conf.bak when it doesn't have an openresolv
signature
Restore it when the new resolv.conf only has the openresolv signature
* Document prepend_search and prepend_nameservers
* Implement append_search and append_nameservers
* Implement replace and replace_sub to allow for keyword/value/replacement
* There is a new "stop-bits" option, which takes an argument of 1 or 2,
indicating the number of stop bits to use for async serial ports.
* Various bug fixes.
* Fixed a potential security issue in parsing option files (CVE-2014-3158).
* There is a new "stop-bits" option, which takes an argument of 1 or 2,
indicating the number of stop bits to use for async serial ports.
* Various bug fixes.
- ENHANCE: When executing a chain, require at least one service
function to succeed. This mitigates fail-open scenarios caused by
misconfigurations or missing modules.
- ENHANCE: Make sure to overwrite buffers which may have contained an
authentication token when they're no longer needed.
- BUGFIX: Under certain circumstances, specifying a non-existent
module (or misspelling the name of a module) in a policy could
result in a fail-open scenario. (CVE-2014-3879)
- FEATURE: Add a search path for modules. This was implemented in
Nummularia but inadvertently left out of the release notes.
- BUGFIX: The is_upper() predicate only accepted the letter A as an
upper-case character instead of the entire A-Z range. As a result,
service and module names containing upper-case letters other than A
would be rejected.
* dnsmasq subscriber no longer moans if it hasn't written a pidfile
* Ensure that name_server_blacklist works for more than one option.
Thanks to Frederic Barthelery.
* unbound_insecure can disable DNSSEC for all domains processed.
* local_nameservers now defaults to
127.* 0.0.0.0 255.255.255.255 ::1
and is used instead of a hard coded list.
* Allow the disabling of resolvconf or optionally an individual
subscriber.
* Don't wait around trying to create a lock if we don't have
permission.
* resolv_conf_passthrough=NULL will update resolv.conf to match
only what is configured in resolvconf.conf and ignore any
interface configuration.
* Fix an unaligned access error on BeagleBone Black with FreeBSD.
Thanks to Guy Yur for the patch.
* Remove the fast loop trying to up an interface which does not
report carrier.
* Remove vis based encoding - instead validate against option type and
stop at invalid [1]
This removes all shell escaped encoding - dhcpcd will assume that IF
the --script option is a shell, it will quote variables correctly.
The stock dhcpcd-run-hooks does.
* dhcpcd -V now prints how the variables will be decoded.
* Changed some options in dhcpcd-definitions.conf to more sensible defaults.
* Don't daemonise on delegated address dad.
* Don't drop delegated reject route when forking.
* Fix IPv6 handling of link-local addresses on KAME stacks.
* Work on OpenBSD-5.6 without any special interface setup needed.
* Callout to handlecarrier when we don't have real carrier support and
rely on looking at IFF_UP and IFF_RUNNING.
This allows our hooks to know that dhcpcd thinks we have a carrier or not.
[1] DHCP option encodings defined in dhcpcd-definitions.conf
* domain (RFC3397)/dname (string) is strict domain name allowance
(ie, [alnum] with _- (but not at the start or end))
* string is now printable ascii (1-127) until invalid
* ascii is all ascii (1-127) until invalid
* raw is all chars (1-255) until NUL
* binhex is a hex representation of the option including embedded NULs
* ssid is still escpaed octal because it's expected to be human readable
AND can technically be all NUL
* everything else has strict option -> value encoding
* Detect removal of IPv6 routes
* Don't add link-local addresses to POINTOPOINT interfaces
* Don't discard expired DHCPv6 leases when dumping them
* If a DHCPv6 lease has no timers, expire it right away
* Report delegated addresses
* Call dhcpcd-run-hooks correctly when delegated prefixes already exist
* Fix a memory error when ia_* config exists but IPv6 is disabled
* Ensure servername and bootfile are safely exported
* Sanitise the following characters using svis(3) with VIS_CTYLE and
VIS_OCTAL:
| ^ & ; < > ( ) $ ` \ " ' <tab> <newline>
This allows a non buggy unvis(1) to decode it 100% and stays compatible
with how dhcpcd used to handle encoding on most platforms.
For systems that supply svis(3) there is a code reduction, for systems
that do not, a slight code increase. This change mitigates systems
affected by bash CVE-2014-6271 and CVE-2014-7169.
* Many bounds checking fixes from Tobias Stoeckmann
* Improve error when the authentication token cannot be found
* close the IPv4 specific UDP socket when done sending
* Implemented a write queue to the control sockets
* Only send interfaces to control sockets when in a BOUND state
* Add a sample controlgroup directive to dhcpcd.conf to make setup easier
* Add variables if_oneup and if_ipwaited so hook scripts know the overall
state of dhcpcd better
* Pass RC_SVCNAME from enviromment to hooks so that a service hook can
know it's name (may not be dhcpcd)
* Document every variable set for dhcpcd-run-hooks(8)
* Allow SSIDs with non printable characters to be used in ssid selection
in dhcpcd.conf
* Add an unprivileged control socket so that normal users can obtain
dhcpcd running state
