Overview
Request 1031298 accepted
- update to 2.87 (bsc#1197872, CVE-2022-0934):
* Allow arbitrary prefix lengths in --rev-server and
--domain=....,local
* Replace --address=/#/..... functionality which got
missed in the 2.86 domain search rewrite.
* Add --nftset option, like --ipset but for the newer nftables.
* Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers.
* Fix crash doing netbooting when --port is set to zero
to disable the DNS server. Thanks to Drexl Johannes
for the bug report.
* Generalise --dhcp-relay. Sending via broadcast/multicast is
now supported for both IPv4 and IPv6 and the configuration
syntax made easier (but backwards compatible).
* Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
* Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
as hex, the pattern must consist of only hex digits AND contain
at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
over a pattern consisting of a decimal number which was interpreted
surprisingly.
* Include client address in TFTP file-not-found error reports.
Thanks to Stefan Rink for the initial patch, which has been
re-worked by me (srk). All bugs mine.
* Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
- Created by dirkmueller
- In state accepted
-
Package maintainers:
nemysis and
rmax
Request History
dirkmueller created request
- update to 2.87 (bsc#1197872, CVE-2022-0934):
* Allow arbitrary prefix lengths in --rev-server and
--domain=....,local
* Replace --address=/#/..... functionality which got
missed in the 2.86 domain search rewrite.
* Add --nftset option, like --ipset but for the newer nftables.
* Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers.
* Fix crash doing netbooting when --port is set to zero
to disable the DNS server. Thanks to Drexl Johannes
for the bug report.
* Generalise --dhcp-relay. Sending via broadcast/multicast is
now supported for both IPv4 and IPv6 and the configuration
syntax made easier (but backwards compatible).
* Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
* Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
as hex, the pattern must consist of only hex digits AND contain
at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
over a pattern consisting of a decimal number which was interpreted
surprisingly.
* Include client address in TFTP file-not-found error reports.
Thanks to Stefan Rink for the initial patch, which has been
re-worked by me (srk). All bugs mine.
* Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
rmax accepted request
Thanks
@nemysis, @rmax: review reminder